How does data differ from information?
> Why is a private cloud less risky than a public cloud?
> How can a redundant array of independent disks (RAID) help protect the data of an organization?
> Why was there so much growth in the sales of ERP systems in the late 1990s?
> Describe how sales data is captured and recorded at a restaurant such as Applebee’s.
> Describe some recent news stories you have seen or heard regarding computer viruses.
> What is two factor authentication with regard to smart cards or security tokens?
> What are the factors that limit the effectiveness of internal controls?
> Provide examples of continuous monitoring and periodic monitoring.
> Many companies have mandatory vacation and periodic job rotation policies. Discuss how these practices can be useful in strengthening internal controls.
> Due to cost/benefit considerations, many business organizations are unable to achieve complete segregation of duties. What else could they do to minimize risks?
> Name the COSO report’s five internal control activities.
> Identify the COSO report’s five interrelated components of internal controls.
> How does documenting a system through a pictorial representation offer benefits?
> What are the objectives of a system of internal control?
> What is the underlying purpose of the restrictions on CPA firms in Section 201 of the Sarbanes–Oxley Act?
> Is there a difference between ethical obligations and legal obligations with regard to online privacy?
> What are some of the ethical obligations of companies related to e-commerce?
> In what ways are XBRL financial statements advantageous compared with traditional paper financial statements?
> Why is the use of XML advantageous in Internet EDI?
> What types of controls should be used to properly limit access in intranets and extranets?
> Which type of users should have access to an extranet?
> Which type of users should have access to an intranet?
> What are the three levels of network platforms that are utilized in e-business, and which groups use each level?
> How are activities in the supply chain interdependent?
> Which functions within the supply chain can be enhanced through the use of e-business?
> There are four methods of system conversion: parallel, direct cutover, pilot, and phase‐in. Describe these four methods and how they differ.
> Why is it important to ensure an efficient flow of goods throughout the supply chain?
> Describe the concept of a supply chain.
> What is meant by “monitoring and enforcement” regarding online privacy practices?
> If you could condense the ten areas of Online Privacy in the AICPA Trust Services Principles, into a shorter list (three-, four-, or five-point list), how would you word that list?
> According to the Online Privacy section of the AICPA Trust Services Principles, what types of personal information should be protected?
> What are the differences between bricks-and mortar retailers and clicks-and-mortar retailers?
> Which types of costs can be reduced when a company decides to engage in B2C e-commerce on the Internet?
> How quickly did Internet usage by the public grow after the Internet was opened to business transactions in 1994?
> Why is a standard protocol necessary in computer networks?
> Why was ARPANET designed with many different alternative routes for network traffic?
> Describe the purpose of business process reengineering during the system analysis phase.
> What was the original purpose of the network of computers that eventually became the Internet?
> Why is data considered a valuable resource worthy of extensive protection?
> What are the first three rules of normalization? What is meant by the statement that the rules of normalization are additive?
> Which type of database model has the most flexibility for querying? How does this flexibility assist management?
> What language is used to access data from a relational database? Why is the language advantageous when accessing data?
> How is the primary key used in a relational database?
> Within a hierarchical database, what is the name for the built‐in linkages in data tables? Which data relationships can be contained in a hierarchical database?
> What four conditions are required for all types of databases?
> What is the term for the software program(s) that monitors and organizes the database and controls access and use of data? Describe how this software controls shared access.
> Differentiate between data redundancy and concurrency.
> Briefly explain a situation at your home, university, or job in which you think somebody used computers unethically. Be sure to include an explanation of why you think it was unethical.
> Which type of data storage medium is most appropriate when a single record of data must be accessed frequently and quickly?
> Explain the importance of full disclosure in source of capital processes.
> How do processes with large volumes of transactions make fraudulent behavior easier?
> How does time horizon affect the type of information in internal reports?
> In an IT accounting system, which IT controls ensure the security of the general ledger?
> How is a special journal different from a general journal?
> Why are internal controls less effective in capital and investment processes?
> How are IT systems potentially useful in monitoring funds flow?
> How does the specific authorization and management oversight of source of capital processes affect internal controls?
> Application controls include input, processing, and output controls. One type of input control is source document controls. Briefly explain the importance of each of the following source document controls: a. Form design b. Form authorization and contr
> How would you describe capital?
> When IT systems are used in conversion processes, what are some of the resulting advantages to the organization?
> Which three activities in the conversion process should require specific authorization before they are begun?
> Why would perpetual inventory records be preferable to periodic inventory records in a manufacturing company?
> What should be done when unfavorable variances are discovered?
> What is the purpose of determining standard costs?
> What is the purpose of the quality control department?
> What is the overall goal of the inventory control department?
> What is the purpose of an inventory status report?
> What are the conversion responsibilities of the maintenance and control, inventory control, inventory stores, and human resources departments?
> Explain the risk categories for cloud computing and how these risks may differ from a company that maintains its own IT hardware, software, and data.
> Differentiate between a routing slip and an inventory status report.
> What types of information must be taken into consideration when scheduling production?
> What are the two types of documents or reports that are likely to trigger the conversion process?
> Differentiate between the roles of the engineering and the research and development departments.
> Differentiate between a bill of materials and an operations list.
> Why are conversion activities typically considered routine data processes?
> Do conversion processes occur in manufacturing companies only? Why, or why not?
> What are the three resources that an organization must have to conduct a conversion (or transformation) process?
> How does the misclassification of fixed asset expenditures result in misstatement of financial statements?
> Why might a supervisor collude with an employee to falsify time cards?
> For each of the following parts of an IT system of a company, write a one‐sentence description of how unauthorized users could use this as an entry point: a. A local area network (LAN) b. A wireless network c. A telecommuting worker d. A company webs
> What negative things might occur if fixed asset software systems lacked appropriate access controls?
> Why is the beginning of a fiscal year the best time to implement a fixed asset software system?
> Explain why a real‐time update of fixed asset records might be preferable to batch processing of fixed asset changes.
> Why are some fixed assets susceptible to theft?
> Why is it important to conduct an investment analysis prior to the purchase of fixed assets?
> Fixed assets are purchased and retired frequently. Given this frequent change, why are clear accounting records of fixed assets necessary?
> What are the advantages of outsourcing payroll?
> What are the advantages of automated time keeping such as bar code readers, or ID badges that are swiped through a reader?
> Why do payroll processes result in sensitive information, and what is the sensitive information?
> Why is it important to use an independent paymaster to distribute paychecks?
> For each AICPA Trust Services Principles category shown, list a potential risk and a corresponding control that would lessen the risk. An example is provided. EXAMPLE Security: Risk: A hacker could alter data. Control: Use a firewall to limit unauthori
> What is the purpose of supervisory review of employee time cards?
> Explain the reasons for an organization having a separate bank account established for payroll.
> Why is it important that the human resources department maintain records authorizing the various deductions from an employee’s paycheck?
> Even though payroll and fixed asset processes may not be as routine as revenue processes, why are they just as important?
> What techniques can a company use to reveal problems concerning potential exposure to unauthorized access to its systems?
> Identify three ways that buyers and sellers may be linked electronically.
> Identify each category of risk that can be reduced by using authority tables, computer logs, passwords, and firewalls.
> What is typically the most time‐consuming aspect of the expenditures process?
> What paper document is eliminated when ERS is used?
