Gleim CMA Test Prep: Part 1: Financial Planning, Performance, and Control (1481 questions) [1] At Key Enterprises, the controller is responsible for directing the budgeting process In this role, the controller has significant influence with executive management as individual department budgets are modified and approved For the current year, the controller was instrumental in the approval of a particular line manager’s budget without modification, even though significant reductions were made to the budgets submitted by other line managers As a token of appreciation, the line manager in question has given the controller a gift certificate for a popular local restaurant In considering whether or not to accept the certificate, the controller should refer to which section of IMA’s Statement of Ethical Professional Practice? A B C D Competence Confidentiality Integrity Credibility Answer (A) is incorrect because The competence standard pertains to an IMA member’s responsibility to maintain his/her professional skills and knowledge It also pertains to the performance of activities in a professional manner Answer (B) is incorrect because The confidentiality standard concerns an IMA member’s responsibility not to disclose or use the firm’s confidential information Answer (C) is correct The integrity standard requires an IMA member to “refrain from engaging in any conduct that would prejudice carrying out duties ethically.” Answer (D) is incorrect because Credibility is the fourth standard of IMA’s Statement of Ethical Professional Practice It requires that information be communicated “fairly and objectively,” and that all information that could reasonably influence users be disclosed [2] In accordance with IMA’s Statement of Ethical Professional Practice, a member who fails to perform professional duties in accordance with relevant standards is acting contrary to which one of the following standards? A B C D Competence Confidentiality Integrity Credibility Answer (A) is correct One of the responsibilities of an IMA member under the competence standard is to “maintain an appropriate level of professional expertise by continually developing knowledge and skills.” (S)he must also “perform professional duties in accordance with relevant laws, regulations, and technical standards.” The third requirement under this standard is to “provide decision support information and recommendations that are accurate, clear, concise, and timely.” Answer (B) is incorrect because The confidentiality standard concerns an IMA member’s responsibility not to disclose or use the firm’s confidential information Answer (C) is incorrect because The integrity standard pertains to conflicts of interest, avoidance of acts discreditable to the profession, and refraining from activities that prejudice the ability to carry out duties ethically Answer (D) is incorrect because Credibility is the fourth standard of IMA’s Statement of Ethical Professional Practice It requires that information be communicated “fairly and objectively,” and that all information that could reasonably influence users be disclosed Copyright 2008 Gleim Publications, Inc Printed for Bahaa Hassan Page Gleim CMA Test Prep: Part 1: Financial Planning, Performance, and Control (1481 questions) [3] According to IMA’s Statement of Ethical Professional Practice, a member has a responsibility to recognize professional limitations Under which standard of ethical conduct would this responsibility be included? A B C D Competence Confidentiality Integrity Credibility Answer (A) is correct The competence standard pertains to an IMA member’s responsibility to “recognize and communicate professional limitations or other constraints that would preclude responsible judgment or successful performance of an activity.” Answer (B) is incorrect because The confidentiality standard concerns an IMA member’s responsibility not to disclose or use the firm’s confidential information Answer (C) is incorrect because The integrity standard deals with conflicts of interest, avoidance of acts discreditable to the profession, and refraining from activities that prejudice the ability to carry out duties ethically Answer (D) is incorrect because Credibility is the fourth standard of IMA’s Statement of Ethical Professional Practice It requires that information be communicated “fairly and objectively,” and that all information that could reasonably influence users be disclosed [4] If an IMA member has a problem in identifying unethical behavior or resolving an ethical conflict, the first action (s)he should normally take is to A B C D Consult the board of directors Discuss the problem with his/her immediate superior Notify the appropriate law enforcement agency Resign from the company Answer (A) is incorrect because The board would be consulted initially only if the immediate superior is the chief executive officer and that person is involved in the ethical conflict Answer (B) is correct IMA’s Statement of Ethical Professional Practice states that the member should first discuss an ethical problem with his/her immediate superior If the superior is involved, the problem should be taken initially to the next higher managerial level Answer (C) is incorrect because An IMA member should keep information confidential except when disclosure is authorized or legally required Answer (D) is incorrect because Resignation is a last resort [5] If an IMA member discovers unethical conduct in his/her organization and fails to act, (s)he will be in violation of which of IMA’s ethical standard(s)? A “Refrain from engaging in any conduct that would prejudice carrying out duties correctly.” B “Communicate information fairly and objectively.” C “Disclose all relevant information that could reasonably be expected to influence an intended user’s understanding of reporting analyses or recommendations.” D All of the answers are correct Answer (A) is incorrect because Each standard is violated by an IMA member who fails to act upon discovering unethical conduct Copyright 2008 Gleim Publications, Inc Printed for Bahaa Hassan Page Gleim CMA Test Prep: Part 1: Financial Planning, Performance, and Control (1481 questions) Answer (B) is incorrect because Each standard is violated by an IMA member who fails to act upon discovering unethical conduct Answer (C) is incorrect because Each standard is violated by an IMA member who fails to act upon discovering unethical conduct Answer (D) is correct An IMA member displays his/her competence and credibility and maintains integrity by taking the appropriate action within the organization to resolve an ethical problem All of these activities should be a part of an IMA member’s normal job processes [6] IMA’s Statement of Ethical Professional Practice requires an IMA member to follow the established policies of the organization when faced with an ethical conflict If these policies not resolve the conflict, the member should A B C D Consult the board of directors immediately Discuss the problem with the immediate superior if (s)he is involved in the conflict Communicate the problem to authorities outside the organization Contact the next higher managerial level if initial presentation to the immediate superior does not resolve the conflict Answer (A) is incorrect because This course of action would be appropriate only for the chief executive officer or for his/her immediate subordinate when the CEO is involved in the conflict Answer (B) is incorrect because The proper action would be to present the matter to the next higher managerial level Answer (C) is incorrect because Such action is inappropriate unless legally prescribed Answer (D) is correct In these circumstances, the problem should be discussed with the immediate superior unless (s)he is involved In that case initial presentation should be to the next higher managerial level If the problem is not satisfactorily resolved after initial presentation, the question should be submitted to the next higher level [7] In which situation is an IMA member permitted to communicate confidential information to individuals or authorities outside the firm? A B C D There is an ethical conflict and the board has refused to take action Such communication is legally prescribed The IMA member knowingly communicates the information indirectly through a subordinate An officer at the IMA member’s bank has requested information on a transaction that could influence the firm’s stock price Answer (A) is incorrect because IMA’s Statement of Ethical Professional Practice states that “each member has a responsibility to keep information confidential except when disclosure is authorized or legally required.” Answer (B) is correct According to IMA’s Statement of Ethical Professional Practice, members are responsible for observing the standard of confidentiality Thus, the IMA member should “refrain from disclosing confidential information acquired in the course of his/her work except when authorized, unless legally obligated to so.” Answer (C) is incorrect because The IMA member should “inform all relevant parties regarding appropriate use of confidential information Monitor subordinates’ activities to ensure compliance.” Answer (D) is incorrect because The IMA member is required to “refrain from using confidential information for unethical or illegal advantage.” Copyright 2008 Gleim Publications, Inc Printed for Bahaa Hassan Page Gleim CMA Test Prep: Part 1: Financial Planning, Performance, and Control (1481 questions) [8] Which ethical standard is most clearly violated if an IMA member knows of a problem that could mislead users but does nothing about it? A B C D Competence Legality Credibility Confidentiality Answer (A) is incorrect because The competence standard pertains to the IMA member’s responsibility to maintain his/her professional skills and knowledge It also pertains to the performance of activities in a professional manner Answer (B) is incorrect because Legality is not addressed in IMA’s Statement of Ethical Professional Practice Answer (C) is correct Credibility is the fourth part of IMA’s Statement of Ethical Professional Practice It requires that information be communicated “fairly and objectively,” and that all information that could reasonably influence users be disclosed Answer (D) is incorrect because The confidentiality standard concerns the IMA member’s responsibility not to disclose or use the firm’s confidential information [9] IMA’s Statement of Ethical Professional Practice includes an integrity standard, which requires an IMA member to A B C D Decline to become a minority partner in a partnership that is a supplier of the member’s employer Report any relevant information that could influence users of financial statements Disclose confidential information when authorized by his/her firm or required under the law Refuse gifts from anyone Answer (A) is correct One of the responsibilities of an IMA member under the integrity standard is to “refrain from engaging in any conduct that would prejudice carrying out duties ethically.” Answer (B) is incorrect because The credibility standard requires an IMA member to “disclose all relevant information that could reasonably be expected to influence an intended user’s understanding of the reports, analyses, and recommendations.” Answer (C) is incorrect because The confidentiality standard requires an IMA member to “keep information confidential except when disclosure is authorized or legally required.” Answer (D) is incorrect because The integrity standard requires an IMA member to “mitigate actual conflicts of interest Regularly communicate with business associates to avoid apparent conflicts of interest Advise all parties of any potential conflicts.” [10] IMA’s Statement of Ethical Professional Practice includes a competence standard, which requires an IMA member to A B C D Report information, whether favorable or unfavorable Develop his/her professional proficiency on a continual basis Discuss ethical conflicts and possible courses of action with an unbiased counselor Discuss, with subordinates, their responsibilities regarding the disclosure or information about the firm Answer (A) is incorrect because The credibility standard requires an IMA member to “communicate information fairly and objectively.” Answer (B) is correct One of the responsibilities of an IMA member under the competence standard is to “maintain an appropriate level of professional expertise by continually developing knowledge and skills.” Copyright 2008 Gleim Publications, Inc Printed for Bahaa Hassan Page Gleim CMA Test Prep: Part 1: Financial Planning, Performance, and Control (1481 questions) Answer (C) is incorrect because One of the suggestions from the “Resolution of Ethical Conflict” section is to “clarify relevant ethical issues by initiating a confidential discussion with an IMA Ethics Counselor or other impartial advisor to obtain a better understanding of possible courses of action.” Answer (D) is incorrect because The confidentiality standard requires an IMA member to “inform all relevant parties regarding appropriate use of confidential information Monitor subordinates’ activities to ensure compliance.” [11] Sheila is a financial manager who has discovered that her company is violating environmental regulations If her immediate superior is involved, her appropriate action is to A B C D Do nothing since she has a duty of loyalty to the organization Consult the audit committee Present the matter to the next higher managerial level Confront her immediate superior Answer (A) is incorrect because Practitioners of management accounting and financial management have an obligation to the public, their profession, the organization they serve, and themselves, to maintain the highest standards of ethical conduct Answer (B) is incorrect because The audit committee would be consulted first only if it were the next higher managerial level Answer (C) is correct To resolve an ethical problem, the financial manager/management accountant’s first step is usually to consult his/her immediate superior If that individual is involved, the matter should be taken to the next higher level of management Answer (D) is incorrect because If the superior is involved, the next higher managerial level should be consulted first [12] IMA members are obligated to maintain the highest standards of ethical conduct Accordingly, IMA’s Statement of Ethical Professional Practice explicitly requires that IMA members A B C D Obtain sufficient competent evidence when expressing an opinion Not condone violations by others Comply with generally accepted auditing standards Adhere to generally accepted accounting principles Answer (A) is incorrect because The expression of an opinion is a function of an external auditor Answer (B) is correct The principles section of IMA’s Statement of Ethical Professional Practice, “IMA’s overarching ethical principles include: Honesty, Fairness, Objectivity, and Responsibility Members shall act in accordance with these principles and shall encourage others within their organizations to adhere to them.” Answer (C) is incorrect because Compliance with GAAS is a requirement of external auditors Answer (D) is incorrect because Adherence to GAAP is not expressly required by IMA’s Statement of Ethical Professional Practice [13] Integrity is an ethical requirement for all IMA members One aspect of integrity requires A B C D Performance of professional duties in accordance with relevant laws Avoidance of conflict of interest Refraining from using confidential information for unethical or illegal advantage Maintenance of an appropriate level of professional expertise Copyright 2008 Gleim Publications, Inc Printed for Bahaa Hassan Page Gleim CMA Test Prep: Part 1: Financial Planning, Performance, and Control (1481 questions) Answer (A) is incorrect because Performance of professional duties in accordance with relevant laws states an aspect of the competence requirement Answer (B) is correct According to IMA’s Statement of Ethical Professional Practice, IMA members must “mitigate actual conflicts of interest Regularly communicate with business associates to avoid apparent conflicts of interest Advise all parties of any potential conflicts.” Answer (C) is incorrect because It states an aspect of the confidentiality requirement Answer (D) is incorrect because Maintenance of an appropriate level of professional expertise states an aspect of the competence requirement [14] Under the express terms of IMA’s Statement of Ethical Professional Practice, an IMA member may not A B C D Advertise Encroach on the practice of another IMA member Disclose confidential information unless authorized or legally required Accept other employment while serving as a financial manager or management accountant Answer (A) is incorrect because The Statement does not address advertising Answer (B) is incorrect because The Statement does not address this matter Answer (C) is correct IMA members may not disclose confidential information acquired in the course of their work unless authorized or legally required to so They must also “inform all relevant parties regarding appropriate use of confidential information Monitor subordinates’ activities to ensure compliance.” Answer (D) is incorrect because Other employment may be accepted unless it constitutes a conflict of interest [15] An IMA member discovers a problem that could mislead users of the firm’s financial data and has informed his/her immediate superior (S)he should report the circumstances to the audit committee and/or the board of directors only if A The immediate superior, who reports to the chief executive officer, knows about the situation but refuses to correct it B The immediate superior assures the member that the problem will be resolved C The immediate superior reports the situation to his/her superior D The immediate superior, the firm’s chief executive officer, knows about the situation but refuses to correct it Answer (A) is incorrect because In this situation, the chief executive officer is the next higher managerial level Answer (B) is incorrect because The immediate superior has promised or taken action toward satisfactory resolution Answer (C) is incorrect because The immediate superior has promised or taken action toward satisfactory resolution Answer (D) is correct According to IMA’s Statement of Ethical Professional Practice, an IMA member should “discuss the issue with your immediate supervisor except when it appears that the supervisor is involved In that case, present the issue to the next level If you cannot achieve a satisfactory resolution, submit the issue to the next management level If your immediate supervisor is the chief executive office or equivalent, the acceptable reviewing authority may be a group such as the audit committee, executive committee, board of directors, board of trustees, or owners.” Copyright 2008 Gleim Publications, Inc Printed for Bahaa Hassan Page Gleim CMA Test Prep: Part 1: Financial Planning, Performance, and Control (1481 questions) [16] Recently, Fan Club, Inc., submitted to management a budget for the coming year Included in the budget were the plans for a new product, a rechargeable fan The new fan will not only last longer than the competitor’s product but is also more quiet While not yet approved, the budget called for aggressive advertising to support its sales targets, as the business community was not yet aware that Fan Club was close to production of a new fan A member of the management accounting staff “shared” the budget with a distributor In accordance with IMA’s Statement of Ethical Professional Practice, which one of the following would best represent an ethical conflict in this situation? A B C D The budget has not been approved and therefore is not for publication The price has not been established, so expectations must be managed The staff member exposed the company to a potential lawsuit The employee should refrain from disclosing confidential information Answer (A) is incorrect because An unapproved document is still confidential Answer (B) is incorrect because It does not represent an ethical dilemma Answer (C) is incorrect because The sharing of a preliminary budget is not something that would expose a company to a potential lawsuit Answer (D) is correct IMA’s Statement of Ethical Professional Practice states that every member has a responsibility to keep information confidential except when disclosure is authorized or legally required [17] A new management accountant is concerned about complying with the ethical standard of competence in the IMA’s Statement of Ethical Professional Practice Which one of the following is not required under the standard of competence? A B C D Maintain expertise in all areas of accounting Continually develop knowledge and skills Perform duties in accordance with relevant regulations and standards Provide recommendations that are accurate and timely Answer (A) is correct Maintaining expertise in all areas of accounting would be a difficult task According to the ethical standard of competence in the IMA’s Statement of Ethical Professional Practice, a CMA only needs to recognize and communicate professional limitations or other constraints that would preclude responsible judgment or successful performance of an activity Answer (B) is incorrect because According to the ethical standard of competence in the IMA’s Statement of Ethical Professional Practice, a CMA should maintain an appropriate level of professional expertise by continually developing knowledge and skills Answer (C) is incorrect because According to the ethical standard of competence in the IMA’s Statement of Ethical Professional Practice, a CMA should perform professional duties in accordance with relevant laws, regulations, and technical standards Answer (D) is incorrect because According to the ethical standard of competence in the IMA’s Statement of Ethical Professional Practice, a CMA should provide decision support information and recommendations that are accurate, clear, concise, and timely Copyright 2008 Gleim Publications, Inc Printed for Bahaa Hassan Page Gleim CMA Test Prep: Part 1: Financial Planning, Performance, and Control (1481 questions) [18] Scott Jon, a new accounting clerk at a firm that had recently terminated several employees due to budgetary cutbacks, accidentally viewed his supervisor’s biweekly paycheck Not realizing that the paycheck included an annual bonus, Jon erroneously multiplied the gross pay by 26 to find annual earnings Jon was amazed that his supervisor appeared to earn more than twice the local average for employees in an accounting supervisory position Jon discussed this situation with a friend, a recently terminated employee of the company who now worked for a local newspaper As a result of this discussion, the supervisor’s “outrageous” salary was made public Which one of the standards of the IMA’s Statement of Ethical Professional Practice did Jon’s actions violate? A B C D Competence Confidentiality Integrity Credibility Answer (A) is incorrect because The standard of competence relates to a member’s responsibility to (1) maintain an appropriate level of professional expertise by continually developing knowledge and skills; (2) perform professional duties in accordance with relevant laws, regulations, and technical standards; (3) provide decision support information and recommendations that are accurate, clear, concise, and timely; and (4) recognize and communicate professional limitations or other constraints that would preclude responsible judgment or successful performance of an activity Answer (B) is correct The standard of confidentiality states each member has a responsibility to (1) keep information confidential except when disclosure is authorized or legally required, (2) inform all relevant parties regarding appropriate use of confidential information and monitor subordinates’ activities to ensure compliance, and (3) refrain from using confidential information for unethical or illegal advantage Answer (C) is incorrect because The standard of integrity relates to a member’s responsibility to (1) mitigate actual conflicts of interest, regularly communicate with business associates to avoid apparent conflicts of interest, and advise all parties of any potential conflicts; (2) refrain from engaging in any conduct that would prejudice carrying out duties ethically; and (3) abstain from engaging in or supporting any activity that might discredit the profession Answer (D) is incorrect because The standard of credibility relates to a member’s responsibility to (1) communicate information fairly and objectively; (2) disclose all relevant information that could reasonably be expected to influence an intended user’s understanding of the reports, analyses, or recommendations; or (3) disclose delays or deficiencies in information, timeliness, processing, or internal controls in conformance with organization policy and/or applicable law [19] The terms direct cost and indirect cost are commonly used in accounting A particular cost might be considered a direct cost of a manufacturing department but an indirect cost of the product produced in the manufacturing department Classifying a cost as either direct or indirect depends upon A B C D The behavior of the cost in response to volume changes Whether the cost is expensed in the period in which it is incurred The cost object to which the cost is being related Whether an expenditure is unavoidable because it cannot be changed regardless of any action taken Answer (A) is incorrect because Behavior in response to volume changes is a factor only if the cost object is a product Answer (B) is incorrect because The timing of an expense is not a means of classifying a cost as direct or indirect Answer (C) is correct A direct cost can be specifically associated with a single cost object in an economically feasible way An indirect cost cannot be specifically associated with a single cost object Thus, the specific cost object influences whether a cost is direct or indirect For example, a cost might be directly associated with a single plant The same cost, however, might not be directly associated with a particular department in the plant Answer (D) is incorrect because Both direct and indirect costs can be either avoidable or unavoidable, depending upon the cost object Copyright 2008 Gleim Publications, Inc Printed for Bahaa Hassan Page Gleim CMA Test Prep: Part 1: Financial Planning, Performance, and Control (1481 questions) [20] Which one of the following best describes direct labor? A B C D A prime cost A period cost A product cost Both a product cost and a prime cost Answer (A) is incorrect because Direct labor is also a product cost Answer (B) is incorrect because A period cost is expensed when incurred Direct labor cost is inventoriable Answer (C) is incorrect because Direct labor is also a prime cost Answer (D) is correct Direct labor is both a product cost and a prime cost Product costs are incurred to produce units of output and are deferred to future periods to the extent that output is not sold Prime costs are defined as direct materials and direct labor [21] Inventoriable costs A B C D Include only the prime costs of manufacturing a product Include only the conversion costs of manufacturing a product Are expensed when products become part of finished goods inventory Are regarded as assets before the products are sold Answer (A) is incorrect because Overhead costs as well as prime costs (direct materials and labor) are included in inventory Answer (B) is incorrect because Materials costs are also included Answer (C) is incorrect because Inventory costs are expensed when the goods are sold, not when they are transferred to finished goods Answer (D) is correct Under an absorption costing system, inventoriable (product) costs include all costs necessary for good production These include direct materials and conversion costs (direct labor and overhead) Both fixed and variable overhead is included in inventory under an absorption costing system Inventoriable costs are treated as assets until the products are sold because they represent future economic benefits These costs are expensed at the time of sale [22] In cost terminology, conversion costs consist of A B C D Direct and indirect labor Direct labor and direct materials Direct labor and factory overhead Indirect labor and variable factory overhead Answer (A) is incorrect because All factory overhead is included in conversion costs, not just indirect labor Answer (B) is incorrect because Direct materials are not an element of conversion costs; they are a prime cost Answer (C) is correct Conversion costs consist of direct labor and factory overhead These are the costs of converting raw materials into a finished product Answer (D) is incorrect because Direct labor is also an element of conversion costs Copyright 2008 Gleim Publications, Inc Printed for Bahaa Hassan Page Gleim CMA Test Prep: Part 1: Financial Planning, Performance, and Control (1481 questions) [23] Conversion costs not include A B C D Depreciation Direct materials Indirect labor Indirect materials Answer (A) is incorrect because Depreciation is a factory overhead cost and therefore is a conversion cost Answer (B) is correct Conversion costs are necessary to convert raw materials into finished products They include all manufacturing costs, for example, direct labor and factory overhead, other than direct materials Answer (C) is incorrect because Indirect labor is a factory overhead cost and therefore is a conversion cost Answer (D) is incorrect because Indirect materials are factory overhead costs and therefore are conversion costs [24] Conversion cost pricing A B C D Places minimal emphasis on the cost of materials used in manufacturing a product Could be used when the customer furnishes the material used in manufacturing a product Places heavy emphasis on indirect costs and disregards consideration of direct costs Places heavy emphasis on direct costs and disregards consideration of indirect costs Answer (A) is incorrect because Conversion cost pricing does not place any emphasis on raw materials cost Answer (B) is correct Conversion costs consist of direct labor and factory overhead, the costs of converting raw materials into finished goods Normally, a company does not consider only conversion costs in making pricing decisions, but if the customer were to furnish the raw materials, conversion cost pricing would be appropriate Answer (C) is incorrect because Direct labor is an element of conversion costs Answer (D) is incorrect because Factory overhead is an indirect cost that is an element of conversion costs [25] The term “prime costs” refers to A B C D Manufacturing costs incurred to produce units of output All costs associated with manufacturing other than direct labor costs and raw material costs The sum of direct labor costs and all factory overhead costs The sum of raw material costs and direct labor costs Answer (A) is incorrect because Manufacturing costs incurred to produce output are inventoriable costs Answer (B) is incorrect because All costs associated with manufacturing other than direct labor costs and raw material costs are overhead costs Answer (C) is incorrect because The sum of direct labor and overhead is conversion cost Answer (D) is correct Prime costs are raw material costs and direct labor costs Copyright 2008 Gleim Publications, Inc Printed for Bahaa Hassan Page 10 Gleim CMA Test Prep: Part 1: Financial Planning, Performance, and Control (1481 questions) Answer (C) is correct A proxy server maintains copies of web pages to be accessed by specified users Outsiders are directed there, and more important information is not available from this access point Answer (D) is incorrect because An authentication system verifies a user’s identity and is often an application provided by a firewall system, but it is not a firewall system itself [1447]The encryption technique that requires two keys, a public key that is available to anyone for encrypting messages and a private key that is known only to the recipient for decrypting messages, is A B C D Rivest, Shamir, and Adelman (RSA) Data encryption standard (DES) Modulator-demodulator A cypher lock Answer (A) is correct RSA is a potential encryption standard licensed to hardware and software vendors Publickey encryption requires management of fewer keys for a given client-server environment than does private-key encryption However, compared with DES, RSA entails more complex computations and therefore has a higher processing overhead RSA requires two keys: The public key for encrypting messages is widely known, but the private key for decrypting messages is kept secret by the recipient Answer (B) is incorrect because DES is a shared private-key method developed by the U.S government It encrypts data into 64-bit blocks using a 56-bit key DES requires only a single key for each pair of parties that want to send each other encrypted messages Answer (C) is incorrect because A modem is used for telecommunications Answer (D) is incorrect because A cypher lock is a physical device [1448]Which of the following is used for Internet security as opposed to data transmissions over secured transmission lines? A B C D Firewalls Mapping Parallel simulation Concurrency controls Answer (A) is correct Firewalls separate an internal network from an external network (such as the Internet) and prevent passage of specific types of traffic Answer (B) is incorrect because Mapping involves monitoring the execution of an application program to determine certain statistical information about a computer run Answer (C) is incorrect because Parallel simulation involves the use of specially prepared application-type programs to process transactions that have also been run in routine processing Answer (D) is incorrect because Concurrency controls manage situations in which two or more programs attempt to use a file or database at the same time Copyright 2008 Gleim Publications, Inc Printed for Bahaa Hassan Page 726 Gleim CMA Test Prep: Part 1: Financial Planning, Performance, and Control (1481 questions) [1449]Which of the following is a computer program that appears to be legitimate but performs some illicit activity when it is run? A B C D Hoax virus Web crawler Trojan horse Killer application Answer (A) is incorrect because A hoax virus is a false notice about the existence of a computer virus It is usually disseminated through use of distribution lists and is sent by email or via an internal network Answer (B) is incorrect because A web crawler (a spider or bot) is a computer program created to access and read information on websites The results are included as entries in the index of a search engine Answer (C) is correct A Trojan horse is a computer program that appears friendly, for example, a game, but that actually contains an application destructive to the computer system Answer (D) is incorrect because A killer application is one that is so useful that it may justify widespread adoption of a new technology [1450]The best preventive measure against a computer virus is to A B C D Compare software in use with authorized versions of the software Execute virus exterminator programs periodically on the system Allow only authorized software from known sources to be used on the system Prepare and test a plan for recovering from the incidence of a virus Answer (A) is incorrect because Comparing software with authorized versions is a detective control used to determine whether only authorized versions of the software are being used on the system Answer (B) is incorrect because Executing virus exterminator programs is a corrective control against a computer virus Answer (C) is correct Preventive controls are designed to prevent errors before they occur Detective and corrective controls attempt to identify and correct errors Preventive controls are usually more cost beneficial than detective or corrective controls Allowing only authorized software from known sources to be used on the system is a preventive measure The authorized software from known sources is expected to be free of viruses Answer (D) is incorrect because Preparing and testing a plan for virus recovery is a corrective control against a computer virus [1451]Managers at a consumer products company purchased personal computer software from only recognized vendors, and prohibited employees from installing nonauthorized software on their personal computers To minimize the likelihood of computer viruses infecting any of its systems, the company should also A B C D Restore infected systems with authorized versions Recompile infected programs from source code backups Institute program change control procedures Test all new software on a stand-alone personal computer Answer (A) is incorrect because If viruses infect a system, the company should restore the system with authorized software, but this procedure does not minimize the likelihood of initial infection Answer (B) is incorrect because If viruses infect programs that the company created, it should recompile the programs from source code backups, but this procedure does not minimize the likelihood of initial infection Copyright 2008 Gleim Publications, Inc Printed for Bahaa Hassan Page 727 Gleim CMA Test Prep: Part 1: Financial Planning, Performance, and Control (1481 questions) Answer (C) is incorrect because Instituting program change control procedures is good practice but does not minimize the likelihood of the system’s being infected initially Answer (D) is correct Software from recognized sources should be tested in quarantine (for example, in a test/development machine or a stand-alone personal computer) because even vendor-supplied software may be infected with viruses The software should be run with a vaccine program and tested for the existence of logic bombs, etc [1452]Which of the following is an indication that a computer virus is present? A B C D Frequent power surges that harm computer equipment Unexplainable losses of or changes to data Inadequate backup, recovery, and contingency plans Numerous copyright violations due to unauthorized use of purchased software Answer (A) is incorrect because Power surges are caused by hardware or power supply problems Answer (B) is correct The effects of computer viruses range from harmless messages to complete destruction of all data within the system A symptom of a virus would be the unexplained loss of or change to data Answer (C) is incorrect because Inadequate back-up, recovery, and contingency plans are operating policy weaknesses Answer (D) is incorrect because Copyright violations represent policy or compliance problems [1453]Which of the following operating procedures increases an organization’s exposure to computer viruses? A B C D Encryption of data files Frequent backup of files Downloading public-domain software from websites Installing original copies of purchased software on hard disk drives Answer (A) is incorrect because Viruses are spread through the distribution of contaminated programs Answer (B) is incorrect because Backing up files does not increase the chances of a virus entering the computer system Answer (C) is correct Viruses are spread through shared data Downloading public-domain software carries a risk that contaminated data may enter the computer Answer (D) is incorrect because Original copies of purchased software on hard disk drives should be free of viruses [1454]An organization installed antivirus software on all its personal computers The software was designed to prevent initial infections, stop replication attempts, detect infections after their occurrence, mark affected system components, and remove viruses from infected components The major risk in relying on antivirus software is that antivirus software may A B C D Not detect certain viruses Make software installation overly complex Interfere with system operations Consume too many system resources Answer (A) is correct Antivirus software designed to identify and remove known viruses is sometimes known as a vaccine A vaccine works only for known viruses and may not be effective for variants of those viruses or new viruses Answer (B) is incorrect because Having antivirus software is unlikely to make software installation overly complex Copyright 2008 Gleim Publications, Inc Printed for Bahaa Hassan Page 728 Gleim CMA Test Prep: Part 1: Financial Planning, Performance, and Control (1481 questions) Answer (C) is incorrect because Antivirus software need not interfere with system operations Its execution can be scheduled in advance so as not to interfere with running programs Answer (D) is incorrect because Antivirus software can be set to execute at times when it would not consume too many system resources, e.g., at startup [1455]What is the best course of action to take if a program takes longer than usual to load or execute? A B C D Test the system by running a different application program Reboot the system Run antivirus software Back up the hard disk files to floppies Answer (A) is incorrect because Running a different program as a test may cause the virus to spread and additional damage Answer (B) is incorrect because Rebooting the system may cause the virus to spread and additional damage Answer (C) is correct The described condition is a symptom of a virus Many viruses will spread and cause additional damage Use of an appropriate antivirus program may identify and even eliminate a viral infection Ways to minimize computer virus risk in a networked system include restricted access, regularly updated passwords, periodic testing of systems with virus detection software, and the use of anti-virus software on all shareware prior to introducing it into the network Answer (D) is incorrect because Backing up hard disk files may cause the virus to spread and additional damage [1456]Six months after a disgruntled systems programmer was fired and passwords disabled, the company’s largest server was brought to a halt when it suddenly erased all of its own files and software The most likely way the programmer accomplished this was by A B C D Returning to the computer center after months Planting a computer virus through the use of telephone access Having an accomplice in the computer center Implanting a virus in the operating system and executing it via a back door Answer (A) is incorrect because The programmer would most likely be denied access to the center Answer (B) is incorrect because The programmer would not know the necessary passwords Answer (C) is incorrect because Collusion is less likely than individual wrongdoing Answer (D) is correct Viruses are a form of computer sabotage They are programs hidden within other programs that have the capacity to duplicate themselves and infect other systems Sharing of storage media or participation in computer networks creates exposure to viruses Viruses may result in actions ranging from harmless pranks to erasure of files and programs A back door is a shortcut created in an operating system that permits a programmer simple access to the system [1457]Because of competitive pressures to be more responsive to their customers, some organizations have connected their internal personal computer networks through a host computer to outside networks A risk of this practice is that A B C D Viruses may gain entry to one or more company systems Uploaded files may not be properly edited and validated Data downloaded to the personal computers may not be sufficiently timely Software maintenance on the personal computers may become more costly Copyright 2008 Gleim Publications, Inc Printed for Bahaa Hassan Page 729 Gleim CMA Test Prep: Part 1: Financial Planning, Performance, and Control (1481 questions) Answer (A) is correct Viruses are harmful programs that disrupt memory and processing functions and may destroy data They spread from network to network, from infected diskettes, or from infected machines Hence, connecting all networked personal computers through a host computer to outside networks increases the exposure of all of a company’s computers to viruses Answer (B) is incorrect because Whether uploaded files are properly edited and validated is independent of whether external links to other networks exist Answer (C) is incorrect because Whether data downloaded to the personal computers is sufficiently timely is independent of whether external links to other networks exist Answer (D) is incorrect because Whether software maintenance on the personal computers becomes more costly is independent of whether external links to other networks exist [1458]Spoofing is one type of online activity used to launch malicious attacks Spoofing is A B C D Trying large numbers of letter and number combinations to access a network Eavesdropping on information sent by a user to the host computer of a website Accessing packets flowing through a network Identity misrepresentation in cyberspace Answer (A) is incorrect because A brute-force attack uses password cracking software to try large numbers of letter and number combinations to access a network Answer (B) is incorrect because Sniffing is use of software to eavesdrop on information sent by a user to the host computer of a website Answer (C) is incorrect because A man-in-the-middle attack takes advantage of network packet sniffing and routing and transport protocols to access packets flowing through a network Answer (D) is correct Passwords, user account numbers, and other information may be stolen using techniques such as Trojan horses, IP spoofing, and packet sniffers Spoofing is identity misrepresentation in cyberspace, for example, by using a false website to obtain information about visitors [1459]Attacks on computer networks may take many forms Which of the following uses the computers of innocent parties infected with Trojan horse programs? A B C D A distributed denial-of-service attack A man-in-the-middle attack A brute-force attack A password-cracking attack Answer (A) is correct A denial-of-service (DS) attack is an attempt to overload a system (e.g., a network or web server) with false messages so that it cannot function (a system crash) A distributed DS attack comes from multiple sources, for example, the machines of innocent parties infected by Trojan horses When activated, these programs send messages to the target and leave the connection open A DS may establish as many network connections as possible to exclude other users, overload primary memory, or corrupt file systems Answer (B) is incorrect because A man-in-the-middle attack takes advantage of network packet sniffing and routing and transport protocols to access packets flowing through a network Answer (C) is incorrect because A brute-force attack uses password cracking software to try large numbers of letter and number combinations to access a network Answer (D) is incorrect because Password-cracking software is used to access a network by using a large number of letter and number combinations Copyright 2008 Gleim Publications, Inc Printed for Bahaa Hassan Page 730 Gleim CMA Test Prep: Part 1: Financial Planning, Performance, and Control (1481 questions) [1460]An organization’s computer system should have an intrusion detection system (IDS) if it has external connections An IDS A B C D Must monitor every call on the system as it occurs May examine only packets with certain signatures Uses only knowledge-based detection Uses only behavior-based detection Answer (A) is incorrect because A host IDS provides maximum protection only when the software is installed on each computer It may operate in the following ways: The aggressive response is to monitor every call on the operating system and application as it occurs A less effective method of preventing attacks is analysis of access log files A host IDS may also identify questionable processes and verify the security of system files Answer (B) is correct A network IDS works by using sensors to examine packets traveling on the network Each sensor monitors only the segment of the network to which it is attached A packet is examined if it matches a signature String signatures (certain strings of text) are potential signs of attack Port signatures alert the IDS that a point subject to frequent intrusion attempts may be under attack A header signature is a suspicious combination in a packet header Answer (C) is incorrect because An IDS is not limited to knowledge-based detection Knowledge-based detection is based on information about the system’s weaknesses and searches for intrusions that take advantage of them Answer (D) is incorrect because An IDS is not limited to behavior-based detection Behavior-based detection presumes that an attack will cause an observable anomaly Actual and normal system behavior (a model of expected operations) are compared A discrepancy results in an alert [1461]An auditor reviews and adapts a systems flowchart to understand the flow of information in the processing of cash receipts The flowchart A B C D Depicts specific control procedures used, such as edit tests and batch control reconciliations Is a good guide to potential segregation of duties Is generally kept up to date for systems changes Depicts only computer processing, not manual processing Answer (A) is incorrect because A program flowchart will identify the specific edit tests implemented Answer (B) is correct Systems flowcharts are overall graphic analyses of the flow of data and the processing steps in an information system Accordingly, they can be used to represent segregation of duties and the transfer of data between different segments in the organization Answer (C) is incorrect because The flowcharts are usually not kept up to date for changes Thus, the auditor will have to interview key personnel to determine changes in processing since the flowchart was developed Answer (D) is incorrect because A systems flowchart should show both manual and computer processing Copyright 2008 Gleim Publications, Inc Printed for Bahaa Hassan Page 731 Gleim CMA Test Prep: Part 1: Financial Planning, Performance, and Control (1481 questions) [1462]In connection with the consideration of internal control, an auditor encounters the following flowcharting symbols: The auditor should conclude that a A B C D Master file has been created by a manual operation Master file has been created by a computer operation Document has been generated by a computer operation Document has been generated by a manual operation Answer (A) is incorrect because A master file is depicted by a parallelogram (input/output), or a symbol for the type of storage device used (e.g., magnetic tape or disk) Answer (B) is incorrect because A computer operation is depicted by a rectangle Answer (C) is incorrect because A computer operation is depicted by a rectangle Answer (D) is correct The symbol on the left represents a manual operation and the symbol on the right a document The arrow’s direction suggests that a document is prepared through a manual operation [1463]The graphic portrayal of the flow of data and the information processing of a system, including computer hardware, is best displayed in a A B C D Data-flow diagram System flowchart Gantt chart Program flowchart Answer (A) is incorrect because A data-flow diagram would show only the flow of data, not the total system Answer (B) is correct A system flowchart is a graphic analysis of a data processing application, usually prepared by a systems analyst The system flowchart is general and stresses flows of data, not computer program logic A program flowchart is a graphic representation of the detailed steps and logic of an individual computer program Answer (C) is incorrect because A Gantt chart is a bar chart used to monitor the progress of large projects Answer (D) is incorrect because A program flowchart shows only the details of a single program, not the entire computer system [1464]Which of the following is not an important aspect of a disaster recovery plan? A B C D A hot-site recovery system Automatic failover Focus on disaster prevention Data conversion operators Answer (A) is incorrect because A hot-site recovery system is an important aspect of a disaster recovery plan Answer (B) is incorrect because Automatic failover is an important aspect of a disaster recovery plan Answer (C) is incorrect because Focus on disaster prevention is an important aspect of a disaster recovery plan Copyright 2008 Gleim Publications, Inc Printed for Bahaa Hassan Page 732 Gleim CMA Test Prep: Part 1: Financial Planning, Performance, and Control (1481 questions) Answer (D) is correct A hot site is a service bureau that is immediately available for purposes of disaster recovery Failover is a backup operational mode used to make systems more fault-tolerant The functions of a system component (such as a processor, server, network, or database) are assumed by secondary system components when the primary component becomes unavailable through either failure or scheduled down time Failover is typically an integral part of mission-critical systems that must be constantly available It involves automatically offloading tasks to a standby system component so that the procedure is as seamless as possible to the end user Disaster prevention is also an important aspect of most disaster recovery plans However, data conversion operators are not part of a disaster recovery plan They perform the tasks of data preparation and transmission, for example, conversion of source data to magnetic disk or tape and entry of transactions from remote terminals [1465]A critical aspect of a disaster recovery plan is to be able to regain operational capability as soon as possible In order to accomplish this, an organization can have an arrangement with its computer hardware vendor to have a fully operational facility available that is configured to the user’s specific needs This is best known as a(n) A B C D Uninterruptible power system Parallel system Cold site Hot site Answer (A) is incorrect because An uninterruptible power system is a system that is fully protected by a generator or battery backup to prevent data destruction and downtime from electrical power outages Answer (B) is incorrect because A parallel system exists if a company maintains an identical system to the main system Answer (C) is incorrect because A cold site is a cheaper alternative to a hot site It is a shell facility suitable for the quick installation of computer equipment It provides a prebuilt, environmentally controlled area with raised flooring, electrical power, and appropriate plumbing Answer (D) is correct A disaster recovery plan may include a contract with an external contingency facility vendor Depending on the organization’s needs, the contingency facility may be a hot site or a cold site A hot site is an arrangement with a vendor for a fully operational facility that is configured to the user’s specific needs and that will be available within 24 hours A hot site may also be fixed or portable and is recommended for an organization that cannot afford for its computer system to be down for even one day Copyright 2008 Gleim Publications, Inc Printed for Bahaa Hassan Page 733 Gleim CMA Test Prep: Part 1: Financial Planning, Performance, and Control (1481 questions) [Fact Pattern #137] This flowchart depicts the processing of daily cash receipts for Rockmart Manufacturing Please note that some procedures are not shown in this flowchart [1466](Refers to Fact Pattern #137) The customer checks accompanied by the control tape (refer to symbol A) are A B C D Forwarded daily to the billing department for deposit Taken by the mail clerk to the bank for deposit daily Forwarded to the treasurer for deposit daily Accumulated for a week and then forwarded to the treasurer for deposit weekly Answer (A) is incorrect because Record keepers perform functions that should be separate from custody of assets Answer (B) is incorrect because The mail clerk should prepare a list of checks received before they are forwarded to the treasurer for deposit Answer (C) is correct Symbol A is a connector between a point on this flowchart and another part of the flowchart not shown The checks and the adding machine control tape should flow through symbol A to the treasurer’s office The treasurer is the custodian of funds and is responsible for deposit of daily receipts Copyright 2008 Gleim Publications, Inc Printed for Bahaa Hassan Page 734 Gleim CMA Test Prep: Part 1: Financial Planning, Performance, and Control (1481 questions) Answer (D) is incorrect because Daily receipts should be deposited intact daily and then reconciled with the bank deposit records Prompt deposit also safeguards assets and avoids loss of interest income [1467](Refers to Fact Pattern #137) What is the appropriate description that should be placed in symbol B? A B C D Keying and verifying Error correction Collation of remittance advices Batch processing Answer (A) is correct Because the figure below symbol B signifies magnetic tape, the operation represented by symbol B must be keying the information onto the tape Verifying the keyed data would also occur at this step Answer (B) is incorrect because Error correction occurs subsequently except for keying errors Answer (C) is incorrect because Collation has already occurred Answer (D) is incorrect because Batch processing describes the entire system [1468](Refers to Fact Pattern #137) The next action regarding the customer remittance advices (refer to symbol C) is to A B C D Discard them immediately File them daily by batch number Forward them to the internal audit department for internal review Forward them to the treasurer to compare with the monthly bank statement Answer (A) is incorrect because The documents should be kept for reference and audit Answer (B) is correct All activity with respect to the paper documents most likely ceases at symbol C Accordingly, the batched documents must be filed Answer (C) is incorrect because Internal auditors cannot feasibly review all documents regarding transactions even in an audit Answer (D) is incorrect because Comparison by the treasurer would be inappropriate (S)he has custody of cash [1469](Refers to Fact Pattern #137) What is the appropriate description that should be placed in symbol D? A B C D Attach batch total to report and file Reconcile cash balances Compare batch total and correct as necessary Proof report Answer (A) is incorrect because No filing symbol is given Answer (B) is incorrect because The flowchart concerns daily receipts, not the reconciliation of cash balances Answer (C) is correct This flowcharting symbol indicates a manual operation or offline process Because the input to this operation consists of an adding machine tape containing batch totals and a document containing summary information about the accounts receivable update and an error listing, the operation apparently involves comparing these items Copyright 2008 Gleim Publications, Inc Printed for Bahaa Hassan Page 735 Gleim CMA Test Prep: Part 1: Financial Planning, Performance, and Control (1481 questions) Answer (D) is incorrect because Symbol D indicates a comparison, not output in the form of a report [1470](Refers to Fact Pattern #137) What is the appropriate description that should be placed in symbol E? A B C D Accounts receivable master file Bad debts master file Remittance advice master file Cash projection file Answer (A) is correct The flowcharting figure at symbol E indicates magnetic disk storage Because it is an input and output for the daily computer processing of accounts receivable, it must be the accounts receivable master file Answer (B) is incorrect because Bad debts are not a part of processing daily receipts Answer (C) is incorrect because The remittance advice master file was not used for the daily accounts receivable run Answer (D) is incorrect because The cash projection file was not used for the daily accounts receivable run [1471]The normal sequence of documents and operations on a well-prepared systems flowchart is A B C D Top to bottom and left to right Bottom to top and left to right Top to bottom and right to left Bottom to top and right to left Answer (A) is correct The direction of flow in the normal sequence of documents and operations on a wellprepared systems flowchart is from top to bottom and from left to right Answer (B) is incorrect because The normal vertical movement is top to bottom Answer (C) is incorrect because The normal horizontal movement is left to right Answer (D) is incorrect because The normal sequence is top to bottom and left to right [1472]The diamond-shaped symbol is commonly used in flowcharting to show or represent a A B C D Process or a single step in a procedure or program Terminal output display Decision point, conditional testing, or branching Predefined process Answer (A) is incorrect because The rectangle is the appropriate symbol for a process or a single step in a procedure or program Answer (B) is incorrect because A terminal display is signified by a symbol similar to the shape of a cathode ray tube Answer (C) is correct Flowcharts illustrate in pictorial fashion the flow of data, documents, and/or operations in a system Flowcharts may summarize a system or present great detail, e.g., as found in program flowcharts According to the American National Standards Institute, the diamond-shaped symbol represents a decision point or test of a condition in a program flowchart, that is, the point at which a determination must be made as to which logic path (branch) to follow The diamond is also sometimes used in systems flowcharts Copyright 2008 Gleim Publications, Inc Printed for Bahaa Hassan Page 736 Gleim CMA Test Prep: Part 1: Financial Planning, Performance, and Control (1481 questions) Answer (D) is incorrect because A predefined processing step is represented by a rectangle with double lines on either side [1473]A company’s management is concerned about computer data eavesdropping and wants to maintain the confidentiality of its information as it is transmitted The company should utilize A B C D Data encryption Dial back systems Message acknowledgment procedures Password codes Answer (A) is correct The most effective preventive measure against unauthorized interception of data is encryption Encryption technology converts data into a code Unauthorized users may still be able to access the data, but without the encryption key, they will be unable to decode the information Encryption technology may be either hardware- or software-based Answer (B) is incorrect because Dial back systems are a primitive countermeasure that are only appropriate to oldstyle dialup modem connections Answer (C) is incorrect because Message acknowledgment procedures are a means only for affirming that a message has been received by the intended party; they not provide any means of alert in case of interception by an unintended party Answer (D) is incorrect because Password codes must be assigned and saved on specific systems; they are not applicable to ongoing electronic transmission [1474]An advantage of using systems flowcharts to document information about internal control instead of using internal control questionnaires is that systems flowcharts A B C D Identify internal control weaknesses more prominently Provide a visual depiction of clients’ activities Indicate whether control procedures are operating effectively Reduce the need to observe clients’ employees performing routine tasks Answer (A) is incorrect because A systems flowchart can present the flow of information and documents in a system, but does not specifically identify the weaknesses Answer (B) is correct Systems flowcharts provide a visual representation of a series of sequential processes, that is, of a flow of documents, data, and operations In many instances a flowchart is preferable to a questionnaire because a picture is usually more easily comprehended Answer (C) is incorrect because The flowchart does not provide evidence of how effectively the procedures are actually operating Answer (D) is incorrect because The flowchart is useful in documenting the understanding of control, but it does not reduce the need for observation of employees performing tasks if those tests of controls are deemed necessary [1475]When documenting the understanding of a client’s internal control, the independent auditor sometimes uses a systems flowchart, which can best be described as a A B C D Pictorial presentation of the flow of instructions in a client’s internal computer system Diagram that clearly indicates an organization’s internal reporting structure Graphic illustration of the flow of operations that is used to replace the auditor’s internal control questionnaire Symbolic representation of a system or series of sequential processes Copyright 2008 Gleim Publications, Inc Printed for Bahaa Hassan Page 737 Gleim CMA Test Prep: Part 1: Financial Planning, Performance, and Control (1481 questions) Answer (A) is incorrect because A pictorial presentation of the flow of instructions in a client’s internal computer system is a computer program flowchart Answer (B) is incorrect because The organizational chart depicts the client’s internal reporting structure Answer (C) is incorrect because A flowchart does not necessarily replace the auditor’s internal control questionnaire Controls beyond those depicted on the systems flowchart must also be considered by the auditor, and information obtained from the questionnaire may be used to develop the flowchart Answer (D) is correct A systems flowchart is a symbolic representation of the flow of documents and procedures through a series of steps in the accounting process of the client’s organization [1476]Which one of the following would most compromise the use of the grandfather-father-son principle of file retention as protection against loss or damage of master files? A B C D Use of magnetic tape Inadequate ventilation Storing of all files in one location Failure to encrypt data Answer (A) is incorrect because Magnetic tape is a sound, though slow, medium for the storage of backup files Answer (B) is incorrect because Inadequate ventilation, while undesirable, is not the most compromising of the choices Answer (C) is correct The offsite location where an organization’s computer backup files are kept must be temperature- and humidity-controlled and guarded against intrusion just as the main processing center is Just as important, it must be geographically remote enough from the site of the organization’s main operations that it would not be affected by the same natural disaster It does an organization no good to have sound backup procedures if the files are not accessible or have been destroyed Answer (D) is incorrect because If data will only be used on equipment owned by the organization and will not be transmitted over network lines, leaving it unencrypted will not compromise the soundness of backup-and-rotation procedures [1477]Of the techniques available to an auditor, which is the most valuable in providing a summary outline and overall description of the process of transactions in an information system? A B C D Transaction retrievals Test decks Software code comparisons Flowcharts Answer (A) is incorrect because Transaction retrievals are used to select items for testing and review Answer (B) is incorrect because Test decks are used to verify processing accuracy Answer (C) is incorrect because Software code comparisons are used to validate that programs in production correspond to an authorized copy of the software Answer (D) is correct Flowcharting is a useful tool for systems development as well as understanding the internal control structure A flowchart is a pictorial diagram of the definition, analysis, or solution of a problem in which symbols are used to represent operations, data flow, transactions, equipment, etc The processing is presented as sequential from the point of origin to final output distribution Processing usually flows from top to bottom and left to right in the flowchart Areas of responsibility (e.g., data processing or purchasing) are usually depicted in vertical columns or areas Copyright 2008 Gleim Publications, Inc Printed for Bahaa Hassan Page 738 Gleim CMA Test Prep: Part 1: Financial Planning, Performance, and Control (1481 questions) [1478]Confidential data can be securely transmitted over the Internet by using A B C D Single-use passwords Firewalls Encryption Digital signatures Answer (A) is incorrect because Single-use passwords are a tool for permitting one-time access to a system Answer (B) is incorrect because A firewall is a combination of hardware and software that separates an internal network from an external network and prevents passage of certain types of traffic Answer (C) is correct Encryption technology converts data into code Unauthorized users may still be able to access the data but, without the encryption key, they will be unable to decode the information Answer (D) is incorrect because A digital signature is a means of verifying electronically that a certain party was the one who sent a given message [1479]All of the following are examples of encryption techniques used for computer security except A B C D Public key Private key Primary key Authentication key Answer (A) is incorrect because Public key encryption is a type of encryption technology Answer (B) is incorrect because Private key is a type of encryption technology Answer (C) is correct A primary key is a unique identifier for a data record Primary keys are used extensively in database processing Answer (D) is incorrect because An authentication key is a tool for assuring that a piece of encoded software can be unlocked by a legitimate user [1480]When attempting to restore computing facilities at an alternate site following a disaster, which one of the following should be restored first? A B C D Online system Batch system Operating system Decision support system Answer (A) is incorrect because An online system is a type of application that cannot be loaded until the operating system is up and running Answer (B) is incorrect because A batch system is a type of application that cannot be loaded until the operating system is up and running Answer (C) is correct The operating system is the “mind” of the computer It manages the communications between the different hardware components making up the system and manages the flow of data into and out of the system Before any processing can be done, it must be up and running Answer (D) is incorrect because A decision support system is a type of application that cannot be loaded until the operating system is up and running Copyright 2008 Gleim Publications, Inc Printed for Bahaa Hassan Page 739 Gleim CMA Test Prep: Part 1: Financial Planning, Performance, and Control (1481 questions) [1481]The IT team of a company created a disaster recovery plan for their employer The plan includes several versions of backups of data and systems, including at least one copy kept off site The plan also includes an off-site location selected for its reduced chance of natural disasters like floods and hurricanes This location is guarded by a security service The IT manager has a copy of the plan at home, and the plan is regularly tested Select the statement below that best describes the plan A The disaster recovery plan has everything required because the company can access the data backups and continue processing B The disaster plan needs to ensure that there are copies of the disaster recovery plan accessible on the computer system C The disaster recovery plan needs to include a disaster recovery site that is a hot or cold site with necessary capabilities D The disaster recovery plan needs to include instructions for appointing a recovery team when a disaster occurs Answer (A) is incorrect because There are no instructions for appointing a recovery team when a disaster occurs Answer (B) is incorrect because The disaster plan is likely on the computer system, and the IT manager has a copy at home; this is not a pressing concern Answer (C) is incorrect because An off-site location is already maintained; this concern is oblivious to the facts stated in the question Answer (D) is correct A disaster recovery plan should include instructions for appointing a recovery team Especially in larger disasters, personnel may be indefinitely unavailable, rendering preconceived recovery team structures useless if no other authority exists for determining the makeup of the disaster recovery team Copyright 2008 Gleim Publications, Inc Printed for Bahaa Hassan Page 740 ... Year Sep Year Oct Year $1, 500,000 $1, 650,000 $1, 600,000 $1, 550,000 $1, 650,000 $1, 500,000 $1, 400,000 $1, 300,000 $1, 650,000 $1, 000,000 $1, 400,000 $1, 600,000 4.5 2.5 3.0 2.5 1. 5 4.0 2.5 3.5 5.5 4.5... 65,000 $1, 275,000 Marketing costs: Advertising Sales salaries Commissions Shipping costs $ 19 0,000 20,000 23,000 93,000 $ 200,000 20,000 24,000 10 0,000 $ 19 0,000 21, 000 26,600 11 4,000 $ 19 0,000 21, 000... Publications, Inc Printed for Bahaa Hassan $1, 000,000 600,000 $1, 600,000 ÷ 200,000 $ Page 15 Gleim CMA Test Prep: Part 1: Financial Planning, Performance, and Control (14 81 questions) [38] Management accounting