Which of the following best describes why firms choose to create codes of ethics

Question 1

Question

A subset of a data warehouse is called a

Answer

• business intelligence

• data martian

• data mart

• small data warehouse

Question 2

Question

A data warehouse may include:

Answer

• competitor information

• an XBRL style sheet

• an iPad

• a digital dashboard

Question 3

Question

American Airlines may use business intelligence to:

Answer

• track the cost of snacks on its airplanes.

• monitor the cost of its pilots and flight attendants.

• track the cost of its airplane fuel.

• monitor prices on competitive routes.

• All of the choices are correct

Question 4

Question

The computer-based technique to accumulate and analyze data is called:

Answer

• data warehouse

• digital dashboard

• business intelligence

• XBRL

Question 5

Question

The steps in business intelligence include:

Answer

• gather information, analyze data for patterns, make decision.

• query data warehouse, create data warehouse, make decision.

• analyze data for patterns, gather information, make decision.

• create data warehouse, query data warehouse, make decision.

Question 6

Question

A digital dashboard tracks, in a user-friendly way:

Answer

• critical business markets

• critical business failures

• automobile speed

• critical business processes.

Question 7

Question

XBRL facilitates business reporting of:

Answer

• business processes.

• the XML language.

• financial and nonfinancial information

• financial information only

Question 8

Question

The first person to propose using XML as a means to electronically deliver financial information was:

Answer

• Robert Byrd

• Charles Hoffman

• Al Gore

• Herb Hackett

Question 9

Question

XBRL GL, or XBRL Global Ledger Taxonomy, is different from XBRL U.S. GAAP because it facilitates:

Answer

• efficient communication between the firm and external parties

• efficient communication with customers

• efficient communication with the supply chain

• efficient communication within a firm

Question 10

Question

The stated advantages of XBRL GL do not include

Answer

• reporting independence

• system independence

• scalability

• flexibility

Question 11

Question

what is the mechanism called that firms may use to track their marketing efforts?

Answer

• digital dashboard

• XBRL

• data analytics

• business intelligence

Question 12

Question

XBRL assurance might include all but which of the following:

Answer

• the XBRL tagging is accurate and complete

• the most current, standardized XBRL taxonomy is used

• the reports generated using XBRL are complete and received on a timely basis

• the XBRL tagging is useful to investors

Question 13

Question

The XBRL style sheet is made in conformance with which standardized language?

Answer

• XBRL GL

• XML

• XSL

• XL

Question 14

Question

Which body mandated that operating firms in its jurisdiction submit their financial reports using XBRL?

Answer

• FASB

• SEC

• NYSE

• GASB

Question 15

Question

Which technique or tool is used to analyze data for business intelligence purposes?

Answer

• data mining

• big data

• decision support systems

• data marts

Question 16

Question

According to COSO, which of the following components of the enterprise risk management addresses an entity's integrity and ethical values?

Answer

• information and communication

• internal environment

• risk assessment

• control activities

Question 17

Question

which of the following items is one of the eight components of COSO's enterprise risk management framework?

Answer

• operations

• reporting

• monitoring

• compliance

Question 18

Question

In a large public corporation, evaluation internal control procedures should be responsibility of:

Answer

• Accounting management staff who report to the CFO

• Internal audit staff who report to the board of directors

• operations management staff who report to the chief operation officer

• security management staff who report to the chief facilities officer.

Question 19

Question

which of the following represents an inherent limitation of internal controls?

Answer

• Bank reconciliations are not performed on a timely basis

• the CEO can request a check with no purchase order

• customer credit check not performed

• shipping documents are not matched to sales office.

Question 20

Question

which of the following is the best way to compensate for the lack of adequate segregation of duties in a small organization

Answer

• disclosing lack of segregation of duties to external auditors during the annual review

• replacing personnel every three or four years

• requiring accountants to pass a yearly background check

• providing greater management oversight of incompatible acitvities.

Question 21

Question

Review of the audit log is an example of which of the following types of security control?

Answer

• governance

• detective

• preventive

• corrective

Question 22

Question

which of the following is NOT a component of internal control as defined by COSO?

Answer

• control activities

• inherent risk

• control environment

• monitoring

Question 23

Question

Which of the following is considered an application input control?

Answer

• run control total

• edit check

• reporting distribution log

• exception report

Question 24

Question

Which of the following control activities should be taken to reduce the risk of incorrect processing in a newly installed computerized accounting system?

Answer

• segregation of duties

• ensure proper authorization of transactions

• adequately safeguard assets

• independently verify the transactions

Question 25

Question

Which of the following statements is correct regarding internal control?

Answer

• A well-designed internal control environment ensures the achievement of an entity's control objectives

• an inherent limitation to internal control is the fact that controls can be circumvented by management override.

• a well-designed and operated internal control environment should detect collusion perpetrated by two people

• internal control in a necessary business function and should be designed and operated to detect errors and fraud.

Question 26

Question

Obtaining an understanding of an internal control involves evaluating the design of the control and determining whether the control has been

Answer

• authorized

• implemented

• tested

• monitored

Question 27

Question

A manufacturing firm identified that it would have difficulty sourcing raw materials locally, so it decided to relocate its production facilities. According to COSO, this decision represents which of the following response to the risk?

Answer

• Risk reduction

• Prospect theory

• Risk sharing

• Risk acceptance

Question 28

Question

Each of the following types of controls is considered to be an entity-level control, except those:

Answer

• relating the the control environment

• pertaining to the company's risk assessment process.

• regarding the company's annual stockholder meeting

• addressing policies over significant risk management processes

Question 29

Question

Controls in the information technology area are classified into preventive, detective, and corrective categories. Which of the following is preventive control?

Answer

• Contingency planning

• hash total

• echo check

• access control software

Question 30

Question

All of the following are examples of internal control procedures except:

Answer

• using pre-numbered documents

• reconciling the bank statement

• customer satisfaction surveys

• insistence that employees take vacations.

Question 31

Question

The Public Company Accounting Oversight Board (PCAOB) is not responsible for standards related to:

Answer

• Accounting practice.

• Attestation.

• Auditing.

• Quality control over attestation and/or assurance

Question 32

Question

Which of the following most likely would not be considered as an inherent limitation of the effectiveness of a firm's internal control?

Answer

• incompatible duties

• management override

• mistakes in judgment

• collusion among employees

Question 33

Question

According to COSO which of the following is NOT a component of internal control

Answer

• control risk

• control activities

• monitoring

• control environment

Question 34

Question

When considering internal control, an auditor should be aware of reasonable assurance, which recognizes that:

Answer

• Internal control may be ineffective due to mistakes in judgment and personal carelessness.

• Adequate safeguards over access to assets and records should permit an entity to maintain proper accountability.

• Establishing and maintaining internal control is an important responsibility of management.

• The cost of an entity's internal control should not exceed the benefits expected to be derived.

Question 35

Question

Proper segregation of duties calls for separation of the following functions:

Answer

• Authorization, execution, and payment.

• Authorization, recording, and custody.

• Custody, execution, and reporting.

• Authorization, payment, and recording.

Question 36

Question

An entity's ongoing monitoring activities often include:

Answer

• Periodic audits by the audit committee.

• Reviewing the purchasing function.

• The audit of the annual financial statements

• Control risk assessment in conjunction with quarterly reviews.

Question 37

Question

The overall attitude and awareness of a firm's top management and board of directors concerning the importance of internal control is often reflected in its:

Answer

• Computer-based controls.

• System of segregation of duties.

• Control environment.

• Safeguards over access to assets.

Question 38

Question

Management philosophy and operating style would have a relatively less significant influence on a firm's control environment when:

Answer

• the internal auditor reports directly to the controller

• management is dominated by one individual

• accurate management job descriptions delineate specific duties

• the audit committee does not have regular meetings.

Question 39

Question

According to AS 5, control risk should be assessed in terms of:

Answer

• Specific controls

• types of potential fraud

• financial statement assertions

• control environment factors

Question 40

Question

An auditor assesses control risk because it:

Answer

• is relevant to the auditor's understanding of the control environment.

• provides assurance that the auditor's materiality levels are appropriate.

• indicates to the auditor where inherent risk may be greatest

• affects the level of detection risk that the auditor may accept

Question 41

Question

the framework to be used by management in its internal control assessment under requirements of SOX is the

Answer

• COSO internal framework

• COSO enterprise risk management framework

• COBIT framework

• all of the above are correct

Question 42

Question

The internal control provisions of SOX apply to which companies in the United States?

Answer

• All companies.

• SEC registrants.

• All issuer (public) companies and nonissuer (nonpublic) companies with more than $100,000,000 of net worth.

• All nonissuer companies.

Question 43

Question

Reconciliation of cash accounts may be referred to as what type of control?

Answer

• detective

• preventive

• adjustive

• non-routine

Question 44

Question

Sound internal control dictates that immediately upon receiving checks from customers by mail, a responsible employee should:

Answer

• add the checks to the daily cash summary

• verify that each check is supported by a pre-numbered sales invoice

• prepare a summary listing of checks received

• record the checks in the cash receipts journal

Question 45

Question

Tracing shipping documents to pre-numbered sales invoices provides evidence that

Answer

• no duplicate shipments or billings occured

• shipments to customers were properly invoiced

• all the goods ordered by customers were shipped

• all pre-numbered sales invoices were accounted for

Question 46

Question

Which of the following input controls is a numeric value computed to provide assurance that the original value has not been altered in construction or transmission

Answer

• hash total

• parity check

• encryption

• check digit

Question 47

Question

A customer intended to order 100 units of a product A, but incorrectly ordered nonexistent product B. Which of the following controls most likely would detect this error?

Answer

• Validity check

• Record count

• Hash total

• Parity check

Question 48

Question

Which of the following is an example of a validity check?

Answer

• The computer ensures that a numerical amount in a record does not exceed some predetermined amount.

• As the computer corrects errors and data are successfully resubmitted to the system, the causes of the errors are printed out.

• The computer flags any transmission for which the control field value did not match that of an existing file record.

• After data for a transaction are entered, the computer sends certain data back to the terminal for comparison with data originally sent.

Question 49

Question

Which of the following is a computer test made to ascertain whether a given characteristic belongs to the group?

Answer

• Check digit.

• Validity check.

• Echo check.

• Limit check.

Question 50

Question

Ethical principles are derived from all of the following except:

Answer

• Personal attitudes on issues of right and wrong.

• Cost benefit analysis.

• Cultural values.

• Societal traditions.

Question 51

Question

Which of the following best describes why firms choose to create codes of ethics?

Answer

• Because most people will not behave ethically without a written set of guidelines.

• Codes of ethics protect firms against lawsuits that may be filed due to corporate fraud.

• They allow firms to create a formal set of expectations for employees who may have different sets of personal values.

• Companies must have a written code of ethics in order to conduct interstate commerce in the U.S.

Question 52

Question

Which of the following best describes what is meant by corporate governance?

Answer

• The organizational structure and responsibilities of the executive team and board of directors of a corporation.

• Regulatory bodies, such as the SEC and PCAOB, that govern the behavior of corporations.

• The ability of a corporation’s management team to meet earnings forecasts over an extended period of time.

• Management’s processes, policies, and ethical approach to safeguarding stakeholder interests.

Question 53

Question

The Sarbanes-Oxley Act (SOX) was passed as a response to which of the following events?

Answer

• The savings & loan scandals of the 1980s.

• The bust of dot-com bubble companies such as pets.com and Webvan.

• Corporate reporting scandals by companies such as WorldCom, Enron, and Tyco.

• Securities manipulation and insider trading in the 1930s.

Question 54

Question

In a computerized environment, internal controls can be categorized into which of the following?

Answer

• General controls and application controls

• detective controls and protective controls

• network controls and transaction controls

• preventive controls and mandatory controls

Question 55

Question

According to COSO ERM, which of the following is not one of the bases that should be used to analyze the risks of an identified event?

Answer

• Inherent risk.

• Organizational risk.

• Residual risk.

• Control risk.

Question 56

Question

Which of the following is not one of the responses to risk presented in COSO ERM?

Answer

• Share the risk

• accept the risk

• Delegate the risk.

• Reduce the risk.

Question 57

Question

The COSO ERM framework encourages a review of risks as they apply to achieving firms’ objectives. Which of the following is not one of the listed categories of objectives to be considered?

Answer

• Environment.

• Operations.

• Strategic.

• Compliance.

Question 58

Question

In the event identification component of the COSO ERM framework, management must classify events into which of the following?

Answer

• Weaknesses and vulnerabilities.

• Risks and opportunities.

• Risks and rewards.

• Controls and vulnerabilities.

Question 59

Question

COBIT 5 takes the view that all IT processes should provide clear links between all of the following except:

Answer

• IT processes.

• IT controls.

• IT components.

• IT governance requirements.

Question 60

Question

In addition to focusing on controls, COBIT 5 expands its scope by incorporating which of the following broad perspectives?

Answer

• How IT brings value to the firm.

• How IT can automate specific business processes.

• IT networking requirements.

• IT cost reductions.

Question 61

Question

Which of the following is not one of the key COBIT 5 principles for governance and management of enterprise IT?

Answer

• Enabling a holistic approach

• meeting stakeholder needs

• separating management from shareholders

• applying an integrated framework.

Question 62

Question

The IT Infrastructure Library (ITIL) is considered a de facto standard in which of the following regions?

Answer

• Asia and Australia

• North America

• The UK

• Europe

Question 63

Question

The ISO 27000 Series of standards are designed to address which of the following?

Answer

• Corporate governance.

• Internal controls.

• Information security issues.

• IT value.

Question 64

Question

Which of the following provides the advantage of incorporating other widely accepted standards and frameworks?

Answer

• ITIL

• COBIT 5

• COSO 2013

• ISO 27000

Question 65

Question

Integrity of information means the information is:

Answer

• accurate

• complete

• accessible

• accurate and complete are correct

Question 66

Question

Which of the following statements is incorrect about digital signatures?

Answer

• A digital signature can ensure data integrity.

• A digital signature also authenticates the document creator.

• A digital signature is an encrypted message digest.

• A digital signature is a message digest encrypted using the document creator's public key.

Question 67

Question

What is the primary objective of data security controls?

Answer

• To establish a framework for controlling the design, security, and use of computer programs throughout an organization.

• To ensure that data storage media are subject to authorization prior to access, change, or destruction.

• To formalize standard, rules, and procedures to ensure the organization's control are properly executed.

• To monitor the use of system software to prevent unauthorized access to system software and computer programs.

Question 68

Question

An entity doing business on the internet most likely could use any of the following methods to prevent unauthorized intruders from accessing proprietary information except:

Answer

• Password management.

• Data encryption.

• Digital certificates.

• Batch processing.

Question 69

Question

When client's accounts payable computer system was relocated, the administrator provided support through a dial-up connection to server. Subsequently, the administrator left the company. No changes were made to the accounts payable system at that time. Which of the following situations represents the greatest security risk?

Answer

• User passwords are not required to the in alpha-numeric format.

• Management procedures for user accounts are not documented.

• User accounts are not removed upon termination of employees.

• Security logs are not periodically reviewed for violations.

Question 70

Question

Which of the following statement present an example of a general control for a computerized system?

Answer

• Limiting entry of sales transactions to only valid credit customers.

• Creating hash totals from social security number for the weekly payroll.

• Restricting entry of accounts payable transactions to only authorized users.

• Restricting access to the computer center by use of biometric devices.

Question 71

Question

Which of the following outcomes is a likely benefit of information technology used for internal control?

Answer

• Processing of unusual or nonrecurring transactions.

• Enhanced timeliness of information.

• Potential loss of data.

• Recording of unauthorized transactions.

Question 72

Question

In a large multinational organization, which of the following job responsibilities should be assigned to the network administrator?

Answer

• Managing remote access.

• Developing application programs.

• Reviewing security policy.

• Installing operating system upgrades.

Question 73

Question

An information technology director collected the names and locations of key vendors, current hardware configuration, names of team members, and an alternative processing location. What is the director most likely preparing?

Answer

• Data restoration plan.

• Disaster recovery plan.

• System security policy.

• System hardware policy.

Question 74

Question

Bacchus, Inc. is a large multinational corporation with various business units around the world. After a fire destroyed the corporation headquarters and largest manufacturing site, plans for which of the following would help Bacchus ensure a timely recovery?

Answer

• Daily backup.

• Network security.

• Business continuity.

• Backup power.

Question 75

Question

Which of the following statements regarding authentication in conducting e-business is incorrect?

Answer

• It is a process that establishes the origin of information or determines the identity of a user, process, or device.

• One key is used for encryption and decryption purposes in the authentication process.

• Successful authentication can prevent repudiation in electronic transactions.

• We need to use asymmetric-key encryption to authenticate the sender of a document or data set.

Question 76

Question

Which of the following is not included in the remediation phase for vulnerability management?

Answer

• Risk Response Plan

• Policy and procedures for remediation

• Vulnerability Prioritization

• Control Implementation

Question 77

Question

Which of the following does NOT represent a viable data backup method?

Answer

• Disaster recovery plan

• redundant arrays of independent drives

• virtualization

• cloud computing

Question 78

Question

Which of the following statements about asymmetric-key encryption is correct?

Answer

• When using asymmetric-key encryption method, a total of two keys are necessary in electronic communication between two parties.

• Employees in the same company share the same public key.

• Most companies would like to manage the private keys for their employees.

• Most companies would like to use a Certificate Authority to manage the public keys of their employees.

• Two of the above are correct.

Question 79

Question

Which statement is incorrect?

Answer

• A fraud prevention program starts with a fraud risk assessment across the entire firm.

• The audit committee typically has an oversight role in risk assessment process.

• Communicating a firm's policy file to employees is one of the most important responsibilities of management.

• A fraud prevention program should include an evaluation on the efficiency of business processes.

Question 80

Question

A disaster recovery approach should include which of the following elements?

Answer

• Encryption.

• Firewalls.

• Regular backups.

• Surge protectors.

Question 81

Question

Which of the following passwords would be most difficult to crack?

Answer

• Go2California4fun

• language

• jennyjenny

• pass56word

Question 82

Question

Which of the following is a password security weakness?

Answer

• Users are assigned passwords when accounts are created, but do not change them.

• Users have accounts on several systems with different passwords.

• Users write down their passwords on a note paper, and carry it with them.

• Users select passwords that are not part of an online password dictionary.

Question 83

Question

To prevent invalid data input, a bank added an extra number at the end of each account number and subjected the new number to an algorithm. This technique is known as:

Answer

• A validation check.

• check digit verification.

• A dependency check.

• A format check.

Question 84

Question

Which of the following security controls would best prevent unauthorized access to a firm's internal network?

Answer

• User of a screen saver with a password.

• use of a firewall

• encryption of data files

• automatic log-off inactive users

Question 85

Question

Why do Certificate Authority (CA) play an important role in a company's information security management?

Answer

• Using a CA is required by SOX in managing information security.

• Most companies use CA to manage their employees' public keys.

• CA creates and maintains both the public and private keys for a company's employees.

• None of the answer is correct.

Question 86

Question

When computer programs or files can be accessed from terminals, users should be required

Answer

• parity check

• password as a personal identification code

• check digit

• echo check

Question 87

Question

Which of the following controls would most likely assure that a company can reconstruct its financial records?

Answer

• Security controls such as firewalls

• Backup data are tested and stored safely

• Personnel understand the data very well

• Paper records

Question 88

Question

Why would companies want to use digital signatures when conducting e-business?

Answer

• They are cheap.

• They are always the same so it can be verified easily.

• They are more convenient than requiring a real signature.

• They can authenticate the document sender and maintain data integrity.

Question 89

Question

Select a correct statement regarding encryption methods?

Answer

• To use symmetric-key encryption, each user needs two different keys.

• Most companies prefer using symmetric-key encryption than asymmetric-key encryption method.

• Both symmetric-key and asymmetric-key encryption methods require the involvement of a certificate authority.

• When conducting e-business, most companies use both symmetric-key and asymmetric-key encryption methods.

Question 90

Question

Which of the following describes the primary goals of the CIA approach to information security management?

Answer

• Controls, Innovation, Analysis.

• Confidentiality, Integrity, Availability.

• Convenience, Integrity, Awareness.

• Confidentiality, Innovation, Availability.

Question 91

Question

Which of the following is not one of the common techniques for information security risks and attacks?

Answer

• Spam.

• Botnet.

• TraceRT.

• Social Engineering.

Question 92

Question

Encryption is a control that changes plain text into which of the following?

Answer

• Cyberspace

• Cryptext

• Mnemonic Code

• Cyphertext

Question 93

Question

Which of the following would most likely be used for a secure initial logon process?

Answer

• symmetric-key encyrption.

• asymetric-key encryption.

• dual-handshake encryption.

• 56-bit encryption.

Question 94

Question

Asymmetric-key encryption uses which of the following techniques to allow users to communicate securely?

Answer

• a message digest.

• a 16-bit encryption key.

• a public key and a private key.

• a digital signature

Question 95

Question

A Public Key Infrastructure (PKI) provides the ability to do which of the following?

Answer

• Encrypt messages using a private key

• enable debit and credit card transactions.

• Read plaintext.

• Issue, maintain, and revoke digital certificates.

Question 96

Question

Which of the following best illustrates the use of multifactor authentication?

Answer

• Requiring password changes every 30, 60, or 90 days

• requiring the use of a smart card and a password

• requiring the use of upper case, lower case, numeric, and special characters for a password

• the use of a fingerprint scanner for access to a device

Question 97

Question

Which of the following groups is responsible for conducting fraud risk assessment for an organization?

Answer

• The External Auditor.

• The Audit Committee.

• The Internal Audit group.

• Management.

Question 98

Question

Both ISACA and the GTAG define vulnerability. Which of the following does not represent one of these definitions?

Answer

• The nature of IT resources that can be exploited by a threat to cause damage.

• An intruder’s attempts to exploit weaknesses in IT resources.

• Weaknesses or exposures in IT assets that may lead to business, compliance, or security risk.

• All of the other items represent the definitions of vulnerability stated by ISACA and the GTAG.

Question 99

Question

Which of the following statements is true regarding risk management and vulnerability management?

Answer

• They both have the objective of reducing the likelihood that detrimental events occur.

• Risk management is often conducted using an IT asset-based approach.

• Vulnerability management is more complex and strategic.

• Both approaches involve processes that typically take many months or years to complete.

Question 100

Question

Which of the following describes the recommended prerequisites for managing vulnerabilities?

Answer

• Implement the COSO ERM framework, and identify key vulnerabilities.

• Determine the main objective of vulnerability management, and assign roles and responsibilities.

• Identify the key vulnerabilities, and implement appropriate controls to minimize the vulnerabilities.

• Implement suitable controls, and assess those controls for potential vulnerabilities.

Question 101

Question

Which of the following is NOT one of the main components of vulnerability management and assessment?

Answer

• Identification

• remediation

• Internalization

• Maintenance

Question 102

Question

For businesses considering a cloud computing solution, which of the following should they ask the cloud vendor to provide before entering into a contract for critical business operations?

Answer

• FASB 51 Report.

• SOC 1 Report.

• SAS 3 Report.

• SOC 2 Report

Question 103

Question

Which of the following statements is most accurate with regard to business continuity management (BCM) and disaster recovery planning (DRP)?

Answer

• DRP is an important component of BCM.

• BCM and DRP should be considered independently of each other.

• BCM is an important component of DRP.

• DRP should be considered as optional, while BCM should be considered as necessary.

Question 104

Question

A RAID array implemented in a data center is an example of which of the following?

Answer

• Virtualization.

• Uninterruptible power supply.

• Fault tolerance.

• SOC 3.

Question 105

Question

The three Vs of big data are volume, velocity, and veracity.

Question 106

Question

Data analytics is best described as the science of reducing extremely large datasets down to more manageable databases that can then be processed using traditional tools.

Question 107

Question

The process of scrubbing raw data to remove extraneous data and other noise in order to increase its usefulness is known as extract, transform, and load.

Question 108

Question

According to the results of the PwC's 18th Annual Global CEO Survey, CEO's aren't yet ready to place a high value on data analytics.

Question 109

Question

Data analytics are likely to play a significant role in future audit activities.

Question 110

Question

Audit data standards (ADS) are standards for data files and fields typically needed to support an external audit in a given financial business process area.

Question 111

Question

The Data Accountability and Trust Act of 2009 (DATA) is designed to standardize the format of files and fields typically used to support an external audit in given financial business processes.

Question 112

Question

Tableau can be differentiated from traditional analysis tools such as Excel because it is specifically designed to perform data analysis and visualization.

Question 113

Question

Which of the following is the best definition of the term big data?

Answer

• Databases measured in terms of zettabytes.

• Datasets that are too large and complex for businesses’ existing systems utilizing traditional capabilities.

• Databases for businesses that generate more than one million electronic transactions per month.

• Datasets generated by social media applications such as Facebook, Twitter, Tencent QQ, and Instagram.

Question 114

Question

At its core, data analytics fits into the information value chain in which of the following ways?

Answer

• The process of data analytics aims at transforming raw data into valuable information.

• Data analytics aims to make an organization’s conversion process more efficient.

• Data analytics requires organizations to share synced data with upstream and downstream business partners.

• The process of data analytics is geared toward providing additional insight into customer activities and preferences.

Question 115

Question

Which of the following areas of financial reporting is most suitable for applying data analytics techniques?

Answer

• Evaluation of estimates and valuations.

• Variance reporting.

• Calculating the components of equity.

• Depreciation.

Question 116

Question

Which of the following best describes the skill sets used in data analytics?

Answer

• Building data warehouses; Populating data structures; Mining the data.

• Acquiring/cleansing data; Creating data structures/models; Mining/analyzing data.

• Developing data structures/models; Acquiring storage capacity; Analyzing the data.

• Creating data; Building data structures; Piloting data studies.

Question 117

Question

The use of data analytics will likely result in significant changes to clients’ expectations of their auditors. Which of the following is most likely not one of those expected changes?

Answer

• More innovative thinking.

• More time spent gathering and testing data.

• Deeper and broader insights.

• Faster and more efficient delivery of audit findings.

Question 118

Question

Which of the following best describes how external auditors’ interactions with their clients is likely to change due to the use of data analytics in the audit process?

Answer

• External auditors will spend less time on audits and will not need to spend time with clients outside the audit.

• External auditors will spend more time on detailed audit tasks, resulting in longer audit engagements.

• External auditors will only interact with their clients virtually.

• External auditors will stay engaged with clients beyond the audit.

Question 119

Question

Data analytics can help in accurately identifying organizational risks. All of the following are examples of such risk except:

Answer

• “What-if” business forecasting.

• Identifying security breaches.

• Identifying flawed business processes.

• Monitoring compliance with regulatory requirements.

Question 120

Question

Which of the following best describes the AICPA’s Audit Data Standards (ADS)?

Answer

• The base level of testing procedures that should be performed on AIS data.

• A set of analytic procedures designed to be used with modern ERPs’ large datasets.

• A set of standards for data files and fields designed to support external audits.

• The codification of all auditing guidelines pertaining to the data generated by AISs.

Question 121

Question

The Data Accountability and Trust Act of 2009 (DATA) requires data owners to notify which of the following when a data breach has been discovered?

Answer

• The Federal Bureau of Investigation (FBI).

• The Securities and Exchange Commission (SEC).

• The Federal Trade Commission (FTC).

• The National Security Agency (NSA).

Question 122

Question

Which of the following is not one of the Excel tools described as useful for data analytics?

Answer

• Calculated Field

• Tableau

• Slicers

• Power Pivot