Beruflich Dokumente
Kultur Dokumente
CHAPTER 6
Auditing in a
Computer
Information Systems
(CIS) or Information
Technology (IT)
Environment
1. IT has several significant effects on an entity. Which ~f ~e
following would be important from an auditing perspective.
I. The potential for material misstatement.
II. The visibility of information.
III. Changes in the organiza.tional structure.
Auditing in a CIS or IT Environment 365
ctt~.PrER
6
A 1 and II only C. II and III only
: and III only D. I, II, and III
6 1
use of a computer changes the processing, storage, and
2. Th~rnunication of financial information. A CIS environment
co affect the following, except
~.ayThe accounting and internal control systems of the enti-
B ~e overall objective and scope of an audit.
c: The auditor's design and performance of tests of control
and substantive procedures to satisfy the audit objec-
tives.
o. The specific procedures to obtain knowledge of the enti-
ty's accounting and internal control systems.
19. Audit team members can use the same database and pro-
grams when their PCs share a hard disk and printer on a
LAN. Which of the following communication devices enables
a PC to connect to a LAN?
A. A network interface card (NIC) that plugs into the moth-
erboard.
B. A fax modem that sends signals through telephone lines.
C. An internal modem that plugs into the motherboard. .
D. An external modem with a cable connection to a senal
port.
data that are assembled from more than one location and
records that are updated immediately? ~~
A. Online, batch processing system re
B. Online, real-time processing system ca.
C. Online, inquiry system ~
D. Online, downloading/uploading system
~.
In an online processing system, individual transactionsc~~~
entered through workstations or terminals that are t
nected to the mainframe.
D,
·ng sys·
A type of online system is online, real-time processi ·ng of
tern that involves immediate validation and processiusers
I~ .
data input to update related computer files that aIJoWt deci· t
. f
r
6 Auditing in a CIS or.IT Environment 379 ,
ct-IApTER
': ~ .
~-
-
384 CPA EXAMINATION REVIEWER: AUDITING THEORY
0 . Database administrator
The DBMS is used to create, maintain, and operate a data-
base. It facilitates the physical storage of the data, maintains
the interrelationships among the data, and makes the data
available to application programs.
The need for data sharing creates the need for data inde-
pendence from application programs. Through the DBMS,
data are recorded only once, for use by different application
programs. There will be true data independence if the
structure of data can be changed without affecting the appli-
cation programs, and vice versa.
C. User
D. CIS manager
··'
· R 6 Auditing in a CIS or IT Environment 395
cHApff
trols because typically, the benefits exceed the costs. In an
EDI environment, it may be difficult to apply detective con-
trols once a transaction enters the computer system.
.. ~1 '
396 CPA EXAMINATION REVIEWER: AUDITING THEORY
I I
' Answer _D is incor~e~t because computer program~e~da~;
responsible for wntmg and revising programs design
systems analysts.
l •••
. weel<lY
61. The manager of computer operations prepares a coPY
schedule of planned computer processing and send~ a roee·
to the computer librarian. The control objective this P
dure serves is to ato!'S·
A. Authorize the release of data files to computer oper
B. Specify the distribution of computer results. .
I. C. Specify file r~tention and disaster recovery policies.
I;
TER 6 Auditing in a CIS or IT Environment 399
cf-IAP
o. Keep improper and unauthorized transactions from en-
tering the computer facility. .
,,
'-:-.~-· -r-r.-;
- ~ ~.: , . . . -
..: . .u·r.
CPA EXAMINATION REVIEWER: AUDITING THEORY
I
cHAPTER 6 ·Auditing in a CIS or IT Environment 403
J
....................................................
··~r---- .,,
~.
404 CPA EXAMINATION REVIEWER: AUDITING THEORY
\
1-
R 6 Auditing in a CIS or IT Environment 405
ctiApTE
71. Which of the following would least likely ensure the devel-
opment of an effective application system?
A. Involvement of management in the development stage.
B. Active participation by user departments in the develop-
ment stage.
c. Post..implementation reviews..
o. Prioritization of application systems to be developed.
I
rl
•!t·
objectives) will be satisfied.
f.i' 72. Which of the following would most likely cause a problem in
Ir the computer program development process?
L A. User specifications are inadvertently misunderst~d.
~
c•
.r
~.
;
r·
~-: ·
"
1
406 CPA EXAMINATION REVIEWER: AUDITING THEORY
73. Which _of the ~allowing controls would most likely. provi::
protection against unauthorized changes in production P
grams?
A. Restricting programmer access to the computer ro?rn'ent
B. Requiring two operators to be present during equipl11
Qperation.
C. Limiting program access solely to operators.
D. Implementing management review of daily run I095·
eJllS
The risk of unauthorized changes will be reduced if sY;! tile
analysts, programmers, and others are denied acces~
ER 6 Auditing in a CIS or IT Environment 407
cHAPT
;_· : j
CPA EXAMINATION REVIEWER: AUDITING THEORY
.
Answers A an d D are mcorrect because va1·d t. routinesd
1 a 10n
and internal labels may prevent data from being destroye
. but do not allow recovery of lost or destroyed data.
to·
Answer C is incorrect because verification of run-to-run y
cover ·
tals ensures completeness of proce·ssing, not data re
sys·
81. An entity's contingency plans for computer informationents·
terns should include appropriate backup arrange~dered
. b cons1
Wh1ch of the following arrangements would e . e alrrtost
too vendor-dependent when vital operations requir
immeqiate availability of computer resources?
A. A "cold site" arrangement.
B. A "hot site" arrangement.
\
6 Auditing In a CIS or IT Environment 413
cHApTER
85. Which of the following best describes the process called au-
thentication?
A. The system verifies the identity of the user.
B. The user identifies himself/herself to the system.
C. The user indicates to the system that the transaction
was processed correctly;
D. The system verifies that the user is entitled to enter the
transactions requested.
'
418 CPA EXAM/NATION REVIEWER: AUDITING THEORY
90. An entity uses the account code 699 for depreciation ex-
pense. However, one of the company data input clerks of-
ten codes depreciation expense as 996. The highest ac-
count code in the company's system is 700. What pro-
grammed control procedure would detect this error?
A. Pre-data input check.
B. Sequence check.
C. Valid-code test.
D. Valid-character test.
94. Which of the following best describes the online data pro-
cessing control called preformatting? 'terns to
A. The display of a document with blanks for data 1
be entered by the terminal operator.. d' cover er·
B. A program initiated prior to regular input to c~sn be car·
rors in data before entry so that the errors ·
rected. . . a that reciu1·res
c. A series of requests for required input da~efore a subse-
an acceptable response to each request ·on
quent request is made. . for a transactl
D A check to determine if all data rtems
. . al operator.
have been entered by the termin line
·n oil
be use d I roacJl•
A preformatted screen approach m~~der this aP~ fl1 0n·
systems to . avoid data e~try er~ors. is Jayed on.thfroffl 8
blanks for specified data items will be dd ~a entrY 15
itor. This is most appropriate when a
ER 6 Auditing in a CIS or IT Environment 421
cfiP.l'T
jobs.
Answer B is incorrect because a limit check determines if
the value in the field exceeds a predetermined limit.
AU
. se a master fil.e reference for order codes to~
all
the existence of items to
B. Separate the parts of. the order code with hYPh-
make the characters easier to read. rT1 for
C. Add check digits to the order codes and verify the
each order. h iteffl
D. Require customers to specify the name for eac
they order.
R 6 Auditing in a CIS or IT Environment 429
cHAPTE
- J
108. Computer programs and data that the auditor may use as
part of the audit procedures to process data of audit signifi·
cance contained in an entity's information system are called
A. CAATs
B. DOOGs
C. BIIKs
D. BIIRDs
'. ~
6 Auditing in a CIS or IT Environment 433
c~ApTER .
a. purpose-written program.
C Utility program. .
·. package or ~eneralized audit software (GAS).
0
The easy-to-use and flexibility features of generalized audit
softWare (GAS) make it very popular to auditors in the au~it
of information technology (IT) environments. This audit
softWare is designed to perform common audit tasks or
standardized data processing functions, such as the follow-
ing:
• reading data files
• selecting and analyzing information
• summarizing and totaling files
• performing or verifying calculations
• creating data files
• providing totals of unusual items
• reporting in an auditor-specified format
Answers A and B are incorrect because customized or pur-
pose-written programs are designed to perform audit tasks
in specific circumstances. These programs are used when·
an entity's computer information system is so unique or
complex that any GAS is deemed unsuitable.
.'
6 Auditing in a CIS or IT Envimnment 435
cHAprER
:t
'·'
6 Auditing in a CIS or IT Environment 439
cHApTER
119. Which of the following CAATs allows fictitious and real trans-
actions to be processed together without the knowledge of
client operating personnel?
A. Data entry monitor
B. Integrated test facility (ITF)
C. Parallel simulation
D. Input control matrix
TRUE OR FALSE
ANSWERS
f(EY
1. D
25. B 49. B 73. c 97. c
2. B 26. A 50. B 74. B 98. B
3. B 27. D 51. D 75. A 99. A
4. B 28. B 52. c 76. c 100. D
5. c 29. B 53. A 77. D 101. c
6. B 30. c 54. B 78. B 102. A ·
7. D 31. c 55. D 79. A 103. B
8. B 32. D 56. A 80. B 104. c
9. D 33. c 57. A 81. A 105. B
10. c 34. c 58. c 82. D 106. D
11. B 35. c 59. c 83. B 107. c
12. D 36. B 60. c 84. B 108. A
13. D 37. A 61. A 85. A 109. D
14. A 38. A 62. B 86. A 110. B
15. D 39. D 63. B 87. c 111. B
16. A 40. B 64. A 88. c 112.· A
17. A 41. A 65. D 89. A 113. D
18. B 42. c 66. A 90. c 114. B
19. A 43. B 67. A 91. B 115. A
20. c 44. B 68. c 92. D 116. c
21. D 45. B 69. A 93. A 117. c
22. c '16. A 70. c 94. A 118. c
23. c 47. D 71. D 95. B 119. B
24. B 48. c 72. A 96. D 120. c
446 CPA EXAMINATION REVIEWER: AUD\T\NG THEOR.'t'
TRUE OR fALSE
6. fa\se 11. Fa\se 16. Fa\se 21. fa\se
1. fa\se
7. false 12. True 17. False 22. fa\se
2. fa\se
18. True 23. true
8. false 13. True
3. True
19. True 24. False
9. false 14. Fa\se
4. false
20. True 25. fa\se
10. True 15. True
s. True