Sie sind auf Seite 1von 103

Module H

Auditing in a Computerized Environment

True / False Questions


1. In auditing around the computer, audit teams reconcile source
documents (input) to processing results.
True

False

2. In simple batch processing systems, it is not possible to use the


technique of auditing around the computer.
True

False

3. The basic concept of test data is that once a computer is programmed


to handle transactions in a certain way, every transaction will be
handled in the same way.
True

False

4. When using parallel simulation, audit teams prepare a computer


program to duplicate the logic and computer controls in the client's
computer program.
True

False

5. Input controls are one of the major categories of general controls.


True

False

6. A program description should contain a program flowchart, a list of the


program source code, and a record of all program changes.
True

False

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

7. Computer librarians are primarily responsible for operating the


computer for each application system.
True

False

8. In an integrated test facility, simulated transactions are processed


through the client's computerized processing system along with the
client's actual transactions.
True

False

9. An important hardware control incorporated within computer


equipment is a parity check.
True

False

10 Computer operators should have complete access to programs and


. application documentation.
True

False

11 If an entity's general controls are ineffective, audit teams would likely


. gain additional assurance by increasing tests of their automated
application controls.
True

False

12 The method of auditing around the computer treats the computer


. system as a black box.
True

False

13 An embedded audit module creates simulated data to be processed by


. the client's computerized processing system.
True

False

14 The major phases in the audit team's study of internal control are the
. same in a computerized processing environment as those in a manual
processing environment.
True

False

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

15 The audit team may use internal auditors to develop and run computer. assisted auditing techniques under supervision and review of the audit
team.
True

False

16 One major difference in a computerized processing environment


. compared to a manual processing environment is the existence of
systematic rather than random errors.
True

False

17 Header and trailer labels are examples of external labels.


.
True False
18 The most important preventive controls for computer fraud are those
. that limit access to computers.
True

False

19 When weaknesses exist that could lead to computer fraud, the best
. strategy is to have the client help audit teams plan and execute
technical procedures to study and evaluate the system.
True

False

20 The use of the systems development life cycle is an example of an


. access to programs and data control.
True

False

Multiple Choice Questions

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

21 Which of the following controls most likely would ensure that an


. organization can reconstruct its financial records?

A. Hardware controls are built into the computer by the computer


manufacturer.
B. Backup files are stored in a location separate from original copies.
C. Personnel who are independent of data input perform parallel
simulations.
D. System flowcharts provide accurate descriptions of computer
operations.
22 When audit teams test a computerized processing system, which of the
. following is true of the test data approach?

A. Several transactions of each type must be tested.


B. Test data are processed by the client's computer programs under the
audit team's control.
C. Test data must consist of all possible valid and invalid combinations.
D. The computer program used to process test data is different from the
program used throughout the year by the client.
23 In end-user computing environments, the processing control procedures
. would ordinarily not include

A.
B.
C.
D.

Transaction logs.
Control totals.
Comparing input to output.
Online editing and sight verification.

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

24 Which of the following is not an appropriate statement with regard to


. computer control activities?

A. The duties of application programming, computer operation, and


control of data files should be separated.
B. Computer operators should maintain control of all software
programs.
C. Specific passwords should be required to access online files.
D. Computer programmers should be periodically rotated across
different applications.
25 Which of the following ensures that the coding of data does not change
. when it is moved from one internal storage location to another?

A.
B.
C.
D.

Preventive maintenance.
Echo check.
Internal label.
Parity check.

26 An audit team's approach to evaluating computerized processing


. systems that compares source documents to the computer output is
known as auditing

A.
B.
C.
D.

Around the computer.


Through the computer.
Without the computer.
With the computer.

27 The reprocessing of actual data using programs developed by the audit


. team to evaluate program controls is called

A.
B.
C.
D.

Test data.
Test deck.
Generalized audit software.
Parallel simulation.

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

28 Techniques needed to select specific transactions of audit interest for


. testing would not include

A.
B.
C.
D.

Embedded audit modules.


Monitoring system activity.
Snapshot.
Test data.

29 Computer operations controls are typically implemented for files and


. data used in processing. The major objectives of these controls include
each of the following except

A. Ensure that appropriate files are used in computerized processing.


B. Ensure restricted access to the computing environment.
C. Ensure that files are appropriately secured and protected from loss.
D. Ensure that files can be reconstructed from earlier versions of
information used in processing.
30 The audit team made a copy of the client's sales and billing program
. early in the audit. Several times during the audit, the team used this
copy of the program to process actual client data. The output of the
secured program was compared to that of the client's system. This
audit technique would be considered

A.
B.
C.
D.

Generalized audit software.


Parallel simulation.
Test data.
Tagging transactions.

31 Which of the following organizational positions would evaluate the


. existing system and design new computerized processing systems and
documentation?

A.
B.
C.
D.

Programmer.
Systems analyst.
Computer operator.
Data conversion operator.

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

32 The effectiveness of general controls is an important consideration for


. audit teams when assessing control risk on an audit. Which
management assertions are primarily affected by general controls?

A.
B.
C.
D.

Completeness and accuracy.


Occurrence and rights and obligations.
Accuracy and occurrence.
Completeness and occurrence.

33 The purpose of test data is to determine whether


.
A. The audit team's test data are consistent with the client's normal
transactions.
B. Controls operate as described in responses to internal control
questionnaire items and program flowcharts.
C. Every possible error is prevented or detected by the client's
computer controls.
D. All possible combinations of valid data are correctly processed.
34 Which of the following is an example of a computer operations control?
.
A.
B.
C.
D.

Control totals.
Balance of input to output.
File backup and retention.
Transaction logs.

35 Audit teams would least likely use computer-assisted audit techniques


. to

A.
Access client data files.
B.
Prepare spreadsheets.
C. Assess control risk related to computerized processing systems.
D. Construct and perform parallel simulations.

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

36 Which of the following methods allow fictitious and actual transactions


. to be processed together without client operating personnel being
aware of the testing process?

A.
B.
C.
D.

Integrated test facility.


Input controls matrix.
Parallel simulation.
Data entry monitor.

37 Each of the following automated application controls is designed to


. ensure that the input of individual transactions and data is accurate
except

A.
B.
C.
D.

Check digits.
Valid sign tests.
Sequence tests.
Limit and reasonableness tests.

38 Audit teams would most likely introduce test data into a computerized
. payroll system to test internal controls related to the

A. Existence of unclaimed payroll checks held by supervisors.


B. Early cashing of payroll checks by employees.
C. Discovery of invalid employee identification numbers.
D. Proper approval of overtime by supervisors.
39 To obtain evidence that controls over access to computer programs are
. properly functioning, audit teams most likely would

A. Create checkpoints at periodic intervals after data processing to test


for unauthorized use of the system.
B. Examine the transaction log to discover whether any transactions
were lost or entered twice due to a system malfunction.
C. Enter invalid identification numbers or passwords to ascertain
whether the system rejects them.
D. Vouch a random sample of processed transactions to ensure proper
authorization.

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

40 Tests of controls in an advanced computerized processing system


.
A. Can be performed using only actual transactions because testing
simulated transactions does not provide relevant evidence.
B. Can be performed using actual transactions or simulated
transactions.
C. Is impractical because many procedures within the computerized
processing system leave no visible evidence of having been
performed.
D. Is inadvisable because it may distort the evidence in real-time
systems.
41 Which of the following is a general control that would most likely assist
. an organization whose systems analyst resigned during the
development of a major project?

A.
B.
C.
D.

Grandfather-father-son file retention.


Input and output validation routines.
Systems documentation.
Check digit verification.

42 Which of the following would most likely be a weakness in the internal


. control of a client that utilizes portable computing devices rather than a
large computer system?

A. Employee collusion possibilities are increased because portable


computing devices from one vendor can process the programs of a
system from different vendors.
B. Computer operators may be able to remove hardware and software
components and modify them at an off-site location.
C. Programming errors result in all similar transactions being processed
incorrectly because those transactions are processed under the same
conditions.
D. Certain transactions may be automatically initiated by the
computerized processing system and management's authorization of
these transactions may be implicit in its acceptance of the system
design.

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

43 When programs or files can be accessed from terminals, users should


. be required to enter a(n)

A.
B.
C.
D.

Parity check.
Personal identification code.
Self-diagnosis test.
Echo check.

44 Which of the following control procedures most likely could prevent


. computer personnel from modifying programs to bypass computer
controls?

A. Periodic management review of computer utilization reports and


systems documentation.
B. Separation of duties for computer programming and computer
operations.
C. Participation of user department personnel in designing and
approving new systems.
D. Physical security of computer facilities in limiting access to computer
equipment.
45 Which of the following is likely to be of least importance to audit teams
. when obtaining an understanding of the computer controls in an
organization with a computerized processing system?

A. Separation of duties within the computer function.


B.
Controls over source documents.
C. Documentation maintained for accounting applications.
D. Relationship between costs and benefits of computer operations.

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

46 After obtaining a preliminary understanding of a client's computer


. controls, audit teams may decide not to perform tests of controls.
Which of the following would not be a valid reason for choosing to omit
tests of controls?

A. The client's computer controls duplicate manual controls existing


elsewhere in the system.
B. There appear to be major weaknesses that indicate a high level of
control risk.
C. The time and dollar costs of testing computer controls exceed the
time and dollar savings in substantive procedures.
D. The client's controls appear to function at an adequate level to justify
a low assessment of control risk.
47 When a real-time computerized processing system is in use, the
. computer controls can be strengthened by

A. Providing for the separation of duties between data input and error
listing operations.
B. Using a systems development life cycle for authorization, user
involvement, and testing of program modifications.
C. Preparing batch totals to provide assurance that file updates are
made for the entire group of transactions.
D. Performing a validity check of an identification number before a user
can obtain access to the computer files.
48 Which of the following statements best describes the impact on an
. audit when a client uses computerized processing of transactions?

A. The objective of the audit examination focuses on detection of fraud


and theft through the computer.
B. The type of substantive procedures performed by the audit team
change because of the use of computerized processing.
C. The effectiveness of computer controls implemented by the client
over its computerized processing may need to be evaluated by audit
teams.
D. Different independence standards are introduced for audit teams
when clients utilize computerized processing.

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

49 Computer controls that are pervasive and apply to all applications of a


. computerized processing system are referred to as

A.
B.
C.
D.

Computer controls.
Environment controls.
Automated application controls.
General controls.

50 Which of the following is not an example of a general control?


.
A. The organization's use of the systems development life cycle when
implementing or modifying computerized processing systems.
B. The organization's use of check digits to ensure accurate input of
transaction data.
C. Periodic and preventative maintenance performed on the computer
and related equipment.
D. The existence of appropriate separation of duties within the
computer department.
51 Computer controls that provide reasonable assurance that data are not
. altered or modified as they are transmitted through the system are
referred to as

A.
B.
C.
D.

General controls.
Hardware controls.
Input controls.
Transmission controls.

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

52 Which of the following is not a control included as part of the systems


. development life cycle?

A. Ensuring that all software acquisition and program development


efforts are consistent with the organization's needs and objectives.
B. Testing and validating new programs and developing proper
implementation plans.
C. Requiring that all programming efforts take place under the control
of the requesting user department.
D. Ensuring that data are converted completely and accurately for use
in the new systems.
53 Why is it important that the organization establish systems
. development and documentation standards?

A. These standards enable the organization to understand the


programming logic underlying recently developed programs.
B. These standards ensure that the program controls and
documentation included in recently developed programs is adequate.
C. The absence of these standards would constitute a material
weakness in internal control.
D. These standards ensure the appropriate separation of duties of
computer personnel.
54 Which of the following categories of general controls includes retention
. and recovery techniques for data and related programs?

A.
B.
C.
D.

Access to programs and data.


Computer operations.
Data file controls.
Hardware controls.

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

55 Which of the following computer controls would provide the best


. evidence that unauthorized users are not accessing specific computer
programs and files?

A. Using passwords requiring access to those programs and files.


B. Periodically reviewing and confirming access rights for the
organization's users.
C. Monitoring actual user activity through a program log and comparing
that activity to authorized levels.
D. Ensuring that access to programs and files is removed for recently
terminated employees.
56 Which of the following error conditions would not be detected through
. the use of batch totals?

A. A transposition of numbers in a numeric field.


B. Entry of an unauthorized transaction supported by documentary
evidence.
C. Failure to enter a valid transaction through input error.
D. Erroneously entering the same transaction twice.
57 Which of the following input controls would be least likely to identify the
. failure of an employee to input a transaction for which documentary
evidence has been prepared?

A.
B.
C.
D.

Batch totals.
Hash totals.
Missing data tests.
Sequence tests.

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

58 Auditing through the computer


.
A. Is a required approach under generally accepted auditing standards.
B. Requires the audit team to evaluate the operating effectiveness of
important computer controls.
C. Is normally utilized when the client has not implemented significant
computer controls.
D. Focuses on reconciling the input data to the results generated by the
client's computerized processing system.
59 Which of the following is not true with respect to the test data approach
. for evaluating computer controls?

A. The test data are created for a separate entity and are run
simultaneously with the client's actual data.
B. Only one of each type of error transaction needs to be included in the
test data.
C. The manual results of processing the test data are compared to the
results of processing these data through the client's computerized
processing system.
D. Audit teams consider potential errors and conditions of interest in
generating the test data.
60 As part of assessing the risk of material misstatement, the audit team
. must assess the control risk in the computerized processing system(s).
Initially, the audit team must identify the overall processing scope of
the system(s), which would include each of the following considerations
except

A. The types of transactions that are processed through the system(s).


B. The specific control procedures that have been implemented by the
client to prevent or detect misstatements that could occur based on
the audit team's analysis.
C. The programs and files that are accessed by the system(s) in
processing transactions.
D. The type of output that is created as a result of processing
transactions through the system(s).

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

61 Which of the following input controls would not be effective in


. identifying the erroneous input of numeric fields in a transaction?

A.
B.
C.
D.

Batch totals.
Hash totals.
Check digits.
Record counts.

62 In a computerized processing system, hardware controls are designed


. to

A. Arrange data in a logical sequential manner for processing purposes.


B. Correct errors in the computer programs.
C. Monitor and detect errors in source documents.
D. Detect and control errors arising from use of equipment.
63 An example of a program in which the audit team would be most
. interested in testing automated application controls is a(n)

A.
B.
C.
D.

Payroll processing program.


Operating system program.
Data management system software.
Utility program.

64 Which of the following would reduce the effectiveness of internal


. control in a computerized processing system?

A. The computer librarian maintains custody of computer program


instructions and detailed lists.
B. Computer operators have access to operator instructions and
detailed program lists.
C. The control group is solely responsible for the distribution of all
computer output.
D. Computer programmers write and debug programs that perform
routines designed by the systems analyst.

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

65 Which of the following is true with respect to fraud risk factors in a


. computerized environment?

A. Employees in a computerized environment are highly skilled.


B. Audit teams cannot evaluate the computerized processing system
during the year.
C. Higher dollar amounts are involved in a computerized environment.
D. Employees have increased access to processing systems and
computer resources in a computerized environment.
66 Controls used in the management of a computer center to minimize the
. possibility of using an incorrect file or program are

A.
B.
C.
D.

Control totals.
Record counts.
Limit checks.
External labels.

67 Audit teams would most likely use computer-assisted audit techniques


. to

A. Make copies of client data files for controlled reprocessing.


B. Construct a parallel simulation to test the client's computer controls.
C. Perform tests of a client's hardware controls.
D. Test the operative effectiveness of a client's password access
control.

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

68 Which of the following computerized processing systems generally can


. be audited without examining or directly testing the computer
programs of the system?

A. A system that performs relatively uncomplicated processes and


produces detailed output.
B. A system that affects a number of master files and produces a
limited output.
C. A system that updates a few master files and produces no other
printed output than final balances.
D. A system that performs relatively complicated processing and
produces very little detailed output.
69 The client's computerized exception reporting system helps audit teams
. conduct a more efficient audit because it

A.
Condenses data significantly.
B.
Highlights abnormal conditions.
C. Decreases the necessary level of tests of computer controls.
D.
Is an efficient computer input control.
70 Audit teams use the test data method to gain certain assurances with
. respect to

A.
Input data.
B.
Machine capacity.
C. Control procedures contained within the program.
D.
General controls.

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

71 When using test data, why are audit teams required to prepare only one
. transaction to test each computer processing alternative?

A. The speed and efficiency of the computer results in reduced sample


sizes.
B. The risk of misstatement is typically lower in a computerized
processing environment.
C. Audit teams generally perform more extensive substantive testing in
a computerized processing environment, resulting in less need to
test processing controls.
D. In a computerized processing environment, each transaction is
handled in an identical manner.
72 When auditing a computerized processing system, which of the
. following is not true of the test data approach?

A. The client's computer programs process test data under the audit
team's control.
B. The test data must consist of all possible valid and invalid conditions.
C. The test data need consist only of those valid and invalid conditions
in which audit teams are interested.
D. Only one transaction of each type need be tested.
73 Audit teams cannot test the reliable operation of computer control
. procedures by

A. Submitting test data at several different times for processing on the


computer program the client uses for actual transaction processing.
B. Manually comparing detailed transactions that the internal auditors
used to test a program to the program's actual error messages.
C. Programming a model transaction processing system and processing
actual client transactions for comparison to the output produced by
the client's program.
D. Manually reperforming actual transaction processing with
comparison of results to the actual system output.

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

74 Audit teams can obtain evidence of the proper functioning of password


. access control to a computerized processing system by

A. Writing a computer program that simulates the logic of a good


password control system.
B. Selecting a random sample of the client's completed transactions to
check the existence of proper authorization.
C. Attempting to sign on to the computerized processing system with a
false password.
D. Obtaining representations from the client's computer personnel that
the password control prevents unauthorized entry.
75 When processing controls within the computerized processing system
. may not leave visible evidence that could be inspected by audit teams,
the teams should:

A.
Make corroborative inquiries.
B. Observe the separation of duties of personnel.
C. Review transactions submitted for processing and comparing them to
related output.
D.
Review the run manual.
76 Which of the following statements most likely represents a control
. consideration for an entity that performs its accounting using portable
computing devices?

A. It is usually difficult to detect arithmetic errors.


B. Unauthorized persons find it easy to access the computer and alter
the data files.
C. Transactions are coded for account classifications before they are
processed on the computer.
D. Random errors in report printing are rare in packaged software
systems.

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

77 Computerized processing performed concurrently with a particular


. activity so that results are available to influence a decision being made
is referred to as

A.
B.
C.
D.

Batch processing.
Real-time processing.
Integrated data processing.
Random access processing.

78 Which of the following is not a characteristic of a batch processing


. system?

A. The collection of similar transactions that are sorted and processed


sequentially against a master file.
B. The input of transactions prior to processing.
C.
The production of numerous printouts.
D. The posting of a transaction as it occurs to several files without
intermediate printouts.
79 A customer intended to order 100 units of product Z96014 but
. incorrectly ordered product Z96015, which is not an actual product.
Which of the following controls most likely would detect this error?

A.
B.
C.
D.

Check digit verification.


Record count.
Hash total.
Redundant data check.

80 Which of the following automated application controls would offer


. reasonable assurance that inventory data were completely and
accurately entered?

A.
B.
C.
D.

Sequence checking.
Batch totals.
Limit tests.
Check digits.

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

81 Which of the following persons is responsible for controlling access to


. systems documentation and access to program and data files?

A.
B.
C.
D.

Programmers.
Data conversion operators.
Librarians.
Computer operators.

82 The evaluation of computer controls with simulated data processed


. through the client's computer programs is referred to as

A.
B.
C.
D.

Parallel simulation.
Test data.
Integrated test facility.
Database.

83 Audit teams can use the computer to test the operating effectiveness of
. the client's controls in each of the following cases except to

A. Select transactions and manually audit the actual transaction


processing.
B. Evaluate the computer controls using simulated data.
C. Compare external documentation with internal documentation.
D. Evaluate the computer controls using actual data processed through
the client's computer programs.
84 Which of the following is not a category of general controls?
.
A.
B.
C.
D.

Access to programs and data controls.


Computer operations controls.
Processing controls.
Program change controls.

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

85 To test the operating effectiveness of computer controls, audit teams


. can use each of the following methods except

A. Creating a "dummy entity" and processing simulated transactions


along with actual transactions.
B. Creating fictitious transactions for processing through the client's
computer programs separately from actual client transactions.
C. Processing actual client transactions through an auditor-created
program.
D. Observing the separation of duties of client personnel.
86 The tools and techniques applicable to auditing in a computerized
. environment should not include those that

A. Operate on a real-time basis with actual data.


B.
Use simulated or dummy data.
C.
Audit around the computer.
D.
Use program analysis techniques.
87 The technique of creating a minicompany with fictitious master file
. records to process simulated data simultaneously with actual client
data is referred to as a(n)

A.
B.
C.
D.

Sample audit review file.


Integrated test facility.
Systems control audit review file.
Program analysis software.

88 Which of the following is not an example of a computer control related


. to file retention and security?

A.
Echo check.
B.
Storage in fireproof vaults.
C. Backup versions of files stored in remote locations.
D.
Grandfather-father-son concept.

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

89 Which of the following is not a major difference between a manual


. processing environment and a computerized processing environment?

A. A computerized processing environment requires data to be


converted into electronic format, which introduces the possibility of
input errors.
B. A computerized processing environment has an increased level of
human involvement.
C. Random errors are more likely in a manual processing environment
than a computerized processing environment.
D. A hard copy "audit trail" is less likely to exist in a computerized
processing environment than a manual processing environment.
90 A numerical field appended to an identification number that serves as
. an input control is a(n)

A.
B.
C.
D.

Batch total.
Hash total.
Check digit.
Valid character test.

91 The major disadvantage of an integrated test facility is that


.
A. Data processed through the client's system must be "backed out"
very carefully.
B. The cost of setting up the facility adds to overhead of the system.
C. Audit teams need extensive knowledge of computer programming.
D. It is a costly use of computer resources.

Fill in the Blank Questions

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

92 Auditing _________________________________________________ refers to the


. actual evaluation of the hardware and programs to determine the
reliability of computer operations and test the operating effectiveness
of the related controls.
________________________________________
93 Auditing ________________________________________ consists of reconciling
. source documents with computer output.
________________________________________
94 ____________________________ techniques are special audit modules
. designed and coded into computer programs to allow audit teams to
evaluate various stages of transaction processing.
________________________________________
95 The method of testing computer controls that requires audit teams to
. prepare a computer program to process a client's actual data is referred
to as a(n) _________________________________.
________________________________________
96 ______________________________ compare the client's processing of
. simulated transactions to the audit team's manual processing of those
transactions.
________________________________________
97 Controls that involve all applications of computerized processing (such
. as hardware controls) are referred to as
______________________________________.
________________________________________
98 An important control over program development is the entity's use of
. the _____________________________________________ life cycle to plan,
develop, and implement new computerized systems.
________________________________________

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

99 __________________________________ controls are "built in" to the


. computer equipment and provide reasonable assurance that data are
not altered or modified as they are transmitted within the system.
________________________________________
100 Check digits, record counts, and sequence tests are examples of
.
_____________________________ controls.
________________________________________
101 Four methods that are used by audit teams to test the operating
.
effectiveness of controls include inquiry, observation, documentation
examination, and ______________________
________________________________________
102 Separation of incompatible functions is an example of a
.
___________________________________ control.
________________________________________
103 _____________________________ processing occurs when a group of
.
similar transactions is accumulated and processed simultaneously.
________________________________________
104 _____________________________ describes the system and its controls and
.
is the means of communicating the essential elements of the
computerized processing system to current and potential users.
________________________________________
105 Retaining previous generations of files for use in reconstructing current
.
generations of files is known as the
_________________________________________ technique.
________________________________________

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

106 _____________________________ prepare flowcharts and code the logic of


.
the computer programs required by the overall system designed by
the systems analyst.
________________________________________
107 ____________________________________ represent comparisons of the
.
number of transactions submitted for data conversion with the number
of transactions actually entered for processing.
________________________________________
108 _____________________________ and _____________________________ are
.
special internal labels on files that provide reasonable assurance that
the correct files are used in processing.
________________________________________
109 A(n) __________________________________________ involves testing the
.
client's processing system and controls by creating a dummy
department or branch.
________________________________________
110 _____________________________________ are arithmetic totals of fields that
.
do not have a significant meaning (such as employee numbers).
________________________________________
111 _____________________________ computing environments are often
.
characterized by inadequate separation of duties and lack of physical
computer security.
________________________________________

Short Answer Questions

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

112 Match each of the following categories of general controls (letters A-E)
.
to the description of a computer control (numbers 1-10). A category of
general controls can be used more than once.
A. Hardware controls
B. Program development controls
C. Program change controls
D. Computer operations controls
E. Access to programs and data controls
____ 1. Separating the duties of systems programmers, computer
operators, and data librarians.
____ 2. Conducting preventative maintenance on computer equipment.
____ 3. Requiring the use of passwords to access computer programs
and files.
____ 4. Using the systems development life cycle for testing and
validation of new programs.
____ 5. Requiring program modifications to be tested and implemented
by appropriate personnel.
____ 6. Maintaining backup copies of files at safe, remote locations.
____ 7. Involving users in the design of programs and selection of
prepackaged software.
____ 8. Relying on parity checks imbedded into computer equipment by
the computer manufacturer.
____ 9. Using external labels to identify files and programs.
____ 10. Ensuring that emergency requests are appropriately
documented and properly authorized.

113 Identify whether each of the following statements is appropriate for


.
auditing around the computer (A), auditing through the computer (T),
or auditing both around and through the computer (B).
____ 1. It is more likely to be utilized when the client's computerized
processing systems are relatively simple.
____ 2. The method is permitted under generally accepted auditing
standards.
____ 3. It requires audit teams to evaluate and test the operating

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

effectiveness of computer controls.


____ 4. It primarily concerns correspondence between input and
output.
____ 5. The use of test data and parallel simulation are examples of
this approach.
____ 6. It should be used with more complex computerized processing
systems.
____ 7. Audit teams can design error conditions to evaluate how these
conditions are processed.
____ 8. Audit teams are required to consider important computer
controls that have been implemented by the client over computerized
processing of transactions.
____ 9. It is more likely to be used when clients have not implemented
extensive computer controls.
____ 10. It can be used to provide audit teams with a basis for
assessing control risk.

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

114 Match each of the following general controls with the broad category
.
of controls in which it is included (each control will be related to only
one category).

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

115 Match each of the automated application controls with the error
.
condition(s) they are designed to prevent or detect (each control may
be designed to prevent or detect more than one error condition).

Essay Questions

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

116 What is the difference between the use of test data and parallel
.
simulation?

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

117 At a meeting of the corporate audit committee attended by the


.
general manager of the products division (A. Smith) and the internal
audit manager (P. Marks), the following dialogue took place between
Smith and R. Jones (chair of the corporate audit committee):
Jones: Ms. Marks has suggested that the internal audit department
conduct an examination of the computer activities of the products
division.
Smith: I don't know much about the technicalities of computers, but
the division has some of the best computer people in the company.
Jones: Do you know whether the internal controls we have
implemented are satisfactory?
Smith: I suppose they are. No one has complained. What's so
important about controls anyway, as long as the system works? I don't
even know what type of controls we should have for our system.
Jones: Ms. Marks, can you explain the objective of computer controls
and provide us some examples?
Required:
Address Ms. Marks' response to the following points:
a. State the principal objective of achieving control over (1) input, (2)
processing, and (3) output.
b. Provide examples of (1) input controls, (2) processing controls, and
(3) output controls.

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

Matching Questions

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

118 Match each of the following input controls (letters A-K) with the
.
description or type of error that might be detected by this control
(numbers 1-11). Each input control relates to only one description or
type of error.

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

1. Data fields have the


Limit and
appropriate positive or
reasonableness
negative sign
tests ____
2. Computer may
automatically generate and
authorize transactions
Record count ____
3. Data are inadvertently
Valid sign
input in an incorrect field
tests ____
4. The sum of a data field
has numerical significance
(such as the total number of
hours worked)
Batch totals ____
5. The sum of a data field
has no numerical
Error correction
significance (such as the
and resubmission
total of employee numbers)
procedures ____
6. Data conversion
personnel will not fail to
Authorization
enter data in a particular
and approval
field
controls ____
7. Data values exceed or fall
below some predetermined
limit
Check digit ____
8. Data fields have the
appropriate numeric or
alphabetic characters
Hash totals ____
9. A numerical field is
appended to another
numerical field to ensure
Valid character
accurate input of data
tests ____
10. The number of payroll
transactions received for
processing is compared with
the number of transactions
entered into a transaction
Missing data
file
tests ____
11. Data entry personnel
are able to correct data
conversion errors in a timely
Data entry and
fashion
formatting ____

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

119 Match each of the following program-embedded techniques (letters A.


I) with a description of these techniques (numbers 1-9). Each
technique relates to only one description.

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

1. Identifying transactions at
input and obtaining a computer
trail of all processing steps
Extended
related to these transactions
records
2. Obtaining a record of
transactions and database
Program
elements prior to and following
analysis
computerized processing
techniques
3. Writing auditor-selected
transactions to a special file for
Tagging
later verification
transactions
4. Using software packages that
assist audit teams in
understanding the logic of an
application program and
following the flow of
Embedded
transactions and data through
audit
an application program
modules
5. Using hardware and software
to identify the individual who
accesses the system, the
applications and operations
accessed, and the time the
applications and operations
Parallel
were accessed
simulation
6. Processing simulated
transactions through the client's
computerized processing
system and comparing results to
predetermined results
Snapshot
7. Providing an audit trail of
transactions by accumulating
Integrated
the results of all processing
test facility
8. Processing actual
transactions through programs
designed by audit teams to
replicate the client's
computerized processing
system
Test data
9. Processing simulated
Monitoring
transactions related to a
system

____

____

____

____

____

____

____

____
____

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

fictitious department or branch


created by the audit team

activity

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

Module H Auditing in a Computerized Environment Answer Key

True / False Questions


1.

In auditing around the computer, audit teams reconcile source


documents (input) to processing results.
TRUE
Reference: Question also found in study guide
AACSB: Analytic
AACSB: Technology
AICPA BB: Industry
AICPA BB: Leveraging Technology
AICPA FN: Decision Making
AICPA FN: Leveraging Technology
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: H-05 Identify how audit teams perform tests of controls in a computerized environment.
Topic: Testing Controls in a Computerized Environment

2.

In simple batch processing systems, it is not possible to use the


technique of auditing around the computer.
FALSE
Reference: Question also found in study guide
AACSB: Analytic
AACSB: Technology
AICPA BB: Industry
AICPA BB: Leveraging Technology
AICPA FN: Decision Making
AICPA FN: Leveraging Technology
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: H-02 Provide examples of general controls and understand how these controls relate to
transaction processing in a computerized processing system.
Topic: General Controls in a Computerized System

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

3.

The basic concept of test data is that once a computer is


programmed to handle transactions in a certain way, every
transaction will be handled in the same way.
TRUE
Reference: Question also found in study guide
AACSB: Analytic
AACSB: Technology
AICPA BB: Industry
AICPA BB: Leveraging Technology
AICPA FN: Decision Making
AICPA FN: Leveraging Technology
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: H-04 Describe how the audit team assesses control risk in a computerized environment.
Topic: Assessing Control Risk in a Computerized Environment

4.

When using parallel simulation, audit teams prepare a computer


program to duplicate the logic and computer controls in the client's
computer program.
TRUE
Reference: Question also found in study guide
AACSB: Analytic
AACSB: Technology
AICPA BB: Industry
AICPA BB: Leveraging Technology
AICPA FN: Decision Making
AICPA FN: Leveraging Technology
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: H-05 Identify how audit teams perform tests of controls in a computerized environment.
Topic: Testing Controls in a Computerized Environment

5.

Input controls are one of the major categories of general controls.


FALSE
Reference: Question also found in study guide
AACSB: Analytic
AACSB: Technology

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

AICPA BB: Industry


AICPA BB: Leveraging Technology
AICPA FN: Decision Making
AICPA FN: Leveraging Technology
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: H-03 Provide examples of automated application controls and understand how these
controls relate to transaction processing in a computerized processing system.
Topic: Automated Application Controls in a Computerized System

6.

A program description should contain a program flowchart, a list of


the program source code, and a record of all program changes.
TRUE
Reference: Question also found in study guide
AACSB: Analytic
AACSB: Technology
AICPA BB: Industry
AICPA BB: Leveraging Technology
AICPA FN: Decision Making
AICPA FN: Leveraging Technology
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: H-05 Identify how audit teams perform tests of controls in a computerized environment.
Topic: Testing Controls in a Computerized Environment

7.

Computer librarians are primarily responsible for operating the


computer for each application system.
FALSE
Reference: Question also found in study guide
AACSB: Analytic
AACSB: Technology
AICPA BB: Industry
AICPA BB: Leveraging Technology
AICPA FN: Decision Making
AICPA FN: Leveraging Technology
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: H-02 Provide examples of general controls and understand how these controls relate to
transaction processing in a computerized processing system.
Topic: General Controls in a Computerized System

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

8.

In an integrated test facility, simulated transactions are processed


through the client's computerized processing system along with the
client's actual transactions.
TRUE
Reference: Question also found in study guide
AACSB: Analytic
AACSB: Technology
AICPA BB: Industry
AICPA BB: Leveraging Technology
AICPA FN: Decision Making
AICPA FN: Leveraging Technology
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: H-05 Identify how audit teams perform tests of controls in a computerized environment.
Topic: Testing Controls in a Computerized Environment

9.

An important hardware control incorporated within computer


equipment is a parity check.
TRUE
Reference: Question also found in study guide
AACSB: Analytic
AACSB: Technology
AICPA BB: Industry
AICPA BB: Leveraging Technology
AICPA FN: Decision Making
AICPA FN: Leveraging Technology
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: H-02 Provide examples of general controls and understand how these controls relate to
transaction processing in a computerized processing system.
Topic: General Controls in a Computerized System

10.

Computer operators should have complete access to programs and


application documentation.
FALSE
Reference: Question also found in study guide
AACSB: Analytic

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

AACSB: Technology
AICPA BB: Industry
AICPA BB: Leveraging Technology
AICPA FN: Decision Making
AICPA FN: Leveraging Technology
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: H-02 Provide examples of general controls and understand how these controls relate to
transaction processing in a computerized processing system.
Topic: General Controls in a Computerized System

11.

If an entity's general controls are ineffective, audit teams would likely


gain additional assurance by increasing tests of their automated
application controls.
FALSE
Reference: Question also found in study guide
AACSB: Analytic
AACSB: Technology
AICPA BB: Industry
AICPA BB: Leveraging Technology
AICPA FN: Decision Making
AICPA FN: Leveraging Technology
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: H-02 Provide examples of general controls and understand how these controls relate to
transaction processing in a computerized processing system.
Topic: General Controls in a Computerized System

12.

The method of auditing around the computer treats the computer


system as a black box.
TRUE
Reference: Question also found in study guide

AACSB: Analytic
AACSB: Technology
AICPA BB: Industry
AICPA BB: Leveraging Technology
AICPA FN: Decision Making
AICPA FN: Leveraging Technology
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: H-05 Identify how audit teams perform tests of controls in a computerized environment.
Topic: Testing Controls in a Computerized Environment

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

13.

An embedded audit module creates simulated data to be processed


by the client's computerized processing system.
FALSE
Reference: Question also found in study guide

AACSB: Analytic
AACSB: Technology
AICPA BB: Industry
AICPA BB: Leveraging Technology
AICPA FN: Decision Making
AICPA FN: Leveraging Technology
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: H-05 Identify how audit teams perform tests of controls in a computerized environment.
Topic: Testing Controls in a Computerized Environment

14.

The major phases in the audit team's study of internal control are the
same in a computerized processing environment as those in a
manual processing environment.
TRUE
Reference: Question also found in study guide

AACSB: Analytic
AACSB: Technology
AICPA BB: Industry
AICPA BB: Leveraging Technology
AICPA FN: Decision Making
AICPA FN: Leveraging Technology
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: H-04 Describe how the audit team assesses control risk in a computerized environment.
Topic: Assessing Control Risk in a Computerized Environment

15.

The audit team may use internal auditors to develop and run
computer-assisted auditing techniques under supervision and review
of the audit team.
TRUE
Reference: Question also found in study guide
AACSB: Analytic

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

AACSB: Technology
AICPA BB: Industry
AICPA BB: Leveraging Technology
AICPA FN: Decision Making
AICPA FN: Leveraging Technology
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: H-05 Identify how audit teams perform tests of controls in a computerized environment.
Topic: Testing Controls in a Computerized Environment

16.

One major difference in a computerized processing environment


compared to a manual processing environment is the existence of
systematic rather than random errors.
TRUE
Reference: Question also found in study guide
AACSB: Analytic
AACSB: Technology
AICPA BB: Industry
AICPA BB: Leveraging Technology
AICPA FN: Decision Making
AICPA FN: Leveraging Technology
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: H-01 Identify how the use of a computerized processing system impacts the audit
examination.
Topic: Computerized Processing Systems

17.

Header and trailer labels are examples of external labels.


FALSE
Reference: Question also found in study guide
AACSB: Analytic
AACSB: Technology
AICPA BB: Industry
AICPA BB: Leveraging Technology
AICPA FN: Decision Making
AICPA FN: Leveraging Technology
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: H-02 Provide examples of general controls and understand how these controls relate to
transaction processing in a computerized processing system.
Topic: General Controls in a Computerized System

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

18.

The most important preventive controls for computer fraud are those
that limit access to computers.
TRUE
Reference: Question also found in study guide

AACSB: Analytic
AACSB: Technology
AICPA BB: Industry
AICPA BB: Leveraging Technology
AICPA FN: Decision Making
AICPA FN: Leveraging Technology
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: H-07 Define and describe computer fraud and the controls that can be used to prevent it.
Topic: Computer Abuse and Computer Fraud

19.

When weaknesses exist that could lead to computer fraud, the best
strategy is to have the client help audit teams plan and execute
technical procedures to study and evaluate the system.
FALSE
Reference: Question also found in study guide

AACSB: Analytic
AACSB: Technology
AICPA BB: Industry
AICPA BB: Leveraging Technology
AICPA FN: Decision Making
AICPA FN: Leveraging Technology
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: H-07 Define and describe computer fraud and the controls that can be used to prevent it.
Topic: Computer Abuse and Computer Fraud

20.

The use of the systems development life cycle is an example of an


access to programs and data control.
FALSE
Reference: Question also found in study guide
AACSB: Analytic
AACSB: Technology

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

AICPA BB: Industry


AICPA BB: Leveraging Technology
AICPA FN: Decision Making
AICPA FN: Leveraging Technology
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: H-02 Provide examples of general controls and understand how these controls relate to
transaction processing in a computerized processing system.
Topic: General Controls in a Computerized System

Multiple Choice Questions


21.

Which of the following controls most likely would ensure that an


organization can reconstruct its financial records?

A. Hardware controls are built into the computer by the computer


manufacturer.
B. Backup files are stored in a location separate from original copies.
C. Personnel who are independent of data input perform parallel
simulations.
D. System flowcharts provide accurate descriptions of computer
operations.
AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Apply
Difficulty: 3 Hard
Learning Objective: H-02 Provide examples of general controls and understand how these controls relate to
transaction processing in a computerized processing system.
Source: AICPA
Topic: Computer Operations Controls

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

22.

When audit teams test a computerized processing system, which of


the following is true of the test data approach?

A. Several transactions of each type must be tested.


B. Test data are processed by the client's computer programs under
the audit team's control.
C. Test data must consist of all possible valid and invalid
combinations.
D. The computer program used to process test data is different from
the program used throughout the year by the client.
AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: H-05 Identify how audit teams perform tests of controls in a computerized environment.
Source: AICPA
Topic: Test Data

23.

In end-user computing environments, the processing control


procedures would ordinarily not include

A.
B.
C.
D.

Transaction logs.
Control totals.
Comparing input to output.
Online editing and sight verification.

AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: H-06 Describe the characteristics and control issues associated with end-user and other
computing environments.
Source: Original
Topic: Processing Controls

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

24.

Which of the following is not an appropriate statement with regard to


computer control activities?

A. The duties of application programming, computer operation, and


control of data files should be separated.
B. Computer operators should maintain control of all software
programs.
C. Specific passwords should be required to access online files.
D. Computer programmers should be periodically rotated across
different applications.
AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: H-02 Provide examples of general controls and understand how these controls relate to
transaction processing in a computerized processing system.
Source: Original
Topic: Computer Operations Controls

25.

Which of the following ensures that the coding of data does not
change when it is moved from one internal storage location to
another?

A.
B.
C.
D.

Preventive maintenance.
Echo check.
Internal label.
Parity check.

AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: H-02 Provide examples of general controls and understand how these controls relate to
transaction processing in a computerized processing system.
Source: Original
Topic: Hardware Controls

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

26.

An audit team's approach to evaluating computerized processing


systems that compares source documents to the computer output is
known as auditing

A.
B.
C.
D.

Around the computer.


Through the computer.
Without the computer.
With the computer.

AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: H-05 Identify how audit teams perform tests of controls in a computerized environment.
Source: Original
Topic: Approaches to Auditing

27.

The reprocessing of actual data using programs developed by the


audit team to evaluate program controls is called

A.
B.
C.
D.

Test data.
Test deck.
Generalized audit software.
Parallel simulation.

AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: H-05 Identify how audit teams perform tests of controls in a computerized environment.
Source: Original
Topic: Parallel Simulation

28.

Techniques needed to select specific transactions of audit interest for


testing would not include

A.
B.
C.
D.

Embedded audit modules.


Monitoring system activity.
Snapshot.
Test data.
AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

Blooms: Remember
Difficulty: 1 Easy
Learning Objective: H-05 Identify how audit teams perform tests of controls in a computerized environment.
Source: Original
Topic: Approaches to Auditing

29.

Computer operations controls are typically implemented for files and


data used in processing. The major objectives of these controls
include each of the following except

A. Ensure that appropriate files are used in computerized processing.


B. Ensure restricted access to the computing environment.
C. Ensure that files are appropriately secured and protected from
loss.
D. Ensure that files can be reconstructed from earlier versions of
information used in processing.
AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: H-02 Provide examples of general controls and understand how these controls relate to
transaction processing in a computerized processing system.
Source: Original
Topic: Computer Operations Controls

30.

The audit team made a copy of the client's sales and billing program
early in the audit. Several times during the audit, the team used this
copy of the program to process actual client data. The output of the
secured program was compared to that of the client's system. This
audit technique would be considered

A.
B.
C.
D.

Generalized audit software.


Parallel simulation.
Test data.
Tagging transactions.

AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: H-05 Identify how audit teams perform tests of controls in a computerized environment.
Source: Original
Topic: Parallel Simulation

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

31.

Which of the following organizational positions would evaluate the


existing system and design new computerized processing systems
and documentation?

A.
B.
C.
D.

Programmer.
Systems analyst.
Computer operator.
Data conversion operator.

AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: H-02 Provide examples of general controls and understand how these controls relate to
transaction processing in a computerized processing system.
Source: Original
Topic: Computer Operations Controls

32.

The effectiveness of general controls is an important consideration


for audit teams when assessing control risk on an audit. Which
management assertions are primarily affected by general controls?

A.
B.
C.
D.

Completeness and accuracy.


Occurrence and rights and obligations.
Accuracy and occurrence.
Completeness and occurrence.

AACSB: Analytic
AICPA BB: Critical Thinking
AICPA FN: Risk Analysis
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: H-02 Provide examples of general controls and understand how these controls relate to
transaction processing in a computerized processing system.
Source: Original
Topic: General Controls

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

33.

The purpose of test data is to determine whether

A. The audit team's test data are consistent with the client's normal
transactions.
B. Controls operate as described in responses to internal control
questionnaire items and program flowcharts.
C. Every possible error is prevented or detected by the client's
computer controls.
D. All possible combinations of valid data are correctly processed.
AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: H-05 Identify how audit teams perform tests of controls in a computerized environment.
Source: Original
Topic: Test Data

34.

Which of the following is an example of a computer operations


control?

A.
B.
C.
D.

Control totals.
Balance of input to output.
File backup and retention.
Transaction logs.

AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: H-02 Provide examples of general controls and understand how these controls relate to
transaction processing in a computerized processing system.
Source: Original
Topic: Computer Operations Controls

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

35.

Audit teams would least likely use computer-assisted audit


techniques to

A.
Access client data files.
B.
Prepare spreadsheets.
C. Assess control risk related to computerized processing systems.
D. Construct and perform parallel simulations.
AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: H-05 Identify how audit teams perform tests of controls in a computerized environment.
Source: AICPA
Topic: Test Data

36.

Which of the following methods allow fictitious and actual


transactions to be processed together without client operating
personnel being aware of the testing process?

A.
B.
C.
D.

Integrated test facility.


Input controls matrix.
Parallel simulation.
Data entry monitor.

AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: H-05 Identify how audit teams perform tests of controls in a computerized environment.
Source: AICPA
Topic: Integrated Test Facility

37.

Each of the following automated application controls is designed to


ensure that the input of individual transactions and data is accurate
except

A.
B.
C.
D.

Check digits.
Valid sign tests.
Sequence tests.
Limit and reasonableness tests.
AACSB: Technology

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

AICPA BB: Leveraging Technology


AICPA FN: Leveraging Technology
Blooms: Apply
Difficulty: 3 Hard
Learning Objective: H-03 Provide examples of automated application controls and understand how these
controls relate to transaction processing in a computerized processing system.
Source: Original
Topic: Input Controls

38.

Audit teams would most likely introduce test data into a


computerized payroll system to test internal controls related to the

A. Existence of unclaimed payroll checks held by supervisors.


B. Early cashing of payroll checks by employees.
C. Discovery of invalid employee identification numbers.
D. Proper approval of overtime by supervisors.
AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Apply
Difficulty: 3 Hard
Learning Objective: H-05 Identify how audit teams perform tests of controls in a computerized environment.
Source: AICPA
Topic: Test Data

39.

To obtain evidence that controls over access to computer programs


are properly functioning, audit teams most likely would

A. Create checkpoints at periodic intervals after data processing to


test for unauthorized use of the system.
B. Examine the transaction log to discover whether any transactions
were lost or entered twice due to a system malfunction.
C. Enter invalid identification numbers or passwords to ascertain
whether the system rejects them.
D. Vouch a random sample of processed transactions to ensure
proper authorization.
AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Apply
Difficulty: 3 Hard
Learning Objective: H-02 Provide examples of general controls and understand how these controls relate to
transaction processing in a computerized processing system.
Source: AICPA
Topic: Access to Programs and Data Controls

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

40.

Tests of controls in an advanced computerized processing system

A. Can be performed using only actual transactions because testing


simulated transactions does not provide relevant evidence.
B. Can be performed using actual transactions or simulated
transactions.
C. Is impractical because many procedures within the computerized
processing system leave no visible evidence of having been
performed.
D. Is inadvisable because it may distort the evidence in real-time
systems.
AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: H-05 Identify how audit teams perform tests of controls in a computerized environment.
Source: AICPA
Topic: Approaches to Auditing

41.

Which of the following is a general control that would most likely


assist an organization whose systems analyst resigned during the
development of a major project?

A.
B.
C.
D.

Grandfather-father-son file retention.


Input and output validation routines.
Systems documentation.
Check digit verification.

AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: H-02 Provide examples of general controls and understand how these controls relate to
transaction processing in a computerized processing system.
Source: AICPA
Topic: Program Change Controls

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

42.

Which of the following would most likely be a weakness in the


internal control of a client that utilizes portable computing devices
rather than a large computer system?

A. Employee collusion possibilities are increased because portable


computing devices from one vendor can process the programs of a
system from different vendors.
B. Computer operators may be able to remove hardware and
software components and modify them at an off-site location.
C. Programming errors result in all similar transactions being
processed incorrectly because those transactions are processed
under the same conditions.
D. Certain transactions may be automatically initiated by the
computerized processing system and management's authorization
of these transactions may be implicit in its acceptance of the
system design.
AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Evaluate
Difficulty: 3 Hard
Learning Objective: H-06 Describe the characteristics and control issues associated with end-user and other
computing environments.
Source: AICPA
Topic: Control Considerations

43.

When programs or files can be accessed from terminals, users should


be required to enter a(n)

A.
B.
C.
D.

Parity check.
Personal identification code.
Self-diagnosis test.
Echo check.

AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: H-02 Provide examples of general controls and understand how these controls relate to
transaction processing in a computerized processing system.
Source: AICPA
Topic: Access to Programs and Data Controls

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

44.

Which of the following control procedures most likely could prevent


computer personnel from modifying programs to bypass computer
controls?

A. Periodic management review of computer utilization reports and


systems documentation.
B. Separation of duties for computer programming and computer
operations.
C. Participation of user department personnel in designing and
approving new systems.
D. Physical security of computer facilities in limiting access to
computer equipment.
AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Evaluate
Difficulty: 3 Hard
Learning Objective: H-02 Provide examples of general controls and understand how these controls relate to
transaction processing in a computerized processing system.
Source: AICPA
Topic: Program Change Controls

45.

Which of the following is likely to be of least importance to audit


teams when obtaining an understanding of the computer controls in
an organization with a computerized processing system?

A. Separation of duties within the computer function.


B.
Controls over source documents.
C. Documentation maintained for accounting applications.
D. Relationship between costs and benefits of computer operations.
AACSB: Analytic
AICPA BB: Critical Thinking
AICPA FN: Risk Analysis
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: H-04 Describe how the audit team assesses control risk in a computerized environment.
Source: Original
Topic: Obtaining Understanding of Controls

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

46.

After obtaining a preliminary understanding of a client's computer


controls, audit teams may decide not to perform tests of controls.
Which of the following would not be a valid reason for choosing to
omit tests of controls?

A. The client's computer controls duplicate manual controls existing


elsewhere in the system.
B. There appear to be major weaknesses that indicate a high level of
control risk.
C. The time and dollar costs of testing computer controls exceed the
time and dollar savings in substantive procedures.
D. The client's controls appear to function at an adequate level to
justify a low assessment of control risk.
AACSB: Analytic
AICPA BB: Critical Thinking
AICPA FN: Risk Analysis
Blooms: Apply
Difficulty: 3 Hard
Learning Objective: H-04 Describe how the audit team assesses control risk in a computerized environment.
Source: Original
Topic: Tests of Controls

47.

When a real-time computerized processing system is in use, the


computer controls can be strengthened by

A. Providing for the separation of duties between data input and error
listing operations.
B. Using a systems development life cycle for authorization, user
involvement, and testing of program modifications.
C. Preparing batch totals to provide assurance that file updates are
made for the entire group of transactions.
D. Performing a validity check of an identification number before a
user can obtain access to the computer files.
AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Evaluate
Difficulty: 3 Hard
Learning Objective: H-02 Provide examples of general controls and understand how these controls relate to
transaction processing in a computerized processing system.
Source: Original
Topic: Access to Programs and Data Controls

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

48.

Which of the following statements best describes the impact on an


audit when a client uses computerized processing of transactions?

A. The objective of the audit examination focuses on detection of


fraud and theft through the computer.
B. The type of substantive procedures performed by the audit team
change because of the use of computerized processing.
C. The effectiveness of computer controls implemented by the client
over its computerized processing may need to be evaluated by
audit teams.
D. Different independence standards are introduced for audit teams
when clients utilize computerized processing.
AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: H-01 Identify how the use of a computerized processing system impacts the audit
examination.
Source: Original
Topic: Effect of Computerized Processing on the Audit

49.

Computer controls that are pervasive and apply to all applications of


a computerized processing system are referred to as

A.
B.
C.
D.

Computer controls.
Environment controls.
Automated application controls.
General controls.

AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: H-02 Provide examples of general controls and understand how these controls relate to
transaction processing in a computerized processing system.
Source: Original
Topic: General Controls

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

50.

Which of the following is not an example of a general control?

A. The organization's use of the systems development life cycle when


implementing or modifying computerized processing systems.
B. The organization's use of check digits to ensure accurate input of
transaction data.
C. Periodic and preventative maintenance performed on the
computer and related equipment.
D. The existence of appropriate separation of duties within the
computer department.
AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: H-02 Provide examples of general controls and understand how these controls relate to
transaction processing in a computerized processing system.
Source: Original
Topic: General Controls

51.

Computer controls that provide reasonable assurance that data are


not altered or modified as they are transmitted through the system
are referred to as

A.
B.
C.
D.

General controls.
Hardware controls.
Input controls.
Transmission controls.

AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: H-02 Provide examples of general controls and understand how these controls relate to
transaction processing in a computerized processing system.
Source: Original
Topic: Hardware Controls

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

52.

Which of the following is not a control included as part of the systems


development life cycle?

A. Ensuring that all software acquisition and program development


efforts are consistent with the organization's needs and objectives.
B. Testing and validating new programs and developing proper
implementation plans.
C. Requiring that all programming efforts take place under the control
of the requesting user department.
D. Ensuring that data are converted completely and accurately for
use in the new systems.
AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: H-02 Provide examples of general controls and understand how these controls relate to
transaction processing in a computerized processing system.
Source: Original
Topic: Program Development Controls

53.

Why is it important that the organization establish systems


development and documentation standards?

A. These standards enable the organization to understand the


programming logic underlying recently developed programs.
B. These standards ensure that the program controls and
documentation included in recently developed programs is
adequate.
C. The absence of these standards would constitute a material
weakness in internal control.
D. These standards ensure the appropriate separation of duties of
computer personnel.
AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: H-02 Provide examples of general controls and understand how these controls relate to
transaction processing in a computerized processing system.
Source: Original
Topic: Program Development Controls

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

54.

Which of the following categories of general controls includes


retention and recovery techniques for data and related programs?

A.
B.
C.
D.

Access to programs and data.


Computer operations.
Data file controls.
Hardware controls.

AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: H-02 Provide examples of general controls and understand how these controls relate to
transaction processing in a computerized processing system.
Source: Original
Topic: Access to Programs and Data Controls

55.

Which of the following computer controls would provide the best


evidence that unauthorized users are not accessing specific
computer programs and files?

A. Using passwords requiring access to those programs and files.


B. Periodically reviewing and confirming access rights for the
organization's users.
C. Monitoring actual user activity through a program log and
comparing that activity to authorized levels.
D. Ensuring that access to programs and files is removed for recently
terminated employees.
AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Evaluate
Difficulty: 3 Hard
Learning Objective: H-02 Provide examples of general controls and understand how these controls relate to
transaction processing in a computerized processing system.
Source: Original
Topic: Access to Programs and Data Controls

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

56.

Which of the following error conditions would not be detected


through the use of batch totals?

A. A transposition of numbers in a numeric field.


B. Entry of an unauthorized transaction supported by documentary
evidence.
C. Failure to enter a valid transaction through input error.
D. Erroneously entering the same transaction twice.
AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Apply
Difficulty: 3 Hard
Learning Objective: H-03 Provide examples of automated application controls and understand how these
controls relate to transaction processing in a computerized processing system.
Source: Original
Topic: Input Controls

57.

Which of the following input controls would be least likely to identify


the failure of an employee to input a transaction for which
documentary evidence has been prepared?

A.
B.
C.
D.

Batch totals.
Hash totals.
Missing data tests.
Sequence tests.

AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Apply
Difficulty: 3 Hard
Learning Objective: H-03 Provide examples of automated application controls and understand how these
controls relate to transaction processing in a computerized processing system.
Source: Original
Topic: Input Controls

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

58.

Auditing through the computer

A. Is a required approach under generally accepted auditing


standards.
B. Requires the audit team to evaluate the operating effectiveness of
important computer controls.
C. Is normally utilized when the client has not implemented
significant computer controls.
D. Focuses on reconciling the input data to the results generated by
the client's computerized processing system.
AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: H-05 Identify how audit teams perform tests of controls in a computerized environment.
Source: Original
Topic: Approaches to Auditing

59.

Which of the following is not true with respect to the test data
approach for evaluating computer controls?

A. The test data are created for a separate entity and are run
simultaneously with the client's actual data.
B. Only one of each type of error transaction needs to be included in
the test data.
C. The manual results of processing the test data are compared to
the results of processing these data through the client's
computerized processing system.
D. Audit teams consider potential errors and conditions of interest in
generating the test data.
AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: H-05 Identify how audit teams perform tests of controls in a computerized environment.
Source: Original
Topic: Test Data

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

60.

As part of assessing the risk of material misstatement, the audit


team must assess the control risk in the computerized processing
system(s). Initially, the audit team must identify the overall
processing scope of the system(s), which would include each of the
following considerations except

A. The types of transactions that are processed through the


system(s).
B. The specific control procedures that have been implemented by
the client to prevent or detect misstatements that could occur
based on the audit team's analysis.
C. The programs and files that are accessed by the system(s) in
processing transactions.
D. The type of output that is created as a result of processing
transactions through the system(s).
AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: H-04 Describe how the audit team assesses control risk in a computerized environment.
Source: Original
Topic: Risk of Misstatement

61.

Which of the following input controls would not be effective in


identifying the erroneous input of numeric fields in a transaction?

A.
B.
C.
D.

Batch totals.
Hash totals.
Check digits.
Record counts.

AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Apply
Difficulty: 3 Hard
Learning Objective: H-03 Provide examples of automated application controls and understand how these
controls relate to transaction processing in a computerized processing system.
Source: Original
Topic: Input Controls

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

62.

In a computerized processing system, hardware controls are


designed to

A. Arrange data in a logical sequential manner for processing


purposes.
B. Correct errors in the computer programs.
C. Monitor and detect errors in source documents.
D. Detect and control errors arising from use of equipment.
Reference: Question also found in textbook
AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: H-02 Provide examples of general controls and understand how these controls relate to
transaction processing in a computerized processing system.
Source: Original
Topic: Hardware Controls

63.

An example of a program in which the audit team would be most


interested in testing automated application controls is a(n)

A.
B.
C.
D.

Payroll processing program.


Operating system program.
Data management system software.
Utility program.

Reference: Question also found in textbook


AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: H-03 Provide examples of automated application controls and understand how these
controls relate to transaction processing in a computerized processing system.
Source: Original
Topic: General

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

64.

Which of the following would reduce the effectiveness of internal


control in a computerized processing system?

A. The computer librarian maintains custody of computer program


instructions and detailed lists.
B. Computer operators have access to operator instructions and
detailed program lists.
C. The control group is solely responsible for the distribution of all
computer output.
D. Computer programmers write and debug programs that perform
routines designed by the systems analyst.
Reference: Question also found in textbook
AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Evaluate
Difficulty: 3 Hard
Learning Objective: H-02 Provide examples of general controls and understand how these controls relate to
transaction processing in a computerized processing system.
Source: Original
Topic: Computer Operations Controls

65.

Which of the following is true with respect to fraud risk factors in a


computerized environment?

A. Employees in a computerized environment are highly skilled.


B. Audit teams cannot evaluate the computerized processing system
during the year.
C. Higher dollar amounts are involved in a computerized
environment.
D. Employees have increased access to processing systems and
computer resources in a computerized environment.
Reference: Question also found in textbook
AACSB: Technology
AICPA BB: Critical Thinking
AICPA FN: Risk Analysis
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: H-01 Identify how the use of a computerized processing system impacts the audit

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

examination.
Source: Original
Topic: Differences in Computerized Processing Environment

66.

Controls used in the management of a computer center to minimize


the possibility of using an incorrect file or program are

A.
B.
C.
D.

Control totals.
Record counts.
Limit checks.
External labels.

Reference: Question also found in textbook


AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: H-02 Provide examples of general controls and understand how these controls relate to
transaction processing in a computerized processing system.
Source: Original
Topic: Computer Operations Controls

67.

Audit teams would most likely use computer-assisted audit


techniques to

A. Make copies of client data files for controlled reprocessing.


B. Construct a parallel simulation to test the client's computer
controls.
C. Perform tests of a client's hardware controls.
D. Test the operative effectiveness of a client's password access
control.
Reference: Question also found in textbook
AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: H-05 Identify how audit teams perform tests of controls in a computerized environment.
Source: Original
Topic: Parallel Simulation

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

68.

Which of the following computerized processing systems generally


can be audited without examining or directly testing the computer
programs of the system?

A. A system that performs relatively uncomplicated processes and


produces detailed output.
B. A system that affects a number of master files and produces a
limited output.
C. A system that updates a few master files and produces no other
printed output than final balances.
D. A system that performs relatively complicated processing and
produces very little detailed output.
Reference: Question also found in textbook
AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Evaluate
Difficulty: 3 Hard
Learning Objective: H-05 Identify how audit teams perform tests of controls in a computerized environment.
Source: Original
Topic: Approaches to Auditing

69.

The client's computerized exception reporting system helps audit


teams conduct a more efficient audit because it

A.
Condenses data significantly.
B.
Highlights abnormal conditions.
C. Decreases the necessary level of tests of computer controls.
D. Is an efficient computer input control.
Reference: Question also found in textbook
AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: H-01 Identify how the use of a computerized processing system impacts the audit
examination.
Source: Original
Topic: Exception Reports

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

70.

Audit teams use the test data method to gain certain assurances with
respect to

A.
Input data.
B.
Machine capacity.
C. Control procedures contained within the program.
D.
General controls.
Reference: Question also found in textbook
AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: H-05 Identify how audit teams perform tests of controls in a computerized environment.
Source: Original
Topic: Test Data

71.

When using test data, why are audit teams required to prepare only
one transaction to test each computer processing alternative?

A. The speed and efficiency of the computer results in reduced


sample sizes.
B. The risk of misstatement is typically lower in a computerized
processing environment.
C. Audit teams generally perform more extensive substantive testing
in a computerized processing environment, resulting in less need
to test processing controls.
D. In a computerized processing environment, each transaction is
handled in an identical manner.
Reference: Question also found in textbook
AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: H-05 Identify how audit teams perform tests of controls in a computerized environment.
Source: Original
Topic: Test Data

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

72.

When auditing a computerized processing system, which of the


following is not true of the test data approach?

A. The client's computer programs process test data under the audit
team's control.
B. The test data must consist of all possible valid and invalid
conditions.
C. The test data need consist only of those valid and invalid
conditions in which audit teams are interested.
D. Only one transaction of each type need be tested.
Reference: Question also found in textbook
AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: H-05 Identify how audit teams perform tests of controls in a computerized environment.
Source: Original
Topic: Test Data

73.

Audit teams cannot test the reliable operation of computer control


procedures by

A. Submitting test data at several different times for processing on


the computer program the client uses for actual transaction
processing.
B. Manually comparing detailed transactions that the internal
auditors used to test a program to the program's actual error
messages.
C. Programming a model transaction processing system and
processing actual client transactions for comparison to the output
produced by the client's program.
D. Manually reperforming actual transaction processing with
comparison of results to the actual system output.
Reference: Question also found in textbook
AACSB: Technology
AICPA BB: Leveraging Technology

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

AICPA FN: Leveraging Technology


Blooms: Apply
Difficulty: 3 Hard
Learning Objective: H-05 Identify how audit teams perform tests of controls in a computerized environment.
Source: Original
Topic: Approaches to Auditing

74.

Audit teams can obtain evidence of the proper functioning of


password access control to a computerized processing system by

A. Writing a computer program that simulates the logic of a good


password control system.
B. Selecting a random sample of the client's completed transactions
to check the existence of proper authorization.
C. Attempting to sign on to the computerized processing system with
a false password.
D. Obtaining representations from the client's computer personnel
that the password control prevents unauthorized entry.
Reference: Question also found in textbook
AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Apply
Difficulty: 3 Hard
Learning Objective: H-05 Identify how audit teams perform tests of controls in a computerized environment.
Source: Original
Topic: Tests of Controls

75.

When processing controls within the computerized processing system


may not leave visible evidence that could be inspected by audit
teams, the teams should:

A.
Make corroborative inquiries.
B. Observe the separation of duties of personnel.
C. Review transactions submitted for processing and comparing them
to related output.
D.
Review the run manual.
Reference: Question also found in textbook
AACSB: Technology

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

AICPA BB: Leveraging Technology


AICPA FN: Leveraging Technology
Blooms: Apply
Difficulty: 3 Hard
Learning Objective: H-05 Identify how audit teams perform tests of controls in a computerized environment.
Source: Original
Topic: Auditing Around the Computer

76.

Which of the following statements most likely represents a control


consideration for an entity that performs its accounting using
portable computing devices?

A. It is usually difficult to detect arithmetic errors.


B. Unauthorized persons find it easy to access the computer and alter
the data files.
C. Transactions are coded for account classifications before they are
processed on the computer.
D. Random errors in report printing are rare in packaged software
systems.
Reference: Question also found in textbook
AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: H-06 Describe the characteristics and control issues associated with end-user and other
computing environments.
Source: Original
Topic: Control Considerations

77.

Computerized processing performed concurrently with a particular


activity so that results are available to influence a decision being
made is referred to as

A.
B.
C.
D.

Batch processing.
Real-time processing.
Integrated data processing.
Random access processing.

Reference: Question also found in textbook


AACSB: Technology

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

AICPA BB: Leveraging Technology


AICPA FN: Leveraging Technology
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: H-02 Provide examples of general controls and understand how these controls relate to
transaction processing in a computerized processing system.
Source: Original
Topic: Computer Operations Controls

78.

Which of the following is not a characteristic of a batch processing


system?

A. The collection of similar transactions that are sorted and processed


sequentially against a master file.
B. The input of transactions prior to processing.
C. The production of numerous printouts.
D. The posting of a transaction as it occurs to several files without
intermediate printouts.
Reference: Question also found in textbook
AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: H-02 Provide examples of general controls and understand how these controls relate to
transaction processing in a computerized processing system.
Source: Original
Topic: Computer Operations Controls

79.

A customer intended to order 100 units of product Z96014 but


incorrectly ordered product Z96015, which is not an actual product.
Which of the following controls most likely would detect this error?

A.
B.
C.
D.

Check digit verification.


Record count.
Hash total.
Redundant data check.

Reference: Question also found in textbook


AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

Blooms: Evaluate
Difficulty: 3 Hard
Learning Objective: H-03 Provide examples of automated application controls and understand how these
controls relate to transaction processing in a computerized processing system.
Source: Original
Topic: Input Controls

80.

Which of the following automated application controls would offer


reasonable assurance that inventory data were completely and
accurately entered?

A.
B.
C.
D.

Sequence checking.
Batch totals.
Limit tests.
Check digits.

Reference: Question also found in textbook


AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Evaluate
Difficulty: 3 Hard
Learning Objective: H-03 Provide examples of automated application controls and understand how these
controls relate to transaction processing in a computerized processing system.
Source: Original
Topic: Input Controls

81.

Which of the following persons is responsible for controlling access to


systems documentation and access to program and data files?

A.
B.
C.
D.

Programmers.
Data conversion operators.
Librarians.
Computer operators.

Reference: Question also found in textbook


AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: H-02 Provide examples of general controls and understand how these controls relate to
transaction processing in a computerized processing system.
Source: Original

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

Topic: Computer Operations Controls

82.

The evaluation of computer controls with simulated data processed


through the client's computer programs is referred to as

A.
B.
C.
D.

Parallel simulation.
Test data.
Integrated test facility.
Database.

Reference: Question also found in study guide


AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: H-05 Identify how audit teams perform tests of controls in a computerized environment.
Source: Original
Topic: Test Data

83.

Audit teams can use the computer to test the operating effectiveness
of the client's controls in each of the following cases except to

A. Select transactions and manually audit the actual transaction


processing.
B. Evaluate the computer controls using simulated data.
C. Compare external documentation with internal documentation.
D. Evaluate the computer controls using actual data processed
through the client's computer programs.
Reference: Question also found in study guide
AACSB: Analytic
AICPA BB: Critical Thinking
AICPA FN: Risk Analysis
Blooms: Apply
Difficulty: 3 Hard
Learning Objective: H-05 Identify how audit teams perform tests of controls in a computerized environment.
Source: Original
Topic: Approaches to Auditing

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

84.

Which of the following is not a category of general controls?

A.
B.
C.
D.

Access to programs and data controls.


Computer operations controls.
Processing controls.
Program change controls.

Reference: Question also found in study guide


AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: H-02 Provide examples of general controls and understand how these controls relate to
transaction processing in a computerized processing system.
Source: Original
Topic: General Controls

85.

To test the operating effectiveness of computer controls, audit teams


can use each of the following methods except

A. Creating a "dummy entity" and processing simulated transactions


along with actual transactions.
B. Creating fictitious transactions for processing through the client's
computer programs separately from actual client transactions.
C. Processing actual client transactions through an auditor-created
program.
D. Observing the separation of duties of client personnel.
Reference: Question also found in study guide
AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Apply
Difficulty: 3 Hard
Learning Objective: H-05 Identify how audit teams perform tests of controls in a computerized environment.
Source: Original
Topic: Approaches to Auditing

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

86.

The tools and techniques applicable to auditing in a computerized


environment should not include those that

A. Operate on a real-time basis with actual data.


B.
Use simulated or dummy data.
C.
Audit around the computer.
D.
Use program analysis techniques.
Reference: Question also found in study guide
AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: H-05 Identify how audit teams perform tests of controls in a computerized environment.
Source: Original
Topic: Approaches to Auditing

87.

The technique of creating a minicompany with fictitious master file


records to process simulated data simultaneously with actual client
data is referred to as a(n)

A.
B.
C.
D.

Sample audit review file.


Integrated test facility.
Systems control audit review file.
Program analysis software.

Reference: Question also found in study guide


AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: H-05 Identify how audit teams perform tests of controls in a computerized environment.
Source: Original
Topic: Integrated Test Facility

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

88.

Which of the following is not an example of a computer control


related to file retention and security?

A.
Echo check.
B.
Storage in fireproof vaults.
C. Backup versions of files stored in remote locations.
D.
Grandfather-father-son concept.
Reference: Question also found in study guide
AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: H-02 Provide examples of general controls and understand how these controls relate to
transaction processing in a computerized processing system.
Source: Original
Topic: Computer Operations Controls

89.

Which of the following is not a major difference between a manual


processing environment and a computerized processing
environment?

A. A computerized processing environment requires data to be


converted into electronic format, which introduces the possibility
of input errors.
B. A computerized processing environment has an increased level of
human involvement.
C. Random errors are more likely in a manual processing environment
than a computerized processing environment.
D. A hard copy "audit trail" is less likely to exist in a computerized
processing environment than a manual processing environment.
Reference: Question also found in study guide
AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: H-01 Identify how the use of a computerized processing system impacts the audit
examination.

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

Source: Original
Topic: Differences in Computerized Processing Environment

90.

A numerical field appended to an identification number that serves


as an input control is a(n)

A.
B.
C.
D.

Batch total.
Hash total.
Check digit.
Valid character test.

Reference: Question also found in study guide


AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: H-03 Provide examples of automated application controls and understand how these
controls relate to transaction processing in a computerized processing system.
Source: Original
Topic: Input Controls

91.

The major disadvantage of an integrated test facility is that

A. Data processed through the client's system must be "backed out"


very carefully.
B. The cost of setting up the facility adds to overhead of the system.
C. Audit teams need extensive knowledge of computer programming.
D. It is a costly use of computer resources.
Reference: Question also found in study guide
AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: H-05 Identify how audit teams perform tests of controls in a computerized environment.
Source: Original
Topic: Integrated Test Facility

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

Fill in the Blank Questions


92.

Auditing _________________________________________________ refers to


the actual evaluation of the hardware and programs to determine the
reliability of computer operations and test the operating
effectiveness of the related controls.
through the computer
Reference: Question also found in study guide

93.

Auditing ________________________________________ consists of


reconciling source documents with computer output.
around the computer
Reference: Question also found in study guide

94.

____________________________ techniques are special audit modules


designed and coded into computer programs to allow audit teams to
evaluate various stages of transaction processing.
Program-embedded
Reference: Question also found in study guide

95.

The method of testing computer controls that requires audit teams to


prepare a computer program to process a client's actual data is
referred to as a(n) _________________________________.
parallel simulation
Reference: Question also found in study guide

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

96.

______________________________ compare the client's processing of


simulated transactions to the audit team's manual processing of
those transactions.
Test data
Reference: Question also found in study guide

97.

Controls that involve all applications of computerized processing


(such as hardware controls) are referred to as
______________________________________.
general controls
Reference: Question also found in study guide

98.

An important control over program development is the entity's use of


the _____________________________________________ life cycle to plan,
develop, and implement new computerized systems.
systems development
Reference: Question also found in study guide

99.

__________________________________ controls are "built in" to the


computer equipment and provide reasonable assurance that data are
not altered or modified as they are transmitted within the system.
Hardware
Reference: Question also found in study guide

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

100. Check digits, record counts, and sequence tests are examples of
_____________________________ controls.
input
Reference: Question also found in study guide
101. Four methods that are used by audit teams to test the operating
effectiveness of controls include inquiry, observation, documentation
examination, and ______________________
reperformance
Reference: Question also found in study guide
102. Separation of incompatible functions is an example of a
___________________________________ control.
computer operations
Reference: Question also found in study guide
103. _____________________________ processing occurs when a group of
similar transactions is accumulated and processed simultaneously.
Batch
Reference: Question also found in study guide
104. _____________________________ describes the system and its controls
and is the means of communicating the essential elements of the
computerized processing system to current and potential users.
Documentation
Reference: Question also found in study guide

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

105. Retaining previous generations of files for use in reconstructing


current generations of files is known as the
_________________________________________ technique.
grandfather-father-son
Reference: Question also found in study guide
106. _____________________________ prepare flowcharts and code the logic of
the computer programs required by the overall system designed by
the systems analyst.
Programmers
Reference: Question also found in study guide
107. ____________________________________ represent comparisons of the
number of transactions submitted for data conversion with the
number of transactions actually entered for processing.
Record counts
Reference: Question also found in study guide
108. _____________________________ and _____________________________ are
special internal labels on files that provide reasonable assurance that
the correct files are used in processing.
Headers; trailers
Reference: Question also found in study guide

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

109. A(n) __________________________________________ involves testing the


client's processing system and controls by creating a dummy
department or branch.
integrated test facility
Reference: Question also found in study guide
110. _____________________________________ are arithmetic totals of fields
that do not have a significant meaning (such as employee numbers).
Hash totals
Reference: Question also found in study guide
111. _____________________________ computing environments are often
characterized by inadequate separation of duties and lack of physical
computer security.
End-user
Reference: Question also found in study guide

Short Answer Questions

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

112. Match each of the following categories of general controls (letters AE) to the description of a computer control (numbers 1-10). A
category of general controls can be used more than once.
A. Hardware controls
B. Program development controls
C. Program change controls
D. Computer operations controls
E. Access to programs and data controls
____ 1. Separating the duties of systems programmers, computer
operators, and data librarians.
____ 2. Conducting preventative maintenance on computer
equipment.
____ 3. Requiring the use of passwords to access computer programs
and files.
____ 4. Using the systems development life cycle for testing and
validation of new programs.
____ 5. Requiring program modifications to be tested and
implemented by appropriate personnel.
____ 6. Maintaining backup copies of files at safe, remote locations.
____ 7. Involving users in the design of programs and selection of
prepackaged software.
____ 8. Relying on parity checks imbedded into computer equipment
by the computer manufacturer.
____ 9. Using external labels to identify files and programs.
____ 10. Ensuring that emergency requests are appropriately
documented and properly authorized.

1. D, 2. A, 3. E, 4. B, 5. C, 6. D, 7. B, 8. A, 9. D, 10. C
AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: H-02 Provide examples of general controls and understand how these controls relate to
transaction processing in a computerized processing system.
Source: Original
Topic: Types of General Controls

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

113. Identify whether each of the following statements is appropriate for


auditing around the computer (A), auditing through the computer (T),
or auditing both around and through the computer (B).
____ 1. It is more likely to be utilized when the client's computerized
processing systems are relatively simple.
____ 2. The method is permitted under generally accepted auditing
standards.
____ 3. It requires audit teams to evaluate and test the operating
effectiveness of computer controls.
____ 4. It primarily concerns correspondence between input and
output.
____ 5. The use of test data and parallel simulation are examples of
this approach.
____ 6. It should be used with more complex computerized processing
systems.
____ 7. Audit teams can design error conditions to evaluate how these
conditions are processed.
____ 8. Audit teams are required to consider important computer
controls that have been implemented by the client over
computerized processing of transactions.
____ 9. It is more likely to be used when clients have not implemented
extensive computer controls.
____ 10. It can be used to provide audit teams with a basis for
assessing control risk.

1. A, 2. B, 3. T, 4. A, 5. T, 6. T, 7. T, 8. T, 9. A, 10. B
AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: H-05 Identify how audit teams perform tests of controls in a computerized environment.
Source: Original
Topic: Auditing Approaches in a Computerized Environment

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

114. Match each of the following general controls with the broad category
of controls in which it is included (each control will be related to only
one category).

1. B, 2. E, 3. D, 4. C, 5. D, 6. A, 7. D, 8. C
Feedback: Reference: Question also found in study guide
AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: H-02 Provide examples of general controls and understand how these controls relate to
transaction processing in a computerized processing system.
Source: Original
Topic: Types of General Controls

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

115. Match each of the automated application controls with the error
condition(s) they are designed to prevent or detect (each control may
be designed to prevent or detect more than one error condition).

1. A; 2. B, C, D; 3. A, B, C, D; 4. A, B, C, D; 5. A; 6. A; 7. A; 8. B; 9. A,
D; 10. A, D; 11. A; 12. D; 13. D; 14. D; 15. D
Feedback: Reference: Question also found in study guide
AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Evaluate
Difficulty: 3 Hard
Learning Objective: H-03 Provide examples of automated application controls and understand how these
controls relate to transaction processing in a computerized processing system.
Source: Original
Topic: Input Controls

Essay Questions

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

116. What is the difference between the use of test data and parallel
simulation?

The primary differences between the use of test data and parallel
simulation are the nature of the data used and the system used to
process the data. The test data approach uses simulated data
created by the audit team that is processed through the client's
computerized processing system. Parallel simulation involves
comparing the results of separate processing of actual (not
simulated) data through the client's computerized processing system
and through a program prepared by the audit team.
AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: H-05 Identify how audit teams perform tests of controls in a computerized environment.
Source: Original
Topic: Test Data and Parallel Simulation

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

117. At a meeting of the corporate audit committee attended by the


general manager of the products division (A. Smith) and the internal
audit manager (P. Marks), the following dialogue took place between
Smith and R. Jones (chair of the corporate audit committee):
Jones: Ms. Marks has suggested that the internal audit department
conduct an examination of the computer activities of the products
division.
Smith: I don't know much about the technicalities of computers, but
the division has some of the best computer people in the company.
Jones: Do you know whether the internal controls we have
implemented are satisfactory?
Smith: I suppose they are. No one has complained. What's so
important about controls anyway, as long as the system works? I
don't even know what type of controls we should have for our
system.
Jones: Ms. Marks, can you explain the objective of computer controls
and provide us some examples?
Required:
Address Ms. Marks' response to the following points:
a. State the principal objective of achieving control over (1) input, (2)
processing, and (3) output.
b. Provide examples of (1) input controls, (2) processing controls, and
(3) output controls.

a.
(1) The objective of input controls is to provide reasonable assurance
that data received for processing by the computer department have
been properly authorized and accurately entered or converted for

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

processing.
(2) The objective of processing controls is to provide reasonable
assurance that data processing has been performed accurately and
without any omission or duplicate processing of transactions.
(3) The objective of output controls is to provide reasonable
assurance that only authorized persons receive output or have
access to files produced by the system.
b.
(1) Examples of input controls include:

Data entry and formatting controls


Authorization and approval controls
Check digits
Record counts
Batch totals
Hash totals
Valid character tests
Valid sign tests
Missing data tests
Sequence tests
Limit and reasonableness tests
Error correction and resubmission procedures

(2) Examples of processing controls include


Clients periodically testing and evaluating the processing accuracy
of its programs
Run-to-run totals
Control total reports
Error correction and resubmission procedures
Limit and reasonableness tests
(3) Examples of output controls include
Review of output for reasonableness

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

Control total reports


Master file changes
Controls over output distribution
AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Understand
Difficulty: 2 Medium
Learning Objective: H-03 Provide examples of automated application controls and understand how these
controls relate to transaction processing in a computerized processing system.
Source: Original
Topic: Types of Automated Application Controls

Matching Questions

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

118. Match each of the following input controls (letters A-K) with the
description or type of error that might be detected by this control
(numbers 1-11). Each input control relates to only one description or
type of error.

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

1. Data fields have the


Limit and
appropriate positive or
reasonableness
negative sign
tests 7
2. Computer may
automatically generate and
1
authorize transactions
Record count 0
3. Data are inadvertently
input in an incorrect field
Valid sign tests 1
4. The sum of a data field
has numerical significance
(such as the total number of
hours worked)
Batch totals 4
5. The sum of a data field
has no numerical
Error correction
significance (such as the
and resubmission 1
total of employee numbers)
procedures 1
6. Data conversion
personnel will not fail to
Authorization
enter data in a particular
and approval
field
controls 2
7. Data values exceed or fall
below some predetermined
limit
Check digit 9
8. Data fields have the
appropriate numeric or
alphabetic characters
Hash totals 5
9. A numerical field is
appended to another
numerical field to ensure
Valid character
accurate input of data
tests 8
10. The number of payroll
transactions received for
processing is compared with
the number of transactions
entered into a transaction
Missing data
file
tests 6
11. Data entry personnel are
able to correct data
conversion errors in a timely
Data entry and
fashion
formatting 3
AACSB: Technology

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

AICPA BB: Leveraging Technology


AICPA FN: Leveraging Technology
Blooms: Evaluate
Difficulty: 3 Hard
Learning Objective: H-03 Provide examples of automated application controls and understand how these
controls relate to transaction processing in a computerized processing system.
Source: Original
Topic: Input Controls

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

119. Match each of the following program-embedded techniques (letters


A-I) with a description of these techniques (numbers 1-9). Each
technique relates to only one description.

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

1. Identifying transactions at input


and obtaining a computer trail of
all processing steps related to
these transactions
2. Obtaining a record of
transactions and database
elements prior to and following
computerized processing
3. Writing auditor-selected
transactions to a special file for
later verification
4. Using software packages that
assist audit teams in
understanding the logic of an
application program and following
the flow of transactions and data
through an application program
5. Using hardware and software to
identify the individual who
accesses the system, the
applications and operations
accessed, and the time the
applications and operations were
accessed
6. Processing simulated
transactions through the client's
computerized processing system
and comparing results to
predetermined results
7. Providing an audit trail of
transactions by accumulating the
results of all processing
8. Processing actual transactions
through programs designed by
audit teams to replicate the
client's computerized processing
system
9. Processing simulated
transactions related to a fictitious
department or branch created by
the audit team

Extended
records 7
Program
analysis
techniques 4
Tagging
transactions 1

Embedded
audit
modules 3

Parallel
simulation 8

Snapshot

Integrated
test facility 9

Test data

Monitoring
system
activity 5

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.

AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Blooms: Remember
Difficulty: 1 Easy
Learning Objective: H-05 Identify how audit teams perform tests of controls in a computerized environment.
Source: Original
Topic: Program-Embedded Techniques

2013 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in
any manner. This document may not be copied, scanned, duplicated, forwarded, distributed, or posted on a website, in whole or part.