Professional Documents
Culture Documents
IT AUDIT CIBS-auditing-theory PDF
IT AUDIT CIBS-auditing-theory PDF
MULTIPLE CHOICE:
1. In the weekly computer run to prepare payroll checks, a check was printed for
an employee who had been terminated the previous week. Which of the following c
ontrols, if properly utilized, would have been most effective in preventing the
error or ensuring its prompt detection?
a. A control total for hours worked, prepared from time cards collected by the t
imekeeping department. b. Requiring the treasurer's office to account for the nu
mber of the pre-numbered checks issued to the CBIS department for the processing
of the payroll. c. Use of a check digit for employee numbers. d. Use of a heade
r label for the payroll input sheet.
ANSWER: A
2. An auditor is preparing test data for use in the audit of a computer based ac
counts receivable application. Which of the following items would be appropriate
to include as an item in the test data?
a. A transaction record which contains an incorrect master file control total. b
. A master file record which contains an invalid customer identification number.
c. A master file record which contains an incorrect master file control total.
d. A transaction record which contains an invalid customer identification number
.
ANSWER: D
3. Unauthorized alteration of on-line records can be prevented by employing:
a. Key verification. b. Computer sequence checks. c. Computer matching. d. Data
base access controls.
ANSWER: D
4. In auditing through a computer, the test data method is used by auditors to t
est the
a. Accuracy of input data. b. Validity of the output. c. Procedures contained wi
thin the program. d. Normalcy of distribution of test data.
ANSWER: C
5. In the preliminary survey the auditor learns that a department has several mi
crocomputers. Which of the following is usually true and should be considered in
planning the audit?
a. Microcomputers, though small, are capable of processing financial information
, and physical security is a control concern. b. Microcomputers are limited to a
17. One of the features that distinguishes computer processing from manual proce
ssing is
a. Computer processing virtually eliminates the occurrence of computational erro
r normally associated with manual processing. b. Errors or fraud in computer pro
cessing will be detected soon after their occurrences. c. The potential for syst
ematic error is ordinarily greater in manual processing than in computerized pro
cessing.
d. Most computer systems are designed so that transaction trails useful for audi
t purposes do not exist.
ANSWER: A
18. Given the increasing use of microcomputers as a means for accessing data bas
es, along with on-line real-time processing, companies face a serious challenge
relating to data security. Which of the following is not an appropriate means fo
r meeting this challenge?
a. Institute a policy of strict identification and password controls housed in t
he computer software that permit only specified individuals to access the comput
er files and perform a given function.
b. Limit terminals to perform only certain transactions.
c. Program software to produce a log of transactions showing date, time, type of
transaction, and operator.
d. Prohibit the networking of microcomputers and do not permit users to access c
entralized data bases.
ANSWER: D
19. What type of computer-based system is characterized by data that are assembl
ed from more than one location and records that are updated immediately?
a. Microcomputer system. b. Minicomputer system. c. Batch processing system. d.
Online real-time system.
ANSWER: D
20. Company A has recently converted its manual payroll to a computer-based syst
em. Under the old system, employees who had resigned or been terminated were occ
asionally kept on the payroll and their checks were claimed and cashed by other
employees, in collusion with shop foremen. The controller is concerned that this
practice not be allowed to continue under the new system. The best control for
preventing this form of "payroll padding" would be to
a. Conduct exit interviews with all employees leaving the company, regardless of
reason.
b. Require foremen to obtain a signed receipt from each employee claiming a payr
oll check.
c. Require the human resources department to authorize all hires and termination
s, and to forward a current computerized list of active employee numbers to payr
oll prior to processing. Program the computer to reject inactive employee number
s.
d. Install time clocks for use by all hourly employees.
ANSWER: C
21. Compared to a manual system, a CBIS generally
1. Reduces segregation of duties. 2. Increases segregation of duties. 3. Decreas
es manual inspection of processing results. 4. Increases manual inspection of pr
ocessing results.
a. 1 and 3. b. 1 and 4 c. 2 and 3 d. 2 and 4.
ANSWER: A
22. One of the major problems in a CBIS is that incompatible functions may be pe
rformed by the same individual. One compensating control for this is the use of
a. Echo checks. b. A self-checking digit system. c. Computer generated hash tota
ls. d. A computer log.
ANSWER: D
23. Which of the following processing controls would be most effective in assist
ing a store manager to ascertain whether the payroll transaction data were proce
ssed in their entirety?
a. Payroll file header record. b. Transaction identification codes. c. Processin
g control totals. d. Programmed exception reporting.
ANSWER: C
24. An organizational control over CBIS operations is
a. Run-to-run balancing of control totals. b. Check digit verification of unique
identifiers. c. Separation of operating and programming functions. d. Maintenan
ce of output distribution logs.
ANSWER: C
25. Which of the following methods of testing application controls utilizes a ge
neralized audit software package prepared by the auditors?
a. Parallel simulation. b. Integrated testing facility approach. c. Test data ap
proach. d. Exception report tests.
ANSWER: A
26. An unauthorized employee took computer printouts from output bins accessible
to all employees. A control which would have prevented this occurrence is
a. A storage/retention control. b. A spooler file control. c. An output review c
ontrol. d. A report distribution control.
ANSWER: D
27. Which of the following is a disadvantage of the integrated test facility app
roach?
a. In establishing fictitious entities, the auditor may be compromising audit in
dependence.
b. Removing the fictitious transactions from the system is somewhat difficult an
d, if not done carefully, may contaminate the client's files.
c. ITF is simply an automated version of auditing "around" the computer.
d. The auditor may not always have a current copy of the authorized version of t
he client's program.
ANSWER: B
28. Totals of amounts in computer-record data fields which are not usually added
for other purposes but are used only for data processing control purposes are c
alled
a. Record totals. b. Hash totals. c. Processing data totals. d. Field totals.
ANSWER: B
29. A hash total of employee numbers is part of the input to a payroll master fi
le update program. The program compares the hash total to the total computed for
transactions applied to the master file. The purpose of this procedure is to:
a. Verify that employee numbers are valid. b. Verify that only authorized employ
ees are paid. c. Detect errors in payroll calculations. d. Detect the omission o
f transaction processing.
ANSWER: D
30. Matthews Corp. has changed from a system of recording time worked on clock c
ards to a computerized payroll system in which employees record time in and out
with magnetic cards. The CBIS automatically updates all payroll records. Because
of this change
a. A generalized computer audit program must be used. b. Part of the audit trail
is altered. c. The potential for payroll related fraud is diminished. d. Transa
ctions must be processed in batches.
ANSWER: B
31. Generalized audit software is of primary interest to the auditor in terms of
its capability to
a. Access information stored on computer files. b. Select a sample of items for
testing. c. Evaluate sample test results. d. Test the accuracy of the client's c
alculations.
ANSWER: A
32. An accounts payable program posted a payable to a vendor not included in the
on-line vendor master file. A control which would prevent this error is a
a. Validity check. b. Range check. c. Reasonableness test. d. Parity check.
ANSWER: A
33. In a computerized sales processing system, which of the following controls i
s most effective in preventing sales invoice pricing errors?
a. Sales invoices are reviewed by the product managers before being mailed to cu
stomers.
b. Current sales prices are stored in the computer, and, as stock numbers are en
tered from sales orders, the computer automatically prices the orders.
c. Sales prices, as well as product numbers, are entered as sales orders are ent
ered at remote terminal locations.
d. Sales prices are reviewed and updated on a quarterly basis.
ANSWER: B
34. Which of the following is likely to be of least importance to an auditor in
reviewing the internal control in a company with a CBIS?
a. The segregation of duties within the data processing center.
b. The control over source documents. c. The documentation maintained for accoun
ting applications.
d. The cost/benefit ratio of data processing operations.
ANSWER: D
35. For the accounting system of Acme Company, the amounts of cash disbursements
entered into an CBIS terminal are transmitted to the computer that immediately
transmits the amounts back to the terminal for display on the terminal screen. T
his display enables the operator to
a. Establish the validity of the account number. b. Verify the amount was entere
d accurately. c. Verify the authorization of the disbursement. d. Prevent the ov
erpayment of the account.
ANSWER: B
36. Which of the following audit techniques most likely would provide an auditor
with the most assurance about the effectiveness of the operation of an internal
control procedure?
a. Inquiry of client personnel. b. Recomputation of account balance amounts. c.
Observation of client personnel. d. Confirmation with outside parties.
ANSWER: C
37. Adequate technical training and proficiency as an auditor encompasses an abi
lity to understand a CBIS sufficiently to identify and evaluate
a. The processing and imparting of information. b. Essential accounting control
features. c. All accounting control features. d. The degree to which programming
conforms with application of generally accepted accounting principles.
ANSWER: B
38. Which of the following is not a major reason why an accounting audit trail s
hould be maintained for a computer system?
a. Query answering. b. Deterrent to fraud.
c. Monitoring purposes. d. Analytical review.
ANSWER: D
39. Adequate control over access to data processing is required to
a. Prevent improper use or manipulation of data files and programs. b. Ensure th
at only console operators have access to program documentation. c. Minimize the
need for backup data files. d. Ensure that hardware controls are operating effec
tively and as designed by the computer manufacturer.
ANSWER: A
40. When testing a computerized accounting system, which of the following is not
true of the test data approach?
a. The test data need consist of only those valid and invalid conditions in whic
h the auditor is interested. b. Only one transaction of each type need be tested
. c. Test data are processed by the client's computer programs under the auditor
's control. d. The test data must consist of all possible valid and invalid cond
itions.
ANSWER: D
41. In studying a client's internal controls, an auditor must be able to disting
uish between prevention controls and detection controls. Of the following data p
rocessing controls, which is the best detection control?
a. Use of data encryption techniques. b. Review of machine utilization logs. c.
Policy requiring password security. d. Backup and recovery procedure.
ANSWER: B
42. Which of the following procedures is an example of auditing "around" the com
puter?
a. The auditor traces adding machine tapes of sales order
batch totals to a computer printout of the sales
journal.
b. The auditor develops a set of hypothetical sales
transactions and, using the client's computer program,
a. Programmers may access the computer only for testing and "debugging" programs
.
b. All program changes must be fully documented and approved by the information
systems manager and the user department authorizing the change.
c. A separate data control group is responsible for distributing output, and als
o compares input and output on a test basis.
d. In processing sales orders, the computer compares customer and product number
s with internally stored lists.
ANSWER: D
52. After a preliminary phase of the review of a client's CBIS controls, an audi
tor may decide not to perform further tests related to the control procedures wi
thin the CBIS portion of the client's internal control system. Which of the foll
owing would not be a valid reason for choosing to omit further testing?
a. The auditor wishes to further reduce assessed risk. b. The controls duplicate
operative controls existing elsewhere in the system. c. There appear to be majo
r weaknesses that would preclude reliance on the stated procedures. d. The time
and dollar costs of testing exceed the time and dollar savings in substantive te
sting if the controls are tested for compliance.
ANSWER: A
53. For good internal control over computer program changes, a policy should be
established requiring that
a. The programmer designing the change adequately test the revised program. b. A
ll program changes be supervised by the CBIS control group. c. Superseded portio
ns of programs be deleted from the program run manual to avoid confusion. d. All
proposed changes be approved in writing by a responsible individual.
ANSWER: D
54. Which of the following is not a technique for testing data processing contro
ls?
a. The auditor develops a set of payroll test data that contain numerous errors.
The auditor plans to enter these transactions into the client's system and obse
rve whether the computer detects and properly responds to the error conditions.
b. The auditor utilizes the computer to randomly select customer accounts for co
nfirmation.
c. The auditor creates a set of fictitious customer
accounts and introduces hypothetical sales
transactions, as well as sales returns and allowances, simultaneously with the c
lient's live data processing.
d. At the auditor's request, the client has modified its payroll processing prog
ANSWER: B
60. A disadvantage of auditing around the computer is that it
a. Permits no assessment of actual processing. b. Requires highly skilled audito
rs. c. Demands intensive use of machine resources. d. Interacts actively with au
ditee applications.
ANSWER: A
61. The completeness of computer-generated sales figures can be tested by compar
ing the number of items listed on the daily sales report with the number of item
s billed on the actual invoices. This process uses
a. Check digits. b. Control totals. c. Validity tests. d. Process tracing data.
ANSWER: B
62. Which of the following controls would be most efficient in reducing common d
ata input errors?
a. Keystroke verification. b. A set of well-designed edit checks. c. Balancing a
nd reconciliation. d. Batch totals.
ANSWER: B
63. On-line real-time systems and electronic data interchange systems have the a
dvantages of providing more timely information and reducing the quantity of docu
ments associated with less automated systems. The advantages, however, may creat
e some problems for the auditor. Which of the following characteristics of these
systems does not create an audit problem?
a. The lack of traditional documentation of transactions creates a need for grea
ter attention to programmed controls at the point of transaction input.
b. Hard copy may not be retained by the client for long periods of time, thereby
necessitating more frequent visits by the auditor.
c. Control testing may be more difficult given the increased vulnerability of th
e client's files to destruction during the testing process.
d. Consistent on-line processing of recurring data increases the incidence of er
rors.
ANSWER: D
64. Creating simulated transactions that are processed through a system to gener
ate results that are compared with predetermined results, is an auditing procedu
re referred to as
ANSWER: B
COMPLETION:
70. Although computerized data processing does not affect audit objectives, the
auditor may need to modify the audit
, given complex CBIS applications.
ANSWER: APPROACH
71. In a batch processing system transactions are processed in groups, whereas i
n a real-time system transactions are entered as they and are processed as they
are
.
ANSWER: OCCUR, ENTERED
72. Although powerful in terms of , real- time systems are more than batch proce
ssing systems.
ANSWER: INFORMATION CAPABILITY, COMPLEX
73. A distinguishing feature of integrated data base systems is that many files
are updated as transactions are processed.
ANSWER: SIMULTANEOUSLY
74. systems, by eliminating the need to reenter data into the accounting system,
reduce the incidence of processing errors; but, by reducing transaction documen
tation, these systems also require greater attention to proper controls over the
of transactions.
ANSWER: ELECTRONIC DATA INTERCHANGE, INPUT
75. Input controls, processing controls, and output controls are categories of c
ontrols.
ANSWER: APPLICATION
76. Some entities require completing a prior to transaction input, in order to e