Scribd Logo
Upload

Welcome to Scribd!

  • At11 - Auditing in Cis Environment

    Uploaded by

    john mark tabula
    32 views4 pages
    This document discusses auditing in a computer information systems (CIS) environment. It covers topics such as: - Characteristics of an IT environment that an auditor considers, such as complexity of systems, use of emerging technologies, and electronic commerce. - Data processing methods like batch processing and real-time processing. - Types of IT controls like general controls and application controls. General controls relate to the overall computer system while application controls are more specific. - Risk responses auditors can take when evaluating a client's IT system, such as computer-assisted audit techniques (CAATs) that allow testing of real and fake transactions without the client's knowledge. - Advantages and limitations of tools

    Original Description:

    Auditing reviewer

    Original Title

    AT11_-_AUDITING_IN_CIS_ENVIRONMENT

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document discusses auditing in a computer information systems (CIS) environment. It covers topics such as: - Characteristics of an IT environment that an auditor considers, such as complexity of systems, use of emerging technologies, and electronic commerce. - Data processing methods like batch processing and real-time processing. - Types of IT controls like general controls and application controls. General controls relate to the overall computer system while application controls are more specific. - Risk responses auditors can take when evaluating a client's IT system, such as computer-assisted audit techniques (CAATs) that allow testing of real and fake transactions without the client's knowledge. - Advantages and limitations of tools

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    32 views4 pages

    At11 - Auditing in Cis Environment

    Uploaded by

    john mark tabula
    This document discusses auditing in a computer information systems (CIS) environment. It covers topics such as: - Characteristics of an IT environment that an auditor considers, such as complexity of systems, use of emerging technologies, and electronic commerce. - Data processing methods like batch processing and real-time processing. - Types of IT controls like general controls and application controls. General controls relate to the overall computer system while application controls are more specific. - Risk responses auditors can take when evaluating a client's IT system, such as computer-assisted audit techniques (CAATs) that allow testing of real and fake transactions without the client's knowledge. - Advantages and limitations of tools

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 4

    PRIA :AT 11_AUDITING IN CIS ENVIRONMENT BATCH MAY 2020

    AT11 – AUDITING IN CIS ENVIRONMENT

    EXERCISES
    INTRODUCTION & RISK ASSESSMENT – IT ENVIRONMENT CHARACTERISTICS
    1. Which of the following is least likely to be considered by an auditor considering engagement of an
    information technology (IT) specialist on an audit?
    A. Complexity of client’s systems and IT controls.
    B. Requirements to assess going concern status.
    C. Client’s use of emerging technologies.
    D. Extent of entity’s participation in electronic commerce.
    2. Which of the following characterizes IT environment?
    (1) Lack of transaction trails (3) Potential human error
    (2) Segregation of functions (4) Non-uniform processing of transactions
    A. 1 and 2 C. 3 and 4
    B. 1 and 3 D. 2 and 4
    3. Which of the following characteristics distinguishes computer processing from manual processing?
    A. Errors or fraud in computer processing will be detected soon after their occurrence.
    B. The potential for systematic error is ordinarily greater in manual processing than in computer
    processing.
    C. Computer processing virtually eliminates the occurrence of computation error normally
    associated with manual processing.
    D. Most computer systems are designed so that transaction trails for audit purposes do not exist.
    4. Which of the following is not a benefit of using IT-based controls?
    A. Ability to process large volumes of transactions
    B. Ability to replace manual controls with computer-based controls
    C. Reduction in misstatements due to consistent processing of transactions.
    D. Over-reliance on computer-generated reports
    INTRODUCTION & RISK ASSESSMENT – DATA PROCESSING METHODS
    5. The two basic data processing methods are batch processing and real time processing. Which of the
    following properly characterizes them?
    Batch Processing Real Time Processing
    A. Immediate updating Delayed updating
    B. Easy-to-follow audit trail Immediate updating
    C. Delayed updating Ideal for large volume transactions
    D. Needs latest information Immediate updating
    6. Errors in data processed in a batch computer system may not be detected immediately because:
    A. Transaction trails in a batch system are available only for a limited period of time.
    B. There are time delays in processing transactions in a batch system.
    C. Errors in some transactions cause rejection of other transactions in the batch.
    D. Random errors are more likely in a batch system than in an online system.
    INTRODUCTION & RISK ASSESSMENT – IT CONTROLS
    7. S1: The effectiveness of the general controls is essential to the effectiveness of application controls.
    Thus, it may be more efficient to review the design of the general controls first before reviewing
    the design of application controls.
    S2: General controls are those control policies and procedures that relate to the overall computer
    information system.
    A. True, false C. False, false
    B. False, true D. True, true
    8. Which of the following is a general control rather than application control?
    Access Controls Control Totals Data Recovery Controls
    A. Yes No Yes
    B. No Yes No
    C. Yes Yes No
    D. Yes No No

    Auditing Theory by Karim G. Abitago, CPA Page 1 of 4


    Aim…Believe..Claim
    PRIA :AT 11_AUDITING IN CIS ENVIRONMENT BATCH MAY 2020

    E. No No Yes
    9. Internal control is ineffective when the computer personnel
    A. participates in computer software acquisition decisions.
    B. designs documentation for computerized systems.
    C. originates changes in master files.
    D. provides physical security for program files.
    10. Which of the following statements about general controls is not correct?
    A. Disaster recovery plans should identify alternative hardware to process company data.
    B. Successful IT development efforts require the involvement of IT and non-IT personnel.
    C. The chief information officer should report to senior management and the board.
    D. Programmers should have access to computer operations to aid users in resolving problems.
    11. Which of the following procedures would an entity most likely include in its computer disaster
    recovery plan?
    A. Store duplicate copies of critical files in a location away from the computer center.
    B. Develop an auxiliary power supply to provide uninterrupted electricity.
    C. Translate data for storage purposes with a cryptographic secret code.
    D. Maintain a listing of all entity passwords with the network manager.
    12. A customer intended to order 100 units of product Z96014 but incorrectly ordered nonexistent
    product X96015. Which of the following controls most likely would detect this error?
    A. Hash total C. Record count
    B. Check digit verification D. Redundant data check
    13. Which of the following is an example of a validity check?
    A. The computer ensures that a numerical amount in a record does not exceed some
    predetermined amount.
    B. The computer flags any transmission for which the control field value did not match that of an
    existing file record.
    C. After data for a transaction are entered, the computer sends certain data back to the terminal
    for comparison with data originally sent.
    D. As the computer corrects errors and data are successfully resubmitted to the system, the
    causes of the errors are printed out.
    RISK RESPONSES
    14. Auditing by testing the input and output of a computer system instead of the computer software itself
    will
    A. Not detect program errors that do not appear in the output sampled.
    B. Detect all program errors, regardless of the nature of output.
    C. Provide the auditor with the same type of evidence.
    D. Not provide the auditor with confidence in the results of the auditing procedures.
    15. Which of the following CAATs allows fictitious and real transactions to be processed together without
    the knowledge of client operating personnel?
    A. Data entry monitor C. Parallel simulation
    B. Integrated test facility (ITF) D. Input control matrix
    16. To obtain evidence that online access controls are properly functioning, an auditor is most likely to
    A. Vouch a random sample of processed transactions to assure proper authorization.
    B. Create checkpoints at periodic intervals after live data processing to test for unauthorized use of
    the system.
    C. Enter invalid identification numbers or passwords to ascertain whether the system rejects them .
    D. Examine the transaction log to discover whether any transactions were lost or entered twice
    because of a system malfunction.
    17. Computer programs and data that the auditor may use as part of the audit procedures to process
    data of audit significance contained in an entity's information system are called
    A. CAATs C. BIIKs
    B. DOOGs D. BIIRDs
    18. Which of the following is not among the errors that an auditor might include in the test data when
    auditing a client’s computer system?
    A. Numeric characters in alphanumeric fields.
    B. Authorized code.
    C. Differences in description of units of measure
    D. Illogical entries in fields whose logic is tested by programmed consistency checks.

    Auditing Theory by Karim G. Abitago, CPA Page 2 of 4


    Aim…Believe..Claim
    PRIA :AT 11_AUDITING IN CIS ENVIRONMENT BATCH MAY 2020

    19. A primary advantage of using generalized audit software packages to audit the financial statements of
    a client that uses a computer system is that the auditor may
    A. Access information stored on computer files while having a limited understanding of the client’s
    hardware and software features.
    B. Consider increasing the use of substantive tests of transactions in place of analytical
    procedures.
    C. Substantiate the accuracy of data through self-checking digits and hash totals.
    D. Reduce the level of required tests of controls to a relatively small amount.
    20. Which of the following is true of generalized audit software?
    A. They can be used only in auditing on-line computer systems.
    B. They can be used on any computer without modification.
    C. They each have their own characteristics, which the auditor must carefully consider before using
    in a given audit situation.
    D. They enable the auditor to perform all manual compliance test procedures less expensively.
    QUIZZER (DO-IT-YOURSELF DRILL)
    1. IT has several significant effects on an entity. Which of the following would be important from an
    auditing perspective?
    I The potential for material misstatement.
    II The visibility of information.
    III Changes in the organizational structure.
    A. I and ll only C. II and III only
    B. I and III only D. I, II, and III
    2. An integrated test facility (ITF) would be appropriate when the auditor needs to
    A. Trace a complex logic path through an application system.
    B. Verify processing accuracy concurrently with processing.
    C. Monitor transactions in an application system continuously.
    D. Verify load module integrity for production programs.
    3. Compared to a manual system, a CBIS generally
    1 Reduces segregation of duties.
    2 Increases segregation of duties.
    3 Decreases manual inspection of processing results.
    4 Increases manual inspection of processing results.
    A. 1 and 3. C. 2 and 3
    B. 1 and 4 D. 2 and 4.
    4. A hash total of employee numbers is part of the input to a payroll master file update program. The
    program compares the hash total to the total computed for transactions applied to the master file.
    The purpose of this procedure is to:
    A. Verify that employee numbers are valid.
    B. Verify that only authorized employees are paid.
    C. Detect errors in payroll calculations.
    D. Detect the omission of transaction processing.
    5. Adequate control over access to data processing is required to
    A. Prevent improper use or manipulation of data files and programs.
    B. Ensure that only console operators have access to program documentation.
    C. Minimize the need for backup data files.
    D. Ensure that hardware controls are operating effectively and as designed by the computer
    manufacturer.
    6. Which of the following procedures is an example of auditing "around" the computer?
    A. The auditor traces adding machine tapes of sales order batch totals to a computer printout of
    the sales journal.
    B. The auditor develops a set of hypothetical sales transactions and, using the client's computer
    program, enters the transactions into the system and observes the processing flow.
    C. The auditor enters hypothetical transactions into the client's processing system during client
    processing of live" data.
    D. The auditor observes client personnel as they process the biweekly payroll. The auditor is
    primarily concerned with computer rejection of data that fails to meet reasonableness limits.
    7. CBIS controls are frequently classified as to general controls and application controls. Which of the
    following is an example of an application control?
    A. Programmers may access the computer only for testing and "debugging" programs.
    B. All program changes must be fully documented and approved by the information systems
    manager and the user department authorizing the change.
    C. A separate data control group is responsible for distributing output, and also compares input
    and output on a test basis.

    Auditing Theory by Karim G. Abitago, CPA Page 3 of 4


    Aim…Believe..Claim
    PRIA :AT 11_AUDITING IN CIS ENVIRONMENT BATCH MAY 2020

    D. In processing sales orders, the computer compares customer and product numbers with
    internally stored lists.
    8. The "test data approach"
    A. Involves reprocessing actual entity data using the entity's computer software.
    B. Involves reprocessing actual entity data using the auditor's computer software.
    C. Is where dummy transactions are prepared by the auditor and processed under the auditor's
    control using the entity's computer software.
    D. Is where actual transactions are prepared by the auditor.
    9. Which of the following is an advantage of a database management system (DBMS)?
    A. A decreased vulnerability as the DBMS has numerous security controls to prevent disasters.
    B. Each organizational unit takes responsibility and control for its own data.
    C. Data independence from application programs.
    D. The cost of the CIS department decreases because users are now responsible for establishing
    their own data handling techniques.
    10. CIS application controls include the following, except
    A. Controls over input.
    B. Controls over processing and computer data files.
    C. Controls over output.
    D. Controls over access to systems software and documentation.
    - END OF HANDOUTS -

    Auditing Theory by Karim G. Abitago, CPA Page 4 of 4


    Aim…Believe..Claim

    You might also like