ACCT4540/5540 – Fall 2009 Final Exam 30 Points
Your Name:
Your Team Lead’s Name:
Honor Code Pledge:
‘On my honor as a University of Colorado at Boulder student, I have neither given nor received unauthorized assistance on this work.’
Your Signature:
Your test will be assessed against your knowledge of our reading assignments, class discussions and your project work. Individual grades will be determined based on the above, and in comparison to your peers’ work. The quality of your writing will be an important component of your overall grade.
1 Multiple Choice Questions ½ point each (7 points total)
1. In the current electronic business environment,
a. Open technology standards for information systems are not an important part of the decision-making process.
b. Mainframe systems are replacing distributed systems.
c. Storage capacity has kept pace with gains in processing speeds.
d. Wireless communications systems have not yet made significant inroads.
2. By storing software applications as ______, there is a risk that unauthorized users could make changes to it.
a. Magnetic tape
b. Object code
c. Utility programs
d. Source code
3. Which of the following security controls is least likely to prevent unauthorized access to sensitive data via an attended workstation connected to the company server through a public wireless network?
a. Encryption of data being transmitted.
b. VPN.
c. Encryption of data files stored on the company server.
d. Username and password to login to the company server.
4. Which one of the following input validation routines is appropriate in a real-time operation?
a. Job schedule.
b. Completeness check.
c. Sequence check.
2 d. Batch total.
5. Which of the following is not an advantage of a database (server) architecture?
a. Data redundancy can be reduced.
b. Conversion to a database system helps consolidate multiple systems data requirements in one place.
c. Multiple occurrences of the same data items are useful for data integrity and internal control.
d. Backup and recovery procedures are easier to perform.
6. The process of monitoring, evaluating and modifying a system as needed is referred to as
a. System analysis.
b. System feasibility study.
c. System maintenance.
d. System implementation.
7. The process of developing specifications for hardware, software, manpower, data resources and information products required to develop a system is referred to as
a. System analysis.
b. System feasibility study.
c. System maintenance.
d. System design.
8. The process of learning how the current system functions, determining the needs of users and developing the logical requirements of a proposed system is referred to as
a. System analysis.
b. System feasibility study.
c. System maintenance.
3 d. System design.
9. Which if the following is the riskiest method of converting from an existing system to a new system?
a. Direct cutover method.
b. Parallel method.
c. Prototype method.
d. Phased method.
10. In an accounts payable system, an auditor discovered that executable modules are inconsistent with their design specifications. What was the most likely cause of this inconsistency?
a. Requiring updating of an executable module from a compilation of the authorized source code.
b. Enforcing the use of separate development and production libraries.
c. Allowing system programmers to make updates to the production libraries.
d. Installing access control procedures for source code libraries.
11. Innovations in IT increase the importance of risk management because
a. The objective of complete security is not attainable in the next ten years.
b. Information system security is not subject to new threats.
c. Controls in place that mitigate current risks, may not be effective for future risks.
d. The use of a VPN guarantees network security.
12. Using the balanced scorecard approach, an organization evaluates managerial performance based on
a. A single, ultimate measure of operating results, such as residual income.
4 b. Measures such as profitability and employee turnover.
c. Measures such as employee turnover and client satisfaction.
d. Multiple financial measures.
13. Which of the following is the least important reason organizations develop contingency plans for their computer based information systems operations?
a. To ensure that they will be able to process vital transactions in the event of a disaster.
b. To ensure the safety of important records.
c. To help hold down the cost of insurance.
d. To plan for sources of capital for recovery from any type of disaster.
14. Which of the following risks is more likely to be encountered in an end user computing environment as compared with a mainframe computer system?
a. Users who are unfamiliar with the applications being used.
b. User input screens with a graphical user interface (GUI).
c. Applications that have had significant input from the end-users in their design.
d. Applications that have not been rigorously tested.
Essay Question (23 points total): When completing this section, make sure to provide a number of specific examples from your project. Use only the numbered paper provided.
1. Using the strategy, people, process and technology model discussed in class, answer the following questions:
a. Define strategy, people, process and technology.
b. Describe how your project addressed strategy, people, process and technology.
c. Describe how strategy, people, process and technology relate to one another for your project.
d. Whenever you use terminology from our AIS terminology discussion, make sure to highlight these in your answer by circling the word used.
5 6 7 8