Professional Documents
Culture Documents
Week 4 - CREATE (Assessment Manual)
Week 4 - CREATE (Assessment Manual)
CREATE
Assessment Manual
Search for your names for your assigned questions. Provide, in the blue box,
your ANSWER and EXPLANATION why such is your answer. Indicate your initials
after the question to signify that you are done answering. You may cite
reference/s to support your answer or simply explain your choice.
1. The procedures performed to obtain an understanding of the internal control system provide an auditor
with
A. Sufficient appropriate evidence to use in forming an overall opinion on the entity’s
financial statements
B. Enough understanding to design procedures to gather sufficient appropriate audit
evidence
C. Enough understanding to express an opinion on the effectiveness of the entity’s internal
control system
D. Audit evidence to use in forming an over-all opinion on the entity
Garcia, Prince
B. Enough understanding to design procedures to gather sufficient appropriate audit
evidence.
All other choices, except for letter B, share the same thought - opinion. If we trace the ARM,
the last step always ends with substantive testing. Here internal control is under ARM's third
step. We assess the entity's control risk in order for us to come up with test design and
procedures, resulting in an audit evidence. A, and D are incorrect because opinion is always
done after gathering sufficient evidences through tests (if assertions correspond to
established criteria or not). Letter C is incorrect because we do not express our opinion on the
effectiveness of control (which was discussed). -pag
2. This internal control component is the foundation for all other components. It sets the tone of the
organization, provides discipline and structure, and influences the control consciousness of
employees.
A. Control activities C. Control environment
B. Monitoring of controls D. The entity’s risk assessment process
Silva, Lynold
A. Eliminates risk and potential loss to the entity, having an effective internal control will
help to avoid inherent risks wherein the company. cannot detect errors and
misstatements due to failure of the internal control. Effective internal control reduces
the risk of asset loss, and helps that the information is complete and accurate, financial
statements are reliable.--LTS
Correct Answer / Teacher’s Comments
Hmm. Inherent risks are innate to the entity based on its nature and form of business.
Most of it cannot be eliminated unless you change your business. The correct answer
is letter C. Good IC would reduce the need for additional procedures and further testing
rendering engagement extensions useless.
4. Because of inherent limitations, internal control cannot be designed to provide reasonable assurance
regarding the achievement of objectives concerning
A. Effectiveness and efficiency of operations
B. Elimination of all fraud
C. Reliability of financial reporting
D. Compliance with applicable laws and regulations
Fordan, Shanelle
B. Elimination of all fraud. COSO defined internal control as a process designed to provide
reasonable assurance regarding the achievement of the entity’s objectives. It can provide
reasonable assurance regarding letters a.) operations c.) reporting & d.) complance. However,
there is no system can be designed to eliminate all fraud because of inherent limitations. -SLF
Alfanta, Jezza
Answer: D. Search for significant deficiencies in the operation of internal control
In obtaining an understanding of an entity’s internal control the auditor must have a sufficient
knowledge of the design of the internal control and whether it has been implemented. The
auditor can be aware of internal control deficiencies but he/she is not required to search for it.
Furthermore, a financial statement auditor does determine internal control adequacy for the
management. -JMA
Correct Answer / Teacher’s Comments
Kerek. Understanding of IC at this level is for the assessment of the risk of MM.
Weaknesses are expected to be encountered but it is not required to search for them.
6. Which of the following determines the extent of the auditor’s tests of controls?
A. Auditor’s knowledge
B. Auditor’s initial/planned assessment of control risk
C. Resources available to the auditor
D. Management’s desire to help the auditor
Gulles, Fe
B. Auditor’s initial/planned assessment of control risk
Because control risk is the probability that a material misstatement exists in an assertion
because that misstatement was not either prevented from entering the entity's financial
information or it was not detected and corrected by the internal control system of the
entity. And its therefore the auditor's responsibility to assess whether the said FS was
effectively and efficiently in line with standards. Mfg
7. An auditor intends to perform tests of control on a client’s cash disbursement procedures. If the control
procedures leave no audit trail of documentary evidence, the auditor most likely will test the
procedures by
A. Inquiry and analytical procedures
B. Inquiry and observation
C. Analytical procedures and confirmation
D. Confirmation and observation
Mancao, Camelle
B. Inquiry and observation. Since there is no trail of documentary evidence, it will be hard
for the auditor to make an examination of evidence. So, the audit will most likely to do an
inquiry and observation since its an effective way to gain evidence and to test reliability. By
observing client's personnel in performing their duties, security measures in force and making
an inquiry and observation around the computer, the auditor can test the effectiveness and
reliability of its internal control.- CMM
8. After gaining an understanding of internal control and assessing the risks of material misstatement, an
auditor decided to perform tests of controls. The auditor most likely decided that
A. Additional evidence to support a further reduction in control risk is not available
B. It Is not possible or practicable to reduce the risks of material misstatement at the
assertion level to an acceptably low level with audit evidence obtained only from
substantive test procedures
C. There were many internal control weaknesses that could allow misstatements to enter
the accounting system
D. An increase in the assessed level of control risk is justified for certain financial statement
assertions
Lesaca, Jayvi
D. An increase in the assessed level of control risk is justified for certain financial statement assertions
The auditor uses the assessed level of control risk to determine the acceptable level of detection
risk. The auditor will evaluate whether the internal controls are designed and operating as intended.
-JRL
9. Which of the following controls most likely would provide reasonable assurance that all credit sales
transactions of an entity are recorded?
A. The accounting department supervisor controls the mailing of monthly statements to
customers and investigates any differences reported by customers
B. The accounting department superviBecandently reconciles on a onthly basis, the
accounts receivable subsidiary ledger to the accounts receivabe control account
C. The billing department supervisor matches pre-numbered shipping documents with
entries in the sales journal
D. The billing department supervisor sends copies of approved sales orders to the credit
department for comparison to authorized credit limits and customer account balances
Navales, Edemson
C. Because credit sales transactions is normally recorded on a sales journal so that is
where internal control should focus - ENN
10. The following are appropriate questions on an internal control questionnaire concerning purchase
transactions, except
A. Are all goods received in a centralized receiving department counted, inspected, and
compared with purchase orders on receipt?
B. Are intact cash receipts deposited daily in the bank?
C. Are pre-numbered purchase orders and receiving reports used and accounted for?
D. Are an approved purchase requisition and a signed purchase order required for each
purchase?
Alonzo, Ann
Answer; B. Are intact cash receipts deposited daily in the bank? Because it is not concerned about
the purchase transactions. If you question it independently, you can’t say that it concerns purchase
transactions compared to the three (3) choices. -AMCA
Plasabas, Kyle
D. Why were the controls applied? As I understand, the purpose of test of controls is to
assess the effectiveness of operating controls. This particular question statement is
closely inclined to the understanding of internal control rather than assessing the risk
or test of controls. All other choices seek to answer the operating effectiveness which
relates to test of controls and risk assessment. -KIP
12. On the basis of audit evidence, an auditor decides to increase the assessed level of control risk from
that originally planned. To achieve an overall audit risk level that is substantially the same as the
planned audit risk level, the auditor would
A. Increase inherent risk C. Decrease inherent risk
B. Increase materiality level D. Decrease detection risk
Tampus, Diazzle
D. Decrease detention risk- Is the best way for an auditor to achieve an overall audit
risk level is to conduct additional substantive tests, as well as having an auditors to
have a sufficient knowledge of the CIS to plan. -DMT
13. When an auditor increases the planned assessed level of control risk because certain controls were
determined to be ineffective, the auditor would most likely increase the
A. Extent of test of details C. Extent of test of controls
B. Level of inherent risk D. Level of detection risk
Garcia, Prince
A. Extent of test of details.
Letter B is incorrect because, as what was discussed, the auditor has no control over inherent
risk; it cannot be decreased or increased. Letter C is incorrect because if the level of control
risk is already assessed as ineffective, why bother increasing the extent of test of controls- it
won't help; the best thing to do is to compensate this risk to keep the overall audit risk low.
Letter D is incorrect because even though detection risk is something the auditor can control,
increasing it would only increase the overall audit risk, which is the other way around. In this
situation, increasing the extent of test of details is the right thing to do. If control is ineffective,
the level material misstatement is increased. So we compensate this increase with a
decrease in detection risk by increasing the extent of test of details. -pag
14. Regardless of the assessed level of control risk, an auditor would perform some
A. Test of controls to determine the effectiveness of internal control policies
B. Analytical procedures to verify the design of internal control procedures
C. Substantive tests to restrict detection risk for significant transaction classes
D. Dual-purpose tests to evaluate both the risk of monetary misstatement and preliminary
control risk
15. Which of the following tests of controls most likely would help assure an auditor that goods shipped are
properly billed?
A. Scan the sales journal for sequential and unusual entries
B. Examine shipping documents for matching sales invoices
C. Compare the accounts receivable ledger to daily sales summaries
D. Inspect unused sales invoices for consecutive pre-numbering
Silva, Lynold
B. Examine shipping documents for matching sales invoices, these will help the auditor to
assure that the goods are properly billed because he can assess if the amount in
documents and invoice are not contradicting. ---LTS
16. An auditor uses the knowledge provided by the understanding of internal control and the final
assessed level of control risk primarily to determine the nature, timing and extent of
A. Attribute tests C. Tests of controls
B. Compliance tests D. Substantive tests
Fordan, Shanelle
D. Substantive tests. Because these are tests of details and analytical procedures
performed to detect material misstatements in the account balance, transaction class, and
disclosure components of financial statements. Letters A, B and C are incorrect because
testing of controls is an application of attribute sampling, compliance tests determine whether
an entity is complying with laws and regulations in governmental audits, while test of controls
must be performed before control risk is assessed below the maximum. -SLF
Correct Answer / Teacher’s Comments
Kerek. Nice elimination specially for letter C.
17. When there are numerous PPE transactions during the year, an auditor who plans to assess control
risk at a low level usually performs
A. Tests of controls and extensive tests of PPE balances at the end of the year
B. Analytical procedures for current year PPE transactions
C. Test of controls and limited tests of current year PPE transactions
D. Analytical procedures for PPE balances at the end of the year
Alfanta, Jezza
Answer: C. Test of controls and limited tests of current year PPE transactions.
When the auditor plans to assess control in a low level this requires low level of audit
procedures. In this case, this includes the test of controls and limited tests of current year
PPE transactions. A low control risk may indicate that controls are reliable and effective.With
this, it is not required to conduct analytical procedures. -JMA
18. Which of the following procedures concerning AR would an auditor most likely perform to obtain
evidential matter in support of an assessed level of control risk below the maximum level?
A. Observing an entity’s employee prepare the schedule of past due AR
B. Sending confirmation requests to entity’s principal customers to verify existence of
accounts receivable
C. Inspecting an entity’s analysis of AR for unusual balances
D. Comparing an entity’s uncollectible accounts expense to actual uncollectible accounts
receivable
Gulles, Fe
A. Observing an entity’s employee prepare the schedule of past due AR
Because, auditor uses test of control to assessed level of control risk below the
maximum. And among the 4 only A is a test of control, the rest are just substantive test,
because among all the choices, choice A includes client's control in working. Mfg
Mancao, Camelle
C. Accounts representing many transactions. Since these accounts are use and
represent many transactions it is very important to test and review the design controls and
review application control to find out if controls are suitable for such transactions. And if the
designed controls are operating with efficiency, effectivity and has reasonable assurance. This
is less likely to be omitted to ensure that the accounts that represents many transactions is
accurately used and these data are relevant.- CMM
20. An internal control questionnaire indicates that an approved receiving report is required to accompany
every check request for payment of merchandise. Which of the following procedures provides the
greatest assurance that this control is operating effectively?
A. Select and examine the receiving reports and ascertain that the related canceled checks
are dated no earlier than the receiving reports
B. Select and examine the receiving reports and ascertain that the related canceled checks
are dated no later than the receiving reports
C. Select and examine the canceled checks and ascertain that the related receiving reports
are dated no earlier than the checks
D. Select and examine the canceled checks and ascertain that the related receiving reports
are dated no later than the checks
Lesaca, Jayvie
D. Select and examine the canceled checks and ascertain that the related receiving
reports are dated no later the checks.
In order to trace the individual transactions and documents back and forth. Auditors
will directly examining the computer program of the system to determine the reliability
of the system. -JRL
21. Tests of controls are designed to obtain evidence to support the auditor’s assessment of control risk
A. At a high level C. At zero level
B. At less than high level D. At the maximum level
Navales, Edemson
B. Because this is to see measure the management's internal controls is effective.
When there is less than high CR, effective yung IC and that is where we conduct test of
controls to measure its effectiveness.. - ENN
Alonzo, Ann
Answer; A. Classes of transactions. Because the auditor prepares the test data or transactions that
consist of valid and invalid conditions - AMCA
Take note that the emphasis of the auditor is more on the assertion level which is on
aggregate class level….
23. When obtaining an understanding of an entity’s control environment, an auditor should concentrate on
the substance of management’s policies and procedures rather than their form because
A. The auditor may believe that the policies and procedures are inappropriate for that
particular entity
B. The BoD may not be aware of management’s attitude toward the control environment
C. Management may establish appropriate policies and procedures but not act on them
D. The policies and procedures may be so ineffective that the auditor may assess control
risk at a high level
Plasabas, Kyle
C. Management may establish appropriate policies and procedures but not act on them.
Obtaining an understanding of an entity's control environment involves evaluating the design of a control and
policies and determining whether it has been implemented. Because these policies and designs will matter
significantly in assessing the operating effectiveness if it has been used or implemented accordingly to the
operation. -KIP
24. Internal controls can never be regarded as completely effective. Even if company personnel could
design an ideal system, its effectiveness depends on the
A. Adequacy of the computer system C. Ability of the internal audit staff to
maintain it
B. Proper implementation by management D. Competency & dependability of the
people using it
Tampus, Diazzle
D. Competency & dependability of the people using it - In using the system there are proper
segregation of duties that are assigned to each personnel, and they have different task to
perform, but having a competent and dependable employees, the effectiveness really
depends on this, since the internal control are better to ensure if the programs are functioning
as designed and the controls are working effectively as planned. -DMT
25. Internal controls are not designed to provide reasonable assurance that
A. All frauds will be detected
B. Transactions are executed in accordance with management’s authorization
C. Access to assets is permitted only in accordance with management’s authorization
D. Company personnel comply with applicable rules and regulations
Garcia, Prince
A. All frauds will be detected
Internal controls do not provide reasonable assurance that all fraud will be detected. Its more
on provision of reasonable assurance that the company achieves its objectives with regards
to operation effectiveness and effeciency, financial reports reliability, compliance with policies/
laws. My take would be internal control minimizes fraud but it does not assures that there's no
fraud at all. -pag
Just as a note. I hope that people can already see a pattern. The word ALL is actually a
red flag in multiple choice questions specially in theory. Most of the times, it
invalidates a statement because it is so absolute.
26. Inherent limitations in an internal control must be considered in evaluating its effectiveness in
preventing and detecting errors and fraud. Inherent limitations do not include
A. Misunderstanding of instructions, mistakes of judgement, personal carelessness,
distraction or fatigue
B. Incompatible functions performed by the same person
C. Collusion among employees
D. Management override of certain policies or procedures
27. An act of two or more employees to steal assets or misstate records is frequently referred to as
A. Collusion C. A control deficiency
B. A material weakness D. Any of the above
28. In an audit of FS, an auditor’s primary consideration regarding an internal control activity is whether
control
A. Reflects management’s philosophy and operating style
B. Affects management’s FS assertions
C. Provides adequate safeguards over access to assets
D. Enhances management’s decision making process
Fordan, Shanelle
B. Affects management's FS assertions. Assessing control risk is the process of
evaluating the effectiveness of an entity's internal control in preventing or detecting material
misstatements in the financial statements is the primary consideration the auditors. Answer A
is considered a part of the control environment while answer C is a type of control activity
however they are not the primary consideration in evaluating internal control. On the other
hand, answer D is not relevant to the auditor's consideration of internal control. -SLF
29. Which of the following characteristics distinguishes computer processing from manual processing?
A. Computer processing virtually eliminates the occurrence of computational error normally
associated with manual
B. Errors of fraud in computer processing will be detected soon after their occurrence
C. The potential for systematic error is ordinarily greater in manual processing than in
computerized
D. Most computer systems are designed so that transaction trails useful for audit purposes
do not exist
Alfanta, Jezza
Answer: A. Computer processing virtually eliminates the occurrence of computational
error normally associated with manual
Computational errors are virtually eliminated in computer processing because of its ability to
uniformly process like transactions with the same processing instructions.
B is wrong because errors and fraud in a computer processing may remain undetected for a
long period of time or not be detected at all. One of the reasons for this is the decreased
human handling of transactions.
C is incorrect because the risk of systematic errors are greater in automated processing. The
ability of the computer to uniformly process transactions can result in all transactions being
wrong when the program’s logic itself is defective.
D is also wrong because CIS are designed to provide audit trails but some of these could only
be present for a short period of time or in another form.- JMA
Correct Answer / Teacher’s Comments
Kerek! Cant add anything anymore actually :)
30. Which of the following employees in a company’s electronic data processing department should be
responsible for designing a new or improved set of data processing procedures?
A. Flowchart editor C. Systems analyst
B. Programmer D. Control-group supervisor
Gulles, Fe
B. System analyst
System analyst job is to examine the current system whether the system fits the business
needs of their employer and employees. And are responsible for maintaining, designing
and improving computer systems. Mfg
C Systems Analyst is correct. After the systems analyst does this, the programmer can
then create this new set of procedures.
31. An auditor would most likely be concerned with which of the following controls in a data processing
system?
A. Hardware controls C. Access controls
B. Systems documentation controls D. Disaster recovery controls
Mancao, Camelle
C. Access Controls. Access control will most likely be the concern of an auditor to limit the
access of the files from unauthorised persons and prevent any alteration of the data files
which are the subject of the audit.- CMM
Lesaca, Jayvie
B. Hash Totals
because it involves non dollar totals while letters ACD suggest dollar amounts-JRL
33. What is the computer process called when data processing is performed concurrently with a particular
activity and the results are available soon enough to influence the particular course of action being
taken or the decision being made?
A. Batch processing C. Integrated data processing
B. Real-time processing D. Random access processing
Navales, Edemson
34. To obtain evidence that user identification and password controls are functioning as designed, an
auditor would most likely
A. Attempt to sign on to the system using invalid user identifications and passwords
B. Write a computer program that simulate the logic of the client’s access control software
C. Extract a random sample of processed transactions and ensure that transactions were
appropriately authorized
D. Examine statements signed by employees stating that they had not divulged their user
identifications and passwords
Alonzo, Ann
Answer; A. Attempt to sign on to the system using invalid user identifications and passwords. To
observe security measures - AMCA
35. Which of the following is a general control that most likely would assist an entity whose systems
analyst left the entity in the middle of a major project?
A. Grandfather-father-son record retention C. Systems documentation
B. Input and output validation routines D. Check digit verification
Plasabas, Kyle
C. Systems Documentation describes the systems procedures and operation up to the
point in time. It serves as a reference for future maintenance and updates. Therefore
when the analyst leaves the entity in the middle of a major project, the new analyst can
immediately understand the system operations. -KIP
36. An auditor anticipates assessing control risk at a low level in a computerized environment. Under these
circumstances, on which of the following procedures would the auditor initially focus?
A. Input control procedures C. Output control procedures
B. Processing control procedures D. General control procedures
Tampus, Diazzle
37. Which of the following is likely to be of least importance to an auditor when obtaining an understanding
of the computer control procedures in a company with a computerized accounting system?
A. The segregation of duties within the computer function
B. The control procedures over source documents
C. The documentation maintained for accounting applications
D. The cost/benefit ratio of computer operations
Garcia, Prince
D. The cost/benefit ratio of computer operations.
Letters A,B,C are of importance with regards to understanding computer control produces:
segregation of duties, control over input, application controls and documentation. Letter D
would be unlikely because this is a management concern and it plays no role in an auditor's
attempt on gaining understanding about an entity's internal control. -pag
38. When an auditor tests a computerized accounting system, which of the following is true of the test data
approach?
A. Test data must consist of all possible valid and invalid conditions
B. The program tested is different from the program used throughout the year by the client
C. Several transactions of each type must be tested
D. Test data are processed by the client’s computer programs under the auditor’s control
Cruz, Neil Patrick
D. Test data are processed by the client’s computer programs under the auditor’s control. When an
auditor tests the internal controls, He/she usually starts from creating the purchase requisition to the end of
the payment cycle. He/she also checks the impact of each transaction on the general ledger and compares it
with predetermined results to check the internal controls of the computerized accounting system. NPLC
The only way to answer this is to invalidate all the other options and ensure that they
will not apply to test data CAAT. A is wrong (again the word ALL). B is SO wrong
because heller, why are you testing a different program from what was used during on
the scope of the audit. Letter C need not necessarily be true as long as they are both a
mix of valid and invalid transactions
39. The most important segregation of duties in the organization of the information systems function is
A. Using different programming personnel to maintain utility programs from those who
maintain the application programs
B. Having separate information officer at the top level of the organization outside of the
accounting function
C. Assuring that those responsible for programming the system do not have access to data
processing operations
D. Not allowing the data librarian to assist in data processing operations
Silva, Lynold
C. Assuring that those responsible for programming the system do not have access to
data processing operations, it is the most important segregation because by doing this
personnel from other departments which are not responsible for the design or system
cannot make changes in the program or system. LTS
40. An entity updates its accounts receivable master file weekly and retains the master files and
corresponding update transactions for the most recent two-week period. The purpose of this periodic
retention of master files and transaction data is to
A. Validate groups of update transactions for each version
B. Permit reconstruction of the master file if needed
C. Verify run-to-run control totals for receivables
D. Match internal labels to avoid writing on the wrong volume
Fordan, Shanelle
B. Permit reconstruction of the master file if needed. It is the primary purpose of the periodic retention
of master files and data. Reconstruction of files can be achieved by updating the most recent back-up with
subsequent transaction data. -SLF
Alfanta, Jezza
Answer: A. Review and approval procedures for new systems are set by policy and
adhered to
Review and approval procedures for new systems are not provided by application controls
because these are under general controls specifically controls over system development and
documentation
Letter B,C, & D are incorrect because these are application controls -JMAThis
42. When erroneous data are detected by computer program controls, such data may be excluded from
processing and printed on an error report. Who should review and follow up this error report?
A. Systems analyst C. Computer programmer
B. Data control group D. Computer operator
Gulles, Fe
B. Data Control Group
Because they are the one who process, verify and control data entry operations in an
organization and handles reprocessing of exemptions, and reviews and distribute all
computer output. Mfg
43. The following statements relate to the auditor’s assessment of control risk in an entity’s computer
environment. Which is correct?
A. The auditor usually can ignore the computer system if he/she can obtain an
understanding of the controls outside of the CIS.
B. If the general controls are ineffective, the auditor ordinarily can assess control risk at a low
level if the application controls are effective
C. The auditor’s objectives with respect to the assessment of control risk are the same as in
a manual system
D. The auditor must obtain an understanding of the internal control and test controls in
computer environment
Mancao, Camelle
C. The auditor’s objectives with respect to the assessment of control risk are the same
as in a manual system. The overall objective of audit, "to obtain understanding of the entity's
control system to assess control risk and determine nature, timing and extent of tests to be
performed" does not change in CIS.
A is incorrect. The auditor do not ignore the computer system but to understand the CIS to
find out its inherent and control risk.
B is incorrect. If general controls are ineffective, the auditor is unlikely to assess control risk at
a low level, regardless of whether application controls have been designed and implemented
for each significant accounting application.
D is incorrect. The tests of controls should be performed only when the auditor’s risk
assessment includes an expectation of the operating effectiveness of controls (i.e., control risk
is assessed at below the maximum), or when substantive procedures alone do not provide
sufficient appropriate audit evidence at the assertion level.-CMM
44. An important characteristic of CIS is uniformity of processing. Therefore, a risk exists that
A. Auditors will not be able to access data quickly
B. Auditors will not be able to determine if data is processed inconsistently
C. Erroneous processing can result in the accumulation of a great number of misstatements
in a short time
D. All of the above
Lesaca, Jayvie
C.Erroneous processing can result in the accumulation of a great number of misstatements in a
short time
Navales, Edemson
C. Because check digits is used to check if all digits are correct its like its ther to
provide verification to guarantee that all numbers are right- ENN
Correct Answer / Teacher’s Comments
Answer should be B. A check digit should not be predetermined (so A is wrong). C and
D are more of a validity check
46. An employee entered “40” in the “hours worked per day” field. Which check would detect this
unintentional error?
● A. Numeric/alphabetic check C. Sign check
B. Limit check D. Missing data check
Alonzo, Ann
Answer; B. Limit check because this check is designed to determine if a value entered into a computer is
within acceptable minimum and maximum values to ensure that the data submitted do not exceed a
predetermined limit. - AMCA
Plasabas, Kyle
A. Permit no direct assessment of actual processing machine resources. Based on
what I understand, auditing around the computer involves conforming the outputs and
sourced documents selected randomly by the auditor to the inputs in the computer.
This is to test if the source documents were properly reflected in the master files and if
the master files are properly supported by sourced documents then the process of the
computer is done correctly. Therefore, there is no direct assessment of the actual
process or program performed by the machine. -KIP
48. A primary reason auditors are reluctant to use an ITF is that it requires them to
A. Reserve specific master file records and process them at regular intervals
B. Collect transaction and master file records in a separate file
C. Notify user personnel so they can make manual adjustments to output
D. Identify and reverse the fictitious entries to avoid contaminations of control totals
Tampus, Diazzle
D. Identify and reverse the fictitious entries to avoid a combination of control totals.
The ITF may use dummy transactions to be processed with live transactions but
requires additional programming to ensure that programs will recognize the specially
coded test data. Also, dummy files must be established even so, the output of the
control totals is affected by the existence of the ITF transactions. One way to avoid the
problem is to use immaterial transactions. However, the resulting differences between
control totals may be troublesome, and the inability to use large numbers may
preclude auditing limit tests. An alternative is to submit reversing entries. However,
reversals would threaten data integrity if they are inaccurate, must be submitted in the
same run, and may allow users to obtain contaminated data before the entries are
made. -DMT
D is the correct answer simply because ITF mixes fictitious test data with actual client
data when this CAAT is used. These are all entered in the clients program and tested if
the fictitious data will go through. In case they do, then the procedures presented by
DMT may be done to reverse them andprevent errors.