125 MCQ questions on topic Internal Control system control,Governence, Risk assessment,Control application

125 MCQ questions on topic Internal Control system control,Governence, Risk assessment,Control application.

Section A....

Internal Control and Risk Management

1. What is the primary objective of internal control?

A) To ensure profitability

B) To ensure compliance with laws and regulations

C) To provide reasonable assurance of achieving organizational objectives

D) To detect and prevent fraud

Answer:

2. Which of the following is a type of internal control?

A) Detective control

B) Preventive control

C) Corrective control

D) All of the above

Answer: 

3. What are the components of internal control?

A) Control environment, risk assessment, control activities, information and communication, monitoring

B) Control environment, risk assessment, control activities, information and communication

C) Control environment, risk assessment, control activities, monitoring

D) Control environment, risk assessment, information and communication, monitoring

Answer:

Types of Internal Control and Components

4. What is the purpose of a control environment?

A) To identify and assess risks

B) To design and implement control activities

C) To establish a culture of control and ethics

D) To monitor and report on internal control

Answer: 

5. What is a risk owner?

A) The person responsible for identifying and assessing risks

B) The person responsible for implementing control activities

C) The person responsible for monitoring and reporting on internal control

D) The person responsible for accepting and managing risks

Answer:

Internal Control Activation and Function

6. What is the first step in activating internal control?

A) Identifying and assessing risks

B) Designing and implementing control activities

C) Establishing a control environment

D) Monitoring and reporting on internal control

Answer: 

7. What is the function of control?

A) To prevent errors and irregularities

B) To detect errors and irregularities

C) To correct errors and irregularities

D) All of the above

Answer:

Efficient Operation of Internal Control

8. When is internal control considered to be efficiently operating?

A) When it provides reasonable assurance of achieving organizational objectives

B) When it detects and prevents all errors and irregularities

C) When it is designed and implemented effectively

D) When it is monitored and reported on regularly

Answer:

Inherent Limitations of Internal Control

9. What is an inherent limitation of internal control?

A) Human error

B) Collusion

C) Management override

D) All of the above

Answer:

Types of Control and Risk Management

10. What is application control?

A) Control over the development and implementation of applications

B) Control over the processing of transactions

C) Control over the storage and retrieval of data

D) Control over the security of applications

Answer:

11. What is input control?

A) Control over the input of data into a system

B) Control over the processing of transactions

C) Control over the output of data from a system

D) Control over the storage and retrieval of data

Answer: 

12. What is process control?

A) Control over the processing of transactions

B) Control over the input of data into a system

C) Control over the output of data from a system

D) Control over the storage and retrieval of data

Answer: 

13. What is general control?

A) Control over the overall IT environment

B) Control over specific applications

C) Control over the development and implementation of applications

D) Control over the security of applications

Answer: 

Design and Responsibility

14. Who designs control?

A) Management

B) Internal audit

C) External audit

D) Risk management

Answer: 

15. Who is responsible for risk management?

A) Board of directors

B) Management

C) Risk management department

D) Internal audit

Answer: 

Duties and Responsibilities

16. What is the duty of the board of directors?

A) To oversee the internal control system

B) To design and implement control activities

C) To monitor and report on internal control

D) To manage risk

Answer: 

17. What is the responsibility of the audit committee?

A) To oversee the internal audit function

B) To design and implement control activities

C) To monitor and report on internal control

D) To manage risk

Answer:

Frameworks and Regulations

18. What is COSO?

A) A framework for internal control

B) A framework for risk management

C) A regulation for corporate governance

D) A standard for auditing

Answer: 

19. What is COBIT?

A) A framework for IT governance

B) A framework for internal control

C) A regulation for corporate governance

D) A standard for auditing

Answer:

20. What is SOX?

A) A regulation for corporate governance

B) A framework for internal control

C) A framework for risk management

D) A standard for auditing

Answer: 

21. What is FCPA?

A) A regulation for foreign corrupt practices

B) A framework for internal control

C) A framework for risk management

D) A standard for auditing

Answer: 

Risk Management Concepts

22. What is risk tolerance?

A) The amount of risk an organization is willing to take

B) The amount of risk an organization can take

C) The amount of risk an organization should take

D) The amount of risk an organization must take

Answer: 

23. What is risk appetite?

A) The amount of risk an organization is willing to take

B) The amount of risk an organization can take

C) The amount of risk an organization should take

D) The amount of risk an organization must take

Answer: 

24. What is a risk map?

A) A tool for identifying and assessing risks

B) A tool for prioritizing risks

C) A tool for monitoring and reporting on risks

D) A tool for managing risks

Answer: 

25. What is a risk maturity model?

A) A model for assessing the maturity of an organization's risk management process

B) A model for identifying and assessing risks

C) A model for prioritizing risks

D) A model for monitoring and reporting on risks

Answer: 

Section B...

### Accounting Information Systems & Cycles

1. What is the primary function of an Accounting Information System (AIS)?

   a) Process data to provide information to users  

   b) Record financial transactions only  

   c) Manage payroll only  

   d) Prepare financial statements only  

   **Answer:** 

2. Which document initiates the revenue cycle?  

   a) Sales order  

   b) Purchase order  

   c) Invoice  

   d) Bill of lading  

   **Answer:** 

3. What document is primarily used to authorize shipments in the revenue cycle?  

   a) Bill of lading  

   b) Purchase order  

   c) Receiving report  

   d) Sales invoice  

   **Answer:** 

4. Which document starts the purchase cycle?  

   a) Sales order  

   b) Purchase requisition  

   c) Receiving report  

   d) Vendor invoice  

   **Answer:** 

5. In payroll cycle, what is the primary source document for recording hours worked by hourly employees?  

   a) Time cards  

   b) Pay stub  

   c) Employee contracts  

   d) Payroll register  

   **Answer:**

6. Which control is important in the payroll cycle to prevent fictitious employees?  

   a) Segregation of duties  

   b) Matching purchase orders  

   c) Invoice verification  

   d) Inventory count  

   **Answer:** 

### Risk Concepts and Management

7. Who is the primary risk owner in risk management?  

   a) The individual responsible for managing the risk  

   b) The auditor  

   c) Internal control personnel  

   d) External consultants  

   **Answer:** 

8. Which of the following is a deliverable of a risk management process?  

   a) Risk register  

   b) Financial statements  

   c) Payroll records  

   d) Audit invoices  

   **Answer:** 

9. Risk appetite is best described as:  

   a) The amount of risk an organization is willing to accept  

   b) The actual level of risk faced  

   c) Risks identified in a risk assessment  

   d) Risks mitigated through controls  

   **Answer:** 

10. Risk tolerance is defined as:  

    a) The acceptable level of variation around the risk appetite  

    b) The maximum loss possible  

    c) The number of risks an organization faces  

    d) Risks detected by audit  

    **Answer:**

11. What is a risk map used for?  

    a) Visual representation of risks by likelihood and impact  

    b) Listing controls  

    c) Identifying internal control weaknesses  

    d) Scheduling audits  

    **Answer:** 

12. What does a heat map illustrate in risk management?  

    a) Severity of risks by color coding  

    b) Process flows  

    c) Audit findings  

    d) Employee responsibilities  

    **Answer:**

13. The risk maturity model assesses:  

    a) The level of development and effectiveness of risk management processes  

    b) Financial stability  

    c) Internal audit quality  

    d) IT system maturity  

    **Answer:** 

### Types of Risks

14. Inherent risk is:  

    a) Risk before any controls are applied  

    b) Risk after controls are applied  

    c) Risk of controls failing  

    d) Risk undetected by auditors  

    **Answer:**

15. Control risk is:  

    a) Risk that controls will fail to prevent or detect a misstatement  

    b) Risk in the environment  

    c) Risk accepted by management  

    d) Auditor's risk  

    **Answer:**

16. Detection risk is:  

    a) Risk that audit procedures will not detect a material misstatement  

    b) Risk of fraud  

    c) Risk of operational loss  

    d) Risk of poor financial performance  

    **Answer:** 

17. Residual risk is:  

    a) Risk remaining after controls are applied  

    b) Risk inherent to the process  

    c) Risk accepted by the board  

    d) Risk that is transferred  

    **Answer:** 

### COSO and COBIT Frameworks

18. Which COSO component focuses on setting objectives and identifying risks?  

    a) Risk assessment  

    b) Control activities  

    c) Information and communication  

    d) Monitoring activities  

    **Answer:** 

19. The role of COBIT in IT governance is to:  

    a) Provide a framework for IT management and governance  

    b) Conduct financial audits  

    c) Develop software  

    d) Manage human resources  

    **Answer:** 

20. COSO’s five components include all except:  

    a) Risk assessment  

    b) Technology management  

    c) Control environment  

    d) Monitoring activities  

    **Answer:**

### Additional Questions on Cycles, Risk, and Controls

21. The primary goal of the revenue cycle is:  

    a) To deliver the right product at the right time to the right customer  

    b) To reduce purchase orders  

    c) To minimize payroll costs  

    d) To control financial reporting  

    **Answer:** 

22. A purchase requisition is used to:  

    a) Request goods or services internally  

    b) Pay vendors  

    c) Ship products to customers  

    d) Record payroll  

    **Answer:** 

23. Payroll register contains:  

    a) Details of employee wages and deductions  

    b) Purchase orders  

    c) Sales invoices  

    d) Inventory levels  

    **Answer:**

24. What is a key inherent limitation of any internal control system?  

    a) Human error and collusion  

    b) Technology failures only  

    c) Legislation compliance  

    d) Financial accounting standards  

    **Answer:** 

25. Segregation of duties helps prevent:  

    a) Fraud and errors  

    b) Payroll processing  

    c) Risk appetite setting  

    d) COSO implementation  

    **Answer:** 

26. Delivery documents in the purchase cycle include:  

    a) Receiving report  

    b) Sales invoice  

    c) Purchase order  

    d) Time card  

    **Answer:**

27. The term "control activities" in COSO refers to:  

    a) Policies and procedures that help ensure management directives are carried out  

    b) Financial statements  

    c) Risk transfer strategies  

    d) External audit reviews  

    **Answer:** 

28. Which is an example of residual risk?  

    a) Risk remaining after implementation of anti-fraud controls  

    b) Risk that exists before controls are applied  

    c) Risk identified by the auditor only  

    d) Risk transferred through insurance  

    **Answer:** 

29. A delivery note is used to:  

    a) Confirm goods received by the customer  

    b) Initiate purchase requisition  

    c) Record employee attendance  

    d) Authorize payment to vendors  

    **Answer:**

30. Which cycle includes activities involving hiring, payroll processing, and benefits administration?  

    a) Payroll cycle  

    b) Revenue cycle  

    c) Purchase cycle  

    d) Inventory cycle  

    **Answer:** 

31. An example of operational risk is:  

    a) System failure causing business disruption  

    b) Stock market decline  

    c) Legal penalties  

    d) Currency exchange risk  

    **Answer:** 

32. Risk appetite and risk tolerance are:  

    a) Related but risk tolerance is narrower than risk appetite  

    b) The same concept  

    c) Unrelated  

    d) Only relevant to auditors  

    **Answer:**

33. The main purpose of a risk heat map is to:  

    a) Prioritize risks for management focus  

    b) Document payroll transactions  

    c) Audit revenue transactions  

    d) Monitor purchase orders  

    **Answer:** 

34. The COSO internal control framework was first released in:  

    a) 1992  

    b) 2001  

    c) 2013  

    d) 1985  

    **Answer:** 

35. Which of the following is a component of the COSO ERM framework?  

    a) Governance and culture  

    b) Financial accounting  

    c) Human resources management  

    d) Supply chain management  

    **Answer:** 

36. Directive controls focus on:  

    a) Encouraging desired behaviors within a process  

    b) Detecting errors after occurrence  

    c) Preventing entry of transactions  

    d) External audit controls  

    **Answer:**

37. Which of these is a preventive control?  

    a) Authorization requirements  

    b) Reconciliations  

    c) Audits  

    d) Reviews  

    **Answer:** 

38. A detective control is designed to:  

    a) Identify errors or irregularities after they have occurred  

    b) Prevent fraud  

    c) Monitor employee performance  

    d) Mange IT security  

    **Answer:** 

39. Who is responsible for defining risk appetite?  

    a) Board of directors or senior management  

    b) Internal auditors  

    c) Staff accountants  

    d) External auditors  

    **Answer:** 

40. An example of a deliverable from a risk assessment process would be:  

    a) Risk register or risk report  

    b) Payroll summary  

    c) Purchase orders  

    d) Financial statements  

    **Answer:** 

41. Which document controls the flow of goods coming into a company?  

    a) Receiving report  

    b) Sales invoice  

    c) Sales order  

    d) Purchase requisition  

    **Answer:**

42. The primary focus of COBIT is:  

    a) IT governance and management  

    b) Internal audit process  

    c) Payroll control  

    d) Inventory management  

    **Answer:** 

43. The COSO control environment is best described as:  

    a) The foundation for all other components of internal control  

    b) A risk assessment procedure  

    c) An IT control framework  

    d) A compliance guideline  

    **Answer:** 

44. Risk capacity refers to:  

    a) The maximum amount of risk an organization can bear  

    b) Risk detected by audit  

    c) External risk factors  

    d) Risk transferred to insurers  

    **Answer:** 

45. Business continuity planning is a control designed to:  

    a) Ensure essential business operations during disruptions  

    b) Reduce payroll errors  

    c) Verify purchase orders  

    d) Manage financial reporting standards  

    **Answer:**

46. An example of financial risk is:  

    a) Credit risk from customer defaults  

    b) Employee fraud  

    c) IT system failures  

    d) Legal compliance risk  

    **Answer:** 

47. Which of these is an example of a residual risk treatment?  

    a) Risk acceptance after controls are applied  

    b) Initial risk identification  

    c) Risk transfer prior to controls  

    d) Auditing the risk process  

    **Answer:** 

48. What type of risk is most affected by changes in legislation?  

    a) Compliance risk  

    b) Operational risk  

    c) Strategic risk  

    d) Market risk  

    **Answer:** 

49. The risk management process includes all except:  

    a) Auditing financial statements  

    b) Risk identification  

    c) Risk assessment  

    d) Risk monitoring  

    **Answer:** 

50. A key characteristic of internal control is that it provides:  

    a) Reasonable, not absolute, assurance  

    b) Absolute assurance of risk elimination  

    c) Financial profitability  

    d) Continuous monitoring without gaps  

    **Answer:**

Section C...

📘 1–10: Accounting Information Systems Basics

1. Which of the following best describes an Accounting Information System (AIS)?

A. A system for recording only financial transactions

B. A system combining people, procedures, data, and IT to process accounting information

C. A manual system used for bookkeeping only

D. A software used for payroll

✅ Answer: 

---

2. The main output of an AIS is:

A. Financial statements and management reports

B. Data entry forms

C. Audit evidence only

D. Purchase orders only

✅ Answer:

---

3. The three major subsystems of AIS are:

A. Input, Process, Output

B. Transaction Processing, General Ledger/Reporting, and Management Reporting

C. Sales, Purchase, and Payroll

D. Hardware, Software, and People

✅ Answer: 

---

4. Which of the following is not a function of AIS?

A. Data collection

B. Data processing

C. Data destruction

D. Information output

✅ Answer: 

---

5. AIS supports internal control by:

A. Promoting segregation of duties

B. Encouraging data duplication

C. Allowing unauthorized access

D. Avoiding audit trails

✅ Answer: 

---

6. The primary objective of an AIS is to:

A. Reduce labor cost

B. Provide accurate and timely information

C. Store large volumes of data

D. Eliminate human errors completely

✅ Answer: 

---

7. Which document is used to record customer orders in AIS?

A. Invoice

B. Sales order

C. Purchase requisition

D. Goods receipt note

✅ Answer: 

---

8. The audit trail in AIS helps auditors:

A. Modify transactions

B. Trace transactions from source to output

C. Delete old records

D. Create new transactions

✅ Answer: 

---

9. Which of the following systems updates records immediately after each transaction?

A. Batch processing system

B. Real-time processing system

C. Periodic system

D. Sequential processing

✅ Answer: 

---

10. In a transaction processing system (TPS), the first step is:

A. Storing data

B. Processing data

C. Capturing data

D. Generating output

✅ Answer: 

---

🧾 11–20: Sales, Purchase, and Payroll Cycles

11. The first document prepared in the sales cycle is:

A. Invoice

B. Customer order

C. Bill of lading

D. Shipping notice

✅ Answer: 

---

12. The last step in the sales cycle is:

A. Shipment

B. Billing

C. Cash collection

D. Order entry

✅ Answer: 

---

13. In the purchase cycle, the process begins with:

A. Purchase order

B. Purchase requisition

C. Receiving report

D. Invoice

✅ Answer: 

---

14. In the payroll cycle, which document authorizes the payroll process?

A. Payroll register

B. Time card

C. Personnel action form

D. Paycheck

✅ Answer: 

---

15. Which document is used to verify goods received in the purchase cycle?

A. Goods receipt note (GRN)

B. Purchase order

C. Invoice

D. Material requisition

✅ Answer: 

---

16. The sales invoice is prepared based on:

A. Purchase order

B. Shipping document

C. Credit memo

D. Journal voucher

✅ Answer: 

---

17. Payroll cycle ends with:

A. Employee hiring

B. Distribution of paychecks

C. Recording journal entry

D. Time recording

✅ Answer: 

---

18. The primary control in payroll is:

A. Budgetary control

B. Authorization of employee records and pay rates

C. Verification of sales orders

D. Supplier reconciliation

✅ Answer: 

---

19. Which document triggers a payment to the supplier?

A. Invoice

B. Purchase order

C. Receiving report

D. Voucher package

✅ Answer: 

---

20. The voucher package consists of:

A. Purchase order, receiving report, supplier invoice

B. Purchase requisition, time card, payroll register

C. Sales order, invoice, receipt

D. Invoice, GRN, delivery challan

✅ Answer: 

---

💻 21–30: Documentation & Flowcharts

21. A data flow diagram (DFD) shows:

A. How data moves through a system

B. Physical movement of documents

C. Organizational hierarchy

D. Control flow in programming

✅ Answer: 

---

22. A system flowchart represents:

A. The sequence of program instructions

B. The physical and logical flow of data in AIS

C. Payroll cycle only

D. Accounting records only

✅ Answer: 

---

23. Document flowcharts focus on:

A. System controls

B. Movement of paper documents through departments

C. Data processing steps

D. Software code

✅ Answer: 

---

24. A control flowchart highlights:

A. Input/output devices

B. Control points within a system

C. Storage locations

D. Network architecture

✅ Answer: 

---

25. In a DFD, the symbol for a process is:

A. Rectangle

B. Circle or bubble

C. Arrow

D. Open-ended rectangle

✅ Answer: 

---

26. In a system flowchart, an arrow represents:

A. Flow of data or control

B. A process step

C. A decision

D. A document

✅ Answer: 

---

27. The triangle symbol in flowcharts often denotes:

A. Delay or storage

B. Decision

C. Process

D. Data input

✅ Answer: 

---

28. Which type of documentation best helps identify control weaknesses?

A. System flowchart

B. Data flow diagram

C. Program code

D. Organization chart

✅ Answer: 

---

29. DFD level 0 represents:

A. Context diagram

B. High-level system overview

C. Detailed process map

D. Flow of documents only

✅ Answer: 

---

30. The context diagram in DFD shows:

A. Internal system only

B. System boundaries and external entities

C. File storage

D. Decision logic

✅ Answer: 

---

⚙️ 31–40: Controls (Input, Process, Output, Application, General)

31. Input controls ensure:

A. Data is authorized, accurate, and complete before processing

B. Processing accuracy only

C. Data storage efficiency

D. System recovery after crash

✅ Answer: 

---

32. An example of an input control is:

A. Hash total

B. Exception report

C. Check digit verification

D. Both A and C

✅ Answer: 

---

33. Processing controls ensure:

A. Transactions are not lost or duplicated

B. Only valid data entered

C. Output is distributed correctly

D. Input data are accurate

✅ Answer: 

---

34. A run-to-run total is an example of:

A. Input control

B. Process control

C. Output control

D. Application control

✅ Answer: 

---

35. Output controls focus on:

A. Validity of printed or displayed information

B. Preventing unauthorized access to data

C. Backup and recovery

D. Input validation

✅ Answer: 

---

36. Application controls include:

A. Input, process, and output controls

B. Network and system software controls

C. Firewall and antivirus

D. Backup power supply

✅ Answer: 

---

37. General controls cover:

A. Overall IT environment controls

B. Specific application procedures

C. Payroll cycle only

D. Document authorization

✅ Answer: 

---

38. Examples of general controls include:

A. Password policies and access controls

B. Input edit checks

C. Output reconciliations

D. Batch totals

✅ Answer: 

---

39. A check digit is used to:

A. Verify data accuracy during input

B. Control report output

C. Record process flow

D. Validate document authorization

✅ Answer: 

---

40. Limit and range checks are types of:

A. Input validation controls

B. Process controls

C. Output controls

D. General controls

✅ Answer: 

---

🔐 41–50: System Security & Transaction Processing

41. The main purpose of transaction processing systems (TPS) is:

A. Decision making

B. Recording routine business transactions

C. Data mining

D. Forecasting

✅ Answer: 

---

42. In batch processing, transactions are:

A. Processed immediately

B. Collected and processed together later

C. Deleted after entry

D. Verified manually

✅ Answer: 

---

43. Real-time processing is most suitable for:

A. Payroll

B. Sales order entry

C. Month-end reports

D. Annual budgets

✅ Answer: 

---

44. Audit trail is an example of:

A. Detective control

B. Preventive control

C. Corrective control

D. Process control

✅ Answer: 

---

45. Backup procedures are part of:

A. Output control

B. General control

C. Application control

D. Input control

✅ Answer: 

---

46. Encryption in AIS is primarily a:

A. Physical control

B. Logical access control

C. Input control

D. Output control

✅ Answer: 

---

47. Exception reports are generated to:

A. Highlight unusual transactions

B. Show all transactions

C. Summarize payroll

D. Display all invoices

✅ Answer: 

---

48. Segregation of duties is an example of:

A. Preventive control

B. Detective control

C. Corrective control

D. Manual control only

✅ Answer:

---

49. Hash totals help in detecting:

A. Omitted or duplicate transactions

B. Fraudulent journal entries

C. Unauthorized reports

D. Access violations

✅ Answer: 

50. Disaster recovery plans (DRP) are designed to:

A. Ensure system recovery after major failures

B. Improve process speed

C. Eliminate user errors

D. Train new employees

✅ Answer: 

www.gmsisuccess.in

MCQ questions with answer on system control technology Data analytics etc

 Comprehensive 100 MCQ question covering System Controls, Security Measures, and Technology & Analytics (Section F, 25% weightage for 2025) — fully aligned with US CMA / CIA / CPA syllabus domains on IT controls, information systems, and analytics.

 

🧩 A. General Accounting System Controls (1–20)

1. Which of the following is a preventive control in an accounting system?

A. Bank reconciliation

B. Backup of data

C. Password authentication

D. Audit trail

✅ Answer: C

2. Segregation of duties aims to:

A. Reduce cost of control

B. Prevent fraud and errors

C. Increase employee efficiency

D. Improve data storage

✅ Answer: B

3. Which control ensures transactions are recorded accurately?

A. Processing control

B. Output control

C. Accuracy control

D. Input validation

✅ Answer: D

4. Limiting user access to financial modules is an example of:

A. Detective control

B. Preventive control

C. Corrective control

D. Compensating control

✅ Answer: B

5. Which of the following is a detective control?

A. Log review

B. Access restriction

C. Input validation

D. Firewall

✅ Answer: A

6. Physical access control in an accounting system includes:

A. Encryption

B. Password policy

C. Biometric entry

D. Data backup

✅ Answer: C

7. Which principle ensures accountability in system access?

A. Principle of Least Privilege

B. Principle of Segregation

C. Principle of Redundancy

D. Principle of Confidentiality

✅ Answer: A

8. A change management system ensures:

A. Faster processing

B. Controlled modification of system code

C. Increase in user privileges

D. Automatic backups

✅ Answer: B

9. System logs are primarily used for:

A. Backup recovery

B. Audit trails

C. Data storage

D. File transfer

✅ Answer: B

10. Which control prevents unauthorized changes to master files?

A. File integrity check

B. Data encryption

C. Password control

D. Change log review

✅ Answer: D

11. Which control type deals with system downtime?

A. Preventive

B. Corrective

C. Detective

D. Monitoring

✅ Answer: B

12. Authorization control ensures:

A. Only valid data are processed

B. Only authorized users can initiate transactions

C. All transactions are recorded

D. Transactions are duplicated

✅ Answer: B

13. Dual control refers to:

A. Two persons sharing one password

B. Two approvals required for high-value transactions

C. Two layers of encryption

D. Two audit logs

✅ Answer: B

14. Which control helps maintain confidentiality of accounting data?

A. Encryption

B. Backup

C. Output control

D. Authorization

✅ Answer: A

15. Control that ensures every transaction is processed only once:

A. Completeness control

B. Sequence check

C. Data reconciliation

D. Run-to-run total

✅ Answer: B

16. Which ensures accuracy during system upgrades?

A. Version control

B. Access control

C. Audit log

D. Firewall

✅ Answer: A

17. Password expiration policies are:

A. Preventive

B. Detective

C. Corrective

D. Directive

✅ Answer: A

18. Firewalls primarily control:

A. Internal fraud

B. Unauthorized network access

C. Data accuracy

D. Backup processes

✅ Answer: B

19. Input control examples include:

A. Hash totals

B. Batch totals

C. Sequence check

D. All of the above

✅ Answer: D

20. Audit trail is useful for:

A. Real-time prevention

B. Post-event analysis

C. Increasing speed

D. Automating backups

✅ Answer: B

 

🧩 B. Application and Transaction Controls (21–40)

21. Application controls are designed to:

A. Monitor hardware performance

B. Ensure integrity of data input, processing, and output

C. Manage network security

D. Handle system backups

✅ Answer: B

22. Which control verifies input completeness?

A. Limit test

B. Sequence check

C. Reasonableness test

D. Check digit verification

✅ Answer: B

23. Batch control totals are used to detect:

A. Unauthorized access

B. Processing errors

C. System downtime

D. Password misuse

✅ Answer: B

24. A system rejects entries where “Invoice Amount < 0.” This is:

A. Reasonableness test

B. Field check

C. Sign check

D. Sequence check

✅ Answer: C

25. Which ensures data accuracy in master files?

A. Control totals

B. Key verification

C. File protection

D. Audit log

✅ Answer: C

26. A control that flags transactions exceeding approval limits:

A. Limit check

B. Validity check

C. Sequence check

D. Range check

✅ Answer: A

27. Edit tests are typically applied:

A. During input

B. During processing

C. During output

D. During storage

✅ Answer: A

28. Run-to-run totals are used to verify:

A. Completeness of processing

B. Input validity

C. Access control

D. Data encryption

✅ Answer: A

29. Which ensures output is sent only to authorized users?

A. Output distribution log

B. Sequence check

C. Limit test

D. File protection

✅ Answer: A

30. Which is not an application control?

A. Input validation

B. File backup

C. Output review

D. Sequence check

✅ Answer: B

31. Control that prevents duplicate entries:

A. Sequence control

B. Duplicate check

C. Hash total

D. Limit check

✅ Answer: B

32. Cross-footing balances ensure:

A. Access security

B. Logical consistency between columns and totals

C. Audit trail clarity

D. Sequential numbering

✅ Answer: B

33. Which detects missing batch numbers?

A. Sequence check

B. Field check

C. Limit test

D. Reasonableness check

✅ Answer: A

34. Audit software used to test application control is called:

A. Expert system

B. Test data

C. Embedded audit module

D. CAAT

✅ Answer: D

35. Reconciliation is a type of:

A. Preventive control

B. Detective control

C. Corrective control

D. Redundant control

✅ Answer: B

36. Which control prevents incomplete transactions from posting?

A. Transaction completeness check

B. Range validation

C. Reasonableness test

D. Input matching

✅ Answer: A

37. Parallel simulation is used to:

A. Verify system outputs

B. Train employees

C. Backup data

D. Encrypt records

✅ Answer: A

38. Which is a processing control?

A. Limit check

B. Run-to-run control

C. Range check

D. Edit test

✅ Answer: B

39. System log review is an example of:

A. Application control

B. General control

C. Backup control

D. Continuity control

✅ Answer: B

40. Control ensuring totals match before and after processing:

A. Run-to-run total

B. Batch total

C. Hash total

D. Control total

✅ Answer: A

 

🧩 C. Network and Backup Controls (41–60)

41. Encryption ensures:

A. Availability

B. Integrity

C. Confidentiality

D. Auditability

✅ Answer: C

42. Firewall filters:

A. Outgoing messages only

B. Unauthorized network traffic

C. Data redundancy

D. Backup files

✅ Answer: B

43. Intrusion detection systems (IDS) are:

A. Preventive

B. Detective

C. Corrective

D. Compensating

✅ Answer: B

44. Redundant network paths improve:

A. Confidentiality

B. Availability

C. Accuracy

D. Integrity

✅ Answer: B

45. Network access control includes:

A. Biometric logins

B. Encryption

C. Firewall setup

D. All of the above

✅ Answer: D

46. VPNs secure data by:

A. Changing file format

B. Encrypting data between endpoints

C. Blocking viruses

D. Using backup servers

✅ Answer: B

47. Backup that saves only new or changed data since last full backup:

A. Differential backup

B. Incremental backup

C. Full backup

D. Snapshot backup

✅ Answer: B

48. Backup that copies all data each time:

A. Differential

B. Incremental

C. Full

D. Continuous

✅ Answer: C

49. Hot site means:

A. Backup site with all systems operational

B. Location for data archives only

C. Site for staff training

D. Offsite document storage

✅ Answer: A

50. Cold site means:

A. No hardware or software installed

B. Fully equipped data center

C. Automated failover system

D. Live backup

✅ Answer: A

### General Accounting System Controls

51

- A role-based access control (RBAC) limits file access based on user roles. What type of control is this?

  - A. Technical

  - B. Managerial

  - C. Operational

  - D. Physical  

  **Answer:** A. Technical [1]

52

- Monthly bank reconciliation is an example of which type of control?

  - A. Preventive

  - B. Detective

  - C. Corrective

  - D. Directive  

  **Answer:** B. Detective [2]

### Application and Transaction Controls

53

- What is the primary purpose of application controls?

  - A. Enforcing organizational policies

  - B. Ensuring individual transaction accuracy

  - C. Physical security of hardware

  - D. Network monitoring  

  **Answer:** B. Ensuring individual transaction accuracy [8]

54

- At which stage of the sales cycle would a company review a customer's creditworthiness?

  - A. Order processing

  - B. Dispatch

  - C. Payment

  - D. Reporting  

  **Answer:** A. Order processing [2]

55

- What control ensures only authorized transactions are processed?

  - A. Supervisory review

  - B. Access controls

  - C. Bank reconciliation

  - D. Environment controls  

  **Answer:** B. Access controls [8]

### Network Controls

56

- What is the main function of a network firewall?

  - A. Backing up data

  - B. Restricting illegal network traffic

  - C. Encrypting emails

  - D. Processing purchase orders  

  **Answer:** B. Restricting illegal network traffic [1][3]

57

- Log monitoring software that constantly examines network traffic is which type of control?

  - A. Detective

  - B. Preventive

  - C. Directive

  - D. Corrective  

  **Answer:** A. Detective [1]

### Backup Controls

58

- After a cyber incident, restoring systems from recent backups demonstrates which control?

  - A. Corrective

  - B. Preventive

  - C. Directive

  - D. Detective  

  **Answer:** A. Corrective [1][9]

59

- What is the role of regular backup procedures?

  - A. Prevent data loss

  - B. Detect unauthorized access

  - C. Monitor system uptime

  - D. Limit physical access  

  **Answer:** A. Prevent data loss [9]

### Business Continuity Planning

60

- What does a business continuity plan primarily ensure?

  - A. Regulatory compliance

  - B. Ongoing operations after disruptions

  - C. Financial reporting accuracy

  - D. Customer data encryption  

  **Answer:** B. Ongoing operations after disruptions 

  (Questions 61–100) covering:

• Business Continuity & Disaster Recovery Controls

• System Development Life Cycle (SDLC)

• Technology-Enabled Finance Transformation (RPA, AI, Cloud, Blockchain)

• Data Governance & Cybersecurity

• Data Analytics & Business Intelligence (BI)

 

🧩 D. Business Continuity & Disaster Recovery Controls (61–75)

61. The main goal of business continuity planning (BCP) is:

A. To protect profit margin

B. To ensure continued operations during disruptions

C. To reduce staff turnover

D. To improve marketing reach

✅ Answer: B

62. The first step in developing a BCP is:

A. Develop recovery strategies

B. Perform business impact analysis (BIA)

C. Test the plan

D. Train employees

✅ Answer: B

63. A disaster recovery plan (DRP) focuses primarily on:

A. Human resources continuity

B. IT infrastructure and data recovery

C. Financial forecasting

D. Vendor management

✅ Answer: B

64. Which of the following best defines RTO (Recovery Time Objective)?

A. Maximum tolerable data loss

B. Target time to restore operations after disruption

C. Time required for backups

D. Duration of normal downtime

✅ Answer: B

65. RPO (Recovery Point Objective) refers to:

A. Maximum time to restore systems

B. Maximum acceptable data loss measured in time

C. Backup cycle time

D. Service level agreement

✅ Answer: B

66. Which of these should be tested regularly?

A. DRP only

B. BCP only

C. Both DRP and BCP

D. Neither

✅ Answer: C

67. What is the purpose of an alternate site?

A. For data backup storage only

B. For continued processing during main site outage

C. For training auditors

D. For storing physical records

✅ Answer: B

68. Which BCP component ensures that essential staff know their responsibilities?

A. Business impact analysis

B. Communication plan

C. Crisis management plan

D. Employee roster

✅ Answer: C

69. The best control for preventing total data loss is:

A. Regular off-site backups

B. Password protection

C. Firewall configuration

D. Encryption

✅ Answer: A

70. Which of the following tests the full restoration process?

A. Tabletop test

B. Simulation test

C. Parallel test

D. Full-interruption test

✅ Answer: D

71. What is the role of insurance in BCP?

A. Prevent disasters

B. Recover financial losses

C. Back up data

D. Provide audit assurance

✅ Answer: B

72. The term single point of failure refers to:

A. One person responsible for all operations

B. A system component whose failure stops all processing

C. Incomplete transaction log

D. Backup duplication

✅ Answer: B

73. Which policy ensures data are stored safely and can be restored?

A. Data retention policy

B. Data classification policy

C. Access control policy

D. Password policy

✅ Answer: A

74. The primary responsibility for maintaining a BCP lies with:

A. IT department

B. Top management

C. Internal audit

D. System developers

✅ Answer: B

75. Which of the following should be included in a DRP?

A. Vendor contact list

B. Hardware inventory

C. Backup frequency

D. All of the above

✅ Answer: D

 

🧩 E. System Development Life Cycle (SDLC) & Finance Transformation (76–85)

76. The SDLC begins with which phase?

A. Implementation

B. Design

C. Planning

D. Testing

✅ Answer: C

77. The main objective of SDLC is:

A. To replace audit testing

B. To develop systems efficiently and securely

C. To document employee procedures

D. To ensure data backup

✅ Answer: B

78. A feasibility study is performed during:

A. Design phase

B. Planning phase

C. Implementation phase

D. Testing phase

✅ Answer: B

79. Which SDLC stage involves user acceptance testing (UAT)?

A. Development

B. Implementation

C. Design

D. Maintenance

✅ Answer: B

80. Change management in SDLC ensures:

A. Developers can modify code freely

B. All system changes are authorized and documented

C. Reduced audit trail

D. Deletion of obsolete data

✅ Answer: B

81. Which technology automates repetitive accounting tasks?

A. AI

B. RPA (Robotic Process Automation)

C. Blockchain

D. Big Data

✅ Answer: B

82. Cloud computing service that provides software via internet:

A. IaaS

B. PaaS

C. SaaS

D. DaaS

✅ Answer: C

83. Which of these is an advantage of using ERP systems?

A. Isolated data silos

B. Real-time integration of functions

C. Increased redundancy

D. Reduced internal controls

✅ Answer: B

84. Blockchain enhances system control by providing:

A. Centralized data control

B. Immutable transaction records

C. Encrypted passwords only

D. Reduced transparency

✅ Answer: B

85. Smart contracts operate on which principle?

A. Manual approval

B. Automatic execution when conditions are met

C. Periodic review

D. Legal override

✅ Answer: B

 

🧩 F. Data Governance & Cybersecurity (86–93)

86. Data governance primarily ensures:

A. Marketing effectiveness

B. Consistency, accuracy, and security of data

C. Data duplication

D. Randomized backups

✅ Answer: B

87. Which is the first stage of data governance life cycle?

A. Data disposal

B. Data collection

C. Data storage

D. Data analysis

✅ Answer: B

88. Record retention policy defines:

A. Who accesses the database

B. How long data must be kept before deletion

C. How to encrypt data

D. When to upgrade systems

✅ Answer: B

89. Data preprocessing involves:

A. Data cleaning and transformation

B. System shutdown

C. Network setup

D. Payroll processing

✅ Answer: A

90. Cybersecurity policies are part of which control framework?

A. Operational control

B. Governance and risk management

C. Marketing management

D. Production control

✅ Answer: B

91. A common protection against phishing attacks is:

A. Strong encryption

B. Two-factor authentication and staff training

C. Backup scheduling

D. File compression

✅ Answer: B

92. Data breach response plan should include:

A. Silence until investigation

B. Immediate notification and containment measures

C. Deleting affected files

D. Ignoring small breaches

✅ Answer: B

93. The CIA triad in information security stands for:

A. Confidentiality, Integrity, Availability

B. Control, Integration, Authorization

C. Cyber, Internet, Access

D. Central, Internal, Audit

✅ Answer: A

 

🧩 G. Data Analytics & Business Intelligence (94–100)

94. Big Data is characterized by the “4Vs.” They are:

A. Volume, Velocity, Variety, Veracity

B. Volume, Value, Verification, Validation

C. Version, View, Vector, Value

D. Value, Vision, Venture, Volume

✅ Answer: A

95. Descriptive analytics focuses on:

A. What happened in the past

B. Why it happened

C. What will happen

D. What should we do

✅ Answer: A

96. Predictive analytics is primarily used to:

A. Summarize data

B. Forecast future outcomes

C. Report financial statements

D. Create dashboards

✅ Answer: B

97. Prescriptive analytics helps:

A. Describe past performance

B. Recommend optimal decisions

C. Collect unstructured data

D. Create backups

✅ Answer: B

98. Business Intelligence (BI) systems are used for:

A. Transaction processing

B. Decision support through dashboards and reports

C. Payroll automation

D. Inventory control only

✅ Answer: B

99. Data mining involves:

A. Extracting useful patterns from large datasets

B. Cleaning data manually

C. Deleting duplicates

D. Backing up data

✅ Answer: A

100. The purpose of data visualization tools like Power BI or Tableau is to:

A. Hide complex data

B. Convert data into understandable visuals for insights

C. Encrypt data

D. Replace ERP systems

✅ Answer: B

 

✅ Total = 100 MCQs with Answers

🎯 Covers:

• Internal Controls (System, Application, Network, Backup)

• Business Continuity & DRP

• SDLC & Finance Transformation (AI, RPA, Cloud, Blockchain)

• Data Governance, Cybersecurity

• Data Analytics & BI

 

www.gmsisuccess.in

Feel free to discuss with me if you have any questions ‼️ Call or Text on 9773464206.

100 MCQ System Control Technology Data Analytics

 Comprehensive 100 MCQ question covering System Controls, Security Measures, and Technology & Analytics (Section F, 25% weightage for 2025) — fully aligned with US CMA / CIA / CPA syllabus domains on IT controls, information systems, and analytics.

 

🧩 A. General Accounting System Controls (1–20)

1. Which of the following is a preventive control in an accounting system?

A. Bank reconciliation

B. Backup of data

C. Password authentication

D. Audit trail

✅ Answer: 

2. Segregation of duties aims to:

A. Reduce cost of control

B. Prevent fraud and errors

C. Increase employee efficiency

D. Improve data storage

✅ Answer: 

3. Which control ensures transactions are recorded accurately?

A. Processing control

B. Output control

C. Accuracy control

D. Input validation

✅ Answer: 

4. Limiting user access to financial modules is an example of:

A. Detective control

B. Preventive control

C. Corrective control

D. Compensating control

✅ Answer: 

5. Which of the following is a detective control?

A. Log review

B. Access restriction

C. Input validation

D. Firewall

✅ Answer: 

6. Physical access control in an accounting system includes:

A. Encryption

B. Password policy

C. Biometric entry

D. Data backup

✅ Answer: 

7. Which principle ensures accountability in system access?

A. Principle of Least Privilege

B. Principle of Segregation

C. Principle of Redundancy

D. Principle of Confidentiality

✅ Answer: 

8. A change management system ensures:

A. Faster processing

B. Controlled modification of system code

C. Increase in user privileges

D. Automatic backups

✅ Answer: 

9. System logs are primarily used for:

A. Backup recovery

B. Audit trails

C. Data storage

D. File transfer

✅ Answer: 

10. Which control prevents unauthorized changes to master files?

A. File integrity check

B. Data encryption

C. Password control

D. Change log review

✅ Answer: 

11. Which control type deals with system downtime?

A. Preventive

B. Corrective

C. Detective

D. Monitoring

✅ Answer: 

12. Authorization control ensures:

A. Only valid data are processed

B. Only authorized users can initiate transactions

C. All transactions are recorded

D. Transactions are duplicated

✅ Answer: 

13. Dual control refers to:

A. Two persons sharing one password

B. Two approvals required for high-value transactions

C. Two layers of encryption

D. Two audit logs

✅ Answer: 

14. Which control helps maintain confidentiality of accounting data?

A. Encryption

B. Backup

C. Output control

D. Authorization

✅ Answer: 

15. Control that ensures every transaction is processed only once:

A. Completeness control

B. Sequence check

C. Data reconciliation

D. Run-to-run total

✅ Answer: 

16. Which ensures accuracy during system upgrades?

A. Version control

B. Access control

C. Audit log

D. Firewall

✅ Answer: 

17. Password expiration policies are:

A. Preventive

B. Detective

C. Corrective

D. Directive

✅ Answer: 

18. Firewalls primarily control:

A. Internal fraud

B. Unauthorized network access

C. Data accuracy

D. Backup processes

✅ Answer: 

19. Input control examples include:

A. Hash totals

B. Batch totals

C. Sequence check

D. All of the above

✅ Answer: 

20. Audit trail is useful for:

A. Real-time prevention

B. Post-event analysis

C. Increasing speed

D. Automating backups

✅ Answer: 

 

🧩 B. Application and Transaction Controls (21–40)

21. Application controls are designed to:

A. Monitor hardware performance

B. Ensure integrity of data input, processing, and output

C. Manage network security

D. Handle system backups

✅ Answer: 

22. Which control verifies input completeness?

A. Limit test

B. Sequence check

C. Reasonableness test

D. Check digit verification

✅ Answer: 

23. Batch control totals are used to detect:

A. Unauthorized access

B. Processing errors

C. System downtime

D. Password misuse

✅ Answer: 

24. A system rejects entries where “Invoice Amount < 0.” This is:

A. Reasonableness test

B. Field check

C. Sign check

D. Sequence check

✅ Answer: 

25. Which ensures data accuracy in master files?

A. Control totals

B. Key verification

C. File protection

D. Audit log

✅ Answer: 

26. A control that flags transactions exceeding approval limits:

A. Limit check

B. Validity check

C. Sequence check

D. Range check

✅ Answer: 

27. Edit tests are typically applied:

A. During input

B. During processing

C. During output

D. During storage

✅ Answer: 

28. Run-to-run totals are used to verify:

A. Completeness of processing

B. Input validity

C. Access control

D. Data encryption

✅ Answer: 

29. Which ensures output is sent only to authorized users?

A. Output distribution log

B. Sequence check

C. Limit test

D. File protection

✅ Answer: 

30. Which is not an application control?

A. Input validation

B. File backup

C. Output review

D. Sequence check

✅ Answer: 

31. Control that prevents duplicate entries:

A. Sequence control

B. Duplicate check

C. Hash total

D. Limit check

✅ Answer: 

32. Cross-footing balances ensure:

A. Access security

B. Logical consistency between columns and totals

C. Audit trail clarity

D. Sequential numbering

✅ Answer: 

33. Which detects missing batch numbers?

A. Sequence check

B. Field check

C. Limit test

D. Reasonableness check

✅ Answer: 

34. Audit software used to test application control is called:

A. Expert system

B. Test data

C. Embedded audit module

D. CAAT

✅ Answer: 

35. Reconciliation is a type of:

A. Preventive control

B. Detective control

C. Corrective control

D. Redundant control

✅ Answer: 

36. Which control prevents incomplete transactions from posting?

A. Transaction completeness check

B. Range validation

C. Reasonableness test

D. Input matching

✅ Answer: 

37. Parallel simulation is used to:

A. Verify system outputs

B. Train employees

C. Backup data

D. Encrypt records

✅ Answer: 

38. Which is a processing control?

A. Limit check

B. Run-to-run control

C. Range check

D. Edit test

✅ Answer: 

39. System log review is an example of:

A. Application control

B. General control

C. Backup control

D. Continuity control

✅ Answer: 

40. Control ensuring totals match before and after processing:

A. Run-to-run total

B. Batch total

C. Hash total

D. Control total

✅ Answer: 

 

🧩 C. Network and Backup Controls (41–60)

41. Encryption ensures:

A. Availability

B. Integrity

C. Confidentiality

D. Auditability

✅ Answer: 

42. Firewall filters:

A. Outgoing messages only

B. Unauthorized network traffic

C. Data redundancy

D. Backup files

✅ Answer: 

43. Intrusion detection systems (IDS) are:

A. Preventive

B. Detective

C. Corrective

D. Compensating

✅ Answer: 

44. Redundant network paths improve:

A. Confidentiality

B. Availability

C. Accuracy

D. Integrity

✅ Answer: 

45. Network access control includes:

A. Biometric logins

B. Encryption

C. Firewall setup

D. All of the above

✅ Answer: 

46. VPNs secure data by:

A. Changing file format

B. Encrypting data between endpoints

C. Blocking viruses

D. Using backup servers

✅ Answer: 

47. Backup that saves only new or changed data since last full backup:

A. Differential backup

B. Incremental backup

C. Full backup

D. Snapshot backup

✅ Answer: 

48. Backup that copies all data each time:

A. Differential

B. Incremental

C. Full

D. Continuous

✅ Answer: 

49. Hot site means:

A. Backup site with all systems operational

B. Location for data archives only

C. Site for staff training

D. Offsite document storage

✅ Answer: 

50. Cold site means:

A. No hardware or software installed

B. Fully equipped data center

C. Automated failover system

D. Live backup

✅ Answer: 

### General Accounting System Controls

51

- A role-based access control (RBAC) limits file access based on user roles. What type of control is this?

  - A. Technical

  - B. Managerial

  - C. Operational

  - D. Physical  

  **Answer:** 

52

- Monthly bank reconciliation is an example of which type of control?

  - A. Preventive

  - B. Detective

  - C. Corrective

  - D. Directive  

  **Answer:*

### Application and Transaction Controls

53

- What is the primary purpose of application controls?

  - A. Enforcing organizational policies

  - B. Ensuring individual transaction accuracy

  - C. Physical security of hardware

  - D. Network monitoring  

  **Answer:** 

54

- At which stage of the sales cycle would a company review a customer's creditworthiness?

  - A. Order processing

  - B. Dispatch

  - C. Payment

  - D. Reporting  

  **Answer:** 

55

- What control ensures only authorized transactions are processed?

  - A. Supervisory review

  - B. Access controls

  - C. Bank reconciliation

  - D. Environment controls  

  **Answer:** 

### Network Controls

56

- What is the main function of a network firewall?

  - A. Backing up data

  - B. Restricting illegal network traffic

  - C. Encrypting emails

  - D. Processing purchase orders  

  **Answer:** 

57

- Log monitoring software that constantly examines network traffic is which type of control?

  - A. Detective

  - B. Preventive

  - C. Directive

  - D. Corrective  

  **Answer:** 

### Backup Controls

58

- After a cyber incident, restoring systems from recent backups demonstrates which control?

  - A. Corrective

  - B. Preventive

  - C. Directive

  - D. Detective  

  **Answer:** 

59

- What is the role of regular backup procedures?

  - A. Prevent data loss

  - B. Detect unauthorized access

  - C. Monitor system uptime

  - D. Limit physical access  

  **Answer:** 

### Business Continuity Planning

60

- What does a business continuity plan primarily ensure?

  - A. Regulatory compliance

  - B. Ongoing operations after disruptions

  - C. Financial reporting accuracy

  - D. Customer data encryption  

  **Answer:**

  (Questions 61–100) covering:

• Business Continuity & Disaster Recovery Controls

• System Development Life Cycle (SDLC)

• Technology-Enabled Finance Transformation (RPA, AI, Cloud, Blockchain)

• Data Governance & Cybersecurity

• Data Analytics & Business Intelligence (BI)

 

🧩 D. Business Continuity & Disaster Recovery Controls (61–75)

61. The main goal of business continuity planning (BCP) is:

A. To protect profit margin

B. To ensure continued operations during disruptions

C. To reduce staff turnover

D. To improve marketing reach

✅ Answer: 

62. The first step in developing a BCP is:

A. Develop recovery strategies

B. Perform business impact analysis (BIA)

C. Test the plan

D. Train employees

✅ Answer: 

63. A disaster recovery plan (DRP) focuses primarily on:

A. Human resources continuity

B. IT infrastructure and data recovery

C. Financial forecasting

D. Vendor management

✅ Answer: 

64. Which of the following best defines RTO (Recovery Time Objective)?

A. Maximum tolerable data loss

B. Target time to restore operations after disruption

C. Time required for backups

D. Duration of normal downtime

✅ Answer: 

65. RPO (Recovery Point Objective) refers to:

A. Maximum time to restore systems

B. Maximum acceptable data loss measured in time

C. Backup cycle time

D. Service level agreement

✅ Answer: 

66. Which of these should be tested regularly?

A. DRP only

B. BCP only

C. Both DRP and BCP

D. Neither

✅ Answer: 

67. What is the purpose of an alternate site?

A. For data backup storage only

B. For continued processing during main site outage

C. For training auditors

D. For storing physical records

✅ Answer: 

68. Which BCP component ensures that essential staff know their responsibilities?

A. Business impact analysis

B. Communication plan

C. Crisis management plan

D. Employee roster

✅ Answer: 

69. The best control for preventing total data loss is:

A. Regular off-site backups

B. Password protection

C. Firewall configuration

D. Encryption

✅ Answer: 

70. Which of the following tests the full restoration process?

A. Tabletop test

B. Simulation test

C. Parallel test

D. Full-interruption test

✅ Answer: 

71. What is the role of insurance in BCP?

A. Prevent disasters

B. Recover financial losses

C. Back up data

D. Provide audit assurance

✅ Answer: 

72. The term single point of failure refers to:

A. One person responsible for all operations

B. A system component whose failure stops all processing

C. Incomplete transaction log

D. Backup duplication

✅ Answer: 

73. Which policy ensures data are stored safely and can be restored?

A. Data retention policy

B. Data classification policy

C. Access control policy

D. Password policy

✅ Answer: 

74. The primary responsibility for maintaining a BCP lies with:

A. IT department

B. Top management

C. Internal audit

D. System developers

✅ Answer: 

75. Which of the following should be included in a DRP?

A. Vendor contact list

B. Hardware inventory

C. Backup frequency

D. All of the above

✅ Answer: 

 

🧩 E. System Development Life Cycle (SDLC) & Finance Transformation (76–85)

76. The SDLC begins with which phase?

A. Implementation

B. Design

C. Planning

D. Testing

✅ Answer: 

77. The main objective of SDLC is:

A. To replace audit testing

B. To develop systems efficiently and securely

C. To document employee procedures

D. To ensure data backup

✅ Answer: 

78. A feasibility study is performed during:

A. Design phase

B. Planning phase

C. Implementation phase

D. Testing phase

✅ Answer: 

79. Which SDLC stage involves user acceptance testing (UAT)?

A. Development

B. Implementation

C. Design

D. Maintenance

✅ Answer: 

80. Change management in SDLC ensures:

A. Developers can modify code freely

B. All system changes are authorized and documented

C. Reduced audit trail

D. Deletion of obsolete data

✅ Answer: 

81. Which technology automates repetitive accounting tasks?

A. AI

B. RPA (Robotic Process Automation)

C. Blockchain

D. Big Data

✅ Answer: 

82. Cloud computing service that provides software via internet:

A. IaaS

B. PaaS

C. SaaS

D. DaaS

✅ Answer: 

83. Which of these is an advantage of using ERP systems?

A. Isolated data silos

B. Real-time integration of functions

C. Increased redundancy

D. Reduced internal controls

✅ Answer: 

84. Blockchain enhances system control by providing:

A. Centralized data control

B. Immutable transaction records

C. Encrypted passwords only

D. Reduced transparency

✅ Answer: 

85. Smart contracts operate on which principle?

A. Manual approval

B. Automatic execution when conditions are met

C. Periodic review

D. Legal override

✅ Answer: 

 

🧩 F. Data Governance & Cybersecurity (86–93)

86. Data governance primarily ensures:

A. Marketing effectiveness

B. Consistency, accuracy, and security of data

C. Data duplication

D. Randomized backups

✅ Answer: 

87. Which is the first stage of data governance life cycle?

A. Data disposal

B. Data collection

C. Data storage

D. Data analysis

✅ Answer: 

88. Record retention policy defines:

A. Who accesses the database

B. How long data must be kept before deletion

C. How to encrypt data

D. When to upgrade systems

✅ Answer: 

89. Data preprocessing involves:

A. Data cleaning and transformation

B. System shutdown

C. Network setup

D. Payroll processing

✅ Answer: 

90. Cybersecurity policies are part of which control framework?

A. Operational control

B. Governance and risk management

C. Marketing management

D. Production control

✅ Answer: 

91. A common protection against phishing attacks is:

A. Strong encryption

B. Two-factor authentication and staff training

C. Backup scheduling

D. File compression

✅ Answer: 

92. Data breach response plan should include:

A. Silence until investigation

B. Immediate notification and containment measures

C. Deleting affected files

D. Ignoring small breaches

✅ Answer: 

93. The CIA triad in information security stands for:

A. Confidentiality, Integrity, Availability

B. Control, Integration, Authorization

C. Cyber, Internet, Access

D. Central, Internal, Audit

✅ Answer: 

 

🧩 G. Data Analytics & Business Intelligence (94–100)

94. Big Data is characterized by the “4Vs.” They are:

A. Volume, Velocity, Variety, Veracity

B. Volume, Value, Verification, Validation

C. Version, View, Vector, Value

D. Value, Vision, Venture, Volume

✅ Answer: 

95. Descriptive analytics focuses on:

A. What happened in the past

B. Why it happened

C. What will happen

D. What should we do

✅ Answer: 

96. Predictive analytics is primarily used to:

A. Summarize data

B. Forecast future outcomes

C. Report financial statements

D. Create dashboards

✅ Answer: 

97. Prescriptive analytics helps:

A. Describe past performance

B. Recommend optimal decisions

C. Collect unstructured data

D. Create backups

✅ Answer: 

98. Business Intelligence (BI) systems are used for:

A. Transaction processing

B. Decision support through dashboards and reports

C. Payroll automation

D. Inventory control only

✅ Answer: 

99. Data mining involves:

A. Extracting useful patterns from large datasets

B. Cleaning data manually

C. Deleting duplicates

D. Backing up data

✅ Answer: 

100. The purpose of data visualization tools like Power BI or Tableau is to:

A. Hide complex data

B. Convert data into understandable visuals for insights

C. Encrypt data

D. Replace ERP systems

✅ Answer: 

 

www.gmsisuccess.in

Feel free to discuss with me if you have any questions ‼️ Call or Text on 9773464206.