Professional Documents
Culture Documents
Accounting Information Systems 14th Edition Romney Test Bank 1
Accounting Information Systems 14th Edition Romney Test Bank 1
Accounting Information Systems 14th Edition Romney Test Bank 1
Edition Romney
1 Describe the nature, scope and objective of audit work, and identify the major steps in the
audit process.
2
Copyright © 2018 Pearson Education, Inc.
4) Which type of work listed below is not typical of internal auditors?
A) Operational and management audits.
B) Information system audits.
C) Financial statement audit.
D) Financial audit of accounting records.
Answer: C
Concept: The nature of auditing
Objective: Learning Objective 1
Difficulty: Easy
AACSB: Analytical Thinking
5) The ________ audit examines the reliability and integrity of accounting records.
A) financial
B) informational
C) information systems
D) operational
Answer: A
Concept: The nature of auditing
Objective: Learning Objective 1
Difficulty: Easy
AACSB: Analytical Thinking
6) The ________ audit reviews the general and application controls of an AIS to assess its
compliance with internal control policies and procedures and its effectiveness in safeguarding
assets.
A) financial
B) information systems
C) management
D) internal control
Answer: B
Concept: The nature of auditing
Objective: Learning Objective 1
Difficulty: Easy
AACSB: Analytical Thinking
7) A(n) ________ audit is concerned with the economical and efficient use of resources and the
accomplishment of established goals and objectives.
A) operational or management
B) financial
C) information systems
D) internal control
Answer: A
Concept: The nature of auditing
Objective: Learning Objective 1
Difficulty: Moderate
AACSB: Analytical Thinking
3
Copyright © 2018 Pearson Education, Inc.
8) The ________ audit is concerned with the economical and efficient use of resources and the
accomplishment of established goals and objectives.
A) financial
B) informational
C) information systems
D) operational
Answer: D
Concept: The nature of auditing
Objective: Learning Objective 1
Difficulty: Easy
AACSB: Analytical Thinking
9) The purpose of ________ is to determine why, how, when, and who will perform the audit.
A) audit planning
B) the collection of audit evidence
C) the communication of audit results
D) the evaluation of audit evidence
Answer: A
Concept: The nature of auditing
Objective: Learning Objective 1
Difficulty: Easy
AACSB: Analytical Thinking
10) Organizing the audit team and the physical examination of assets are components of which
two separate audit stages?
A) Planning; evaluating audit evidence.
B) Planning; collecting audit evidence.
C) Collecting audit evidence; communicating audit results.
D) Communicating audit results; evaluating audit evidence.
Answer: B
Concept: The nature of auditing
Objective: Learning Objective 1
Difficulty: Moderate
AACSB: Analytical Thinking
11) Consideration of risk factors and materiality is most associated with which audit stage?
A) Collection of audit evidence.
B) Communication of audit results.
C) Audit planning.
D) Evaluation of audit evidence.
Answer: C
Concept: The nature of auditing
Objective: Learning Objective 1
Difficulty: Easy
AACSB: Analytical Thinking
4
Copyright © 2018 Pearson Education, Inc.
12) A system that employs various types of advanced technology has more ________ risk than
traditional batch processing.
A) control
B) detection
C) inherent
D) investing
Answer: C
Concept: The nature of auditing
Objective: Learning Objective 1
Difficulty: Easy
AACSB: Analytical Thinking
13) An organization that has an antiquated accounting information system has more ________
risk than an organization that has a more advanced system.
A) control
B) detection
C) inherent
D) investing
Answer: A
Concept: The nature of auditing
Objective: Learning Objective 1
Difficulty: Easy
AACSB: Analytical Thinking
5
Copyright © 2018 Pearson Education, Inc.
15) The possibility that a material error will occur even though auditors are following audit
procedures and using good judgment is referred to as
A) control risk.
B) detection risk.
C) inherent risk.
D) investigating risk.
Answer: B
Concept: The nature of auditing
Objective: Learning Objective 1
Difficulty: Easy
AACSB: Analytical Thinking
19) The ________ stage of the auditing process involves (among other things) the auditors
observing the operating activities and having discussions with employees.
A) audit planning
B) collection of audit evidence
C) communication of audit results
D) evaluation of audit evidence
Answer: B
Concept: The fraud triangle
Objective: Learning Objective 1
Difficulty: Easy
AACSB: Analytical Thinking
6
Copyright © 2018 Pearson Education, Inc.
20) Verifying the accuracy of certain information, often through communication with third
parties, is known as
A) reperformance.
B) confirmation.
C) substantiation.
D) documentation.
Answer: B
Concept: The nature of auditing
Objective: Learning Objective 1
Difficulty: Moderate
AACSB: Analytical Thinking
21) The evidence collection method that examines all supporting documents to determine the
validity of a transaction is called
A) review of documentation.
B) vouching.
C) physical examination.
D) analytical review.
Answer: B
Concept: The nature of auditing
Objective: Learning Objective 1
Difficulty: Moderate
AACSB: Analytical Thinking
22) The evidence collection method that considers the relationships and trends among
information to detect items that should be investigated further is called
A) review of the documentation.
B) vouching.
C) physical examination.
D) analytical review.
Answer: D
Concept: The nature of auditing
Objective: Learning Objective 1
Difficulty: Moderate
AACSB: Analytical Thinking
23) An auditor searching for a shipping document to ensure that the sales number recorded in the
sales journal was properly supported. This is an example of
A) review of the documentation.
B) vouching.
C) confirmation.
D) analytical review.
Answer: B
Concept: The nature of auditing
Objective: Learning Objective 1
Difficulty: Moderate
AACSB: Reflective Thinking
7
Copyright © 2018 Pearson Education, Inc.
24) An auditor calculates the current ratio of the company to determine its ability to pay off its
current financial obligation. This is an example of
A) review of the documentation.
B) vouching.
C) confirmation.
D) analytical review.
Answer: D
Concept: The nature of auditing
Objective: Learning Objective 1
Difficulty: Moderate
AACSB: Reflective Thinking
26) Assessing the quality of internal controls, the reliability of information, and operating
performance are all part of
A) audit planning.
B) collection of audit evidence.
C) communication of audit results.
D) evaluation of audit evidence.
Answer: D
Concept: The nature of auditing
Objective: Learning Objective 1
Difficulty: Easy
AACSB: Analytical Thinking
27) The auditor's objective is to seek ________ that no material error exists in the information
audited.
A) absolute reliability
B) reasonable objectivity
C) reasonable evidence
D) reasonable assurance
Answer: D
Concept: The nature of auditing
Objective: Learning Objective 1
Difficulty: Moderate
AACSB: Analytical Thinking
8
Copyright © 2018 Pearson Education, Inc.
28) Which of the choices below best describes a risk-based audit approach?
A) A four-step approach to internal control evaluation.
B) A three-step approach to internal control evaluation.
C) A four-step approach to financial statement review and recommendations.
D) A three-step approach to financial statement review and recommendations.
Answer: A
Concept: The nature of auditing
Objective: Learning Objective 1
Difficulty: Easy
AACSB: Analytical Thinking
30) ________ can determine whether the necessary control procedures are in place.
A) A systems review
B) A systems overhaul
C) Tests of controls
D) Both B and C
Answer: A
Concept: The nature of auditing
Objective: Learning Objective 1
Difficulty: Challenging
AACSB: Analytical Thinking
31) When a control deficiency is identified, the auditor should inquire about
A) tests of controls.
B) compensating controls.
C) the feasibility of a systems review.
D) materiality and inherent risk factors.
Answer: B
Concept: The nature of auditing
Objective: Learning Objective 1
Difficulty: Moderate
AACSB: Analytical Thinking
9
Copyright © 2018 Pearson Education, Inc.
32) The ________ to auditing provides auditors with a clear understanding of possible errors and
irregularities and the related risks and exposures.
A) risk-based approach
B) risk-adjusted approach
C) financial audit approach
D) information systems approach
Answer: A
Concept: The nature of auditing
Objective: Learning Objective 1
Difficulty: Easy
AACSB: Analytical Thinking
33) Increasing the effectiveness of internal controls would have the greatest effect on
A) reducing inherent risk.
B) reducing control risk.
C) reducing detection risk.
D) reducing audit risk.
Answer: B
Concept: The fraud triangle
Objective: Learning Objective 1
Difficulty: Challenging
AACSB: Analytical Thinking
10
Copyright © 2018 Pearson Education, Inc.
36) There is a direct relationship between inherent risk and detection risk.
Answer: FALSE
Concept: The nature of auditing
Objective: Learning Objective 1
Difficulty: Challenging
AACSB: Reflective Thinking
37) There is an inverse relationship between control risk and detection risk.
Answer: TRUE
Concept: The nature of auditing
Objective: Learning Objective 1
Difficulty: Challenging
AACSB: Reflective Thinking
38) An auditor examines all documents related to the acquisition, repair history, and disposal of a
firm's delivery van. This is an example of collecting audit evidence by
A) confirmation.
B) reperformance.
C) vouching.
D) analytical review.
Answer: C
Concept: The nature of auditing
Objective: Learning Objective 1
Difficulty: Moderate
AACSB: Analytical Thinking
39) An auditor manually calculates accumulated depreciation on a delivery van and compares
her calculation with the accounting records. The auditor is performing
A) vouching.
B) confirmation.
C) reperformance.
D) analytical review.
Answer: C
Concept: The nature of auditing
Objective: Learning Objective 1
Difficulty: Easy
AACSB: Analytical Thinking
11
Copyright © 2018 Pearson Education, Inc.
40) An auditor finds that employee absentee rates are significantly higher on Mondays and
Fridays than on other work days. This is an example collecting audit evidence by
A) confirmation.
B) reperformance.
C) vouching.
D) analytical review.
Answer: D
Concept: The nature of auditing
Objective: Learning Objective 1
Difficulty: Moderate
AACSB: Analytical Thinking
41) Which of the following is not one of the types of internal audits?
A) A review of the corporate organizational structure and reporting hierarchies.
B) An examination of procedures for reporting and disposing of hazardous waste.
C) A review of source documents and general ledger accounts to determine integrity of recorded
transactions.
D) A comparison of estimates and analysis made before purchase of a major capital asset to
actual numbers and results achieved.
Answer: A
Concept: The nature of auditing
Objective: Learning Objective 1
Difficulty: Moderate
AACSB: Reflective Thinking
43) How and to whom does an auditor communicate the audit results?
Answer: The auditor prepares a written report summarizing the findings and recommendations,
with references to supporting evidence in working papers. The report is presented to
management, the audit committee, the board of directors, and other appropriate parties. The
auditor then follows up later to determine if recommendations were implemented.
Concept: The nature of auditing
Objective: Learning Objective 1
Difficulty: Easy
AACSB: Analytical Thinking
12
Copyright © 2018 Pearson Education, Inc.
44) How is a financial audit different from an information systems audit?
Answer: Financial audits examine the reliability and integrity of accounting records in terms of
financial and operating information. An information systems (IS) audit reviews the general and
application controls of an AIS to assess its compliance with internal control policies and
procedures and its effectiveness in safeguarding assets. Although the AIS may generate
accounting records and financial information, it is important that the AIS itself be audited to
verify compliance with internal controls and procedures.
Concept: The nature of auditing
Objective: Learning Objective 1
Difficulty: Moderate
AACSB: Analytical Thinking
45) Why do all audits follow a sequence of events that can be divided into four stages, and what
are the four stages?
Answer: The auditor's function generally remains the same no matter what type of audit is being
conducted. The process of auditing can be broken down into the four stages of planning,
collecting evidence, evaluating evidence, and communicating audit results. These stages form a
working template for any type of financial, information systems, or operational or management
audits.
Concept: The nature of auditing
Objective: Learning Objective 1
Difficulty: Easy
AACSB: Analytical Thinking
13
Copyright © 2018 Pearson Education, Inc.
47) Describe the risk-based audit approach.
Answer: The risk-based audit approach has four steps that evaluate internal controls. This
approach provides a logical framework for conducting an audit of the internal control structure of
a system. The first step is to determine the threats facing the AIS. Threats here can be defined as
errors and irregularities in the AIS. Once the threat risk has been established, the auditor should
identify the control procedures that should be in place to minimize each threat. The control
procedures identified should either be able to prevent or detect errors and irregularities within the
AIS. The next step is to evaluate the control procedures. This step includes a systems review of
documentation and also interviewing the appropriate personnel to determine whether the needed
procedures are in place within the system. The auditor can then use tests of controls to determine
if the procedures are being satisfactorily followed. The fourth step is to evaluate weaknesses
found in the AIS. Weaknesses here means errors and irregularities not covered by the AIS
control procedures. When such deficiencies are identified, the auditor should see if there are
compensating controls that may counterbalance the deficiency. A deficiency in one area may be
neutralized given control strengths in other areas. The ultimate goal of the risk-based approach is
to provide the auditor with a clear understanding of errors and irregularities that may be in the
system along with the related risks and exposures. Once an understanding has been obtained, the
auditor may provide recommendations to management as to how the AIS control system can be
improved.
Concept: The nature of auditing
Objective: Learning Objective 1
Difficulty: Challenging
AACSB: Analytical Thinking
14
Copyright © 2018 Pearson Education, Inc.
49) Describe the concept of materiality and provide an example.
Answer: Materiality is the amount of an error, fraud, or omission that would affect the decision
of a prudent user of financial information. Determining materiality, what is and is not important
in an audit, is a matter of professional judgment. Materiality is more important to external audits,
where the emphasis is fairness of financial statement, than to internal audits, where the focus is
on adherence to management policies. Students' answers may vary depending on their examples.
Concept: The nature of auditing
Objective: Learning Objective 1
Difficulty: Moderate
AACSB: Analytical Thinking
2 Identify the six objectives of an information system audit, and describe how the risk-based
audit approach can be used to accomplish these objectives.
2) The information systems audit objective that pertains to source data being processed into some
form of output is known as
A) overall security.
B) program development.
C) program modifications.
D) processing.
Answer: D
Concept: Information systems audit
Objective: Learning Objective 2
Difficulty: Easy
AACSB: Analytical Thinking
15
Copyright © 2018 Pearson Education, Inc.
3) The information systems audit objective that pertains to protect computer equipment,
programs, communications, and data from unauthorized access, modification, or destruction is
known as
A) overall security.
B) program development.
C) program modifications.
D) processing.
Answer: A
Concept: Information systems audit
Objective: Learning Objective 2
Difficulty: Easy
AACSB: Analytical Thinking
4) The information systems audit objective that pertains to having management's authorization
and approval is known as
A) overall security.
B) program development.
C) program modifications.
D) processing.
Answer: C
Concept: Information systems audit
Objective: Learning Objective 2
Difficulty: Easy
AACSB: Analytical Thinking
5) Which of the following is not one of the six objectives of an information systems audit?
A) Security provisions exist to protect data from unauthorized access, modification, or
destruction.
B) Obtaining evidence to provide reasonable assurance the financial statements are not
materially misstated
C) Programs have been developed and acquired in accordance with management's authorization.
D) Program modifications have received management's authorization and approval.
Answer: B
Concept: Information systems audit
Objective: Learning Objective 2
Difficulty: Moderate
AACSB: Analytical Thinking
16
Copyright © 2018 Pearson Education, Inc.
6) Which of the following is not an information systems audit test of controls?
A) Observe computer-site access procedures.
B) Investigate how unauthorized access attempts are handled.
C) Review logical access policies and procedures.
D) Examine the results of disaster recovery plan simulations.
Answer: C
Concept: Information security concepts
Objective: Learning Objective 2
Difficulty: Moderate
AACSB: Analytical Thinking
8) Which of the following is not a control procedure for preventing inadvertent programming
errors?
A) Review software license agreements.
B) Test new programs, including user acceptance testing.
C) Purchase hardware only from management approved vendors.
D) Require management approval of programming specifications.
Answer: C
Concept: Information systems audit
Objective: Learning Objective 2
Difficulty: Moderate
AACSB: Analytical Thinking
9) You are the head of the IT department at Panther Designs, Inc. A systems review reveals that
your firm has poor control procedures for preventing inadvertent programming errors. However,
you are not concerned because you feel Panther Designs has strong compensating controls. What
control likely exists to give you this confidence?
A) The internal audit department processes test data at Panther Designs.
B) Panther Designs pays its employees well, decreasing the likelihood of errors.
C) Panther Designs only hires competent programmers, decreasing the likelihood of errors.
D) All of Panther Design's IT applications are less than 2 years old.
Answer: A
Concept: Information systems audit
Objective: Learning Objective 2
Difficulty: Moderate
AACSB: Reflective Thinking
17
Copyright © 2018 Pearson Education, Inc.
10) You are an internal auditor for Ron Burgandy Suits. The CEO has asked you to perform an
audit of the program modifications process. Identify one procedure you might use to test controls
surrounding the program modification process.
A) Review logical access control policies.
B) Discuss modification policies with management, users, and systems personnel.
C) Verify logical access controls are in effect for program changes.
D) Separate development, test, and production versions of programs.
Answer: C
Concept: Information systems audit
Objective: Learning Objective 2
Difficulty: Moderate
AACSB: Reflective Thinking
12) Embedded audit molecules can be used to continually monitor the system and collect audit
evidence.
Answer: TRUE
Concept: The nature of auditing
Objective: Learning Objective 2
Difficulty: Easy
AACSB: Analytical Thinking
18
Copyright © 2018 Pearson Education, Inc.
13) Describe the difference between concurrent audit techniques and embedded audit modules.
Answer: Auditors use concurrent audit techniques to continually monitor the system and collect
audit evidence while live data are processed during regular operating hours. Concurrent audit
techniques use embedded audit modules, which are program code segments that perform audit
functions, report test results, and store the evidence collected for auditor review. Concurrent
audit techniques are time-consuming and difficult to use but are less so if incorporated when
programs are developed.
Concept: Information systems audit
Objective: Learning Objective 2
Difficulty: Moderate
AACSB: Analytical Thinking
15) Using embedded audit modules to continuously monitor transactions, collect data on
transactions with special audit significance, and store the data to later identify and investigate
questionable transactions is an example of
A) integrated test facility.
B) snapshot technique.
C) system control audit review file.
D) audit hooks.
Answer: C
Concept: Information systems audit
Objective: Learning Objective 2
Difficulty: Difficult
AACSB: Analytical Thinking
19
Copyright © 2018 Pearson Education, Inc.
16) Audit routines that notify auditors of questionable transactions, often as they occur is an
example of
A) integrated test facility.
B) snapshot technique.
C) system control audit review file.
D) audit hooks.
Answer: D
Concept: Information systems audit
Objective: Learning Objective 2
Difficulty: Easy
AACSB: Analytical Thinking
17) Inserting a dummy entity in a company's system; processing test transactions to update that
will not affect actual records is an example of
A) integrated test facility.
B) snapshot technique.
C) system control audit review file.
D) audit hooks.
Answer: A
Concept: Information systems audit
Objective: Learning Objective 2
Difficulty: Easy
AACSB: Analytical Thinking
18) Marking transactions with a special code, recording them and their master file records before
and after processing, and storing the data to later verify that all processing steps were properly
executed is an example of
A) integrated test facility.
B) snapshot technique.
C) system control audit review file.
D) audit hooks.
Answer: B
Concept: Information systems audit
Objective: Learning Objective 2
Difficulty: Easy
AACSB: Analytical Thinking
20
Copyright © 2018 Pearson Education, Inc.
19) Software that interprets a program's source code and generates a flowchart of the program's
logic is called
A) automated flowcharting programs.
B) automated decision table programs.
C) mapping programs.
D) tracing program.
Answer: A
Concept: Information systems audit
Objective: Learning Objective 2
Difficulty: Easy
AACSB: Analytical Thinking
3 Describe computer audit software, and explain how it is used in the audit of an AIS.
1) Identify the activity below that the external auditor should not be involved.
A) Examining system access logs.
B) Developing the information system.
C) Examining logical access policies and procedures.
D) Making recommendations to management for improvement of existing internal controls.
Answer: B
Concept: Auditing software
Objective: Learning Objective 3
Difficulty: Moderate
AACSB: Analytical Thinking
21
Copyright © 2018 Pearson Education, Inc.
3) Which statement below is incorrect regarding program modifications?
A) Only material program changes should be thoroughly tested and documented.
B) During the change process, the developmental version of the program must be kept separate
from the production version.
C) After the modified program has received final approval, the change is implemented by
replacing the developmental version with the production version.
D) When a program change is submitted for approval, a list of all required updates should be
compiled and then approved by management and program users.
Answer: A
Concept: Auditing software
Objective: Learning Objective 3
Difficulty: Easy
AACSB: Analytical Thinking
4) How could auditors determine if unauthorized program changes have been made?
A) By interviewing and making inquiries of the programming staff.
B) By examining the systems design and programming documentation.
C) By using a source code comparison program.
D) By interviewing and making inquiries of recently terminated programming staff.
Answer: C
Concept: Auditing software
Objective: Learning Objective 3
Difficulty: Moderate
AACSB: Analytical Thinking
5) Which auditing technique will not assist in determining if unauthorized programming changes
have been made?
A) The use of a source code comparison program.
B) The use of the reprocessing technique to compare program output.
C) By interviewing and making inquiries of the programming staff.
D) The use of parallel simulation to compare program output.
Answer: C
Concept: Auditing software
Objective: Learning Objective 3
Difficulty: Easy
AACSB: Analytical Thinking
6) Strong ________ controls can partially compensate for inadequate ________ controls.
A) development; processing
B) processing; development
C) operational; internal
D) internal; operational
Answer: B
Concept: Auditing software
Objective: Learning Objective 3
Difficulty: Moderate
AACSB: Analytical Thinking
22
Copyright © 2018 Pearson Education, Inc.
7) The ________ procedure for auditing computer process controls uses a hypothetical series of
valid and invalid transactions.
A) concurrent audit techniques
B) test data processing
C) integrated test facility
D) dual process
Answer: B
Concept: Auditing software
Objective: Learning Objective 3
Difficulty: Moderate
AACSB: Analytical Thinking
8) The auditor uses ________ to continuously monitor the system and collect audit evidence
while live data are processed.
A) test data processing
B) parallel simulation
C) concurrent audit techniques
D) analysis of program logic
Answer: C
Concept: Auditing software
Objective: Learning Objective 3
Difficulty: Moderate
AACSB: Analytical Thinking
23
Copyright © 2018 Pearson Education, Inc.
10) A type of software that auditors can use to analyze program logic and detect unexecuted
program code is
A) an audit log.
B) a mapping program.
C) a scanning routine.
D) program tracing.
Answer: B
Concept: Auditing software
Objective: Learning Objective 3
Difficulty: Moderate
AACSB: Analytical Thinking
12) The use of a secure file library and restrictions on physical access to data files are control
procedures used together to prevent
A) an employee or outsider obtaining data about an important client.
B) a data entry clerk from introducing data entry errors into the system.
C) a computer operator from losing or corrupting files or data during transaction processing.
D) programmers making unauthorized modifications to programs.
Answer: A
Concept: Auditing software
Objective: Learning Objective 3
Difficulty: Challenging
AACSB: Reflective Thinking
13) An auditor creates a fictitious customer in the system and then creates several fictitious sales
to the customer. The records are then tracked as they are processed by the system. The auditor is
using
A) an integrated test facility.
B) the snapshot technique.
C) a system control audit review file.
D) continuous and intermittent simulation.
Answer: A
Concept: Auditing software
Objective: Learning Objective 3
Difficulty: Moderate
AACSB: Analytical Thinking
24
Copyright © 2018 Pearson Education, Inc.
14) An auditor sets an embedded audit module to flag all credit transactions in excess of $5,000.
The flag causes the system state to be recorded before and after each transaction is processed.
The auditor is using
A) audit hooks.
B) an integrated test facility.
C) the snapshot technique.
D) a system control audit review file.
Answer: C
Concept: Auditing software
Objective: Learning Objective 3
Difficulty: Moderate
AACSB: Analytical Thinking
15) An auditor sets an embedded audit module to record all credit transactions in excess of
$5,000 and stores the data in an audit log. The auditor is using
A) audit hooks.
B) the snapshot technique.
C) a system control audit review file.
D) continuous and intermittent simulation.
Answer: C
Concept: Auditing software
Objective: Learning Objective 3
Difficulty: Moderate
AACSB: Analytical Thinking
16) An auditor sets an embedded audit module to flag questionable online transactions, display
information about the transaction on the auditor's computer, and send a text message to the
auditor's cell phone. The auditor is using
A) the snapshot technique.
B) a system control audit review file.
C) audit hooks.
D) continuous and intermittent simulation.
Answer: C
Concept: Auditing software
Objective: Learning Objective 3
Difficulty: Moderate
AACSB: Analytical Thinking
25
Copyright © 2018 Pearson Education, Inc.
17) An auditor sets an embedded audit module to selectively monitor transactions. Selected
transactions are then reprocessed independently, and the results are compared with those
obtained by the normal system processing. The auditor is using
A) an integrated test facility.
B) the snapshot technique.
C) a system control audit review file.
D) continuous and intermittent simulation.
Answer: D
Concept: Auditing software
Objective: Learning Objective 3
Difficulty: Moderate
AACSB: Analytical Thinking
18) When programmers are working with program code, they often employ utilities that are also
used in auditing. For example, as program code evolves, it is often the case that blocks of code
are superseded by other blocks of code. Blocks of code that are not executed by the program can
be identified by
A) embedded audit modules.
B) scanning routines.
C) mapping programs.
D) automated flow charting programs.
Answer: C
Concept: Auditing software
Objective: Learning Objective 3
Difficulty: Moderate
AACSB: Analytical Thinking
19) When programmers are working with program code, they often employ utilities that are also
used in auditing. For example, as program code evolves, it is often the case that variables defined
during the early part of development become irrelevant. The occurrences of variables that are not
used by the program can be found using
A) program tracing.
B) scanning routines.
C) mapping programs.
D) embedded audit modules.
Answer: B
Concept: Auditing software
Objective: Learning Objective 3
Difficulty: Moderate
AACSB: Analytical Thinking
26
Copyright © 2018 Pearson Education, Inc.
20) Explain why the auditor's role in program development and acquisition should be limited.
Answer: The auditor's role in any organization systems development should be limited only to
an independent review of systems development activities. The key to the auditor's role is
independence; the only way auditors can maintain the objectivity necessary for performing an
independent evaluation function is by avoiding any and all involvement in the development of
the system itself. If auditor independence is impaired, the audit itself may be of little value and
its results could easily be called into question. The auditors could be basically reviewing their
own work.
Concept: Auditing software
Objective: Learning Objective 3
Difficulty: Moderate
AACSB: Analytical Thinking
21) Audit tests and procedures traditionally have been performed on a sample basis. Do options
exist for auditors to test significantly more (or all) transactions?
Answer: Computer assisted audit techniques (CAATS) allow auditors to automate and simplify
the audit process. Large amounts of data can be examined by software, created from auditor-
supplied specifications. Two popular CAATS packages are Audit Control Language (ACL) and
Interactive Data Extraction and Analysis (IDEA). Auditors can also use concurrent audit
techniques to identify and collect information about certain types of transactions in real-time.
Examples of concurrent audit techniques are embedded audit modules, integrated test facility,
system control audit review file (SCARF), snapshot technique, audit hooks and continuous and
intermittent simulation (CIS).
Concept: Auditing software
Objective: Learning Objective 3
Difficulty: Moderate
AACSB: Analytical Thinking
22) When doing an information systems audit, auditors must review and evaluate the program
development process. What errors or fraud could occur during the program development
process?
Answer: There can be unintentional errors due to misunderstood systems specifications,
incomplete specifications, or poor programming. Developers could insert unauthorized code
instructions into the program for fraudulent purposes.
Concept: Auditing software
Objective: Learning Objective 3
Difficulty: Moderate
AACSB: Analytical Thinking
27
Copyright © 2018 Pearson Education, Inc.
23) Briefly describe tests that can be used to detect unauthorized program modifications.
Answer: Review procedures for requesting, approving, programming, and testing changes.
Review or observe specific testing and implementation procedures. Compare source code from
the approved and tested program with the program code currently in use. Randomly and without
notice, use the source code from the approved and tested program to reprocess transactions,
and compare the results with the operational system results. Write new code designed to replicate
the approved and tested code and use parallel simulation to reprocess transactions, and compare
the results with the operational system results.
Concept: Auditing software
Objective: Learning Objective 3
Difficulty: Challenging
AACSB: Analytical Thinking
25) a) What is test data processing? b) How is it done? c) What are the sources that an auditor
can use to generate test data?
Answer: a) Test data processing is a technique used to examine the integrity of the computer
processing controls. b) Test data processing involves the creation of a series of hypothetical valid
and invalid transactions and the introduction of those transactions into the system. The invalid
data may include records with missing data, fields containing unreasonably large amounts,
invalid account numbers, etc. If the program controls are working, then all invalid transactions
should be rejected. Valid transactions should all be properly processed. c) The various ways test
data can be generated are: A listing of actual transactions. The initial transactions used by the
programmer to test the system. A test data generator program that generates data using program
specifications.
Concept: Auditing software
Objective: Learning Objective 3
Difficulty: Challenging
AACSB: Reflective Thinking
28
Copyright © 2018 Pearson Education, Inc.
26) Describe the disadvantages of test data processing.
Answer: The auditor must spend considerable time developing an understanding of the system
and preparing an adequate set of test transactions. Care must be taken to ensure that test data
does not affect the company's files and databases. The auditor can reverse the effects of the test
transactions or process the transactions in a separate run using a copy of the file or database.
However, a separate run removes some of the authenticity obtained from processing test data
with regular transactions. Also, since the reversal procedures may reveal the existence and nature
of the auditor's test to key personnel, it can be less effective than a concealed test.
Concept: Auditing software
Objective: Learning Objective 3
Difficulty: Moderate
AACSB: Analytical Thinking
27) An audit software program that generates programs that perform certain audit functions,
based on auditor specifications, is referred to as a(n)
A) input controls matrix.
B) CAATS.
C) embedded audit module.
D) mapping program.
Answer: B
Concept: Auditing software
Objective: Learning Objective 3
Difficulty: Moderate
AACSB: Analytical Thinking
28) An auditor might use ________ to convert data from several sources into a single common
format.
A) Windows Media Converter
B) concurrent audit technique
C) computer assisted audit techniques software
D) Adobe Professional
Answer: C
Concept: Auditing software
Objective: Learning Objective 3
Difficulty: Easy
AACSB: Analytical Thinking
31) How has the U.S. government deployed computer-assisted audit techniques to reduce the
budget?
A) To identify fraudulent Medicare claims.
B) To identify fraudulent defense spending.
C) To identify fraudulent tax returns.
D) All of the above.
Answer: A
Concept: Auditing software
Objective: Learning Objective 3
Difficulty: Challenging
AACSB: Analytical Thinking
32) One of the advantages of CAATS software is that it can replace the auditor's judgment in
specific areas of an audit.
Answer: FALSE
Concept: Auditing software
Objective: Learning Objective 3
Difficulty: Easy
AACSB: Analytical Thinking
33) Identify the company below that CAATS would likely provide the most value.
A) A local car dealership.
B) A local floral shop.
C) A large grocery store that uses an ERP system.
D) A medium-sized restaurant chain with restaurants in many cities.
Answer: D
Concept: Auditing software
Objective: Learning Objective 3
Difficulty: Moderate
AACSB: Reflective Thinking
30
Copyright © 2018 Pearson Education, Inc.
34) Which of the following is not one way CAATS could be used?
A) To merge files.
B) To test files for specific risks.
C) To process electronic transactions.
D) To query data files to retrieve records meeting specified criteria.
Answer: C
Concept: Auditing software
Objective: Learning Objective 3
Difficulty: Moderate
AACSB: Analytical Thinking
35) What type of data does CAATS use to produce an auditing program?
A) Archived data.
B) Backup data.
C) Live data.
D) A copy of live data.
Answer: D
Concept: Auditing software
Objective: Learning Objective 3
Difficulty: Moderate
AACSB: Analytical Thinking
31
Copyright © 2018 Pearson Education, Inc.
4 Describe the nature and scope of an operational audit.
1) The scope of a(n) ________ audit encompasses all aspects of systems management.
A) operational
B) information systems
C) financial
D) internal control
Answer: A
Concept: Operational audits of an AIS
Objective: Learning Objective 4
Difficulty: Moderate
AACSB: Analytical Thinking
2) Evaluating effectiveness, efficiency, and goal achievement are objectives of ________ audits.
A) financial
B) operational
C) information systems
D) all of the above
Answer: B
Concept: Operational audits of an AIS
Objective: Learning Objective 4
Difficulty: Easy
AACSB: Analytical Thinking
3) In the ________ stage of an operational audit, the auditor measures the actual system against
an ideal standard.
A) evidence collection
B) evidence evaluation
C) testing
D) internal control
Answer: B
Concept: Preserving confidentiality
Objective: Learning Objective 4
Difficulty: Easy
AACSB: Analytical Thinking
4) The evidence collection stage of an operational audit includes all the following activities
except
A) reviewing operational policies.
B) establishing audit objectives.
C) testing the accuracy of operating information.
D) testing controls.
Answer: B
Concept: Operational audits of an AIS
Objective: Learning Objective 4
Difficulty: Easy
AACSB: Analytical Thinking
32
Copyright © 2018 Pearson Education, Inc.
5) During the evidence evaluation stage of an operational audit, the auditor measures the system
against generally accepted accounting principles (GAAP).
Answer: FALSE
Concept: Operational audits of an AIS
Objective: Learning Objective 4
Difficulty: Easy
AACSB: Analytical Thinking
6) As the head of the internal audit department for Orange Computing, you want to hire a person
to serve as one of Orange's operational auditors. Identify the candidate below that is likely to be
the most qualified person for the job.
A) Jane, a CPA who has 10 years of audit experience
B) Kasheena, an MBA who has 10 years of management experience
C) Joe, a CISA who has 10 years of IT audit experience
D) Vahlia, a CPA who has 7 years of audit experience and 3 years of management experience
Answer: D
Concept: Operational audits of an AIS
Objective: Learning Objective 4
Difficulty: Challenging
AACSB: Analytical Thinking
8) Andile Uzoma is the CEO of Chibuzo Incorporated. The board of directors has recently
demanded that they receive independent assurance regarding the financial statements, which are
generated using an accounting information system. Which type of audit would best suit the
demands of the board of directors?
A) Financial audit.
B) Information system audit.
C) Operational audit.
D) Sustainability audit.
Answer: A
Concept: Operational audits of an AIS
Objective: Learning Objective 4
Difficulty: Moderate
AACSB: Analytical Thinking
33
Copyright © 2018 Pearson Education, Inc.
9) Andile Uzoma is the CEO of Chibuzo Incorporated. The board of directors has recently
demanded that they receive more assurance that internal controls surrounding the company's
information system are effective. Which type of audit would best suit the demands of the board
of directors?
A) Financial audit.
B) Information system audit.
C) Operational audit.
D) Sustainability audit.
Answer: B
Concept: Operational audits of an AIS
Objective: Learning Objective 4
Difficulty: Moderate
AACSB: Analytical Thinking
10) Andile Uzoma is the CEO of Chibuzo Incorporated. The board of directors has recently
demanded that they receive more assurance that Chibuzo Incorporated is operating in an
efficient, effective manner. Which type of audit would best suit the demands of the board of
directors?
A) Financial audit.
B) Information system audit.
C) Operational audit.
D) Sustainability audit.
Answer: C
Concept: Operational audits of an AIS
Objective: Learning Objective 4
Difficulty: Moderate
AACSB: Analytical Thinking
11) With regards to an accounting information system, a financial audit is most concerned with
A) the system's output.
B) the system's input.
C) the system's processing.
D) the system's storage.
Answer: A
Concept: Operational audits of an AIS
Objective: Learning Objective 4
Difficulty: Challenging
AACSB: Analytical Thinking
34
Copyright © 2018 Pearson Education, Inc.