________________ are systems (1) they develop customized systems Turnkey systems

analysts, systems engineers, and in-house through formal systems 14

programmers. These individuals development activities and  Q
actually build the system. They gather (2) they purchase commercial systems ___________________ are designed to
facts about problems with the current from software vendors. This section of serve a wide variety of user needs. By
system, analyze these facts, and the text discusses these two mass-producing a standard system, the
formulate a solution to solve the alternatives. vendor is able to reduce the unit cost
problems. The product of their efforts 8 of these systems to a fraction of in-
is a new system. Q house development costs.
A These firms design their own A
Systems Professionals information systems through in-house General Accounting Systems.
2 systems development activities. 15
Q ____________________ requires Q
____________________ are those for maintaining a full-time systems staff of To provide as much flexibility as
whom the system is built. There are analysts and programmers who identify possible, _______________ are
many of these at all levels in an user information needs and satisfy designed in modules. This allows users
organization. their needs with custom systems. to purchase the modules that meet
A A their specific needs. Typical modules
End Users In-House Development include accounts payable, accounts
3 9 receivable, payroll processing,
Q Q inventory control, general ledger,
During systems development, systems SDLC stands for financial reporting, and fixed asset.
professionals work with the A A
______________ to obtain an Software Development Life Cycle General accounting systems
understanding of the users’ problems 10 16
and a clear statement of their needs. Q Q
A A growing number of systems are Some software vendors create
primary users purchased from software vendors. ______________________ 
4 Faced with many competing packages, that target selected segments of the
Q each with unique features and economy. For example, the medical
__________________ are individuals attributes, management must choose field, the banking industry, and
either within or outside the the system and the vendor that best government agencies have unique
organization who have an interest in serve the needs of the organization. accounting procedures, rules, and
the system but are not end users. Making the optimal choice requires conventions that general-purpose
These include accountants, internal that this be an informed decision. This accounting systems do not always
and external auditors, and the internal is a _______________. accommodate. Software vendors have
steering committee that oversees A thus developed standardized systems
systems development. Commercial Systems to deal with industry-specific
A 11 procedures.
Stakeholders Q A
5 Four factors have stimulated the Special-Purpose Systems.
Q growth of the commercial software 17
______________________ are those market: Q
professionals who address the controls, A _______________________ are
accounting, and auditing issues for (1) the relatively low cost of general computer systems that improve the
systems development. This commercial software as compared to productivity of office workers.
involvement should include internal customized software; Examples include word processing
auditors and IT auditors. (2) the emergence of industry-specific packages, database management
A vendors; systems, spreadsheet programs,
Accountants/Auditors (3) a growing demand from businesses and desktop publishing systems.
6 that are too small to A
Q afford in-house systems’ development Office Automation Systems.
Accountants are involved in systems staff; and  18
development in three ways. These are: (4) the trend toward downsizing of Q
A organizational units _________________ provide a basic
1. First, accountants are users. 12 system structure on which to build.
All systems that process Q These systems come with all the
financial transactions impact Commercial software packages fall primary processing modules
the accounting function in into three basic groups: programmed. The vendor designs and
some way. A programs the user interface to suit the
2. Second, accountants 1. turnkey systems client’s needs.
participate in systems 2. backbone systems A
development as members of 3. vendor-supported Backbone Systems.
the development team. Their systems. 19
involvement often extends 13 Q
beyond the development of Q These systems are hybrids of custom
strictly AIS applications. _____________ are completely systems and commercial software.
3. Accountants are involved in finished and tested systems that Under this approach, the vendor
systems development as are ready for implementation. These develops (and maintains) custom
auditors. Accounting are often general-purpose systems or systems for its clients. The systems
information systems must be systems customized to a specific themselves are custom products, but
auditable. industry. ______________ are usually the systems development service is
7 sold only as compiled program commercially provided. This option is
Q modules, and users have limited ability popular in the health care and legal
Organizations usually acquire to customize them to their specific services industries.
information systems in two ways: needs. A
A A Vendor-Supported Systems.
20 Typical responsibilities for a steering The _______________ provides
Q committee include the following: management with a basis for deciding
The three advantages of commercial A whether to proceed with the project.
software:  Resolving conflicts that arise A
A from new systems Project Proposal
1. Implementation of Time -  Reviewing projects and 32
commercial software can be assigning priorities Q
implemented almost  Budgeting funds for systems The ________________ represents
immediately once a need is development management’s commitment to the
recognized.  Reviewing the status of project. It is a budget of the time and
2. Cost - The cost of commercial individual projects under costs for all the phases of the SDLC.
software is spread across development A
many users; the unit cost is  Determining at various Project Schedule
reduced checkpoints throughout the 33
to a fraction of the cost of a SDLC whether to continue Q
system developed in-house. with the project or terminate This is the second phase of SDLC.
3. Reliability - Most reputable it ____________________ is a two-step
commercial software packages 26 process involving first a survey of the
are thoroughly tested before Q current system and then an analysis of
their release to the consumer Systems planning occurs at two levels: the user’s needs. A business problem
market. A must be fully understood by the
21 strategic systems planning and project systems analyst before he or she can
Q planning. formulate a solution.
The three disadvantages of commercial 27 A
software: Q Systems analysis
A _________________ involves the 34
1. Vendor Dependence - allocation of systems resources at the Q
Purchasing a vendor- macro level. It usually deals with a time Most systems are not developed from
supported system makes the frame of 3 to 5 years. This process is scratch. Usually, some form of
firm dependent on the vendor similar to budgeting resources for information system and related
for maintenance. other strategic activities, such as procedures are currently in place. The
2. The need for customized product development, plant analyst often begins the analysis by
systems - Sometimes, the expansions, market research, and determining what elements, if any, of
user’s needs are unique and manufacturing technology the current system should be
complex, and commercially A preserved as part of the new system.
available software is either too Strategic systems planning This involves a rather detailed
general or too inflexible. 28 ______________.
3. Maintenance - Business Q A
information systems undergo There are four justifications for system survey
frequent changes. If the user’s strategic systems planning: 35
needs change, it may be A Q
difficult or even impossible to 1. A plan that changes constantly Disadvantages of Surveying the Current
modify commercial software. is better than no plan at all. System:
22 2. Strategic planning reduces the A
Q crisis component in systems  Current physical tar pit - This
The phases of SDLC are: development term is used to describe the
A 3. Strategic systems planning tendency on the part of the
1. Systems Planning provides authorization control analyst to be “sucked in” and
2. Systems Analysis for the SDLC then “bogged down” by the
3. Conceptual Design 4. Cost management. task of surveying the current
4. Systems Selection 29 dinosaur system.
5. Detailed Design Q  Thinking inside the box. - By
6. Programming and Testing This is a level of systems planning studying and modeling the old
7. Implementation whose purpose is to allocate resources system, the analyst may
8. New Systems Development to individual applications within the develop a constrained notion
9. Systems Maintenance framework of the strategic plan. This about how the new system
23 involves identifying areas of user should function. The result is
Q needs, preparing proposals, evaluating an improved old system rather
The objective of systems planning is to: each proposal’s feasibility and than a radically new approach.
A contribution to the business 36
to link individual system projects or plan, prioritizing individual projects, Q
applications to the strategic objectives and scheduling the work to be done. Advantages of Surveying the Current
of the firm A System
24 Project Planning A
Q 30  Identifying what aspects of the
Who should do Systems Planning? Q old system should be kept.
A The product of the project planning  Forcing systems analysts to
Steering Committee - The composition phase consists of two formal fully understand the system.
of the steering committee may include documents:  Isolating the root of problem
the chief executive officer, the chief A symptoms
financial officer, the project proposal and the project 37
the chief information officer, senior schedule. Q
management from user areas, the 31 A system fact that includes external
internal auditor, and senior Q entities, such as customers or vendors,
management from computer services. as well as internal sources from other
25 departments.
Q
A In fact gathering for surveys, systems processed, sources of data, users
Data sources. analysts employ several techniques to of reports, and control issues.
38 gather the previously cited facts. A
Q Commonly used techniques include: Questionnaires
A system fact that include both A 53
managers and operations users observation Q
A task participation ____________________ is an
Users. personal interview intellectual process that is commingled
39 reviewing key documents. with fact gathering. The
Q 48 analyst is simultaneously analyzing as
A system fact that comprise of the files, Q he or she gathers facts. The mere
databases, accounts, and source A fact-gathering technique that recognition of a problem presumes
documents used in the system. involves passively watching the some understanding of the norm or
A physical procedures of the system. This desired state. It is therefore difficult to
Data stores. allows the analyst to determine what identify where the survey ends and the
40 gets done, who performs the tasks, analysis begins.
Q when they do them, how they do them, A
A system fact that involves processing why they do them, and how long they Systems analysis
tasks that are manual or computer take. The event that marks the conclusion of
operations that represent a decision or A the systems analysis phase is the
an action triggered by information. Observation. __________________.
A 49 A
Processes. Q preparation of a
41 This is a fact-gathering technique that formal systems analysis report
System facts that are represented by is an extension of observation, 55
the movement of documents and whereby the analyst takes an active Q
reports between data sources, data role in performing the user’s work. This This report presents to management or
stores, processing tasks, and users. allows the analyst to experience first- the steering committee the survey
They can also be represented in UML hand the problems involved in the findings, the problems identified with
diagrams. operation of the current system. the current system, the user’s needs,
A A and the requirements of the new
Data flows. Task Participation system
42 50 A
Q Q systems analysis report
These are system facts that include A fact-gathering technique that is a 56
both accounting and operational method of extracting facts about the Q
controls and may be manual current system and user perceptions The third phase of the SDLC is
procedures or computer controls. about the requirements for the new ______________________________
A system. The instruments used to gather A
Controls these facts may be open-ended Conceptual Systems Design
43 questions or formal questionnaires. 57
Q A Q
Understanding the characteristics of Personal Interviews. The purpose of the
___________________________ and 50 ______________________ is to
its rate of growth are important Q produce several alternative conceptual
elements in assessing capacity A fact-gathering technique that is a systems that satisfy the system
requirements for the new system. method of extracting facts about the requirements identified during systems
A current system and user perceptions analysis.
Transaction volumes about the requirements for the new A
44 system. The instruments used to gather conceptual design
Q these facts may be open-ended 58
As a system reaches capacity, questions or formal questionnaires. Q
_______________ increase to an A Two approaches to conceptual system
intolerable level. Although no system Personal Interviews. design:
is perfect, the analyst must determine 51 A
the acceptable error tolerances for the Q the structured approach and the
new This instrument used in an interview object-oriented approach
system. allows users to elaborate on the 59
A problem as they see it and Q
Error rates. offer suggestions and ________________________ builds
45 recommendations. Answers to these systems from the bottom up through
Q questions tend to be the assembly of reusable modules
These are the resources used by the difficult to analyze, but they give the rather than creating each system from
current system that nclude the costs of analyst a feel for the scope of the scratch.
labor, computer time, materials (such problem A
as invoices), and direct overhead A Object-oriented design
A Open-ended questions 60
Resource costs. 52 Q
46 Q The _________________________ is a
Q An instrument used in interviews that disciplined way of designing systems
Delays may be caused by are used to ask more specific, detailed from the top down. It consists of
________________ such as questions and to restrict the starting with the “big picture” of the
unnecessary approvals or sign-offs user’s responses. This is a good proposed system that is gradually
A technique for gathering objective facts decomposed into more and more
redundant operations about the nature of specific detail until it is fully understood.
47 procedures, volumes of transactions A
Q structured design approach
61 conceptual system and the company’s 78
Q ability to discharge its legal Q
The _________________________ responsibilities. Identify if one-time cost or recurring
should highlight the differences A cost: Systems design
between critical features of competing Legal Feasibility. A
systems rather than their similarities. 69 one-time cost
A Q 79
Conceptual Design Phase In assessing project feasibility, this Q
62 shows the degree of compatibility Identify if one-time cost or recurring
Q between the firm’s existing procedures cost: Programming and testing
The __________________ approach is and personnel skills and the A
to build information systems from operational requirements of the new one-time cost
reusable standard components or system. 80
objects. This approach may be equated A Q
to the process of Operational Feasibility Identify if one-time cost or recurring
building an automobile. 70 cost: Data conversion from old system
A Q to new system
object-oriented design (OOD) In assessing project feasibility, this A
63 relates to the firm’s ability to one-time cost
Q implement the project within an 81
The _______________________ is acceptable time. This feasibility factor Q
central to the object-oriented approach impacts both the scope of the Identify if one-time cost or recurring
to systems design. project and whether it will be cost: Personnel training
A developed in-house or purchased from A
concept of reusability a software vendor. one-time cost
64 A 82
Q Schedule Feasibility Q
The fourth phase of SDLC is 71 Identify if one-time cost or recurring
__________________. Q cost: Hardware maintenance
A This helps management determine A
systems whether (and by how much) the Recurring Costs
evaluation and selection phase benefits received from a proposed 83
65 system will outweigh its costs. This Q
Q technique is frequently used for Identify if one-time cost or recurring
_________________________ is the estimating the expected financial value cost: Software maintenance contracts
procedure for selecting the one system of business investments. A
from the set of alternative conceptual A Recurring Costs
designs that will go to the detailed Cost–benefit analysis 84
design phase. It is an optimization 72 Q
process that seeks to identify the best Q Identify if one-time cost or recurring
system. This decision represents a There are three steps in the application cost: Insurance
critical juncture in the SDLC. of cost–benefit analysis: A
A A Recurring Costs
System Evaluation and Selection identify costs, identify benefits, and 85
66 compare costs and benefits. Q
Q 73 Identify if one-time cost or recurring
The evaluation and selection process Q cost: Supplies
involves two steps: These costs include the initial A
A investment to develop and implement Recurring Costs
1. Perform a detailed feasibility the system. 86
study A Q
2. Perform a cost-benefit One-time costs Identify if one-time cost or recurring
analysis 74 cost: Personnel
67 Q A
Q These include operating and Recurring Costs
In assessing project feasibility, this is maintenance costs that recur over the 87
concerned with whether the system life of the system. Q
can be developed under existing A This cost includes the cost of
technology or if new technology is Recurring costs mainframe, minicomputers,
needed. 75 microcomputers, and peripheral
A Q equipment, such as tape drives and
Technical Feasibility Identify if one-time cost or recurring disk packs. These cost figures can be
68 cost: Hardware acquisition obtained from the vendor.
Q A A
In assessing project feasibility, this one-time cost  Hardware acquisition.
pertains to the availability of funds to 76 88
complete the project. At this point, we Q Q
are concerned with management’s Identify if one-time cost or recurring This cost involves such frequently
financial commitment to this project in cost: Site preparation overlooked costs as building
view of other competing capital A modifications (e.g., adding air
projects under consideration. one-time cost conditioning or making structural
A 77 changes), equipment installation
Economic Feasibility Q (which may include the use of heavy
69 Identify if one-time cost or recurring equipment), and freight charges.
Q cost: Software acquisition A
In assessing project feasibility, this A Site preparation.
identifies any conflicts between the one-time cost
89 95 comparing competing projects.
Q Q 5. Intangible benefits are assigned
These costs apply to all software These costs include upgrading and reasonable financial values.
purchased for the proposed debugging operating systems, 103
system, including operating system purchased applications, and in-house Q
software (if not bundled with the developed applications. Maintenance The fifth phase of the SDLC is
hardware), network control software, contracts with software vendors can be __________________.
and commercial applications (such as used to specify these costs fairly A
accounting packages). accurately. detailed design phase
Estimates of these costs can be A 104
obtained from vendors. Software maintenance Q
A 96 The purpose of the
Software acquisition Q _______________________ is to
89 This cost covers such hazards and produce a detailed description of the
Q disasters as fire, hardware failure, proposed system that both satisfies the
These costs apply to all software vandalism, and destruction by system requirements identified during
purchased for the proposed disgruntled employees. systems analysis
system, including operating system A and is in accordance with the
software (if not bundled with the Insurance. conceptual design.
hardware), network control software, 97 A
and commercial applications (such as Q detailed design phase
accounting packages). These costs are incurred through 105
Estimates of these costs can be routine consumption of such items as Q
obtained from vendors. paper, magnetic disks, CDs, and general In this phase, all system components
A office supplies. (user views, database tables,
Software acquisition A processes, and controls) are
90 Supplies. meticulously specified. At the end of
Q 98 this phase, these components are
These costs are those incurred by Q presented formally in a detailed design
systems professionals performing These are the salaries of individuals report. This report constitutes a set of
the planning, analysis, and design who are part of the information blueprints that specify input screen
functions. Technically, such costs system. Some employee costs are formats, output report layouts,
incurred up to this point are “sunk” and direct and easily identifiable, such as database structures, and process logic.
irrelevant to the decision. The analyst the salaries of These completed plans then proceed to
should estimate only the costs needed operations personnel exclusively the final phase in the
to complete the detailed design. employed as part of the system under SDLC—systems implementation—
A analysis. where the system is physically
Systems design. A constructed.
91 Personnel costs. A
Q 99 detailed design phase
These costs are based on estimates of Q 106
the personnel hours required to write Tangible benefits fall into two Q
new programs and modify existing categories: After completing the detailed design,
programs for the proposed A the development team usually
system. those that increase revenue and those performs a system design ___________
A that reduce costs. to ensure that the design is free from
Programming and testing. 100 conceptual errors that could become
92 Q programmed into the final system.
Q The deliverable product of the systems A
These costs arise in the transfer of data selection process is the Walkthrough
from one storage medium ___________________ 107
to another. For example, the A Q
accounting records of a manual system systems selection report This group is an independent one made
must be converted to magnetic form 101 up of programmers, analysts, users,
when the system becomes computer- Q and internal auditors. The job of this
based This formal document consists of a group is to simulate the
A revised feasibility study, a cost-benefit operation of the system to uncover
Data conversion analysis, and a list and explanation of errors, omissions, and ambiguities in
93 intangible benefits for each alternative the design
Q design. A
These costs involve educating users to A quality assurance group
operate the new system. In-house systems selection report 108
personnel could do this in an extensive 102 Q
training program provided by an Q The sixth phase of the SDLC is
outside organization at a remote site or The Auditor’s Role in Evaluation and _________________________.
through on-the-job training Selection: A
A A Application Programming and Testing
Training Specifically, the auditor should ensure 108
94 five things: Q
Q 1. Only escapable costs are used in The sixth phase of the SDLC is
This cost involves the upgrading of the calculations of cost savings benefits. _________________________.
computer (increasing the memory), as 2. Reasonable interest rates are used in A
well as preventive maintenance and measuring present values of cash Application Programming and Testing
repairs to the computer and peripheral flows. 109
equipment 3. One-time and recurring costs are Q
A completely and accurately reported. A _______________________ requires
Hardware maintenance 4. Realistic useful lives are used in the programmer to specify
the precise order in which the program programs undergo changes to The conversion cycle is composed of
logic is executed. accommodate two major subsystems:
A changes in user needs. Some A
procedural language/third-generation application changes are trivial, such as the production system
languages (3GLs) modifying the system and the cost accounting system.
110 to produce a new report or changing 9
Q the length of a data field. Q
Under this model, the program’s code A This system of the conversion cycle
is not executed in a predefined Systems maintenance involves the planning, scheduling, and
sequence. Instead, external actions or control of the physical product through
“events” that are initiated by the user End Chapter 5 the manufacturing process.
dictate the control flow of the The most common financial A
program. transactions are conversion cycle
A A 10
Event-Driven Languages economic exchanges with external Q
111 parties. This system of the conversion cycle
Q 2 monitors the flow of cost information
The seventh phase of SDLC is Q related to production. Information this
________________. Three transaction cycles process most system produces is used for inventory
A of the firm’s economic activity: valuation, budgeting, cost control,
system implementation phase A performance reporting,
112 the expenditure cycle, the conversion and management decisions, such as
Q cycle, and the revenue cycle make-or-buy decisions.
The system’s __________________ 3 A
provides the auditor with essential Q cost accounting system
information about how the system In this cycle, business activities begin 11
works. with the acquisition of materials, Q
A property, and labor in exchange Firms sell their finished goods to
documentation for cash. customers through the
113 A _________________, which involves
Q expenditure cycle processing cash sales, credit sales, and
Computer operators use 4 the receipt of cash following a credit
documentation called a _________, Q sale.
which describes how to run the system This system recognizes the need to A
A acquire physical inventory (such as raw revenue cycle
run manual materials) and places an order with the 12
114 vendor. When the goods are received, Q
Q this system records the event by This is a subsystem of the revenue
_________ have little or no experience increasing inventory and establishing cycle where majority of business sales
with computers and are embarrassed an account payable to be paid at a later are made on credit and
to ask questions. They also know little date. involve tasks such as preparing sales
about their assigned tasks. User A orders, granting credit, shipping
training and documentation must be Purchases/accounts payable system. products (or rendering of a service) to
extensive and detailed. 5 the customer, billing customers, and
A Q recording the transaction in the
Novices When the obligation created in the accounts (accounts receivable [AR],
115 purchases system inventory, expenses, and sales).
Q is due, the _____________ authorizes A
The Auditor’s Role in System the payment, disburses the funds to Sales order processing
Implementation the vendor, and records the transaction 13
A by reducing the cash and accounts Q
Provide Technical Expertise payable accounts. This is a subsystem of the revenue
Specify Documentation Standards A cycle. For credit sales, some period of
Verify Control Adequacy and cash disbursements system time (days or weeks) passes between
Compliance with SOX 6 the point of sale and the receipt of
116 Q cash. Cash receipts processing includes
Q The _______________ collects labor collecting cash, depositing cash in the
One of the most important steps in the usage data for each employee, bank, and recording these events in the
implementation stage actually takes computes the payroll, and disburses accounts (AR and cash).
place some months later in a paychecks to the employees. A
__________________. The review is A Cash receipts
conducted by an independent team to payroll system 14
measure the success of the system and 7 Q
of the process after the dust has Q A ____________ provides evidence of
settled. . A firm’s ______________ processes an economic event and may be used to
A transactions pertaining to initiate transaction processing.
post-implementation review the acquisition, maintenance, and A
117 disposal of its fixed assets. These are document
Q relatively permanent items that 15
The seventh phase of SDLC is collectively often represent the Q
______________________ organization’s largest financial Economic events result in some
A investment. documents being created at the
Systems Maintenance— A beginning (the source) of the
118 fixed asset system. transaction. These are called
Q 8 _____________________.
_____________________ Q A
is a formal process by which application source documents
16 Q An ___________________ is a
Q There are two basic types of ledgers: documentation technique used to
___________________ are documents A represent the relationship between
used to capture and formalize (1) general ledgers, which contain the entities.
transaction data that the transaction firm’s account information in the form A
cycle needs for processing. of highly summarized control accounts, entity relationship (ER) diagram
A and  35
Source documents (2) subsidiary ledgers, which contain Q
17 the details of the individual accounts __________ are physical resources
Q that constitute a particular control (automobiles, cash, or inventory),
_____________________ are the account. events (ordering inventory, receiving
documents that are result of 27 cash, shipping goods), and agents
transaction processing Q (salesperson, customer, or vendor)
rather than the triggering mechanism The ______________ summarizes the about which the organization wishes to
for the process. activity for each of the organization’s capture data
A accounts. A
Product documents A Entities
18 general ledger 36
Q 28 Q
are product documents of one Q The degree of the relationship, called
system that become source documents _______________ are kept in various ______________, is the numerical
for another system. accounting departments mapping between entity instances.
A of the firm, including inventory, A
Turnaround Documents. accounts payable, payroll, and AR. cardinality
19 A 37
Q Subsidiary ledgers Q
A ______________ is a record of a 29 This _____________ is the blueprint for
chronological entry. At some point in Q what ultimately will become the
the transaction process, when all A ___________ generally contains physical database.
relevant facts about the transaction are account data. The general ledger and A
known, the event is recorded in this in subsidiary ledgers are examples of this. data model
chronological order. A 38
A master file Q
Journal 30 Describe the relationship between ER
20 Q Diagrams and Data Flow Diagrams
Q A _______________ is a temporary file A
___________ are the primary source of of transaction records used 1. DFDs and ER diagrams depict
data for journals. to change or update data in a master different aspects of the same
A file. Sales orders, inventory receipts, system, but they are related
Documents and cash receipts are examples of this. and can be reconciled.
21 A 2. A DFD is a model of system
Q transaction file processes, and the ER diagram
______________ are used to record 31 models the data used in or
specific classes of transactions Q affected by the system.
that occur in high volume. A ______________ stores data that are 3. The two diagrams are related
A used as standards for processing through data;
Special journals transactions. For example, the payroll each data store in the DFD
22 program may refer to a tax table to represents a corresponding
Q calculate the proper amount of data entity in the ER diagram
The term ___________ is often used to withholding taxes for payroll 39
denote certain types of special transactions. Q
journals. A A ______________ is the graphical
A reference file representation of the physical
register 32 relationships among
23 Q key elements of a system.
Q An ______________ contains records A
Firms use the _____________ to record of past transactions that are retained system flowchart
nonrecurring, infrequent, for future reference. These 40
and dissimilar transactions transactions form an important part of Q
A the audit trail. These include journals, __________________ permits the
general journal prior-period payroll information, lists of efficient management of a large
24 former employees, records volume of transactions
Q of accounts written off, and prior- A
A _________ is a book of accounts that period ledgers. Batch processing
reflects the financial effects of the A 41
firm’s transactions after they are archive file Q
posted from the various journals. 33 A _____ is a group of similar
A Q transactions (such as sales orders) that
ledger The _______________ uses symbols to are accumulated over
25 represent the entities, processes, data time and then processed together.
Q flows, and data stores that pertain to a A
A ___________ indicates the system. batch
increases, decreases, and current A 42
balance of each account. data flow diagram (DFD) Q
A 34 ___________________ are used to
ledger Q reveal the internal structure of the
26
records that constitute a file or chart of accounts management’s stewardship
database table. 52 responsibility to account for resource
A Q utilization. Both the current and
Record layout diagrams _________________ are used to historical journal voucher files are
43 represent complex items or events important links in the firm’s audit trail.
Q involving two or more pieces of related A
The information time frame for this data. The code consists of zones or journal voucher history file
data processing method: Lag exists fields that possess specific 60
between time when the economic meaning Q
event occurs and when it is recorded. A The ______________________
A Numeric group codes contains the revenues, expenditures,
Batch processing method 53 and other resource utilization data for
44 Q each responsibility center in the
Q _________________ are used for many organization. The MRS draws
This data processing method requires of the same purposes as numeric upon these data for input in the
fewer resources (e.g., hardware, codes. Alphabetic characters may be preparation of responsibility reports for
programming, training) . assigned sequentially (in alphabetical management
A order) or may be used in block and A
Batch processing method group coding techniques. responsibility center file
45 A 61
Q Alphabetic codes Q
The operational efficiency of this data 54 The __________________ contains
processing method: Certain records are Q budgeted amounts for revenues,
processed after the ____________ are alphabetic expenditures, and other resources for
event to avoid operational delays. characters in the form of acronyms and responsibility centers.
A other combinations that convey A
Batch processing method meaning. budget master file
46 A 62
Q Mnemonic codes Q
The information time frame for this 55 This is the Internet standard of
data processing method: Processing Q reporting language specifically
takes place when the economic event A ____________________, which can designed for business reporting and
occurs be used to represent summaries of information exchange. The objective of
A similar transactions or a single unique this is to facilitate the publication,
Real time processing method transaction, identifies the financial exchange, and processing of financial
47 amounts and affected general ledger and business information.
Q (GL) accounts. A
The operational efficiency of this data A eXtensible business reporting language
processing method: All records journal voucher (XBRL)
pertaining to the event are processed 56
immediately. Q END CHAPTER 6
A The _________________ is the The data collection component oft he
Real time processing method principle file in the GLS database. This information system is responsible for
48 file is based on the organization’s _____________________
Q published chart of accounts. Each A
This data processing method requires record in the GL master is either a for bringing data into the system for
more resources than batch processing. separate GL account (for example, processing.
A sales) or the control account (such as 2
Real time processing method AR— control) for a corresponding Q
49 subsidiary ledger in the transaction The data collection component of the
Q processing system information system is responsible for
________________ represent items in A bringing data
some sequential order (ascending general ledger master file into the system for processing.
or descending). A common application 57 _____________ at this stage are
of this is the prenumbering of source Q designed to ensure that
documents. At printing, each hard-copy The _______________ has the same these transactions are valid, accurate,
document is given a unique sequential format as the GL master. Its primary and complete.
code number purpose is to provide historical A
A financial data for comparative financial Input Controls
Sequential codes reports 3
50 A Q
Q general ledger history file Classes of Input Controls
A _____________ is a variation on 58 A
sequential coding that partly remedies Q  Source document controls
the disadvantages just described. This The ____________________ is the  Data coding controls
approach can be used to represent total collection of the journal vouchers  Batch controls
whole classes of items by restricting processed in the current period. This  Validation controls
each class to a specific range within the file provides a record of all general  Input error correction
coding scheme. ledger transactions and replaces the  Generalized data input
A traditional general journal. systems
numeric block code A 4
51 journal voucher file Q
Q 59 two types of transposition errors:
A common application of block coding Q A
is the construction of a The ___________________ contains single transposition errors and multiple
______________________. journal vouchers for past periods. This transposition errors
A historical information supports
5 Q record being processed. For example,
Q ____________________ are used to in a sales order processing system, the
A ______________ is a control digit (or verify that certain fields are filled with dollar amount field must
digits) added to the code when it is zeros. Some be positive for sales orders but
originally assigned that program languages require that fields negative for sales return transactions.
allows the integrity of the code to be used in mathematical operations be A
established during subsequent initiated with Sign checks
processing zeros prior to processing 23
A A Q
check digit Zero-value checks _____________ are used to determine
6 15 if a record is out of order. In batch
Q Q systems that use sequential master
_________ are an effective method of _________ determine if the value in files, the transaction files being
managing high volumes of the field exceeds an authorized limit. processed must be sorted in
transaction data through a system. For example, assume the firm’s policy the same order as the primary keys of
A is that no employee works more than the corresponding master file.
Batch controls 44 hours per week. The payroll system A
7 validation program can interrogate the Sequence checks
Q hours-worked field in the weekly 24
The objective of batch control is payroll records for values greater than Q
_______________________. 44. The purpose of _______________ is to
A A ensure that the correct file
to reconcile output produced by the Limit checks is being processed by the system.
system with the input originally 16 These controls are particularly
entered into the system. Q important for master
8 ____________ assign upper and lower files, which contain permanent records
Q limits to acceptable data values of the firm and which, if destroyed or
______________ refers A corrupted,
to a simple control technique that uses Range checks are difficult to replace.
nonfinancial data to keep track of the 17 A
records in Q file interrogation
a batch. The purpose of this control is to detect 25
A keystroke errors that shift the decimal Q
Hash total point one or more places. ____________ verify that the file
9 A processed is the one the program is
Q Range checks actually calling for.
Input _______________ are intended 18 A
to detect errors in Q Internal label checks
transaction data before the data are ____________ compare actual values 26
processed. in a field against known acceptable Q
A values. This control is used to verify ________________ are used to verify
validation controls such things as transaction codes, state that the version of the file being
10 abbreviations, or employee job skill processed is correct. In a grandparent–
Q codes. If the value in the field does not parent–child approach, many versions
There are three levels of input match one of the acceptable of master files and transactions may
validation controls: values, the record is determined to be exist. This control compares the version
A in error. number of the files being processed
1. Field interrogation A with the program’s requirements.
2. Record interrogation Validity checks A
3. File interrogation 19 Version checks
11 Q 27
Q ______________ controls identify Q
__________________ involves keystroke errors in key fields by testing An __________________ prevents a
programmed procedures that examine the internal file from being deleted before it
the characteristics of the data in the validity of the code expires. In a GPC system, for example,
field. A once an adequate number of backup
A Check digit files is created, the oldest
Field interrogation 20 backup file is scratched (erased from
12 Q the disk or tape) to provide space for
Q ______________ procedures validate new files.
________________ are used to the entire record by examining the A
examine the contents of a field for the interrelationship of its field values. expiration date check
presence of A 28
blank spaces. Record interrogation Q
A 21 The three common error
Missing data checks Q handling techniques:
13 Reasonableness checks determine if a A
Q value in one field, which has already (1) correct immediately, 
_______________________ checks passed a limit check and a range check, (2) create an error file, and 
determine whether the correct form of is reasonable when considered along (3) reject the entire batch.
data is in a with other data fields in the record. 29
field. For example, a customer’s A Q
account balance should not contain Reasonableness checks To achieve a high degree of control and
alphabetic data. 22 standardization over input validation
A Q procedures, some organizations
Numeric-alphabetic data checks _________ are tests to see if the sign employ a
14 of a field is correct for the type of __________________________.
A transaction log systems that require operator
generalized data input system (GDIS) 37 intervention.
30 Q A
Q Processing controls are divided into Print Programs
The GDIS approach has three three categories: 45
advantages: A Q
A run-to-run controls,  Print program controls are designed to
First, it improves control by having one operator intervention controls,  deal with two types of exposures
common system perform all data and Audit Trail Controls. presented by this environment:
validation.  38 A
Second, GDIS ensures that each AIS Q (1) the production of unauthorized
application applies a consistent ______________________ use batch copies of output and 
standard for data validation.  figures to monitor the batch as it (2) employee browsing of sensitive
Third, GDIS improves systems moves from one programmed data.
development efficiency. procedure (run) to another. These 46
31 controls ensure that each run in the Q
Q system processes the batch correctly When output reports are removed
A GDIS has five major components: and completely. from the printer, they go to the
A A _____________ stage to have their
1. Generalized validation module Run-to-run controls pages separated and collated.
2. Validated data file 39 A
3. Error file Q bursting
4. Error reports The ______________ control compares 47
5. Transaction log the sequence of each record in the Q
32 batch with the previous record to In some organizations, the
Q ensure that proper sorting took place. ____________________ is responsible
The _________________________ A for verifying the accuracy of computer
performs standard validation routines output before it is distributed to the
that are common to many different 40 user.
applications. These routines are Q A
customized to an individual Systems sometimes require data control group
application’s needs through _________________________ to 48
parameters that specify the program’s initiate certain actions, such as entering Q
specific requirements. control totals for a batch of records, The primary risks associated with
A providing parameter values for logical ______________ include reports being
generalized validation module (GVM) operations, and activating a program lost, stolen, or misdirected in transit to
33 from a different point when reentering the user.
Q semi-processed A
The input data that are validated by the error records. report distribution
GVM are stored on a A 49
_________________. This is a operator intervention Q
temporary holding file through which 41 Auditors testing with the
validated transactions flow to their Q _______________ do not rely on a
respective applications. The file is Systems that limit operator detailed knowledge of the
analogous to a tank of water intervention through application’s internal logic.
whose level is constantly changing, as it ___________________ are thus less A
is filled from the top by the GVM and prone to processing errors. black-box approach
emptied from the bottom by A 50
applications. operator intervention controls Q
A 42 The advantage of the
validated data file Q __________________ is that the
34 ________________ ensure that system application need not be removed
Q output is not lost, misdirected, or from service and tested directly. This
The ___________ in the GDIS plays the corrupted and that privacy is not approach is feasible for testing
same role as a traditional error file. violated. applications that are
Error records detected during A relatively simple.
validation are stored in the file, Output controls A
corrected, and then resubmitted to the 43 black-box approach
GVM. Q 51
A Applications waiting to print output Q
error file occupy computer memory and block The _________________ relies on an
35 other applications from entering the in-depth understanding of the internal
Q processing stream. To ease this logic of the application being tested.
Standardized _____________ are burden, applications are often designed This approach includes several
distributed to users to facilitate error to direct their output to a magnetic techniques for testing application logic
correction disk file rather than to the printer directly. These techniques use small
A directly. This is called numbers of specially created test
error reports _______________ transactions to verify specific aspects of
36 A an application’s logic and controls.
Q output spooling A
The ___________________ is a 44 white-box approach
permanent record of all validated Q 52
transactions. From an accounting When the printer becomes available, Q
records point of view, it is equivalent to the print run program produces hard ________________ verify that an
the journal and is an important copy output from the output file. individual, a programmed procedure,
element in the audit trail. ________________ are often complex or a message (such as an EDI
A
transmission) attempting to access a Q Advantages of (integrated test facility)
system The _____________________ is used ITF
A to establish application integrity by A
Authenticity tests processing specially First, ITF supports ongoing monitoring
53 prepared sets of input data through of controls as required by SAS 78. 
Q production applications that are under Second, applications with ITF can
________________, which ensure that review. be economically tested without
the system processes only data values A disrupting the user’s operations and
that conform to specified tolerances. test data method without the intervention of computer
Examples include range tests, field 61 services personnel.
tests, and limit tests. Q 67
A When the set of test data in use is Q
Accuracy tests comprehensive, the technique is called _______________ requires the auditor
54 the _______________________. These to write a program that simulates key
Q tests are conducted with a set of test features or processes of the application
________________ identify missing transactions containing all possible under review.
data within a single record and entire transaction types. These are processed A
records missing from a batch. The through repeated iterations during Parallel simulation
types of tests performed are field tests, systems development testing until
record sequence tests, hash totals, and consistent and valid results are END CHAPTER 7
control totals. obtained.
A A Data structures have two fundamental
Completeness tests base case system evaluation (BCSE). components:
55 62 A
Q Q organization and access method
_________________ determine that an A type of test data technique called 2
application processes each record only ___________ performs an electronic Q
once. walkthrough of the application’s _______________ refers to the way
A internal logic. records are physically arranged on the
Redundancy tests A secondary storage device. This may be
56 tracing either sequential or random.
Q 63 A
_____________ ensure that the Q Organization
application prevents authorized users Advantages of Test Data Techniques 3
from unauthorized access to data. A Q
Access controls include passwords, First, they employ through the The _______________ is the technique
authority tables, userdefined computer testing, thus providing the used to locate records and to navigate
procedures, data encryption, and auditor with explicit evidence through the database or
inference controls. concerning application functions. file.
A Second, if properly planned, test data A
Access tests runs can be employed with only access method
57 minimal disruption to the 4
Q organization’s operations.  Q
______________ ensure that the Third, they require only minimal Under this arrangement, for example,
application creates an adequate audit computer expertise on the part of the record with key value 1875 is
trail. This includes evidence that the auditors. placed in the physical storage space
application records all transactions in a 64 immediately following the record with
transaction Q key value 1874. Thus, all records in the
log, posts data values to the Disadvantages of Test Data Techniques file lie in contiguous storage spaces in a
appropriate accounts, produces A specified sequence (ascending or
complete transaction listings, and 1. Auditors must rely on descending) arranged by their primary
generates error files and reports for all computer services personnel key.
exceptions. to obtain a copy of the A
A application for test purposes. sequential structure
Audit trail tests 2. They provide a static picture 5
58 of Q
Q application integrity at a single An ________________ is so named
__________________ verify the point in time. They do not because, in addition to the actual data
correctness of rounding procedures. provide a convenient means of file, there exists a separate index that is
Rounding errors occur in accounting gathering evidence about itself a file of record addresses. This
information when the level of precision ongoing application index contains the numeric
used in the calculation is greater than functionality. value of the physical disk storage
that used in the reporting. 3. test data techniques have location (cylinder, surface, and record
A relatively high cost of block) for each record in the associated
Rounding error tests, implementation, which results data file.
59 in audit inefficiency A
Q 65 indexed structure
____________________ tend Q 6
to affect a large number of victims, but The __________________approach is Q
the harm to each is immaterial. This an automated technique that enables Records in an _________________ are
type of fraud takes its name from the the auditor to test an application’s logic dispersed throughout a disk without
analogy of slicing a large salami (the and controls during its normal regard for their physical proximity to
fraud objective) operation. other related records
into many thin pieces A A
A integrated test facility (ITF) indexed random file
Salami frauds 66 7
60 Q Q
The A A
___________________________struct logical key pointer primary key
ure is used for very large files that 15 24
require routine batch processing and a Q Q
moderate degree of individual record This structure uses an index in Logically related tables need to be
processing. For instance, the customer conjunction with a sequential file physically connected to achieve the
file of a public utility company will be organization. It facilitates both direct associations described in the data
processed in batch mode for billing access to individual records and batch model using foreign keys.
purposes and directly accessed in processing of the entire file. Multiple A
response to individual customer indexes can be used to create a cross- foreign keys
queries reference, 25
A called an inverted list, which allows Q
Virtual Storage access method (VSAM) even more flexible access to data. A ____________ is the set of data that
8 A a particular user sees. Examples of this
Q indexed sequential file structure are computer screens for entering or
A VSAM file has three physical 16 viewing data, management reports, or
components: Q source documents such as an invoice.
A An _______ is anything about which A
the indexes, the prime data storage the organization wishes to capture user view
area, and the overflow area. data. These may be physical, such as 26
9 inventories, customers, or employees. Q
Q They may also be conceptual, such as Improperly normalized tables can
A ______________ employs an sales (to a customer), accounts cause DBMS processing problems that
algorithm that converts the primary receivable (AR), or accounts payable restrict, or even deny, users access to
key of a record directly into a storage (AP). the information they
address. A need. Such tables exhibit negative
A entity operational symptoms called
hashing structure 17 _________________.
10 Q A
Q The term _____________ is used to anomalies
The principal advantage of hashing is describe the number of instances or 27
_____________________. records that pertain to a specific entity. Q
A A To be free of anomalies, tables must be
access speed occurrence normalized to the
11 18 _______________________.
Q Q A
________________ is used to create a ______________ are the data third normal form (3NF) level.
linked-list file. elements that define an entity. 28
A A Q
pointer structure Attributes The _____________ results from data
12 19 redundancy in an unnormalized table.
Q Q A
A ___________________ contains the The labeled line connecting two update anomaly
actual disk entities in a data model describes the 29
storage location (cylinder, surface, and nature of the Q
record number) needed by the disk ___________ between them. The _______________ involves the
controller. This physical address allows A unintentional deletion of data
the system to access the record directly association from a table.
without obtaining 20 A
further information. This method has Q deletion anomaly
the advantage of speed, since it does _____________ is the degree of 30
not need to be manipulated further to association between two entities Q
determine a record’s location. A _________________ is a component of
A Cardinality a much larger systems development
physical address pointer 21 process that involves extensive analysis
13 Q of user needs.
Q __________ describes the number of A
A _____________ contains the relative possible occurrences in one table that Database design
position of a record in the file. For are associated with a single occurrence 31
example, the pointer could specify the in a related table. Q
135th record in the file. This must be A Combining the data needs of all users
further manipulated to convert it to the cardinality into a single schema or enterprise-wide
actual physical address. The conversion 22 view is called
software calculates this by using the Q _____________________.
physical address of the beginning of the Four basic forms of cardinality are A
file, the length of each record possible: view integration
in the file, and the relative address of A 32
the record being sought. zero or one (0,1) Q
A one and only one (1,1) The objective of the
relative address pointer zero or many (0,M) ____________________, also known as
14 one or many (1,M). continuous auditing, is to identify
Q 23 important transactions while they are
A _________________ contains the Q being processed and extract copies of
primary key of the related record. This The value of at least one attribute in them in real time.
key value is then converted into the each occurrence (row) must be unique. A
record’s physical address by a hashing This attribute is the embedded audit module (EAM),
algorithm. ______________________. 33
Q _____________________________
An ____________ is a specially feature allows the auditor to view the
programmed module embedded in a distribution of records that fall
host application to capture into specified strata.
predetermined transaction types for A
subsequent analysis. ACL’s stratification
A 42
embedded audit module (EAM) Q
34 Data can be stratified on any numeric
Q field such as sales price, unitcost,
Disadvantages of EAMs quantity sold, and so on. The data are
A summarized and classified by strata,
1. Operational Efficiency which can be equal in size (called
2. Verifying EAM Integrity ___________) or vary in size (called
35 ___________).
Q A
___________________ is the most 43
widely used CAATT for IS auditing. It Q
allows auditors to access electronically ACL offers many sampling methods for
coded data files and perform various statistical analysis. Two of the most
operations frequently used are
on their contents. ________________________.
A A
Generalized audit software (GAS) record sampling and monetary unit
36 sampling (MUS).
Q
The widespread popularity of GAS is
due to four factors:
A
(1) GAS languages are easy to
use and require little computer
background on the part of the auditor;
(2) many GAS products can be used on
both mainframe and PC systems; (3)
auditors can perform their
tests independent of the client’s
computer service staff; and 
(4) GAS can be used to audit
the data stored in most file structures
and formats.
37
Q
_______________________ was
designed as a meta-language for
auditors to access data stored in
various digital formats and to test them
comprehensively.
A
ACL (audit command language)
38
Q
One of ACL’s strengths is the ability to
read data stored in most formats.
ACL uses the __________________ for
this purpose
A
data definition feature
39
Q
______________ are expressions that
search for records that meet the filter
criteria.
A
Filters
40
Q
________________________ allows
the auditor to use logical operators
such as AND, OR, , , NOT and others to
define and test conditions of any
complexity and to process only those
records that match specific conditions
A
ACL’s expression builder
41
Q