Chapter 16: Ethics, fraud, and computer crime

True/False

1. Ethics are how a person approaches and responds to an issue.

2. The first step of ethical decision making is to define the issue.

3. Because the information resource is its asset, an organisation can

use all information it holds in whichever way it wants.

4. Cookies are often used to gather a customer's online behaviour, but many
organisations do so without the informed consent of the customer.

5. Customers have the right to view data that an organisation holds

about them to make sure that they are correct, and to demand that
any errors be corrected.

6. Because of the wide adoption of e-commerce, the assumption

that the Internet can be accessed by all people is valid.

7. It is the systems designers and developers, not the managers

working with an AIS, that are required to ensure compliance to
privacy laws and information usage laws.

8. An organisation blocking employees from accessing certain

external websites is definitely unethical.

9. An employee who is responsible for maintaining both accounts

payable records and inventory records can potentially commit
a fraud.

10. Fraud is most likely to be detected by notification from

employees.

1
Multiple choice

11. Which of the following statement is true?

 
i. Ethical conducts must be legal ii. Unethical conducts must be
illegal
iii. Legal conducts must be ethical iv. Illegal conducts must be
unethical

a. Both A and B
b. Both C and D
c. Both A and D
d. Both B and C

12. How a person approaches and responds to an ethical issues is termed:

a. Ethics
b. Morals
c. Critical thinking
d. Decision making

13. The implicit rules that guide us in our everyday behaviour,

thoughts and actions are collectively termed:

a. Ethics
b. Morals
c. Code of conduct
d. Legislation

14. The first step of ethical decision making is to:

2
a. Define the issue
b. Identify the principles that can be applied
c. Identify the facts
d. Any of the above

3
15. Which of the following statements regarding ethical decision
making is true?

a. The number of alternative courses of action should be restricted to

a small amount to avoid information overload.
b. When choosing from a set of alternative courses of action, the
primary principle is to look for the one that will minimise the chance
of legal sanction.
c. Each alternative course of action needs to be evaluated from the
perspective of the different stakeholders.
d. All of the above

16. Information about users of an AIS can be gathered

a. Without the consent of the users

b. With the informed consent of the users
c. With the implied consent of the users
d. All of the above

17. ________ refers to the individual consenting to the information

gathering through their subsequent actions.

a. Informed consent
b. Implied consent
c. Forced consent
d. None of the above

18. Ideally, a website should not store any data of the potential customer
during the customer registration process until:

a. The customer has agreed to relevant Terms and Conditions

b. The customer has elected to press the 'Submit' button on the
electronic registration form

4
 c. The customer has reviewed all information entered in previous
steps of registration.
d. All of the above

19. When submitting their online registration form, a pop-up dialogue box
appears in the customers' Internet browser asking them to confirm the
submission of information. This is an example of:

a. Informed consent
b. Implied consent
c. Forced consent
d. Conscious consent
20. Information privacy principles from the Privacy Act 1988 does not
dictate that:

a. Information shall not be disclosed to a third party unless such

disclosure was made known to the subject at the time the information
was solicited and the subject consented to such disclosure.
b. Individuals have the right to view the information that is kept
about them.
c. Individuals have the right to require that any inaccuracy regarding
information that is kept about them be corrected
d. The person gathering information should use whatever means to
ensure that the information is complete and up to date.

21. The principles of the Privacy Act 1988 do not explicitly cover:

a. Collection of information
b. Storage of information
c. Usage of information
d. Disposal of information

22. Which of the following factors do not affect the usage of internet
technology?

5
 a. Age
b. Education
c. Geography
d. Gender

23. Which of the following statements is true?

a. Young people are more likely to have internet access

b. Wealthier people are more likely to have internet access
c. Well educated people are more likely to have internet access
d. All of the above.

24. Which of the following factors is the most important one in addressing
internet access issues in Australia?

a. Social barriers
b. Economic barriers
c. Technical barriers
d. All of the above

6
25. Which of the following statements is not true?

a. Top management sets the tone and example for ethical practice.
b. Setting an example is an important part of promoting ethical
behaviour in the organisation
c. Managers working with an AIS have a duty to ensure that the
system is being used appropriately.
d. It is only the lawyer's responsibility to ensure that the organisation
and its systems comply with federal and state laws relating to privacy
and the usage of information.

26. Which of the following controls can ensure that all software is properly
licensed in an organisation?

a. Users are restricted from installing programs or running

unauthorised programs on their work computer.
b. Administrator rights and power user rights are not assigned to any
common user.
c. Centralised deployment of software.
d. All of the above

27. Which of the following is not a responsibility of the chief privacy

officer?

a. Drafting organisational privacy policies

b. Lobby the government for tighter privacy control
c. Enforcing privacy policies and guidelines in the organisation
d. Create an organisational awareness of privacy issues

28. Managers are compelled to act in the best interest of the owners of the
company. This is implied by the:

a. Stakeholder theory
b. Stockholder theory

7
 c. Social contract theory
d. Profit maximising theory

29. Some organisations restrict employee's access to external websites such

as Facebook and eBay that are not relevant to work. Such conduct is
________ from an employee's perspective:

a. Definitely unethical and illegal

b. Definitely unethical but legal
c. Potentially unethical and illegal
d. Potentially unethical but legal

30. Which of the following is not considered invasion of privacy?

a. Blocking employee access to external websites

b. Screening employee emails
c. Maintaining a log that tracks employee usage of the internet
d. None of the above.

31. The reporting, by an employee or member of an organisation, of the

unethical behaviour of a colleague is called:

a. Informing
b. Insider report
c. Whistle-blowing
d. Ethics-blowing

32. Whether it is ethical for the purchasing manager to accept a gift from a
supplier may depend on:

a. The social culture.

b. The value of the gift.
c. The company's gift policy.

8
 d. All of the above.

33. Spam is a problem because

a. It can slow down email servers

b. It may spread computer viruses
c. It may affect the job efficiency of employees
d. All of the above

34. Gaining unauthorised access to a system is called:

a. Hacking
b. Identity theft
c. Phishing
d. None of the above

9
35. Which of the following fraud can occur if an employee is responsible
for both approving and paying invoices?

a. Paying nonexistent suppliers

b. Inventory theft
c. Credit fraud
d. All of the above

10