CONFIDENTIAL 1 AC/JULY2020/AIS615

UNIVERSITI TEKNOLOGI MARA

FINAL EXAMINATION

COURSE : ACCOUNTING INFORMATION SYSTEMS

COURSE CODE : AIS615
EXAMINATION : JULY 2020
TIME : 1 HOUR 30 MINUTES

INSTRUCTIONS TO CANDIDATES

1. This question paper consists of (27) questions.

2. Answer ALL questions in the Answer Booklet. Start each answer on a new page.

3. Do not bring any material into the examination room unless permission is given by the
invigilator.

4. Please check to make sure that this examination pack consists of :

i) the Question Paper

ii) a two-page Appendix 1
iii) an Answer Booklet – provided by the Faculty

5. Answer ALL questions in English.

© Hak Cipta Universiti Teknologi MARA CONFIDENTIAL

CONFIDENTIAL 2 AC/JULY2020/AIS615

DO NOT TURN THIS PAGE UNTIL YOU ARE TOLD TO DO SO

This examination paper consists of 8 printed pages

© Hak Cipta Universiti Teknologi MARA CONFIDENTIAL

CONFIDENTIAL 3 AC/JULY2020/AIS615

PART A

1. Define the aim of establishing internal control.

A. Safeguard the resources of the organization
B. Provide reasonable assurance that the objectives of the organization are
achieved
C. Encourage compliance with organizational objectives
D. Ensure the accuracy, reliability, and timeliness of information

2. Deficiencies in an internal control system must be reported for corrective action. This
statement describes the component of ________ in COSO’s Internal Control Model.
A. control environment
B. control activities
C. risk assessment
D. monitoring

3. The following related to the key methods of monitoring performance, except

A. Track purchased software and mobile devices
B. Implement effective supervision such as training employees.
C. Determine cost or benefit effectiveness of events
D. Employ a computer security officer to manage the system security.

4. Which of the items below is not implementing an internal control monitoring?

A. Management regularly compares divisional performance with budgets for the
division
B. Data processing management regularly generates exception reports for unusual
transactions or volumes of transactions and follows up with investigation as to
cause
C. Data processing management regularly reconciles batch control of the processed
items with batch controls of the submitted items
D. Management has asked internal auditing to perform regular audits of the controls
over cash processing

5. Which of the following is not presenting the weakness of COSO’s Internal Control
Framework?
A. Examined controls without first addressing purposes and risks of business
processes
B. Existing internal control systems often have controls that protect against items
that are no longer risks or are no longer important
C. Focusing on controls first has an inherent bias toward past problems and
concerns
D. The framework is very rigid and failed to provide precise guidance to the
corporation

6. Determine which of the following statements about the monitoring process is false?
A. The organizations do not have to report any deficiencies of the internal control
system to the board of directors.
B. All system transactions and activities should be recorded in a log that indicates
who accessed what data, when and from which online device.
C. Companies should periodically conduct software audits to comply with copyrights.

© Hak Cipta Universiti Teknologi MARA CONFIDENTIAL

CONFIDENTIAL 4 AC/JULY2020/AIS615

D. Fraud hotline refers to a phone number that employee can call to anonymously
report fraud and abuse.

7. A direct or matrix reporting relationship is recommended to reduce multi-layered

reporting. This relate to __________ aspect of internal environment
A. organizational structure
B. methods of assigning authority and responsibility
C. management philosophy and operating style
D. commitment to competence

8. Select which of the following is not a source of concern with regards to a public
cloud.
A. Efficiency
B. Confidentiality
C. Availability
D. Privacy

9. The time-based model of information security is defined as:

A. Time it takes an attacker to break through the various controls of a corporation
B. Time it takes for the organization to detect an attack.
C. Time it takes an attacker to understand the various controls that protect the
organization’s information assets
D. Time it takes for the organization to prevent an attack

10. Trust Services Framework relates that the confidentiality of organizational sensitive
information is achieved when the system produces data that _________.
A. is protected from unauthorized disclosure
B. is available for operation and use at times set forth by agreement.
C. is protected against unauthorized physical and logical access.
D. data are processed accurately, completely, in a timely manner, and only with
proper authorization.

11. The network administration of Cat Texh Valley, was informed that the intrusion
detection system had identified an ongoing attempt to breach network security.
However, the administrator was able to block and stop the attack of the hacker on
time. Using the notation for the time-based model of security, it displays that
A. D > P
B. P > D
C. P > C
D. C > P

12. Anti-spyware software that automatically checks and cleans all detected spyware on
an employee's computer as part of the logon process for accessing a company's
information system are executing _____________.
A. Preventative and Detective controls
B. Detective and Corrective controls
C. Preventative and Corrective controls
D. Preventative, Corrective and Detective controls

13. An organisation can apply ______________ to issue alert and automatically stop
attack into the network. This applies
© Hak Cipta Universiti Teknologi MARA CONFIDENTIAL
CONFIDENTIAL 5 AC/JULY2020/AIS615

A. intrusion prevention system

B. intrusion detection system
C. patch management
D. vulnerability scanners

14. Which one of the following is not describing the meaning of privacy?
A. It is a principle closely related to the confidentiality principle
B. Privacy principle is focusing on the organizational data perspectives
C. Consists of privacy controls and privacy concerns
D. Identity theft is one of the privacy-related issue for economic gain

15. Identify the function of virtual private network (VPNS).

I. Secure network without associated costs of leased telephone lines,
satellites and other communication equipment
II. Protect the confidentiality and privacy of data and information
III. Encrypt the information within the system and transit over the Internet
IV. Ensure the sensitive information is exchanged securely
V. Provide proof of its identity
A. I, II, IV & V
B. I, III, IV & V
C. I, II, III & IV
D. I, II, III, IV & V

16. In the process to apply digital signature for confidential document, the creator will
generate a hash of the file and continue to encrypt that hash using private key.
However, if the two hashes do not match with each other, this situation can be
explained due to______
A. The creator of the file forgot to sign digitally
B. Document created by the creator without encryption
C. Hashing algorithm is not attached by the creator
D. File created by the sender was corrupted during transmission

17. This application provides an additional layer of protection to sensitive information that
is stored in digital format and offering the capability to limit access to specific files or
documents. It also specifies the actions that can be performed by individuals who has
been granted access to that resource. Choose the relevant answer.
A. Anti-virus software.
B. Data loss prevention software.
C. A digital watermark.
D. Information rights software.

18. Ameena wants to send an encrypted document to Kareem as an email attachment. If

Ameena wants to securely send Kareem the key to decrypt the document, Ameena
should choose to
A. Encrypt the key using Ameena's public asymmetric key.
B. Encrypt the key using Ameena's private asymmetric key.
C. Encrypt the key using Kareeem's public asymmetric key.
D. Encrypt the key using Kareem's private asymmetric key.

19. Determine the correct statement for digital signature.

(i) To tie an electronic message to the sender’s identity.
© Hak Cipta Universiti Teknologi MARA CONFIDENTIAL
CONFIDENTIAL 6 AC/JULY2020/AIS615

(ii) For non-repudiation of communication by a sender.

(iii) To provide that a message was sent by the sender in a court of law.
(iv) In all e-mail transactions.

A. (i) and (ii)

B. (i), (ii), (iii)
C. (ii), (iii), (iv)
D. All the above

20. Identify the process that would not be run when the user wants to compute the
numeric values for batch of input record.
A. Sums a nonfinancial numeric field
B. Sums a field that contains monetary values
C. Sums a field that provides non-monetary values
D. Number of records in a batch

21. It is not unusual for business to limit the credit term of every sales order submitted by
the customer. Identify the purpose of this control.
A. Perform size of data fit into the assigned field
B. Test the limit check for numerical amount
C. Compares the ID code for validity check
D. Determines the correctness using reasonableness test

22. Izreen, as an employee for Ganggang Bhd. is worrying about her data files storage
management that might be corrupted due to the absence of the business controls in
the information system activities. Due to that, she plans to copy all changes that have
been made from the last full backup to avoid more serious problem. In this case,
what implementation can be done to avoid this issue?
A. She must apply incremental backup for all files
B. She need to run differential backup process
C. She need to design backup procedures by designing a database
D. She must perform the recovery operations for all data

23. UbunUbin Sdn. Bhd. which is based in Malaysia facing massive losses of customer
data at their Akita branch due to the recent earthquake in Japan. The management
decided to have a future recovery plan to adopt a simultaneous data sharing in both
countries using online data backup and data updates for each transaction occurs.
The business also plans to establish two or more databases with separate data
centres handling the data management. Choose the relevant organization plan that
displays this scenario.
A. Adopt incremental backup for all files
B. Run the disaster recovery plan for overall system
C. Perform real-time mirroring procedure
D. Establish recovery and resumption of normal operations

24. The Mamuz online shopping company practices cash payment for its sales by using
online payment method. Every day, the revenue clearing account is debited by the
total of cash receipts and credited by the total of its internet sales. This is the
application of
A. data integrity test.
B. zero-balance test.
© Hak Cipta Universiti Teknologi MARA CONFIDENTIAL
CONFIDENTIAL 7 AC/JULY2020/AIS615

C. trial balance audit.

D. cross-footing balance test.

25. A friend from a similar industry asked you.” Is it a best practice for your company to
periodically restoring a system from its backup files?” Choose the correct response.
A. ” No, doing so might introduce errors into the system's data.”
B. “No, doing so takes the system offline and prevents customers from being able to
access the system.”
C. “Yes, doing so verifies the procedure and backup media are working correctly.”
D. “Yes, doing so improves the efficiency of the system.”

(Total:25 marks)

© Hak Cipta Universiti Teknologi MARA CONFIDENTIAL

CONFIDENTIAL 8 AC/JULY2020/AIS615

PART B

QUESTION 1

Pintar Bestari Sdn Bhd recently purchased over RM1 million worth of office equipment under
its “special ordering” system, with individual orders ranging from RM500 to RM5000. Special
orders are for low volume items that have been included in an authorized users’ budget. As
part of their annual budget, department heads request equipment and specify estimated
cost.

The special ordering system functions as follows: Upon receiving a purchase requisition,
purchasing department verifies that the requester is indeed a department head. The
purchasing department next selects the appropriate supplier by searching the various
catalogs on file.

The purchasing department, then phones the supplier, requests a price quote and places a
verbal order. A prenumbered purchase order is processed, with the original sent to the
supplier and copies to the department head, receiving and account payable. One copy is
also filed in the open-requisition file. When the receiving department verbally informs the
purchasing department that the item has been received, the purchase order is transferred
from the open to the closed file. Once a month, the purchasing department reviews the open
file for follow up purposes.

The receiving department gets a copy of each purchase order. When the equipment is
received, that copy of the purchase order is stamped with date and noted with red ink if there
are any differences between the quantity ordered and quantity received. The receiving clerk
then forwarded the stamped purchase order and equipment to the requisitioning department
head and verbally informs the purchasing department that the equipment was received.
Upon receipt of purchase order, the account payable clerk files it in the open purchase order
file.

When the supplier invoice is received, it is matched with the applicable purchase order, and
a payable is created by debiting the requisitioning department’s equipment account. Unpaid
invoices are filed by due date. On the due date, a cheque is prepared and forwarded to the
treasurer for signature. The invoice and purchase order are then filed by purchase order
number in the paid invoice file. Cheques received daily from the accounts payable clerk are
sorted into two groups: those over and those under RM3000. Cheques for less than RM3000
are machine signed. The cashier maintains the cheque signature machine’s key and the
signature plate and monitors its use. For cheque amounting more than RM3000 are signed
by the cashier and the treasurer.

Required:

© Hak Cipta Universiti Teknologi MARA CONFIDENTIAL

CONFIDENTIAL 9 AC/JULY2020/AIS615

a. Discuss five (5) internal control weaknesses of Pintar Bestari Sdn Bhd purchasing
process and propose five (5) recommendations to improve the process of the
company. Your answers should be written in the following format:

Weaknesses Recommendations

(Total:15 marks)

QUESTION 2

(a) CORONO Sdn. Bhd. involves in manufacturing sport shoes. The production process
is initiated from the marketing department through the sales forecast and an inventory
status report. Then, the Production Planning department clerk prepares a master
production schedule (MPS) that detailed out which sport shoe styles and quantities are
to be produced during the next week.

Subsequently, the department clerk reconciles an operation list from the operation list
file, bill of material record from the bill of material file with the master production
schedule in order to prepare a production order for the required sport shoes to be
manufactured. Upon completion of the process, any new production order is updated
in the open production order master file.

The production order is used as the formal document to continue with production.
During the operation process, the department clerks review the production orders to
determine which materials need to be released to production from the storeroom. All
materials are bar-coded. Factory workers scan the bar-codes as they use the
materials. To operate a machine, the factory workers swipe their ID badge through a
reader. This results in the system automatically collecting data identifying who
produced each pair of shoes and how much time it took to make them. The information
is updated in the open production order file, and employee file.

Once a pair of shoes is finished, it is placed in a box. The last machine in each work
cell prints a bar-code label that the worker affixes to the box. The completed shoes are
then sent to the warehouse.

Illustrate Data flow Diagram (DFD) for Corono Sdn. Bhd.

(5 marks)

(b) Manufacturing companies require continuous innovation and continuous improvement

in order to cope with global competition, as well as to achieve a world class status
company.
Discuss any five (5) features characteristic needed by the manufacturer to become a
world-class company.

© Hak Cipta Universiti Teknologi MARA CONFIDENTIAL

CONFIDENTIAL 10 AC/JULY2020/AIS615

(5 marks)
(Total:10 marks)

END OF QUESTION PAPER

© Hak Cipta Universiti Teknologi MARA CONFIDENTIAL