Accounting Information Systems 14th Edition Romney Test Bank 1

Accounting Information Systems 14th
Edition Romney
Full download at:
Test bank: https://testbankpack.com/p/test-bank-for-

accounting-information-systems-14th-edition-romney-
steinbart-0134474023-9780134474021/
Solution Manual: https://testbankpack.com/p/solution-

manual-for-accounting-information-systems-14th-edition-
romney-steinbart-0134474023-9780134474021/
Accounting Information Systems, 14e (Romney/Steinbart)

Chapter 11 Auditing Computer-Based Information Systems
1 Describe the nature, scope and objective of audit work, and identify the major steps in the
audit process.
1) Auditing involves the

A) collection, review, and documentation of audit evidence.
B) planning and verification of economic events.
C) collection of audit evidence and approval of economic events.
D) testing, documentation, and certification of audit evidence.
Answer: A
Concept: The nature of auditing
Objective: Learning Objective 1
Difficulty: Easy
AACSB: Analytical Thinking
1
Copyright © 2018 Pearson Education, Inc.
2) What is not a typical responsibility of an internal auditor?
A) Helping management to improve organizational effectiveness.
B) Assisting in the design and implementation of an AIS.
C) Preparation of the company's financial statements.
D) Implementing and monitoring of internal controls.
Answer: C
Difficulty: Moderate
3) What is not a typical responsibility of an external auditor?

A) Helping management to improve organizational effectiveness.
B) Assisting in the design and implementation of an AIS.
C) Preparation of the company's financial statements.
D) All of the above.
Answer: D
2
4) Which type of work listed below is not typical of internal auditors?
A) Operational and management audits.
B) Information system audits.
C) Financial statement audit.
D) Financial audit of accounting records.
Answer: C
Difficulty: Easy
5) The ________ audit examines the reliability and integrity of accounting records.
A) financial
B) informational
C) information systems
D) operational
Answer: A
Difficulty: Easy
6) The ________ audit reviews the general and application controls of an AIS to assess its
compliance with internal control policies and procedures and its effectiveness in safeguarding
assets.
A) financial
B) information systems
C) management
D) internal control
Answer: B
Difficulty: Easy
7) A(n) ________ audit is concerned with the economical and efficient use of resources and the
accomplishment of established goals and objectives.
A) operational or management
B) financial
D) internal control
Answer: A
3
8) The ________ audit is concerned with the economical and efficient use of resources and the
accomplishment of established goals and objectives.
A) financial
B) informational
D) operational
Answer: D
Difficulty: Easy
9) The purpose of ________ is to determine why, how, when, and who will perform the audit.
A) audit planning
B) the collection of audit evidence
C) the communication of audit results
D) the evaluation of audit evidence
Answer: A
Difficulty: Easy
10) Organizing the audit team and the physical examination of assets are components of which
two separate audit stages?
A) Planning; evaluating audit evidence.
B) Planning; collecting audit evidence.
C) Collecting audit evidence; communicating audit results.
D) Communicating audit results; evaluating audit evidence.
Answer: B
11) Consideration of risk factors and materiality is most associated with which audit stage?
A) Collection of audit evidence.
B) Communication of audit results.
C) Audit planning.
D) Evaluation of audit evidence.
Answer: C
Difficulty: Easy
4
12) A system that employs various types of advanced technology has more ________ risk than
traditional batch processing.
A) control
B) detection
C) inherent
D) investing
Answer: C
Difficulty: Easy
13) An organization that has an antiquated accounting information system has more ________
risk than an organization that has a more advanced system.
A) control
B) detection
C) inherent
D) investing
Answer: A
Difficulty: Easy
14) Control risk is defined as the

A) susceptibility to material risk in the absence of controls.
B) risk that a material misstatement will get through the internal control structure and into the
financial statements.
C) risk that auditors and their audit procedures will not detect a material error or misstatement.
D) risk auditors will not be given the appropriate documents and records by management who
wants to control audit activities and procedures.
Answer: B
Difficulty: Easy
5
15) The possibility that a material error will occur even though auditors are following audit
procedures and using good judgment is referred to as
A) control risk.
B) detection risk.
C) inherent risk.
D) investigating risk.
Answer: B
Difficulty: Easy
16) Auditors have the ability to change inherent risk.

Answer: FALSE
AACSB: Reflective Thinking
17) Auditors have the ability to change control risk.

Answer: FALSE
18) Auditors have the ability to change detection risk.

Answer: TRUE
19) The ________ stage of the auditing process involves (among other things) the auditors
observing the operating activities and having discussions with employees.
A) audit planning
B) collection of audit evidence
C) communication of audit results
D) evaluation of audit evidence
Answer: B
Concept: The fraud triangle
Difficulty: Easy
6
20) Verifying the accuracy of certain information, often through communication with third
parties, is known as
A) reperformance.
B) confirmation.
C) substantiation.
D) documentation.
Answer: B
21) The evidence collection method that examines all supporting documents to determine the
validity of a transaction is called
A) review of documentation.
B) vouching.
C) physical examination.
D) analytical review.
Answer: B
22) The evidence collection method that considers the relationships and trends among
information to detect items that should be investigated further is called
A) review of the documentation.
B) vouching.
C) physical examination.
Answer: D
23) An auditor searching for a shipping document to ensure that the sales number recorded in the
sales journal was properly supported. This is an example of
B) vouching.
C) confirmation.
Answer: B
7
24) An auditor calculates the current ratio of the company to determine its ability to pay off its
current financial obligation. This is an example of
B) vouching.
C) confirmation.
Answer: D
25) Auditors often use reperformance to test a company's internal control.

Answer: TRUE
26) Assessing the quality of internal controls, the reliability of information, and operating
performance are all part of
A) audit planning.
B) collection of audit evidence.
C) communication of audit results.
D) evaluation of audit evidence.
Answer: D
Difficulty: Easy
27) The auditor's objective is to seek ________ that no material error exists in the information
audited.
A) absolute reliability
B) reasonable objectivity
C) reasonable evidence
D) reasonable assurance
Answer: D
8
28) Which of the choices below best describes a risk-based audit approach?
A) A four-step approach to internal control evaluation.
B) A three-step approach to internal control evaluation.
C) A four-step approach to financial statement review and recommendations.
D) A three-step approach to financial statement review and recommendations.
Answer: A
Difficulty: Easy
29) The first step in a risk-based audit approach is to

A) evaluate the control procedures.
B) determine the threats facing the AIS.
C) identify the control procedures that should be in place.
D) evaluate weaknesses to determine their effect on the audit procedures.
Answer: B
Difficulty: Easy
30) ________ can determine whether the necessary control procedures are in place.
A) A systems review
B) A systems overhaul
C) Tests of controls
D) Both B and C
Answer: A
Difficulty: Challenging
31) When a control deficiency is identified, the auditor should inquire about
A) tests of controls.
B) compensating controls.
C) the feasibility of a systems review.
D) materiality and inherent risk factors.
Answer: B
9
32) The ________ to auditing provides auditors with a clear understanding of possible errors and
irregularities and the related risks and exposures.
A) risk-based approach
B) risk-adjusted approach
C) financial audit approach
D) information systems approach
Answer: A
Difficulty: Easy
33) Increasing the effectiveness of internal controls would have the greatest effect on
A) reducing inherent risk.
B) reducing control risk.
C) reducing detection risk.
D) reducing audit risk.
Answer: B
Concept: The fraud triangle
34) Expanding a firm's operations to include a manufacturing facility overseas will

A) reduce inherent risk.
B) reduce control risk.
C) increase inherent risk.
D) increase control risk.
Answer: C
Difficulty: Easy
35) Increasing the effectiveness of auditing software will

A) reduce detection risk.
B) reduce control risk.
C) increase detection risk.
D) increase control risk.
Answer: A
10
36) There is a direct relationship between inherent risk and detection risk.
Answer: FALSE
37) There is an inverse relationship between control risk and detection risk.
Answer: TRUE
38) An auditor examines all documents related to the acquisition, repair history, and disposal of a
firm's delivery van. This is an example of collecting audit evidence by
A) confirmation.
B) reperformance.
C) vouching.
Answer: C
39) An auditor manually calculates accumulated depreciation on a delivery van and compares
her calculation with the accounting records. The auditor is performing
A) vouching.
B) confirmation.
C) reperformance.
Answer: C
Difficulty: Easy
11
40) An auditor finds that employee absentee rates are significantly higher on Mondays and
Fridays than on other work days. This is an example collecting audit evidence by
A) confirmation.
B) reperformance.
C) vouching.
Answer: D
41) Which of the following is not one of the types of internal audits?
A) A review of the corporate organizational structure and reporting hierarchies.
B) An examination of procedures for reporting and disposing of hazardous waste.
C) A review of source documents and general ledger accounts to determine integrity of recorded
transactions.
D) A comparison of estimates and analysis made before purchase of a major capital asset to
actual numbers and results achieved.
Answer: A
42) Explain the differences between each type of audit risk.

Answer: Inherent risk is the threat faced just by conducting business in a chosen way. For
example, a business with multiple locations in several foreign countries faces more threats than a
business with a single location. Control risk is the threat that a company has inadequate,
nonexistent or unenforced policies and procedures to prevent errors and fraud from getting into
the system and being reflected in the financial statements. Detection risk is the threat that errors
or fraud get into the system and audit procedures do not identify the errors or fraud.
43) How and to whom does an auditor communicate the audit results?
Answer: The auditor prepares a written report summarizing the findings and recommendations,
with references to supporting evidence in working papers. The report is presented to
management, the audit committee, the board of directors, and other appropriate parties. The
auditor then follows up later to determine if recommendations were implemented.
Difficulty: Easy
12
44) How is a financial audit different from an information systems audit?
Answer: Financial audits examine the reliability and integrity of accounting records in terms of
financial and operating information. An information systems (IS) audit reviews the general and
application controls of an AIS to assess its compliance with internal control policies and
procedures and its effectiveness in safeguarding assets. Although the AIS may generate
accounting records and financial information, it is important that the AIS itself be audited to
verify compliance with internal controls and procedures.
45) Why do all audits follow a sequence of events that can be divided into four stages, and what
are the four stages?
Answer: The auditor's function generally remains the same no matter what type of audit is being
conducted. The process of auditing can be broken down into the four stages of planning,
collecting evidence, evaluating evidence, and communicating audit results. These stages form a
working template for any type of financial, information systems, or operational or management
audits.
Difficulty: Easy
46) Name and describe the different types of audits.

Answer: The financial audit — this audit examines the reliability and integrity of accounting
records (both financial and operating information).
The information systems audit — this audit reviews the general and application controls of an
AIS and assesses its compliance with internal control policies and procedures and effectiveness
in safeguarding assets.
The operational or management audit — this audit conducts an evaluation of the efficient and
effective use of resources, as well as an evaluation of the accomplishment of established goals
and objectives.
13
47) Describe the risk-based audit approach.
Answer: The risk-based audit approach has four steps that evaluate internal controls. This
approach provides a logical framework for conducting an audit of the internal control structure of
a system. The first step is to determine the threats facing the AIS. Threats here can be defined as
errors and irregularities in the AIS. Once the threat risk has been established, the auditor should
identify the control procedures that should be in place to minimize each threat. The control
procedures identified should either be able to prevent or detect errors and irregularities within the
AIS. The next step is to evaluate the control procedures. This step includes a systems review of
documentation and also interviewing the appropriate personnel to determine whether the needed
procedures are in place within the system. The auditor can then use tests of controls to determine
if the procedures are being satisfactorily followed. The fourth step is to evaluate weaknesses
found in the AIS. Weaknesses here means errors and irregularities not covered by the AIS
control procedures. When such deficiencies are identified, the auditor should see if there are
compensating controls that may counterbalance the deficiency. A deficiency in one area may be
neutralized given control strengths in other areas. The ultimate goal of the risk-based approach is
to provide the auditor with a clear understanding of errors and irregularities that may be in the
system along with the related risks and exposures. Once an understanding has been obtained, the
auditor may provide recommendations to management as to how the AIS control system can be
improved.
48) Describe how audit evidence can be collected.

Answer: Since the audit effort revolves around the identification, collection, and evaluation of
evidence, most audit effort is spent in the collection process. To identify, collect, and evaluate
evidence, several methods have been developed to assist in the effort. These methods include: 1)
the observation of the activities being audited; 2) a review of documentation to gain a better
understanding of the AIS; 3) discussions with employees about their jobs and how procedures
are carried out; 4) the creation and administration of questionnaires to gather data about the
system; examination of tangible assets; 6) confirmation of the accuracy of certain
information; of selected calculations; 8) vouching for the validity of a transaction
by examination of all supporting documentation; and, 9) analytical review of relationships and
trends among information to detect items that should be further investigated. It is important to
remember that only a sample of evidence is collected for audit purposes, as it is not feasible to
perform audit procedures on the entire set of activities, records, assets, or documents that are
under the review process in an audit.
14
49) Describe the concept of materiality and provide an example.
Answer: Materiality is the amount of an error, fraud, or omission that would affect the decision
of a prudent user of financial information. Determining materiality, what is and is not important
in an audit, is a matter of professional judgment. Materiality is more important to external audits,
where the emphasis is fairness of financial statement, than to internal audits, where the focus is
on adherence to management policies. Students' answers may vary depending on their examples.
2 Identify the six objectives of an information system audit, and describe how the risk-based
audit approach can be used to accomplish these objectives.
1) What is the purpose of an information systems audit?

A) To determine the inherent risk factors found in the system.
B) To review and evaluate the internal controls that protect the system.
C) To examine the reliability and integrity of accounting records.
D) To examine whether resources have been used in an economical and efficient manner in
keeping with organization goals and objectives.
Answer: B
Concept: Information systems audit
2) The information systems audit objective that pertains to source data being processed into some
form of output is known as
A) overall security.
B) program development.
C) program modifications.
D) processing.
Answer: D
Difficulty: Easy
15
3) The information systems audit objective that pertains to protect computer equipment,
programs, communications, and data from unauthorized access, modification, or destruction is
known as
D) processing.
Answer: A
Difficulty: Easy
4) The information systems audit objective that pertains to having management's authorization
and approval is known as
D) processing.
Answer: C
Difficulty: Easy
5) Which of the following is not one of the six objectives of an information systems audit?
A) Security provisions exist to protect data from unauthorized access, modification, or
destruction.
B) Obtaining evidence to provide reasonable assurance the financial statements are not
materially misstated
C) Programs have been developed and acquired in accordance with management's authorization.
D) Program modifications have received management's authorization and approval.
Answer: B
16
6) Which of the following is not an information systems audit test of controls?
A) Observe computer-site access procedures.
B) Investigate how unauthorized access attempts are handled.
C) Review logical access policies and procedures.
D) Examine the results of disaster recovery plan simulations.
Answer: C
Concept: Information security concepts
7) Which of the following is an information systems audit review procedure?

A) Verify the extent and effectiveness of encryption.
B) Inspect computer sites.
C) Test assignment procedures for user IDs.
D) Observe the preparation of backup files.
Answer: B
8) Which of the following is not a control procedure for preventing inadvertent programming
errors?
A) Review software license agreements.
B) Test new programs, including user acceptance testing.
C) Purchase hardware only from management approved vendors.
D) Require management approval of programming specifications.
Answer: C
9) You are the head of the IT department at Panther Designs, Inc. A systems review reveals that
your firm has poor control procedures for preventing inadvertent programming errors. However,
you are not concerned because you feel Panther Designs has strong compensating controls. What
control likely exists to give you this confidence?
A) The internal audit department processes test data at Panther Designs.
B) Panther Designs pays its employees well, decreasing the likelihood of errors.
C) Panther Designs only hires competent programmers, decreasing the likelihood of errors.
D) All of Panther Design's IT applications are less than 2 years old.
Answer: A
17
10) You are an internal auditor for Ron Burgandy Suits. The CEO has asked you to perform an
audit of the program modifications process. Identify one procedure you might use to test controls
surrounding the program modification process.
A) Review logical access control policies.
B) Discuss modification policies with management, users, and systems personnel.
C) Verify logical access controls are in effect for program changes.
D) Separate development, test, and production versions of programs.
Answer: C
11) What is a test data generator?

A) It is an application that records how well systems personnel have performed on company
competency examinations.
B) It is an application that prepares data that can be used for auditing the effectiveness of
computer processing.
C) It is an application that records which professional examinations systems personnel have
obtained.
D) It is a backup generator application that can be used to generate data if the original storage
device fails.
Answer: B
12) Embedded audit molecules can be used to continually monitor the system and collect audit
evidence.
Answer: TRUE
Difficulty: Easy
18
13) Describe the difference between concurrent audit techniques and embedded audit modules.
Answer: Auditors use concurrent audit techniques to continually monitor the system and collect
audit evidence while live data are processed during regular operating hours. Concurrent audit
techniques use embedded audit modules, which are program code segments that perform audit
functions, report test results, and store the evidence collected for auditor review. Concurrent
audit techniques are time-consuming and difficult to use but are less so if incorporated when
programs are developed.
14) Describe the five commonly used concurrent audit techniques.

Answer: (1) Integrated test facility - Inserting a dummy entity in a company's system;
processing test transactions to update them will not affect actual records. (2) Snapshot technique
- Marking transactions with a special code, recording them and their master file records before
and after processing, and storing the data to later verify that all processing steps were properly
executed. (3) System control audit review file (SCARF) - Using embedded audit modules to
continuously monitor transactions, collect data on transactions with special audit significance,
and store the data to later identify and investigate questionable transactions. (4) Audit hooks -
Audit routines that notify auditors of questionable transactions, often as they occur. (5)
Continuous and intermittent simulation (CIS) - Embedding an audit module in a DBMS that uses
specified criteria to examine all transactions that update the database.
15) Using embedded audit modules to continuously monitor transactions, collect data on
transactions with special audit significance, and store the data to later identify and investigate
questionable transactions is an example of
A) integrated test facility.
B) snapshot technique.
C) system control audit review file.
D) audit hooks.
Answer: C
Difficulty: Difficult
19
16) Audit routines that notify auditors of questionable transactions, often as they occur is an
example of
D) audit hooks.
Answer: D
Difficulty: Easy
17) Inserting a dummy entity in a company's system; processing test transactions to update that
will not affect actual records is an example of
D) audit hooks.
Answer: A
Difficulty: Easy
18) Marking transactions with a special code, recording them and their master file records before
and after processing, and storing the data to later verify that all processing steps were properly
executed is an example of
D) audit hooks.
Answer: B
Difficulty: Easy
20
19) Software that interprets a program's source code and generates a flowchart of the program's
logic is called
A) automated flowcharting programs.
B) automated decision table programs.
C) mapping programs.
D) tracing program.
Answer: A
Difficulty: Easy
20) Software that identifies unexecuted program code is called

A) automated flowcharting programs.
B) automated decision table programs.
D) tracing program.
Answer: C
Difficulty: Easy
3 Describe computer audit software, and explain how it is used in the audit of an AIS.
1) Identify the activity below that the external auditor should not be involved.
A) Examining system access logs.
B) Developing the information system.
C) Examining logical access policies and procedures.
D) Making recommendations to management for improvement of existing internal controls.
Answer: B
Concept: Auditing software
2) What role should an auditor play in system development?

A) an independent reviewer only
B) a developer of internal controls
C) an advisor and developer of internal control specifications
D) A and B above
Answer: A
21
3) Which statement below is incorrect regarding program modifications?
A) Only material program changes should be thoroughly tested and documented.
B) During the change process, the developmental version of the program must be kept separate
from the production version.
C) After the modified program has received final approval, the change is implemented by
replacing the developmental version with the production version.
D) When a program change is submitted for approval, a list of all required updates should be
compiled and then approved by management and program users.
Answer: A
Difficulty: Easy
4) How could auditors determine if unauthorized program changes have been made?
A) By interviewing and making inquiries of the programming staff.
B) By examining the systems design and programming documentation.
C) By using a source code comparison program.
D) By interviewing and making inquiries of recently terminated programming staff.
Answer: C
5) Which auditing technique will not assist in determining if unauthorized programming changes
have been made?
A) The use of a source code comparison program.
B) The use of the reprocessing technique to compare program output.
C) By interviewing and making inquiries of the programming staff.
D) The use of parallel simulation to compare program output.
Answer: C
Difficulty: Easy
6) Strong ________ controls can partially compensate for inadequate ________ controls.
A) development; processing
B) processing; development
C) operational; internal
D) internal; operational
Answer: B
22
7) The ________ procedure for auditing computer process controls uses a hypothetical series of
valid and invalid transactions.
A) concurrent audit techniques
B) test data processing
C) integrated test facility
D) dual process
Answer: B
8) The auditor uses ________ to continuously monitor the system and collect audit evidence
while live data are processed.
A) test data processing
B) parallel simulation
C) concurrent audit techniques
D) analysis of program logic
Answer: C
9) Auditors have several techniques available to them to test computer-processing controls. An

audit technique that immediately alerts auditors of suspicious transactions is known as
A) a SCARF.
B) reperformance.
C) the snapshot technique.
D) an audit hook.
Answer: D
23
10) A type of software that auditors can use to analyze program logic and detect unexecuted
program code is
A) an audit log.
B) a mapping program.
C) a scanning routine.
D) program tracing.
Answer: B
11) ________ is one tool used to document source data controls.

A) An input control matrix
B) A flowchart generator program
C) A program algorithm matrix
D) A mapping program
Answer: A
12) The use of a secure file library and restrictions on physical access to data files are control
procedures used together to prevent
A) an employee or outsider obtaining data about an important client.
B) a data entry clerk from introducing data entry errors into the system.
C) a computer operator from losing or corrupting files or data during transaction processing.
D) programmers making unauthorized modifications to programs.
Answer: A
13) An auditor creates a fictitious customer in the system and then creates several fictitious sales
to the customer. The records are then tracked as they are processed by the system. The auditor is
using
A) an integrated test facility.
B) the snapshot technique.
C) a system control audit review file.
D) continuous and intermittent simulation.
Answer: A
24
14) An auditor sets an embedded audit module to flag all credit transactions in excess of $5,000.
The flag causes the system state to be recorded before and after each transaction is processed.
The auditor is using
A) audit hooks.
B) an integrated test facility.
C) the snapshot technique.
D) a system control audit review file.
Answer: C
15) An auditor sets an embedded audit module to record all credit transactions in excess of
$5,000 and stores the data in an audit log. The auditor is using
A) audit hooks.
Answer: C
16) An auditor sets an embedded audit module to flag questionable online transactions, display
information about the transaction on the auditor's computer, and send a text message to the
auditor's cell phone. The auditor is using
A) the snapshot technique.
B) a system control audit review file.
C) audit hooks.
Answer: C
25
17) An auditor sets an embedded audit module to selectively monitor transactions. Selected
transactions are then reprocessed independently, and the results are compared with those
obtained by the normal system processing. The auditor is using
A) an integrated test facility.
Answer: D
18) When programmers are working with program code, they often employ utilities that are also
used in auditing. For example, as program code evolves, it is often the case that blocks of code
are superseded by other blocks of code. Blocks of code that are not executed by the program can
be identified by
A) embedded audit modules.
B) scanning routines.
D) automated flow charting programs.
Answer: C
19) When programmers are working with program code, they often employ utilities that are also
used in auditing. For example, as program code evolves, it is often the case that variables defined
during the early part of development become irrelevant. The occurrences of variables that are not
used by the program can be found using
A) program tracing.
B) scanning routines.
D) embedded audit modules.
Answer: B
26
20) Explain why the auditor's role in program development and acquisition should be limited.
Answer: The auditor's role in any organization systems development should be limited only to
an independent review of systems development activities. The key to the auditor's role is
independence; the only way auditors can maintain the objectivity necessary for performing an
independent evaluation function is by avoiding any and all involvement in the development of
the system itself. If auditor independence is impaired, the audit itself may be of little value and
its results could easily be called into question. The auditors could be basically reviewing their
own work.
21) Audit tests and procedures traditionally have been performed on a sample basis. Do options
exist for auditors to test significantly more (or all) transactions?
Answer: Computer assisted audit techniques (CAATS) allow auditors to automate and simplify
the audit process. Large amounts of data can be examined by software, created from auditor-
supplied specifications. Two popular CAATS packages are Audit Control Language (ACL) and
Interactive Data Extraction and Analysis (IDEA). Auditors can also use concurrent audit
techniques to identify and collect information about certain types of transactions in real-time.
Examples of concurrent audit techniques are embedded audit modules, integrated test facility,
system control audit review file (SCARF), snapshot technique, audit hooks and continuous and
intermittent simulation (CIS).
22) When doing an information systems audit, auditors must review and evaluate the program
development process. What errors or fraud could occur during the program development
process?
Answer: There can be unintentional errors due to misunderstood systems specifications,
incomplete specifications, or poor programming. Developers could insert unauthorized code
instructions into the program for fraudulent purposes.
27
23) Briefly describe tests that can be used to detect unauthorized program modifications.
Answer: Review procedures for requesting, approving, programming, and testing changes.
Review or observe specific testing and implementation procedures. Compare source code from
the approved and tested program with the program code currently in use. Randomly and without
notice, use the source code from the approved and tested program to reprocess transactions,
and compare the results with the operational system results. Write new code designed to replicate
the approved and tested code and use parallel simulation to reprocess transactions, and compare
the results with the operational system results.
24) Define and give examples of embedded audit modules.

Answer: Embedded audit modules are segments of program code that perform audit functions,
report test results and store collected evidence for later review. An Integrated Test Facility
(ITF) processes fictitious records through the operational system in real-time. The snapshot
technique records master file records immediately before and immediately after processing
specifically selected transactions. A System Control Audit Review File (SCARF) continuously
monitors transactions and collects transaction data that meet, or fall outside, predetermined
criteria. Audit Hooks immediately notify auditors of suspicious transactions being processed, or
submitted for processing. Continuous and Intermittent Simulation (CIS) identifies specific
transactions with audit significance and processes the transactions parallel to the operational
system. If discrepancies result, the CIS can store the evidence for later review or can prevent
transaction processing.
25) a) What is test data processing? b) How is it done? c) What are the sources that an auditor
can use to generate test data?
Answer: a) Test data processing is a technique used to examine the integrity of the computer
processing controls. b) Test data processing involves the creation of a series of hypothetical valid
and invalid transactions and the introduction of those transactions into the system. The invalid
data may include records with missing data, fields containing unreasonably large amounts,
invalid account numbers, etc. If the program controls are working, then all invalid transactions
should be rejected. Valid transactions should all be properly processed. c) The various ways test
data can be generated are: A listing of actual transactions. The initial transactions used by the
programmer to test the system. A test data generator program that generates data using program
specifications.
28
26) Describe the disadvantages of test data processing.
Answer: The auditor must spend considerable time developing an understanding of the system
and preparing an adequate set of test transactions. Care must be taken to ensure that test data
does not affect the company's files and databases. The auditor can reverse the effects of the test
transactions or process the transactions in a separate run using a copy of the file or database.
However, a separate run removes some of the authenticity obtained from processing test data
with regular transactions. Also, since the reversal procedures may reveal the existence and nature
of the auditor's test to key personnel, it can be less effective than a concealed test.
27) An audit software program that generates programs that perform certain audit functions,
based on auditor specifications, is referred to as a(n)
A) input controls matrix.
B) CAATS.
C) embedded audit module.
D) mapping program.
Answer: B
28) An auditor might use ________ to convert data from several sources into a single common
format.
A) Windows Media Converter
B) concurrent audit technique
C) computer assisted audit techniques software
D) Adobe Professional
Answer: C
Difficulty: Easy
29) An auditor might use ________ to examining large data files.

A) Excel
B) Access
C) IDEA
D) SQL
Answer: C
Difficulty: Easy
29
30) What is the primary purpose of computer audit software?
A) To eliminate auditor judgment errors.
B) To assist the auditor in retrieving and reviewing information.
C) To help auditors detect unauthorized modifications to system program code.
D) To help auditors recheck all mathematical calculations, cross-foot, reprocess financial
statements and compare to originals.
Answer: B
Difficulty: Easy
31) How has the U.S. government deployed computer-assisted audit techniques to reduce the
budget?
A) To identify fraudulent Medicare claims.
B) To identify fraudulent defense spending.
C) To identify fraudulent tax returns.
D) All of the above.
Answer: A
32) One of the advantages of CAATS software is that it can replace the auditor's judgment in
specific areas of an audit.
Answer: FALSE
Difficulty: Easy
33) Identify the company below that CAATS would likely provide the most value.
A) A local car dealership.
B) A local floral shop.
C) A large grocery store that uses an ERP system.
D) A medium-sized restaurant chain with restaurants in many cities.
Answer: D
30
34) Which of the following is not one way CAATS could be used?
A) To merge files.
B) To test files for specific risks.
C) To process electronic transactions.
D) To query data files to retrieve records meeting specified criteria.
Answer: C
35) What type of data does CAATS use to produce an auditing program?
A) Archived data.
B) Backup data.
C) Live data.
D) A copy of live data.
Answer: D
36) Describe some of the important uses of CAATs.

Answer: Here are some of the important uses of CAATs: Querying data files to retrieve records
meeting specified criteria; Creating, updating, comparing, downloading, and merging files;
Summarizing, sorting, and filtering data; Accessing data in different formats and converting the
data into a common format; Examining records for quality, completeness, consistency, and
correctness; Stratifying records, selecting and analyzing statistical samples; Testing for specific
risks and identifying how to control for that risk; Performing calculations, statistical analyses,
and other mathematical operations; Performing analytical tests, such as ratio and trend analysis,
looking for unexpected or unexplained data patterns that may indicate fraud; Identifying
financial leakage, policy noncompliance, and data processing errors; Reconciling physical counts
to computed amounts, testing clerical accuracy of extensions and balances, testing for duplicate
items; Formatting and printing reports and documents; Creating electronic work papers.
31
4 Describe the nature and scope of an operational audit.
1) The scope of a(n) ________ audit encompasses all aspects of systems management.
A) operational
B) information systems
C) financial
D) internal control
Answer: A
Concept: Operational audits of an AIS
2) Evaluating effectiveness, efficiency, and goal achievement are objectives of ________ audits.
A) financial
B) operational
D) all of the above
Answer: B
Difficulty: Easy
3) In the ________ stage of an operational audit, the auditor measures the actual system against
an ideal standard.
A) evidence collection
B) evidence evaluation
C) testing
D) internal control
Answer: B
Concept: Preserving confidentiality
Difficulty: Easy
4) The evidence collection stage of an operational audit includes all the following activities
except
A) reviewing operational policies.
B) establishing audit objectives.
C) testing the accuracy of operating information.
D) testing controls.
Answer: B
Difficulty: Easy
32
5) During the evidence evaluation stage of an operational audit, the auditor measures the system
against generally accepted accounting principles (GAAP).
Answer: FALSE
Difficulty: Easy
6) As the head of the internal audit department for Orange Computing, you want to hire a person
to serve as one of Orange's operational auditors. Identify the candidate below that is likely to be
the most qualified person for the job.
A) Jane, a CPA who has 10 years of audit experience
B) Kasheena, an MBA who has 10 years of management experience
C) Joe, a CISA who has 10 years of IT audit experience
D) Vahlia, a CPA who has 7 years of audit experience and 3 years of management experience
Answer: D
7) Who generally receives the findings and conclusions of an operational audit?

A) The board of directors.
B) Management.
C) The external auditor.
D) The IRS.
Answer: B
8) Andile Uzoma is the CEO of Chibuzo Incorporated. The board of directors has recently
demanded that they receive independent assurance regarding the financial statements, which are
generated using an accounting information system. Which type of audit would best suit the
demands of the board of directors?
A) Financial audit.
B) Information system audit.
C) Operational audit.
D) Sustainability audit.
Answer: A
33
demanded that they receive more assurance that internal controls surrounding the company's
information system are effective. Which type of audit would best suit the demands of the board
of directors?
A) Financial audit.
Answer: B
demanded that they receive more assurance that Chibuzo Incorporated is operating in an
efficient, effective manner. Which type of audit would best suit the demands of the board of
directors?
A) Financial audit.
Answer: C
11) With regards to an accounting information system, a financial audit is most concerned with
A) the system's output.
B) the system's input.
C) the system's processing.
D) the system's storage.
Answer: A
34

Accounting Information Systems 14th Edition Romney Test Bank 1

Uploaded by

Copyright:

Available Formats

You might also like

Accounting Information Systems 14th Edition Romney Test Bank 1

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Accounting Information Systems 14th Edition Romney Test Bank 1

Uploaded by

Copyright:

Available Formats

Accounting Information Systems 14th

Full download at:

Test bank: https://testbankpack.com/p/test-bank-for-

Solution Manual: https://testbankpack.com/p/solution-

Accounting Information Systems, 14e (Romney/Steinbart)

1) Auditing involves the

3) What is not a typical responsibility of an external auditor?

14) Control risk is defined as the

16) Auditors have the ability to change inherent risk.

17) Auditors have the ability to change control risk.

18) Auditors have the ability to change detection risk.

25) Auditors often use reperformance to test a company's internal control.

29) The first step in a risk-based audit approach is to

34) Expanding a firm's operations to include a manufacturing facility overseas will

35) Increasing the effectiveness of auditing software will

42) Explain the differences between each type of audit risk.

46) Name and describe the different types of audits.

48) Describe how audit evidence can be collected.

1) What is the purpose of an information systems audit?

7) Which of the following is an information systems audit review procedure?

11) What is a test data generator?

14) Describe the five commonly used concurrent audit techniques.

20) Software that identifies unexecuted program code is called

2) What role should an auditor play in system development?

9) Auditors have several techniques available to them to test computer-processing controls. An

11) ________ is one tool used to document source data controls.

24) Define and give examples of embedded audit modules.

29) An auditor might use ________ to examining large data files.

36) Describe some of the important uses of CAATs.

7) Who generally receives the findings and conclusions of an operational audit?

You might also like