Quiz 2 CIS environment c.

he potential unauthorized access to data or to alter

them without visible evidence maybe greater.
March 28, 2022 d. Initiation of changes in the master file is exclusively
handled by respective users.
1. Which statement is incorrect when auditing in a CIS
8. Which of the following significance and complexity of the CIS
environment?
activities should an auditor least understand?
a. A CIS environment exists when a computer of any
a. The organizational structure of the client’s CIS
type or size is involved in the processing by the entity
activities.
of financial information of significance to the audit,
b. Lack of transaction trails.
whether that computer is operated by the entity or by
c. The significance and complexity of computer
a third party.
processing in each significant accounting application.
b. The auditor should consider how a CIS environment
d. The use of software packages instead of customized
affects the audit.
software.
c. The use of a computer changes the processing,
storage and communication of financial information
9. Which statement is correct regarding personal computer
and may affect the accounting and internal control
systems?
systems employed by the entity.
a. Personal computers or PCs are economical yet
d. A CIS environment changes the overall objective and
powerful self-contained general purpose computers
scope of an audit.
consisting typically of a central processing unit
(CPU), memory, monitor, disk drives, printer cables
2. Which of the following standards or group of standards is
and modems.
mostly affected by a computerized information system
b. Programs and data are stored only on
environment?
non-removable storage media.
a. General standards
c. Personal computers cannot be used to process
b. Reporting standards
accounting transactions and produce reports that are
c. Second standard of field work
essential to the preparation of financial statements.
d. Standards of fieldwork
d. Generally, CIS environments in which personal
computers are used are the same with other CIS
3. Which of the following is least considered if the auditor has to
environments.
determine whether specialized CIS skills are needed in an
audit?
10. A personal computer can be used in various configurations,
a. The auditor needs to obtain a sufficient
including
understanding of the accounting and internal control
a. A stand-alone workstation operated by a single user
system affected by the CIS environment.
or a number of users at different times.
b. The auditor needs to determine the effect of the CIS
b. A workstation which is part of a local area network of
environment on the assessment of overall risk and of
personal computers.
risk at the account balance and class of transactions
c. A workstation connected to a server.
level.
d. All of the above.
c. Design and perform appropriate tests of controls and
substantive procedures.
11. Which statement is incorrect regarding personal computer
d. The need of the auditor to make analytical
configurations?
procedures during the completion stage of audit.
a. The stand-alone workstation can be operated by a
single user or a number of users at different times
4. It relates to materiality of the financial statement assertions
accessing the same or different programs.
affected by the computer processing.
b. A stand-alone workstation may be referred to as a
a. Threshold
distributed system.
b. Relevance
c. A local area network is an arrangement where two
c. Complexity
or more personal computers are linked together
d. Significance
through the use of special software and
communication lines.
5. Which of the following least likely indicates a complexity of
d. Personal computers can be linked to servers
computer processing?
and used as part of such systems, for example, as
a. Transactions are exchanged electronically with other
an intelligent on-line workstation or as part of
organizations without manual review of their
a distributed accounting system.
propriety.
b. The volume of the transactions is such that users
12. Which of the following is the least likely characteristic of
would find it difficult to identify and correct errors in
personal computers?
processing.
a. They are small enough to be transportable.
c. The computer automatically generates material
b. They are relatively expensive.
transactions or entries directly to another
c. They can be placed in operation quickly.
applications.
d. The operating system software is less
d. The system generates a daily exception report
comprehensive than that found in larger computer
environments.
6. The nature of the risks and the internal characteristics in CIS
environment that the auditors are mostly concerned include the
13. Which of the following is an inherent characteristic of software
following except:
package?
a. Lack of segregation of functions.
a. They are typically used without modifications of the
b. Lack of transaction trails.
programs.
c. Dependence of other control over computer
b. The programs are tailored-made according to the
processing.
specific needs of the user.
d. Cost-benefit ratio.
c. They are developed by software manufacturer
according to a particular user’s specifications.
7. Which of the following is least likely a risk characteristic
d. It takes a longer time of implementation.
associated with CIS environment?
a. Errors embedded in an application’s program logic
maybe difficult to manually detect on a timely basis. 14. Which of the following is not normally a removable storage
b. Many control procedures that would ordinarily be media?
performed by separate individuals in manual system a. Compact disk
maybe concentrated in CIS. b. Tapes
c. Diskettes
 d. Hard disk
21. The effect of personal computers on the accounting system
and the associated risks will least likely depend on
15. It is a computer program (a block of executable code) that
a. The extent to which the personal computer is being
attaches itself to a legitimate program or data file and uses
used to process accounting applications.
itself as a transport mechanism to reproduce itself without the
b. The type and significance of financial transactions
knowledge of the user.
being processed.
a. Virus
c. The nature of files and programs utilized in the
b. System management program
applications.
c. Utility program
d. The cost of personal computers.
d. Encryption
22. The auditor may often assume that control risk is high in
16. Which statement is incorrect regarding internal control in
personal computer systems since, it may not be practicable or
personal computer environment?
cost-effective for management to implement sufficient controls
a. Generally, the CIS environment in which personal
to reduce the risks of undetected errors to a minimum level.
computers are used is less structured than a
This least likely entail
centrally-controlled CIS environment.
a. More physical examination and confirmation of
b. Controls over the system development process and
assets.
operations may not be viewed by the developer, the
b. More analytical procedures than tests of details.
user or management as being as important or cost-
c. Larger sample sizes.
effective.
d. Greater use of computer-assisted audit techniques,
c. In almost all commercially available operating
where appropriate.
systems, the built-in security provided has gradually
increased over the years.
23. Computer systems that enable users to access data and
d. In a typical personal computer environment, the
programs directly through workstations are referred to as
distinction between general CIS controls and CIS
a. On-line computer systems
application controls is easily ascertained.
b. Personal computer systems
c. Database management systems (DBMS)
17. Personal computers are susceptible to theft, physical damage,
d. Database systems
unauthorized access or misuse of equipment. Which of the
following is least likely a physical security to restrict access to
24. On-line systems allow users to initiate various functions
personal computers when not in use?
directly. Such functions include:
a. Using door locks or other security protection during
I. Entering transactions
non-business hours.
II. Requesting reports
b. Fastening the personal computer to a table using
III. Making inquiries
security cables.
IV. Updating master files
c. Locking the personal computer in a protective
a. I, II, III and IV
cabinet or shell.
b. I and II
d. Using anti-virus software programs.
c. I, II and III
d. I and IV
18. Which of the following is not likely a control over removable
storage media to prevent misplacement, alteration without
25. Many different types of workstations may be used in on-line
authorization or destruction?
computer systems. The functions performed by these
a. Using cryptography, which is the process of
workstations least likely depend on their
transforming programs and information into an
a. Logic
unintelligible form.
b. Transmission
b. Placing responsibility for such media under
c. Storage
personnel whose responsibilities include duties of
d. Cost
software custodians or librarians.
c. Using a program and data file check-in and check-
26. Types of workstations include General Purpose Terminals and
out system and locking the designated storage
Special Purpose Terminals. Special Purpose Terminals include
locations.
a. Basic keyboard and monitor
d. Keeping current copies of diskettes, compact disks
b. Point of sale devices
or back-up tapes and hard disks in a fireproof
c. Intelligent terminal
container, either on-site, off-site or both.
d. Personal computers
19. 19. Which of the following least likely protects critical and
27. Special Purpose Terminal used to initiate, validate, record,
sensitive information from unauthorized access in a personal
transmit and complete various banking transactions
computer environment?
a. Automated teller machines
a. Using secret file names and hiding the files.
b. Intelligent terminal
b. Keeping of back up copies offsite.
c. Point of sale devices
c. Employing passwords.
d. Personal computers
d. Segregating data into files organized under separate
file directories.
28. Which statement is incorrect regarding workstations?
a. Workstations may be located either locally or at
20. It refers to plans made by the entity to obtain access to
remote sites.
comparable hardware, software and data in the event of their
b. Local workstations are connected directly to the
failure, loss or destruction.
computer through cables.
a. Back-up
c. Remote workstations require the use of
b. Encryption
telecommunications to link them to the computer.
c. Anti-virus
d. Workstations cannot be used by many users, for
d. Wide Area Network (WAN)
different purposes, in different locations all at the
same time.
29. On-line computer systems may be classified according to
a. How information is entered into the system.
b. How it is processed.
c. When the results are available to the user.
d. All of the above.
30. In an on-line/real time processing system
 a. Individual transactions are entered at workstations, a. Access controls.
validated and used to update related computer files b. System development and maintenance controls.
immediately. c. Edit, reasonableness and other validation tests.
b. Individual transactions are entered at a workstation, d. Use of anti-virus software program.
subjected to certain validation checks and added to a
transaction file that contains other transactions entered 39. Certain CIS application controls that are particularly important
during the period. to on-line processing least likely include
c. Individual transactions immediately update a memo file a. Pre-processing authorization.
containing information which has been extracted from b. Transaction logs.
the most recent version of the master file. c. Cut-off procedures.
d. The master files are updated by other systems. d. Balancing.

40. Risk of fraud or error in on-line systems may be reduced in

31. It combines on-line/real time processing and on-line/batch the following circumstances, except
processing. a. If on-line data entry is performed at or near the
a. On-Line/Memo Update (and Subsequent Processing) point where transactions originate, there is less
b. On-Line Downloading/Uploading Processing risk that the transactions will not be recorded.
c. On-Line/Inquiry b. If invalid transactions are corrected and re-entered
d. On-Line/Combined Processing immediately, there is less risk that such
transactions will not be corrected and re-submitted
32. It is a communication system that enables computer users to share on a timely basis.
computer equipment, application software, data and voice and c. If data entry is performed on-line by individuals who
video transmissions. understand the nature of the transactions involved,
a. Network the data entry process may be less prone to errors
b. File server than when it is performed by individuals unfamiliar
c. Host with the nature of the transactions.
d. Client d. On-line access to data and programs through
telecommunications may provide greater
33. A type of network that multiple buildings are close enough to opportunity for access to data and programs by
create a campus, but the space between the buildings is not under unauthorized persons.
the control of the company is
a. Local Area Network (LAN)
b. Metropolitan Area Network (MAN)
c. Wide Area Network (WAN)
d. World Wide Web (WWW)

34. Which of the following is least likely a characteristic of Wide Area

Network (WAN)?
a. Created to connect two or more geographically
separated LANs.
b. Typically involves one or more long-distance providers,
such as a telephone company to provide the
connections.
c. WAN connections tend to be faster than LAN.
d. Usually more expensive than LAN.

35. Gateway is
a. A hardware and software solution that enables
communications between two dissimilar networking
systems or protocols.
b. A device that forwards frames based on destination
addresses.
c. A device that connects and passes packets between two
network segments that use the same communication
protocol.
d. A device that regenerates and retransmits the signal on
a network.

36. A device that works to control the flow of data between two or
more network segments
a. Bridge
b. Router
c. Repeater
d. Switch

37. The undesirable characteristics of on-line computer systems

least likely include
a. Data are usually subjected to immediate validation
checks.
b. Unlimited access of users to all of the functions in a
particular application.
c. Possible lack of visible transaction trail.
d. Potential programmer access to the system.

38. Certain general CIS controls that are particularly important to on-
line processing least likely include