Professional Documents
Culture Documents
At 100 20 Audit in Cis Environment Students
At 100 20 Audit in Cis Environment Students
2. Which of the following would most likely be a concern for the auditors if their client moved to an electronic data
interchange (EDI) system?
a. Involvement of a computer service bureau
b. Loss of audit trail
c. Management override
d. Less accurate records
5. When would manual controls likely be more effective than computer-based controls?
a. When there is a high volume of similar transactions
b. When there are large or unusual transactions
c. When monitoring the effectiveness of automated controls
d. When errors are difficult to define or anticipate
6. ______ involves implementing a new system in one part of the organization, while other locations continue to use the
current system.
a. Parallel testing c. Control testing
b. Online testing d. Pilot testing
7. Old and new systems operating simultaneously in all locations is a test approach known as:
a. Pilot testing. c. Integrative testing.
b. Horizontal testing. d. Parallel testing.
8. Which of the following elements is not an example of an organization and management control in an information
technology (IT) environment?
a. Separation of systems analysis from computer operations
b. Separation of physical access to assets from access to related accounting records
c. Separation of initiation of a transaction from authorization of the transaction
d. Separation of storage of systems documentation from the area housing computer hardware
12. An auditor's consideration of a company's computer control activities has disclosed the following four circumstances.
Indicate which circumstance constitutes a significant deficiency in internal control.
a. Computer operators do not have access to the complete software support documentation.
b. Computer operators are closely supervised by programmers.
c. Programmers are not authorized to operate computers.
d. Only one generation of backup files is stored in an off-premise location.
14. Auditors usually obtain information about general and application controls through:
a. Interviews with IT personnel.
b. Examination of systems documentation.
c. Reading program change requests.
d. All of the above methods.
15. Adequate technical training and proficiency as an auditor encompasses an ability to understand a computer system
sufficiently to identify and evaluate
a. The processing and imparting of information.
b. Essential accounting control features.
c. All control procedures.
d. The degree to which programming conforms to the application of generally accepted accounting principles.
16. Which of the following is not a purpose of an auditor's attempt to understand internal control when a client
processes accounting information by computer?
a. Determine the extent to which the computer is used in significant accounting applications.
b. Understand the flow of transactions in the system.
c. Comprehend the basic structure of accounting control.
d. Identify the controls that can be relied on when designing substantive tests of details.
General IT Controls
17. Controls that relate to all parts of the IT system and have a pervasive effect on the operating effectiveness of
application controls are called:
a. General control c. Universal control
b. Systems control d. Applications control
19. In considering a client's internal control structure in a computer environment, the auditor will encounter general
controls and application controls. Which of the following is an application control?
a. Organization charts.
b. Hash total.
c. Systems flowcharts.
d. Control over program changes.
Controls that relate to all parts of the IT system and have a pervasive effect on the operating effectiveness of application
controls are called:
a. General control c. Universal control
b. Systems control d. Applications control
In considering a client's internal control structure in a computer environment, the auditor will encounter general controls
and application controls. Which of the following is an application control?
Organization charts.
Hash total.
Systems flowcharts.
Control over program changes.
Application Controls
23. Controls which apply to a specific element of the system and help ensure that transactions occurred, are authorized,
and are completely and accurately recorded and processed are called:
a. User controls. c. Applications controls.
b. General controls. d. Systems controls.
25. Which of the following would be considered to be an application control in an information system?
a. Controls over system software acquisition
b. Controls pertaining to system access security
c. Controls pertaining to the follow-up of exception reports
d. Controls pertaining to application systems maintenance
28. Controls which are designed to assure that the information processed by the computer is authorized, complete, and
accurate are called:
a. Input controls. c. Output controls.
b. Processing controls. d. General controls.
29. A company uses the account code 669 for maintenance expense. However, one of the company clerks often codes
maintenance expense as 996. The highest account code in the system is 750. What internal control in the company’s
computer program would detect this error?
a. Pre-data input check. c. Sequence check.
b. Valid-character test. d. Valid-code test.
30. When software or files can be accessed from on line servers, users should be required to enter
a. A parity check.
b. A personal identification code.
c. A self diagnosis test.
d. An echo check.
31. ______ controls prevent and detect errors while transaction data are processed.
a. Software c. Processing
b. Application d. Transaction
33. A control feature requires the computer to send signals to the printer to activate the print mechanism for each
character. The print mechanism, just prior to printing, sends a signal back to the computer verifying that the proper print
position has been activated. This type of hardware control is referred to as a/an
a. Echo check.
b. Validity check.
c. Signal check.
d. Check digit.
35. Output controls are not designed to assure that data generated by the computer are:
a. accurate.
b. distributed only to authorized people.
c. complete.
d. used appropriately by employees in making decisions.
37. If a control total were to be computed on each of the following data items, which would best be identified as a hash
total for a payroll IT application?
a. Gross wages earned.
b. Employee numbers.
c. Total hours worked.
d. Total debit amounts and total credit amounts.
38. Which of the following would be an appropriate number to be verified by means of a check digit?
a. Vendor number
b. Amount payable to a specific vendor
c. Amount paid to specific vendor in the current year
d. Total assets minus total liabilities
Audit Software
39. Auditors often make use of computer programs that perform routine processing functions such as sorting and
merging. These programs are made available by electronic data processing companies and others and are specifically
referred to as
a. Compiler programs.
b. Supervisory programs.
c. Utility programs.
d. User programs.
40. The audit approach in which the auditor runs his or her own program on a controlled basis to verify the client’s data
recorded in a machine language is:
a. the test data approach.
b. called auditing around the computer.
c. the generalized audit software approach.
d. the microcomputer-aided auditing approach.
43. The auditor’s objective to determine whether the client’s computer programs can correctly handle valid and invalid
transactions as they arise is accomplished through the:
a. test data approach.
b. generalized audit software approach.
c. microcomputer-aided auditing approach.
d. generally accepted auditing standards.
44. When an auditor tests a computerized accounting system, which of the following is true of the test data approach?
a. Several transactions of each type must be tested.
b. Test data are processed by the client's computer programs under the auditor's control.
c. Test data must consist of all possible valid and invalid conditions.
d. The program tested is different from the program used throughout the year by the client.
46. To determine that user ID and password controls are functioning, an auditor would most likely:
a. attempts to sign on to the system using invalid user identifications and passwords.
b. writes a computer program that simulates the logic of the client’s access control software.
c. extracts a random sample of processed transactions and ensure that the transactions were appropriately authorized.
d. examines statements signed by employees stating that they have not divulged their user identifications and passwords
to any other person.
47. Assume that an auditor estimated that 10,000 checks were issued during the accounting period. If an application
control that performs a limit check for each check request is to be subjected to the auditor's test–data approach, the
sample should include:
a. Approximately 1,000 test items.
b. A number of test items determined by the auditor to be sufficient under the circumstances.
c. A number of test items determined by the auditor's reference to the appropriate sampling tables.
d. One transaction.
48. Which of the following computer-assisted auditing techniques allows fictitious and real transactions to be processed
together without client operating personnel being aware of the testing process?
a. Parallel simulation.
b. Generalized audit software programming.
c. Integrated test facility.
d. Test data approach.
49. An auditor who wishes to capture an entity's data as transactions are processed and continuously test the entity's
computerized information system most likely would use which of the following techniques?
a. Snapshot application.
b. Embedded audit module.
c. Integrated data check.
d. Test data generator.
50. Which of the following is an example of a data-oriented computer-assisted audit technique (CAAT)?
a. Integrated test facility
b. Test data
c. Generalized audit software
d. System control audit review file (SCARF)
51. Which of the following task is not performed by Generalized audit software?
a. Footing a file
b. Evaluating statistical sample results
c. Checking for gaps in processing sequences
d. Preparing custom reports
e. All of the above task are performed
52. Which of the following computer-assisted auditing techniques processes client input data on a controlled program
under the auditor's control to test controls in the computer system?
a. Test data.
b. Review of program logic.
c. Integrated test facility.
d. Parallel simulation.
53. Which of the following methods of testing application controls utilizes a generalized audit software package prepared
by the auditors?
a. Parallel simulation.
b. Integrated testing facility approach.
c. Test data approach.
d. Exception report tests.
56. When auditors consider only non-IT controls in assessing control risk, it is known as:
a. The single-stage audit.
b. The test deck approach.
c. Auditing around the computer.
d. Generalized audit software (GAS).