Auditing in A Computerized Environment

AUDITING IN A COMPUTERIZED ENVIRONMENT
1. Which statement is incorrect when auditing in a CIS c. The potential unauthorized access to data or to alter
environment? them without visible evidence maybe greater.
a. A CIS environment exists when a computer of any d. Initiation of changes in the master file is exclusively
type or size is involved in the processing by the entity handled by respective users.
of financial information of significance to the audit,
whether that computer is operated by the entity or by 8. Which of the following significance and complexity of the CIS
a third party. activities should an auditor least understand?
b. The auditor should consider how a CIS environment a. The organizational structure of the clients CIS
affects the audit. activities.
c. The use of a computer changes the processing, b. Lack of transaction trails.
storage and communication of financial information c. The significance and complexity of computer
and may affect the accounting and internal control processing in each significant accounting application.
systems employed by the entity. d. The use of software packages instead of customized
d. A CIS environment changes the overall objective and software.
scope of an audit.
9. Which statement is correct regarding personal computer
2. Which of the following standards or group of standards is systems?
mostly affected by a computerized information system a. Personal computers or PCs are economical yet
environment? powerful self-contained general purpose computers
a. General standards consisting typically of a central processing unit
b. Reporting standards (CPU), memory, monitor, disk drives, printer cables
c. Second standard of field work and modems.
d. Standards of fieldwork b. Programs and data are stored only on non-
removable storage media.
3. Which of the following is least considered if the auditor has to c. Personal computers cannot be used to process
determine whether specialized CIS skills are needed in an accounting transactions and produce reports that are
audit? essential to the preparation of financial statements.
a. The auditor needs to obtain a sufficient d. Generally, CIS environments in which personal
understanding of the accounting and internal control computers are used are the same with other CIS
system affected by the CIS environment. environments.
b. The auditor needs to determine the effect of the CIS
environment on the assessment of overall risk and of 10. A personal computer can be used in various configurations,
risk at the account balance and class of transactions including
level. a. A stand-alone workstation operated by a single user
c. Design and perform appropriate tests of controls and or a number of users at different times.
substantive procedures. b. A workstation which is part of a local area network of
d. The need of the auditor to make analytical personal computers.
procedures during the completion stage of audit. c. A workstation connected to a server.
d. All of the above.
4. It relates to materiality of the financial statement assertions
affected by the computer processing. 11. Which statement is incorrect regarding personal computer
a. Threshold configurations?
b. Relevance a. The stand-alone workstation can be operated by a
c. Complexity single user or a number of users at different times
d. Significance accessing the same or different programs.
b. A stand-alone workstation may be referred to as a
5. Which of the following least likely indicates a complexity of distributed system.
computer processing? c. A local area network is an arrangement where two
a. Transactions are exchanged electronically with other or more personal computers are linked together
organizations without manual review of their through the use of special software and
propriety. communication lines.
b. The volume of the transactions is such that users d. Personal computers can be linked to servers and
would find it difficult to identify and correct errors in used as part of such systems, for example, as an
processing. intelligent on-line workstation or as part of a
c. The computer automatically generates material distributed accounting system.
transactions or entries directly to another
applications. 12. Which of the following is the least likely characteristic of
d. The system generates a daily exception report personal computers?
a. They are small enough to be transportable.
6. The nature of the risks and the internal characteristics in CIS b. They are relatively expensive.
environment that the auditors are mostly concerned include the c. They can be placed in operation quickly.
following except: d. The operating system software is less
a. Lack of segregation of functions. comprehensive than that found in larger computer
b. Lack of transaction trails. environments.
c. Dependence of other control over computer
processing. 13. Which of the following is an inherent characteristic of software
d. Cost-benefit ratio. package?
a. They are typically used without modifications of the
7. Which of the following is least likely a risk characteristic programs.
associated with CIS environment? b. The programs are tailored-made according to the
a. Errors embedded in an applications program logic specific needs of the user.
maybe difficult to manually detect on a timely basis. c. They are developed by software manufacturer
b. Many control procedures that would ordinarily be according to a particular users specifications.
performed by separate individuals in manual system d. It takes a longer time of implementation.
maybe concentrated in CIS.
14. Which of the following is not normally a removable storage 21. The effect of personal computers on the accounting system
media? and the associated risks will least likely depend on
a. Compact disk a. The extent to which the personal computer is being
b. Tapes used to process accounting applications.
c. Diskettes b. The type and significance of financial transactions
d. Hard disk being processed.
c. The nature of files and programs utilized in the
15. It is a computer program (a block of executable code) that applications.
attaches itself to a legitimate program or data file and uses d. The cost of personal computers.
itself as a transport mechanism to reproduce itself without the
knowledge of the user. 22. The auditor may often assume that control risk is high in
a. Virus personal computer systems since, it may not be practicable or
b. System management program cost-effective for management to implement sufficient controls
c. Utility program to reduce the risks of undetected errors to a minimum level.
d. Encryption This least likely entail
a. More physical examination and confirmation of
16. Which statement is incorrect regarding internal control in assets.
personal computer environment? b. More analytical procedures than tests of details.
a. Generally, the CIS environment in which personal c. Larger sample sizes.
computers are used is less structured than a d. Greater use of computer-assisted audit techniques,
centrally-controlled CIS environment. where appropriate.
b. Controls over the system development process and
operations may not be viewed by the developer, the 23. Computer systems that enable users to access data and
user or management as being as important or cost- programs directly through workstations are referred to as
effective. a. On-line computer systems
c. In almost all commercially available operating b. Personal computer systems
systems, the built-in security provided has gradually c. Database management systems (DBMS)
increased over the years. d. Database systems
d. In a typical personal computer environment, the
distinction between general CIS controls and CIS 24. On-line systems allow users to initiate various functions
application controls is easily ascertained. directly. Such functions include:
I. Entering transactions
17. Personal computers are susceptible to theft, physical damage, II. Requesting reports
unauthorized access or misuse of equipment. Which of the III. Making inquiries
following is least likely a physical security to restrict access to IV. Updating master files
personal computers when not in use? a. I, II, III and IV
a. Using door locks or other security protection during b. I and II
non-business hours. c. I, II and III
b. Fastening the personal computer to a table using d. I and IV
security cables.
c. Locking the personal computer in a protective 25. Many different types of workstations may be used in on-line
cabinet or shell. computer systems. The functions performed by these
d. Using anti-virus software programs. workstations least likely depend on their
a. Logic
18. Which of the following is not likely a control over removable b. Transmission
storage media to prevent misplacement, alteration without c. Storage
authorization or destruction? d. Cost
a. Using cryptography, which is the process of
transforming programs and information into an 26. Types of workstations include General Purpose Terminals and
unintelligible form. Special Purpose Terminals. Special Purpose Terminals
b. Placing responsibility for such media under include
personnel whose responsibilities include duties of a. Basic keyboard and monitor
software custodians or librarians. b. Point of sale devices
c. Using a program and data file check-in and check- c. Intelligent terminal
out system and locking the designated storage d. Personal computers
locations.
d. Keeping current copies of diskettes, compact disks 27. Special Purpose Terminal used to initiate, validate, record,
or back-up tapes and hard disks in a fireproof transmit and complete various banking transactions
container, either on-site, off-site or both. a. Automated teller machines
b. Intelligent terminal
19. 19. Which of the following least likely protects critical and c. Point of sale devices
sensitive information from unauthorized access in a personal d. Personal computers
computer environment?
a. Using secret file names and hiding the files. 28. Which statement is incorrect regarding workstations?
b. Keeping of back up copies offsite. a. Workstations may be located either locally or at
c. Employing passwords. remote sites.
d. Segregating data into files organized under separate b. Local workstations are connected directly to the
file directories. computer through cables.
c. Remote workstations require the use of
20. It refers to plans made by the entity to obtain access to telecommunications to link them to the computer.
comparable hardware, software and data in the event of their d. Workstations cannot be used by many users, for
failure, loss or destruction. different purposes, in different locations all at the
a. Back-up same time.
b. Encryption 29. On-line computer systems may be classified according to
c. Anti-virus a. How information is entered into the system.
d. Wide Area Network (WAN) b. How it is processed.
c. When the results are available to the user.
d. All of the above.
30. In an on-line/real time processing system 38. Certain general CIS controls that are particularly important to
a. Individual transactions are entered at workstations, on-line processing least likely include
validated and used to update related computer files a. Access controls.
immediately. b. System development and maintenance controls.
b. Individual transactions are entered at a workstation, c. Edit, reasonableness and other validation tests.
subjected to certain validation checks and added to a d. Use of anti-virus software program.
transaction file that contains other transactions
entered during the period. 39. Certain CIS application controls that are particularly important
c. Individual transactions immediately update a memo to on-line processing least likely include
file containing information which has been extracted a. Pre-processing authorization.
from the most recent version of the master file. b. Transaction logs.
d. The master files are updated by other systems. c. Cut-off procedures.
d. Balancing.
31. It combines on-line/real time processing and on-line/batch
processing. 40. Risk of fraud or error in on-line systems may be reduced in the
a. On-Line/Memo Update (and Subsequent Processing) following circumstances, except
b. On-Line Downloading/Uploading Processing a. If on-line data entry is performed at or near the point
c. On-Line/Inquiry where transactions originate, there is less risk that
d. On-Line/Combined Processing the transactions will not be recorded.
b. If invalid transactions are corrected and re-entered
32. It is a communication system that enables computer users to immediately, there is less risk that such transactions
share computer equipment, application software, data and will not be corrected and re-submitted on a timely
voice and video transmissions. basis.
a. Network c. If data entry is performed on-line by individuals who
b. File server understand the nature of the transactions involved,
c. Host the data entry process may be less prone to errors
d. Client than when it is performed by individuals unfamiliar
with the nature of the transactions.
33. A type of network that multiple buildings are close enough to d. On-line access to data and programs through
create a campus, but the space between the buildings is not telecommunications may provide greater opportunity
under the control of the company is for access to data and programs by unauthorized
a. Local Area Network (LAN) persons.
b. Metropolitan Area Network (MAN)
c. Wide Area Network (WAN) 41. Risk of fraud or error in on-line computer systems may be
d. World Wide Web (WWW) increased for the following reasons, except
a. If workstations are located throughout the entity, the
34. Which of the following is least likely a characteristic of Wide opportunity for unauthorized use of a workstation and
Area Network (WAN)? the entry of unauthorized transactions may increase.
a. Created to connect two or more geographically b. Workstations may provide the opportunity for
separated LANs. unauthorized uses such as modification of previously
b. Typically involves one or more long-distance entered transactions or balances.
providers, such as a telephone company to provide c. If on-line processing is interrupted for any reason,
the connections. for example, due to faulty telecommunications, there
c. WAN connections tend to be faster than LAN. may be a greater chance that transactions or files
d. Usually more expensive than LAN. may be lost and that the recovery may not be
accurate and complete.
35. Gateway is d. If transactions are processed immediately on-line,
a. A hardware and software solution that enables there is less risk that they will be processed in the
communications between two dissimilar networking wrong accounting period.
systems or protocols.
b. A device that forwards frames based on destination 42. 42. The following matters are of particular importance to the
addresses. auditor in an on-line computer system, except
c. A device that connects and passes packets between a. Authorization, completeness and accuracy of on-line
two network segments that use the same transactions.
communication protocol. b. Integrity of records and processing, due to on-line
d. A device that regenerates and retransmits the signal access to the system by many users and
on a network. programmers.
c. Changes in the performance of audit procedures
36. A device that works to control the flow of data between two or including the use of CAAT's.
more network segments d. Cost-benefit ratio of installing on-line computer
a. Bridge system.
b. Router
c. Repeater 43. A collection of data that is shared and used by a number of
d. Switch different users for different purposes.
a. Database
37. The undesirable characteristics of on-line computer systems b. Information file
least likely include c. Master file
a. Data are usually subjected to immediate validation d. Transaction file
checks.
b. Unlimited access of users to all of the functions in a
particular application.
c. Possible lack of visible transaction trail.
d. Potential programmer access to the system.
44. Which of the following is least likely a characteristic of a 50. The effect of a database system on the accounting system and
database system? the associated risks will least likely depend on:
a. Individual applications share the data in the database a. The extent to which databases are being used by
for different purposes. accounting applications.
b. Separate data files are maintained for each b. The type and significance of financial transactions
application and similar data used by several being processed.
applications may be repeated on several different c. The nature of the database, the DBMS, the database
files. administration tasks and the applications.
c. A software facility is required to keep track of the d. The CIS application controls.
location of the data in the database.
d. Coordination is usually performed by a group of 51. Audit procedures in a database environment will be affected
individuals whose responsibility is typically referred to principally by
as "database administration." a. The extent to which the data in the database are
used by the accounting system.
45. Database administration tasks typically include b. The type and significance of financial transactions
I. Defining the database structure. being processed.
II. Maintaining data integrity, security and c. The nature of the database, the DBMS, the database
completeness. administration tasks and the applications.
III. Coordinating computer operations related to the d. The general CIS controls which are particularly
database. important in a database environment.
IV. Monitoring system performance.
V. Providing administrative support. 52. Which statement is incorrect regarding the characteristics of a
a. All of the above CIS organizational structure?
b. All except I a. Certain data processing personnel may be the only
c. II and V only ones with a detailed knowledge of the
d. II, III and V only interrelationship between the source of data, how it is
processed and the distribution and use of the output.
46. Due to data sharing, data independence and other b. Many conventional controls based on adequate
characteristics of database systems segregation of incompatible functions may not exist,
a. General CIS controls normally have a greater or in the absence of access and other controls, may
influence than CIS application controls on database be less effective.
systems. c. Transaction and master file data are often
b. CIS application controls normally have a greater concentrated, usually in machine-readable form,
influence than general CIS controls on database either in one computer installation located centrally or
systems. in a number of installations distributed throughout an
c. General CIS controls normally have an equal entity.
influence with CIS application controls on database d. Systems employing CIS methods do not include
systems. manual operations since the number of persons
d. CIS application controls normally have no influence involved in the processing of financial information is
on database systems. significantly reduced.
47. Which statement is incorrect regarding the general CIS controls 53. System characteristics that may result from the nature of CIS
of particular importance in a database environment? processing include, except
a. Since data are shared by many users, control may a. Absence of input documents.
be enhanced when a standard approach is used for b. Lack of visible transaction trail.
developing each new application program and for c. Lack of visible output.
application program modification. d. Difficulty of access to data and computer programs.
b. Several data owners should be assigned
responsibility for defining access and security rules, 54. The development of CIS will generally result in design and
such as who can use the data (access) and what procedural characteristics that are different from those found in
functions they can perform (security). manual systems. These different design and procedural
c. User access to the database can be restricted aspectsof CIS include, except:
through the use of passwords. a. Consistency of performance.
d. Responsibilities for performing the various activities b. Programmed control procedures.
required to design, implement and operate a c. Vulnerability of data and program storage media
database are divided among technical, design, d. Multiple transaction update of multiple computer files
administrative and user personnel. or databases.
48. These require a database administrator to assign security 55. Which statement is incorrect regarding internal controls in a
attributes to data that cannot be changed by database users. CIS environment?
a. Discretionary access controls a. Manual and computer control procedures comprise
b. Name-dependent restrictions the overall controls affecting the CIS environment
c. Mandatory access controls (general CIS controls) and the specific controls over
d. Content-dependent restrictions. the accounting applications (CIS application
controls).
49. A discretionary access control wherein users are permitted or b. The purpose of general CIS controls is to establish a
denied access to data resource depending on the time series framework of overall control over the CIS activities
of accesses to and actions they have undertaken on data and to provide a reasonable level of assurance that
resources. the overall objectives of internal control are achieved.
a. Name-dependent restrictions c. The purpose of CIS application controls is to
b. Context-dependent restriction establish specific control procedures over the
c. Content-dependent restriction application systems in order to provide reasonable
d. History-dependent restriction assurance that all transactions are authorized and
recorded, and are processed completely, accurately
and on a timely basis.
d. The internal controls over computer processing, 63. Audit automation least likely include
which help to achieve the overall objectives of a. Expert systems.
internal control, include only the procedures b. Tools to evaluate a clients risk management
designed into computer programs. procedures.
c. Manual working papers.
56. General CIS controls may include, except: d. Corporate and financial modeling programs for use
a. Organization and management controls. as predictive audit tests.
b. Delivery and support controls.
c. Development and maintenance controls. 64. An internal auditor noted the following points when conducting
d. Controls over computer data files. a preliminary survey in connection with the audit of an EDP
department. Which of the following would be considered a
57. 57. CIS application controls include, except safeguard in the control system on which the auditor might
a. Controls over input. rely?
b. Controls over processing and computer data files. a. Programmers and computer operators correct daily
c. Controls over output. processing problems as they arise.
d. Monitoring controls. b. The control group works with user organizations to
correct rejected input.
58. Which statement is incorrect regarding the review of general c. New systems are documented as soon as possible
CIS controls and CIS application controls? after they begin processing live data.
a. The auditor should consider how these general CIS d. The average tenure of employees working in the
controls affect the CIS applications significant to the EDP department is ten months.
audit.
b. General CIS controls that relate to some or all 65. An on-line access control that checks whether the users code
applications are typically interdependent controls in number is authorized to initiate a specific type of transaction or
that their operation is often essential to the inquiry is referred to as
effectiveness of CIS application controls. a. Password
c. Control over input, processing, data files and output b. Compatibility test
may be carried out by CIS personnel, by users of the c. Limit check
system, by a separate control group, or may be d. Reasonableness test
programmed into application software.
d. It may be more efficient to review the design of the 66. A control procedure that could be used in an on-line system to
application controls before reviewing the general provide an immediate check on whether an account number
controls. has been entered on a terminal accurately is a
a. Compatibility test
59. Which statement is incorrect regarding the evaluation of b. Record count
general CIS controls and CIS application controls? c. Hash total
a. The general CIS controls may have a pervasive d. Self-checking digit
effect on the processing of transactions in application
systems. 67. A control designed to catch errors at the point of data entry is
b. If general CIS controls are not effective, there may a. Batch total
be a risk that misstatements might occur and go b. Self-checking digit
undetected in the application systems. c. Record count
c. Manual procedures exercised by users may provide d. Checkpoints
effective control at the application level.
d. Weaknesses in general CIS controls cannot preclude 68. Program documentation is a control designed primarily to
testing certain CIS application controls. ensure that
a. Programmers have access to the tape library or
60. The applications of auditing procedures using the computer as information on disk files.
an audit tool refer to b. Programs do not make mathematical errors.
a. Integrated test facility c. Programs are kept up to date and perform as
b. Auditing through the computer intended.
c. Data-based management system d. Data have been entered and processed.
d. Computer assisted audit techniques
69. Some of the more important controls that relate to automated
61. Which statement is incorrect regarding CAATs? accounting information systems are validity checks, limit
a. CAATs are often an efficient means of testing a large checks, field checks, and sign tests. These are classified as
number of transactions or controls over large a. Control total validation routines
populations. b. Output controls
b. To ensure appropriate control procedures, the c. Hash totaling
presence of the auditor is not necessarily required at d. Input validation routines
the computer facility during the running of a CAAT.
c. The general principles outlined in PAPS 1009 apply 70. Most of todays computer systems have hardware controls that
in small entity IT environments. are built in by the computer manufacturer. Common hardware
d. Where smaller volumes of data are processed, the controls are
use of CAATs is more cost effective. a. Duplicate circuitry, echo check, and internal header
labels
62. Consists of generalized computer programs designed to b. Tape file protection, cryptographic protection, and
perform common audit tasks or standardized data processing limit checks
functions. c. Duplicate circuitry, echo check, and dual reading
a. Package or generalized audit software d. Duplicate circuitry, echo check, tape file protection,
b. Utility programs and internal header labels
c. Customized or purpose-written programs
d. System management programs
71. Computer manufacturers are now installing software programs c. Record of the type of access to which each user is
permanently inside the computer as part of its main memory to entitled.
provide protection from erasure or loss if there is interrupted d. Limit on the number of transaction inquiries that can
electrical power. This concept is known as be made by each user in a specified time period.
a. File integrity
b. Random access memory (RAM) 79. Which one of the following input validation routines is not likely
c. Software control to be appropriate in a real time operation?
d. Firmware a. Field check
b. Sequence check
72. Which one of the following represents a lack of internal control c. Sign check
in a computer-based information system? d. Redundant data check
a. The design and implementation is performed in
accordance with managements specific 80. Which of the following controls is a processing control designed
authorization. to ensure the reliability and accuracy of data processing?
b. Any and all changes in application programs have
the authorization and approval of management. Limit test Validity check test
c. Provisions exist to protect data files from a. Yes Yes
unauthorized access, modification, or destruction. b. No No
d. Both computer operators and programmers have c. No Yes
unlimited access to the programs and data files. d. Yes No
73. In an automated payroll processing environment, a department 81. Which of the following characteristics distinguishes computer
manager substituted the time card for a terminated employee processing from manual processing?
with a time card for a fictitious employee. The fictitious a. Computer processing virtually eliminates the
employee had the same pay rate and hours worked as the occurrence of computational error normally
terminated employee. The best control technique to detect this associated with manual processing.
action using employee identification numbers would be a b. Errors or irregularities in computer processing will be
a. Batch total detected soon after their occurrences.
b. Hash total c. The potential for systematic error is ordinarily greater
c. Record count in manual processing than in computerized
d. Subsequent check processing.
d. Most computer systems are designed so that
74. An employee in the receiving department keyed in a shipment transaction trails useful for audit do not exist.
from a remote terminal and inadvertently omitted the purchase
order number. The best systems control to detect this error 82. Which of the following most likely represents a significant
would be deficiency in the internal control structure?
a. Batch total a. The systems analyst review applications of data
b. Sequence check processing and maintains systems documentation.
c. Completeness test b. The systems programmer designs systems for
d. Reasonableness test computerized applications and maintains output
controls.
75. The reporting of accounting information plays a central role in c. The control clerk establishes control over data
the regulation of business operations. Preventive controls are received by the EDP department and reconciles
an integral part of virtually all accounting processing systems, control totals after processing
and much of the information generated by the accounting d. The accounts payable clerk prepares data for
system is used for preventive control purposes. Which one of computer processing and enters the data into the
the following is not an essential element of a sound preventive computer.
control system?
a. Separation of responsibilities for the recording, 83. Which of the following activities would most likely be performed
custodial, and authorization functions. in the EDP Department?
b. Sound personnel policies. a. Initiation of changes to master records.
c. Documentation of policies and procedures. b. Conversion of information to machine-readable form.
d. Implementation of state-of-the-art software and c. Correction of transactional errors.
hardware. d. Initiation of changes to existing applications.
76. The most critical aspect regarding separation of duties within 84. For control purposes, which of the following should be
information systems is between organizationally segregated from the computer operations
a. Project leaders and programmers function?
b. Programmers and systems analysts a. Data conversion
c. Programmers and computer operators b. Systems development
d. Data control and file librarians c. Surveillance of CRT messages
d. Minor maintenance according to a schedule
77. Whether or not a real time program contains adequate controls
is most effectively determined by the use of 85. Which of the following is not a major reason for maintaining an
a. Audit software audit trail for a computer system?
b. A tracing routine a. Deterrent to irregularities
c. An integrated test facility b. Analytical procedures
d. A traditional test deck c. Monitoring purposes
d. Query answering
78. Compatibility tests are sometimes employed to determine
whether an acceptable user is allowed to proceed. In order to 86. In an automated payroll system, all employees in the finishing
perform compatibility tests, the system must maintain an department were paid the rate of P75 per hour when the
access control matrix. The one item that is not part of an authorized rate was P70 per hour. Which of the following
access control matrix is a controls would have been most effective in preventing such an
a. List of all authorized user code numbers and error?
passwords. a. Access controls which would restrict the personnel
b. List of all files maintained on the system. departments access to the payroll master file data.
b. A review of all authorized pay rate changes by the c. Supervisory personnel may not have an
personnel department. understanding of the capabilities and limitations of
c. The use of batch control totals by department. microcomputers.
d. A limit test that compares the pay rates per d. Working paper documentation may not contain
department with the maximum rate for all employees. readily observable details of calculations.
87. Which of the following errors would be detected by batch 95. An auditor anticipates assessing control risk at a low level in a
controls? computerized environment. Under these circumstances, on
a. A fictitious employee as added to the processing of which of the following procedures would the auditor initially
the weekly time cards by the computer operator. focus?
b. An employee who worked only 5 hours in the week a. Programmed control procedures
was paid for 50 hours. b. Output control procedures
c. The time card for one employee was not processed c. Application control procedures
because it was lost in transit between the payroll d. General control procedures
department and the data entry function.
d. All of the above. 96. After the preliminary phase of the review of a clients EDP
controls, an auditor may decide not to perform tests of controls
88. The use of a header label in conjunction with magnetic tape is (compliance tests) related to the control procedures within the
most likely to prevent errors by the EDP portion of the clients internal control structure. Which of
a. Computer operator the following would not be a valid reason for choosing to omit
b. Computer programmer such tests?
c. Keypunch operator a. The controls duplicate operative controls existing
d. Maintenance technician elsewhere in the structure.
b. There appear to be major weaknesses that would
89. For the accounting system of ACME Company, the amounts of preclude reliance on the stated procedure.
cash disbursements entered into an EDP terminal are c. The time and costs of testing exceed the time and
transmitted to the computer that immediately transmits the costs in substantive testing if the tests of controls
amounts back to the terminal for display on the terminal screen. show the controls to be operative.
This display enables the operator to d. The controls appear adequate.
a. Establish the validity of the account number
b. Verify the amount was entered accurately 97. Which of the following client electronic data processing (EDP)
c. Verify the authorization of the disbursements systems generally can be audited without examining or directly
d. Prevent the overpayment of the account testing the EDP computer programs of the system?
a. A system that performs relatively uncomplicated
90. When EDP programs or files can be accessed from terminals, processes and produces detailed output.
users should be required to enter a(an) b. A system that affects a number of essential master
a. Parity check files and produces a limited output.
b. Self-diagnostic test c. A system that updates a few essential master files
c. Personal identification code and produces no printed output other than final
d. Echo check balances.
d. A system that performs relatively complicated
91. The possibility of erasing a large amount of information stored processing and produces very little detailed output.
on magnetic tape most likely would be reduced by the use of
a. File protection ring 98. Computer systems are typically supported by a variety of utility
b. Completeness tests software packages that are important to an auditor because
c. Check digits they
d. Conversion verification a. May enable unauthorized changes to data files if not
properly controlled.
92. Which of the following controls most likely would assure that an b. Are very versatile programs that can be used on
entity can reconstruct its financial records? hardware of many manufacturers.
a. Hardware controls are built into the computer by the c. May be significant components of a clients
computer manufacturer. application programs.
b. Backup diskettes or tapes of files are stored away d. Are written specifically to enable auditors to extract
from originals. and sort data.
c. Personnel who are independent of data input
perform parallel simulations. 99. To obtain evidence that online access controls are properly
d. System flowcharts provide accurate descriptions of functioning, an auditor most likely would
input and output operations. a. Create checkpoints at periodic intervals after live
data processing to test for unauthorized use of the
93. Mill Co. uses a batch processing method to process its sales system.
transactions. Data on Mills sales transaction tape are b. Examine the transaction log to discover whether any
electronically sorted by customer number and are subject to transactions were lost or entered twice due to a
programmed edit checks in preparing its invoices, sales system malfunction
journals, and updated customer account balances. One of the c. Enter invalid identification numbers or passwords to
direct outputs of the creation of this tape most likely would be a ascertain whether the system rejects them.
a. Report showing exceptions and control totals. d. Vouch a random sample of processed transactions to
b. Printout of the updated inventory records. assure proper authorization
c. Report showing overdue accounts receivable.
d. Printout of the sales price master file. 100. Which of the following statements most likely represents a
disadvantage for an entity that keeps microcomputer-prepared
94. Using microcomputers in auditing may affect the methods used data files rather than manually prepared files?
to review the work of staff assistants because a. Attention is focused on the accuracy of the
a. The audit field work standards for supervision may programming process rather than errors in individual
differ. transactions.
b. Documenting the supervisory review may require b. It is usually easier for unauthorized persons to
assistance of consulting services personnel. access and alter the files.
c. Random error associated with processing similar
transactions in different ways is usually greater.
d. It is usually more difficult to compare recorded b. Early cashing of payroll checks by employees.
accountability with physical count of assets. c. Discovery of invalid employee I.D. numbers.
d. Proper approval of overtime by supervisors.
101. An auditor would least likely use computer software to
a. Access client data files 108. When an auditor tests a computerized accounting system,
b. Assess EDP controls which of the following is true of the test data approach?
c. Prepare spreadsheets a. Test data must consist of all possible valid and
d. Construct parallel simulations invalid conditions.
b. The program tested is different from the program
102. A primary advantage of using generalized audit software used throughout the year by the client.
packages to audit the financial statements of a client that uses c. Several transactions of each type must be tested.
an EDP system is that the auditor may d. Test data are processed by the clients computer
a. Consider increasing the use of substantive tests of programs under the auditors control.
transactions in place of analytical procedures.
b. Substantiate the accuracy of data through self- 109. Which of the following statements is not true to the test data
checking digits and hash totals. approach when testing a computerized accounting system?
c. Reduce the level of required tests of controls to a a. The test need consist of only those valid and invalid
relatively small amount. conditions which interest the auditor
d. Access information stored on computer files while b. Only one transaction of each type need be tested.
having a limited understanding of the clients c. The test data must consist of all possible valid and
hardware and software features. invalid conditions.
d. Test data are processed by the clients computer
103. Auditors often make use of computer programs that perform programs under the auditors control.
routine processing functions such as sorting and merging.
These programs are made available by electronic data 110. Which of the following is not among the errors that an auditor
processing companies and others and are specifically referred might include in the test data when auditing a clients EDP
to as system?
a. Compiler programs a. Numeric characters in alphanumeric fields.
b. Utility programs b. Authorized code.
c. Supervisory programs c. Differences in description of units of measure.
d. User programs d. Illogical entries in fields whose logic is tested by
programmed consistency checks.
104. Smith Corporation has numerous customers. A customer file is
kept on disk storage. Each customer file contains name, 111. An auditor who is testing EDP controls in a payroll system
address, credit limit, and account balance. The auditor wishes would most likely use test data that contain conditions such as
to test this file to determine whether the credit limits are being a. Deductions not authorized by employees.
exceeded. The best procedure for the auditor to follow would b. Overtime not approved by supervisors.
be to c. Time tickets with invalid job numbers.
a. Develop test data that would cause some account d. Payroll checks with unauthorized signatures.
balances to exceed the credit limit and determine if
the system properly detects such situations. 112. Auditing by testing the input and output of an EDP system
b. Develop a program to compare credit limits with instead of the computer program itself will
account balances and print out the details of any a. Not detect program errors which do not show up in
account with a balance exceeding its credit limit. the output sampled.
c. Request a printout of all account balances so they b. Detect all program errors, regardless of the nature of
can be manually checked against the credit limits. the output.
d. Request a printout of a sample of account balances c. Provide the auditor with the same type of evidence.
so they can be individually checked against the credit d. Not provide the auditor with confidence in the results
limits. of the auditing procedures.
105. The use of generalized audit software package 113. Which of the following computer-assisted auditing techniques
a. Relieves an auditor of the typical tasks of allows fictitious and real transactions to be processed together
investigating exceptions, verifying sources of without client operating personnel being aware of the testing
information, and evaluating reports. process?
b. Is a major aid in retrieving information from a. Integrated test facility
computerized files. b. Parallel simulation
c. Overcomes the need for an auditor to learn much c. Input controls matrix
about computers. d. Data entry monitor
d. Is a form of auditing around the computer.
114. Which of the following methods of testing application controls
106. An auditor used test data to verify the existence of controls in a utilizes a generalized audit software package prepared by the
certain computer program. Even though the program auditors?
performed well on the test, the auditor may still have a concern a. Parallel simulation
that b. Test data approach
a. The program tested is the same one used in the c. Integrated testing facility approach
regular production runs. d. Exception report tests
b. Generalized audit software may have been a better
tool to use. 115. Misstatements in a batch computer system caused by incorrect
c. Data entry procedures may change and render the programs or data may not be detected immediately because
test useless. a. Errors in some transactions may cause rejection of
d. The test data will not be relevant in subsequent audit other transactions in the batch.
periods. b. The identification of errors in input data typically is
not part of the program.
107. An auditor most likely would introduce test data into a c. There are time delays in processing transactions in a
computerized payroll system to test internal controls related to batch system.
the d. The processing of transactions in a batch system is
a. Existence of unclaimed payroll checks held by not uniform.
supervisors.
116. Which of the following is not a characteristic of a batch d. Item inspection
processed computer system?
a. The collection of like transactions which are sorted 126. The computer process whereby data processing is performed
and processed sequentially against a master file. concurrently with a particular activity and the results are
b. Keypunching of transactions, followed by machine available soon enough to influence the course of action being
processing. taken or the decision being made is called:
c. The production of numerous printouts. a. Random access sampling
d. The posting of a transaction, as it occurs, to several b. On-line, real-time system
files, without immediate printouts. c. Integrated data processing
d. Batch processing system
117. Where disk files are used, the grandfather-father-son updating
backup concept is relatively 127. Internal control is ineffective when computer department
118. difficult to implement because the personnel
a. Location of information points on disks is an a. Participate in computer software acquisition
extremely time consuming task. decisions.
b. Magnetic fields and other environmental factors b. Design documentation for computerized systems.
cause off-site storage to be impractical. c. Originate changes in master file.
c. Information must be dumped in the form of hard copy d. Provide physical security for program files.
if it is to be reviewed before used in
d. Process of updating old records is destructive. 128. Test data, integrated test data and parallel simulation each
require an auditor to prepare data and computer programs.
119. An auditor would most likely be concerned with which of the CPAs who lack either the technical expertise or time to prepare
following controls in a distributed data processing system? programs should request from the manufacturers or EDP
a. Hardware controls consultants for
b. Access controls a. The program Code
c. Systems documentation controls b. Generalized audit software
d. Disaster recovery controls c. Flowchart checks
d. Application controls
120. If a control total were computed on each of the following data
items, which would best be identified as a hash total for a 129. Which of the following best describes a fundamental control
payroll EDP application? weakness often associated with electronic data processing
a. Total debits and total credits system?
b. Department numbers a. EDP equipment is more subject to system error than
c. Net pay manual processing is subject to human error.
d. Hours worked b. Monitoring is not an adequate substitute for the use
of test data.
121. Which of the following is a computer test made to ascertain c. EDP equipment processes and records similar
whether a given characteristic belongs to the group? transactions in a similar manner.
a. Parity check d. Functions that would normally be separated in a
b. Echo check manual system are combined in the EDP system like
c. Validity check the function of programmers and operators.
d. Limit check
130. Which of the following tasks could not be performed when
122. A control feature in an electronic data processing system using a generalized audit software package?
requires the central processing unit (CPU) to send signals to a. Selecting inventory items for observations.
the printer to activate the print mechanism for each character. b. Physical count of inventories.
The print mechanism, just prior to printing, sends a signal back c. Comparison of inventory test counts with perpetual
to the CPU verifying that the proper print position has been records.
activated. This type of hardware control is referred to as d. Summarizing inventory turnover statistics for
a. Echo check obsolescence analysis.
b. Signal control
c. Validity control 131. All of the following are auditing through the computer
d. Check digit control techniques except
a. Reviewing source code
123. Which of the following is an example of a check digit? b. Automated tracking and mapping
a. An agreement of the total number of employees to c. Test-decking
the total number of checks printed by the computer. d. Integrated test facility
b. An algebraically determined number produced by the
other digits of the employee number 132. The output of a parallel simulation should always be
c. A logic test that ensures all employee numbers are a. Printed on a report.
nine digits. b. Compared with actual results manually.
d. A limit check that an employees hours do not exceed c. Compared with actual results using a comparison
50 hours per work week. program.
d. Reconciled to actual processing output.
124. In a computerized system, procedure or problem-oriented
language is converted to machine language through a(an) 133. Generalized audit software is a computer-assisted audit
a. Interpreter technique. It is one of the widely used technique for auditing
b. Verifier computer application systems. Generalized audit software is
c. Compiler most often used to
d. Converter a. Verify computer processing.
b. Process data fields under the control of the operation
125. A customer erroneously ordered Item No. 86321 rather than manager.
item No. 83621. When this order is processed, the vendors c. Independently analyze data files.
EDP department would identify the error with what type of d. Both a and b.
control?
a. Key verifying
b. Batch total
c. Self-checking digit
134. From an audit viewpoint, which of the following represents a b. Validity of the output.
potential disadvantage associated with the widespread use of c. Procedures contained within the program.
microcomputers? d. Normalcy of distribution of test data.
a. Their portability.
b. Their ease of access by novice users. 142. Which of the following is true of generalized audit software?
c. Their easily developed programs using spreadsheets a. They can be used only in auditing on-line computer
which do not have to be documented. systems.
d. All of the above. b. They can be used on any computer without
modification.
135. Which of the following functions would have the least effect on c. They each have their own characteristics, which the
an audit if it was not properly segregated? auditor must carefully consider before using in a
a. The systems analyst and the programmer functions. given audit situation.
b. The computer operator and programmer functions. d. They enable the auditor to perform all manual
c. The computer operator and the user functions. compliance test procedures less expensively.
d. The applications programmer and the systems
programmer. 143. Assume that an auditor estimated that 10,000 checks were
issued during the accounting period. If an application control
136. To obtain evidence that user identification and password that performs a limit check for each check request is to be
control procedures are functioning as designed, an auditor subjected to the auditor's testdata approach, the sample
would most likely should include:
a. Attempt to sign on to the system using invalid user a. Approximately 1,000 test items.
identifications and passwords. b. A number of test items determined by the auditor to
b. Write a computer program that simulates the logic of be sufficient under the circumstances.
the clients access control software. c. A number of test items determined by the auditor's
c. Extract a random sample of processed transactions reference to the appropriate sampling tables.
and ensure that the transactions were appropriately d. One transaction.
authorized. Examine statements signed by
employees stating that they have not divulged their 144. PC DOS, MS DOS, and AppleDOS are examples of
user identifications and passwords to any other a. Application software.
person. b. Generalized audit software.
c. Database management systems.
137. In considering a client's internal control structure in a computer d. Operating software.
environment, the auditor will encounter general controls and
application controls. Which of the following is an application 145. Which of the following is not an example of a computer-
control? assisted audit technique?
a. Organization charts. a. Integrated test data.
b. Hash total. b. Audit modules.
c. Systems flowcharts. c. Disk operating systems.
d. Control over program changes d. Audit hooks.
138. Auditing by testing the input and output of a computer system-- 146. Which of the following statements most likely represents a
i.e., auditing "around" the computer--instead of the computer disadvantage for an entity that maintains computer data files
software itself will rather than manual files?
a. Not detect program errors that do not appear in the a. It's usually more difficult to detect transposition
output sampled. errors.
b. Detect all program errors, regardless of the nature of b. Transactions are usually authorized before they are
the output. executed and recorded.
c. Provide the auditor with the same type of evidence. c. It's usually easier for unauthorized persons to access
d. Not provide the auditor with confidence in the results and alter the files.
of the auditing procedures. d. Random error is more common when similar
transactions are processed in different ways.
139. Smith Corporation has numerous customers. A customer file is
kept on disk. Each customer file contains the name, address, 147. Which of the following statements best describes a weakness
credit limit, and account balance. The auditor wishes to test often associated with computers?
this file to determine whether credit limits are being exceeded. a. Computer equipment is more subject to systems
The best procedure for the auditor to follow would be to error than manual processing is subject to human
a. Develop test data that would cause some account error.
balances to exceed the credit limit and determine if b. Computer equipment processes and records similar
the system properly detects such situations. transactions in a similar manner.
b. Develop a program to compare credit limits with c. Control activities for detecting invalid and unusual
account balances and print out the details of any transactions are less effective than manual control
account with a balance exceeding its credit limit. activities.
c. Request a printout of all account balances so they d. Functions that would normally be separated in a
can be manually checked against the credit limits. manual system are combined in a computer system.
d. Request a printout of a sample of account balances
so they can be individually checked against the credit 148. Accounting functions that are normally considered incompatible
limits. in a manual system are often combined by computer software.
This necessitates an application control that prevents
140. Which of the following methods of testing application controls unapproved
utilizes software prepared by the auditors and applied to the a. Access to the computer library.
client's data? b. Revisions to existing software.
a. Parallel simulation. c. Usage of software.
b. Integrated test facility. d. Testing of modified software.
c. Test data.
d. Exception report tests. 149. When software or files can be accessed from on-line servers,
users should be required to enter
141. The testdata method is used by auditors to test the a. A parity check.
a. Accuracy of input data. b. A personal identification code.
c. A self-diagnosis test. 157. The primary reason for internal auditing's involvement in the
d. An echo check. development of new computer-based sysstems is to:
a. Plan post-implementation reviews
150. An auditor's consideration of a company's computer control b. Promote adequate controls
activities has disclosed the following four circumstances. c. Train auditors in CBIS techniques
Indicate which circumstance constitutes a significant deficiency d. Reduce overall audit effort.
in internal control.
a. Computer operators do not have access to the 158. Which of the following is an advantage of generalized computer
complete software support documentation. audit packages?
b. Computer operators are closely supervised by a. They are all written in one identical computer
programmers. language
c. Programmers are not authorized to operate b. They can be used for audits of clients that use
computers. differing CBIS equipment and file formats
d. Only one generation of backup files is stored in an c. They have reduced the need for the auditor to study
off-premises location. input controls for CBIS related procedures
d. Their use can be substituted for a relatively large part
151. In a computer system, hardware controls are designed to of the required control testing
a. Arrange data in a logical sequence for processing.
b. Correct errors in software. 159. Processing simulated file data provides the auditor with
c. Monitor and detect errors in source documents. information about the reliability of controls from evidence that
d. Detect and control errors arising from use of exists in simulated files. One of the techniques involved in this
equipment. approach makes use of
a. Controlled reprocessing
152. In the weekly computer run to prepare payroll checks, a check b. Program code checking
was printed for an employee who had been terminated the c. Printout reviews
previous week. Which of the following controls, if properly d. Integrated test facility
utilized, would have been most effective in preventing the error
or ensuring its prompt detection? 160. Which of the following statements most likely represents a
a. A control total for hours worked, prepared from time disadvantage for an entity that keeps microcomputer-prepared
cards collected by the timekeeping department. data files rather than manually prepared files?
b. Requiring the treasurer's office to account for the a. It is usually more difficult to detect transposition
number of the pre-numbered checks issued to the errors
CBIS department for the processing of the payroll b. Transactions are usually authorized before they are
c. Use of a check digit for employee numbers executed and recorded
d. Use of a header label for the payroll input sheet c. It is usually easier for unauthorized persons to
access and alter the files
153. An auditor is preparing test data for use in the audit of a d. Random error associated with processing similar
computer based accounts receivable application. Which of the transactions in different ways is usually greater
following items would be appropriate to include as an item in
the test data? 161. The possibility of losing a large amount of information stored in
a. A transaction record which contains an incorrect computer files most likely would be reduced by the use of
master file control total a. Back-up files
b. A master file record which contains an invalid b. Check digits
customer identification number c. Completeness tests
c. A master file record which contains an incorrect d. Conversion verification
master file control total
d. A transaction record which contains an invalid 162. An integrated test facility (ITF) would be appropriate when the
customer identification number. auditor needs to
a. Trace a complex logic path through an application
154. Unauthorized alteration of on-line records can be prevented by system
employing: b. Verify processing accuracy concurrently with
a. Key verification processing
b. Computer sequence checks c. Monitor transactions in an application system
c. Computer matching continuously
d. Data base access controls d. Verify load module integrity for production programs
155. In auditing through a computer, the test data method is used by 163. Where computer processing is used in significant accounting
auditors to test the applications, internal accounting control procedures may be
a. Accuracy of input data defined by classifying control procedures into two types:
b. Validity of the output general and
c. Procedures contained within the program a. Administrative
d. Normalcy of distribution of test data. b. Specific
c. Application
156. In the preliminary survey the auditor learns that a department d. Authorization
has several microcomputers. Which of the following is usually
true and should be considered in planning the audit? 164. The increased presence of the microcomputer in the workplace
a. Microcomputers, though small, are capable of has resulted in an increasing number of persons having access
processing financial information, and physical to the computer. A control that is often used to prevent
security is a control concern unauthorized access to sensitive programs is:
b. Microcomputers are limited to applications such as a. Backup copies of the diskettes
worksheet generation and do not present a b. Passwords for each of the users
significant audit risk c. Disaster-recovery procedures
c. Microcomputers are generally under the control of d. Record counts of the number of input transactions in
the data processing department and use the same a batch being processed
control features
d. Microcomputers are too small to contain any built-in 165. Checklists, systems development methodology, and staff hiring
control features. Therefore, other controls must be are examples of what type of controls?
relied upon. a. Detective
b. Preventive 172. Compared to a manual system, a CBIS generally
c. Subjective 1) Reduces segregation of duties
d. Corrective 2) Increases segregation of duties
3) Decreases manual inspection of processing results
166. When an on-line, real-time (OLRT) computer-based processing 4) Increases manual inspection of processing results.
system is in use, internal control can be strengthened by a. 1 and 3
a. Providing for the separation of duties between b. 1 and 4
keypunching and error listing operations c. 2 and 3
b. Attaching plastic file protection rings to reels of d. 2 and 4
magnetic tape before new data can be entered on
the file 173. One of the major problems in a CBIS is that incompatible
c. Making a validity check of an identification number functions may be performed by the same individual. One
before a user can obtain access to the computer files compensating control for this is the use of
d. Preparing batch totals to provide assurance that file a. Echo checks
updates are made for the entire input b. A self-checking digit system
c. Computer generated hash totals
167. When auditing "around" the computer, the independent auditor d. A computer log
focuses solely upon the source documents and
a. Test data 174. Which of the following processing controls would be most
b. CBIS processing effective in assisting a store manager to ascertain whether the
c. Control techniques payroll transaction data were processed in their entirety?
d. CBIS output a. Payroll file header record
b. Transaction identification codes
168. One of the features that distinguishes computer processing c. Processing control totals
from manual processing is d. Programmed exception reporting
a. Computer processing virtually eliminates the
occurrence of computational error normally 175. An organizational control over CBIS operations is
associated with manual processing a. Run-to-run balancing of control totals
b. Errors or fraud in computer processing will be b. Check digit verification of unique identifiers
detected soon after their occurrences c. Separation of operating and programming functions
c. The potential for systematic error is ordinarily greater d. Maintenance of output distribution logs
in manual processing than in computerized
processing 176. Which of the following methods of testing application controls
d. Most computer systems are designed so that utilizes a generalized audit software package prepared by the
transaction trails useful for audit purposes do not auditors?
exist a. Parallel simulation
b. Integrated testing facility approach
169. Given the increasing use of microcomputers as a means for c. Test data approach
accessing data bases, along with on-line real-time processing, d. Exception report tests
companies face a serious challenge relating to data security.
Which of the following is not an appropriate means for meeting 177. An unauthorized employee took computer printouts from output
this challenge? bins accessible to all employees. A control which would have
a. Institute a policy of strict identification and password prevented this occurrence is
controls housed in the computer software that permit a. A storage/retention control
only specified individuals to access the computer b. A spooler file control
files and perform a given function. c. An output review control
b. Limit terminals to perform only certain transactions. d. A report distribution control
c. Program software to produce a log of transactions
showing date, time, type of transaction, and operator. 178. Which of the following is a disadvantage of the integrated test
d. Prohibit the networking of microcomputers and do facility approach?
not permit users to access centralized data bases. a. In establishing fictitious entities, the auditor may be
compromising audit independence.
170. What type of computer-based system is characterized by data b. Removing the fictitious transactions from the system
that are assembled from more than one location and records is somewhat difficult and, if not done carefully, may
that are updated immediately? contaminate the client's files.
a. Microcomputer system c. ITF is simply an automated version of auditing
b. Minicomputer system "around" the computer.
c. Batch processing system d. The auditor may not always have a current copy of
d. Online real-time system the authorized version of the client's program.
171. Company A has recently converted its manual payroll to a 179. Totals of amounts in computer-record data fields which are not
computer-based system. Under the old system, employees usually added for other purposes but are used only for data
who had resigned or been terminated were occasionally kept processing control purposes are called
on the payroll and their checks were claimed and cashed by a. Record totals
other employees, in collusion with shop foremen. The b. Hash totals
controller is concerned that this practice not be allowed to c. Processing data totals
continue under the new system. The best control for d. Field totals
preventing this form of "payroll padding" would be to
a. Conduct exit interviews with all employees leaving 180. A hash total of employee numbers is part of the input to a
the company, regardless of reason. payroll master file update program. The program compares the
b. Require foremen to obtain a signed receipt from each hash total to the total computed for transactions applied to
employee claiming a payroll check. the master file. The purpose of this procedure is to:
c. Require the human resources department to a. Verify that employee numbers are valid
authorize all hires and terminations, and to forward a b. Verify that only authorized employees are paid
current computerized list of active employee c. Detect errors in payroll calculations
numbers to payroll prior to processing. Program the d. Detect the omission of transaction processing
computer to reject inactive employee numbers.
d. Install time clocks for use by all hourly employees.
181. Matthews Corp. has changed from a system of recording time 189. Which of the following is not a major reason why an accounting
worked on clock cards to a computerized payroll system in audit trail should be maintained for a computer system?
which employees record time in and out with magnetic cards. a. Query answering
The CBIS automatically updates all payroll records. Because b. Deterrent to fraud
of this change c. Monitoring purposes
a. A generalized computer audit program must be used d. Analytical review
b. Part of the audit trail is altered
c. The potential for payroll related fraud is diminished 190. Adequate control over access to data processing is required to
d. Transactions must be processed in batches a. Prevent improper use or manipulation of data files
and programs
182. Generalized audit software is of primary interest to the auditor b. Ensure that only console operators have access to
in terms of its capability to program documentation
a. Access information stored on computer files c. Minimize the need for backup data files
b. Select a sample of items for testing d. Ensure that hardware controls are operating
c. Evaluate sample test results effectively and as designed by the computer
d. Test the accuracy of the client's calculations manufacturer
183. Accounts payable program posted a payable to a vendor not 191. When testing a computerized accounting system, which of the
included in the on-line vendor master file. A control which following is not true of the test data approach?
would prevent this error is a a. The test data need consist of only those valid and
a. Validity check invalid conditions in which the auditor is interested
b. Range check b. Only one transaction of each type need be tested
c. Reasonableness test c. Test data are processed by the client's computer
d. Parity check programs under the auditor's control
d. The test data must consist of all possible valid and
184. In a computerized sales processing system, which of the invalid conditions
following controls is most effective in preventing sales invoice
pricing errors? 192. In studying a client's internal controls, an auditor must be able
a. Sales invoices are reviewed by the product to distinguish between prevention controls and detection
managers before being mailed to customers controls. Of the following data processing controls, which is the
b. Current sales prices are stored in the computer, and, best detection control?
as stock numbers are entered from sales orders, the a. Use of data encryption techniques
computer automatically prices the orders b. Review of machine utilization logs
c. Sales prices, as well as product numbers, are c. Policy requiring password security
entered as sales orders are entered at remote d. Backup and recovery procedure
terminal locations
d. Sales prices are reviewed and updated on a 193. Which of the following procedures is an example of auditing
quarterly basis "around" the computer?
a. The auditor traces adding machine tapes of sales
185. Which of the following is likely to be of least importance to an order batch totals to a computer printout of the sales
auditor in reviewing the internal control in a company with a journal
CBIS? b. The auditor develops a set of hypothetical sales
a. The segregation of duties within the data processing transactions and, using the client's computer
center. program, enters the transactions into the system and
b. The control over source documents observes the processing flow
c. The documentation maintained for accounting c. The auditor enters hypothetical transactions into the
applications. client's processing system during client processing of
d. The cost/benefit ratio of data processing operations live" data
d. The auditor observes client personnel as they
186. For the accounting system of Acme Company, the amounts of process the biweekly payroll. The auditor is primarily
cash disbursements entered into an CBIS terminal are concerned with computer rejection of data that fails
transmitted to the computer that immediately transmits the to meet reasonableness limits
amounts back to the terminal for display on the terminal screen.
This display enables the operator to 194. Auditing by testing the input and output of a computer-based
a. Establish the validity of the account number system instead of the computer program itself will
b. Verify the amount was entered accurately a. Not detect program errors which do not show up in
c. Verify the authorization of the disbursement the output sampled
d. Prevent the overpayment of the account b. Detect all program errors, regardless of the nature of
the output
187. Which of the following audit techniques most likely would c. Provide the auditor with the same type of evidence
provide an auditor with the most assurance about the d. Not provide the auditor with confidence in the results
effectiveness of the operation of an internal control procedure? of the auditing procedures
a. Inquiry of client personnel
b. Recomputation of account balance amounts 195. Which of the following is an acknowledged risk of using test
c. Observation of client personnel data when auditing CBIS records?
d. Confirmation with outside parties a. The test data may not include all possible types of
transactions
188. Adequate technical training and proficiency as an auditor b. The computer may not process a simulated
encompasses an ability to understand a CBIS sufficiently to transaction in the same way it would an identical
identify and evaluate actual transaction
a. The processing and imparting of information c. The method cannot be used with simulated master
b. Essential accounting control features records
c. All accounting control features d. Test data may be useful in verifying the correctness
d. The degree to which programming conforms with of account balances, but not in determining the
application of generally accepted accounting presence of processing controls
principles.
196. When the auditor encounters sophisticated computer-based c. There appear to be major weaknesses that would
systems, he or she may need to modify the audit approach. Of preclude reliance on the stated procedures
the following conditions, which one is not a valid reason for d. The time and dollar costs of testing exceed the time
modifying the audit approach? and dollar savings in substantive testing if the
a. More advanced computer systems produce less controls are tested for compliance
documentation, thus reducing the visibility of the
audit trail 204. For good internal control over computer program changes, a
b. In complex comuter-based systems, computer policy should be established requiring that
verification of data at the point of input replaces the a. The programmer designing the change adequately
manual verification found in less sophisticated data test the revised program
processing systems b. All program changes be supervised by the CBIS
c. Integrated data processing has replaced the more control group
traditional separation of duties that existed in manual c. Superseded portions of programs be deleted from
and batch processing systems. the program run manual to avoid confusion
d. Real-time processing of transactions has enabled the d. All proposed changes be approved in writing by a
auditor to concentrate less on the completeness responsible individual.
assertion
205. Which of the following is not a technique for testing data
197. If a control total were to be computed on each of the following processing controls?
data items, which would best be identified as a hash total for a a. The auditor develops a set of payroll test data that
payroll CBIS application? contain numerous errors. The auditor plans to enter
a. Net pay these transactions into the client's system and
b. Department numbers observe whether the computer detects and properly
c. Hours worked responds to the error conditions
d. Total debits and total credits b. The auditor utilizes the computer to randomly select
customer accounts for confirmation
198. In a distributed data base (DDB) environment, control tests for c. The auditor creates a set of fictitious custom
access control administration can be designed which focus on accounts and introduces hypothetical sales
a. Reconciliation of batch control totals transactions, as well as sales returns and
b. Examination of logged activity allowances, simultaneously with the client's live data
c. Prohibition of random access processing
d. Analysis of system generated core dumps d. At the auditor's request, the client has modified its
payroll processing program so as to separately
199. A control to verify that the dollar amounts for all debits and record any weekly payroll entry consisting of 60
credits for incoming transactions are posted to a receivables hours or more. These separately recorded
master file is the: ("marked") entries are locked into the system and are
a. Generation number check available only to the auditor
b. Master reference check
c. Hash total 206. Which of the following would lessen internal control in a CBIS?
d. Control total a. The computer librarian maintains custody of
computer program instructions and detailed listings
200. The program flowcharting symbol representing a decision is a b. Computer operators have access to operator
a. Triangle instructions and detailed program listings
b. Circle c. The control group is solely responsible for the
c. Rectangle distribution of all computer output
d. Diamond d. Computer programmers write and debug programs
which perform routines designed by the systems
201. An update program for bank account balances calculates analyst
check digits for account numbers. This is an example of
a. An input control 207. Access control in an on-line CBIS can best be provided in
b. A file management control most circumstances by
c. Access control a. An adequate librarianship function controlling access
d. An output control to files
b. A label affixed to the outside of a file medium holder
202. CBIS controls are frequently classified as to general controls that identifies the contents
and application controls. Which of the following is an example c. Batch processing of all input through a centralized,
of an application control? well-guarded facility
a. Programmers may access the computer only for d. User and terminal identification controls, such as
testing and "debugging" programs passwords
b. All program changes must be fully documented and
approved by the information systems manager and 208. While entering data into a cash receipts transaction file, an
the user department authorizing the change employee transposed two numbers in a customer code. Which
c. A separate data control group is responsible for of the following controls could prevent input of this type of
distributing output, and also compares input and error?
output on a test basis a. Sequence check
d. In processing sales orders, the computer compares b. Record check
customer and product numbers with internally stored c. Self-checking digit
lists d. Field-size check
203. After a preliminary phase of the review of a client's CBIS 209. What is the computer process called when data processing is
controls, an auditor may decide not to perform further tests performed concurrently with a particular activity and the results
related to the control procedures within the CBIS portion of the are available soon enough to influence the particular course of
client's internal control system. Which of the following would action being taken or the decision being made?
not be a valid reason for choosing to omit further testing? a. Batch processing
a. The auditor wishes to further reduce assessed risk b. Real time processing
b. The controls duplicate operative controls existing c. Integrated data processing
elsewhere in the system d. Random access processing
210. Reconciling processing control totals is an example of 219. Errors in data processed in a batch computer system may not
a. An input control be detected immediately because
b. An output control a. Transaction trails in a batch system are available
c. A processing control only for a limited period of time
d. A file management control b. There are time delays in processing transactions in a
batch system
211. Disadvantage of auditing around the computer is that it c. Errors in some transactions cause rejection of other
a. Permits no assessment of actual processing transactions in the batch
b. Requires highly skilled auditors d. Random errors are more likely in a batch system
c. Demands intensive use of machine resources than in an on-line system
d. Interacts actively with auditee applications
220. Which of the following is a computer test made to ascertain
212. The completeness of computer-generated sales figures can be whether a given characteristic belongs to the group?
tested by comparing the number of items listed on the daily a. Parity check
sales report with the number of items billed on the actual b. Validity check
invoices. This process uses c. Echo check
a. Check digits d. Limit check.
b. Control totals
c. Validity tests
d. Process tracing data
213. Which of the following controls would be most efficient in

reducing common data input errors?
a. Keystroke verification
b. A set of well-designed edit checks
c. Balancing and reconciliation
d. Batch totals
214. On-line real-time systems and electronic data interchange

systems have the advantages of providing more timely
information and reducing the quantity of documents associated
with less automated systems. The advantages, however, may
create some problems for the auditor. Which of the following
characteristics of these systems does not create an audit
problem?
a. The lack of traditional documentation of transactions
creates a need for greater attention to programmed
controls at the point of transaction input
b. Hard copy may not be retained by the client for long
periods of time, thereby necessitating more frequent
visits by the auditor
c. Control testing may be more difficult given the
increased vulnerability of the client's files to
destruction during the testing process
d. Consistent on-line processing of recurring data
increases the incidence of errors
215. Creating simulated transactions that are processed through a

system to generate results that are compared with
predetermined results, is an auditing procedure referred to as
a. Desk checking
b. Use of test data
c. Completing outstanding jobs
d. Parallel simulation
216. To obtain evidential matter about control risk, an auditor

ordinarily selects tests from a variety of techniques, including
a. Analysis
b. Confirmations
c. Reprocessing
d. Comparison
217. A major exposure associated with the rapidly expanding use of

microcomputers is the absence of:
a. Adequate size of main memory and disk storage
b. Compatible operating systems
c. Formalized procedures for purchase justification
d. Physical, data file, and program security
218. To ensure that goods received are the same as those shown
on the purchase invoice, a computerized system should:
a. Match selected fields of the purchase invoice to
goods received
b. Maintain control totals of inventory value
c. Calculate batch totals for each input
d. Use check digits in account numbers

Auditing in A Computerized Environment

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Auditing in A Computerized Environment

Hochgeladen von

Copyright:

Verfügbare Formate

AUDITING IN A COMPUTERIZED ENVIRONMENT

213. Which of the following controls would be most efficient in

214. On-line real-time systems and electronic data interchange

215. Creating simulated transactions that are processed through a

216. To obtain evidential matter about control risk, an auditor

217. A major exposure associated with the rapidly expanding use of

Das könnte Ihnen auch gefallen