You are on page 1of 9

CHAPTER 7 (AUDITING IN A COMPUTERIZED ENVIRONMENT

)
1.

2.

3.

4.

5.

6.

7.

8.

9.

C IS has several significant effects on an organization. Which of the following would not be important
from an auditing perspective?
a. Organizational changes
b. The visibility of information
c. The potential for material measurement
d. None of the above, i.e., they are all important
Which statement is incorrect when auditing in a CIS environment?
a. A CSI environment is not exist when a computer or size is involve in the processing by the entity
of financial information of significance to the audit, whether that computer is operated by the
entity or by a third party.
b. The auditor should consider how a CIS environment affects s the audit.
c. The use of a computer changes the processing of financial information and may affect the
accounting and internal control system employed by the entity.
d. A CIS environment changes the overall objective and scope of an audit.
An important characteristics of CSI is uniformity of processing therefore, a risk exists that:
a. Auditor will not be able to access data quickly.
b. Auditor will not be able to determine if data is processed consistently.
c. Erroneous processing can result in the accumulation of a great number of misstatement in a short
period of time.
d. All of the above.
The characteristics that distinguishes the computer processing from manual processing include the
following:
1.) Computer processing uniformly subjects like transactions to the same instructions.
2.) Computer systems always ensure that complete transactions trails useful for audit purposes are
preserved for indefinite period.
3.) Computer processing virtually eliminates the occurrence of clerical errors normally associated
with manual processing.
4.) Control procedures as to segregation of functions may no longer be necessary in computer
environment.
a. All of the above statement is true.
b. Only statement 2 and 4 are true.
c. Only statement 1 and 3 is true.
d. All of the above statement is false.
Which of the following is not risk specific to CIS environments?
a. Reliance on the functioning capabilities of hardware and software.
b. Increase human involvement.
c. Loss of data due to insufficient back up.
d. Unauthorized access.
Which of the following is not a risk in a computer information system?
a. Need for CIS experienced staff.
b. Separation of CIS duties from accounting functions.
c. Improve audit trail
d. Hardware and data vulnerability.
Which of the following is not correct?
a. The overall objective and scope of an audit do not change in a CIS environment.
b. When computers or CSI are introduced, the basic concept of evidence accumulation remains the
same.
c. Most CIS rely extensively on the same type of procedures for control that are used in manual
processing system.
d. The specific method appropriate, for implementing the basic auditing concepts do not change, as
system become more complex.
The use of CIS will least likely affect the
a. The procedures followed by the auditor in obtaining a sufficient understanding of the accounting
and internal control system.
b. The auditor’s specific audit objectives.
c. The consideration of inherent risk and control risk through which the auditor arrives at the risk
assessment.
d. The auditor’s design and performance of test of control and substantive procedure appropriate to
meet the audit objective.
Which of the following is unique to CIS?
a. Error listing
b. Flowchart
c. Questionnaires
d. Pre-numbered documents

An access control d. The librarian . Generalized audit software 18. Controls designed to assure the accuracy of the processing results. Controls for documenting and approving programs and changes to programs. Input controls 16. A control which relates to all parts of the CIS is called a (n) a. Requirements for system documentation c. 15. Operation manual d. Authorization 11. Initiation of changes to master records b. Which of the following computer related employees should not be allowed access to program listings of application program? a. c.10. For control purposes. d. reviewing. Which of the following is the component of general controls? a. Procedures for documenting. b. Application control d. System development c. Which of the following activities would most likely be performed in the CIS department? information a. Specific c. General control c. Auditor should evaluate general controls before evaluating application controls. The system analyst b. Processing controls b. Where computer processing is use in significant accounting applications. Back-up and contingency planning d. The plan of organization and operation of CSI activity b. None of this statement is correct. Conversion of information to machine-readable form c. System control b. The operator d. b. Output controls c. Auditor should evaluate application controls and general controls simultaneously. and approving system and programs. 20. Data conversion b. which of the following should be organizationally segregated from the computer operation functions? a. Input validation checks b. Controls designed to ascertain that all data submitted to CIS for processing have been properly authorized. Application control d. Which of the following is an example of general control? a. Application d. Processing control d. d. Control which apply to a specific use of the system are called a. Some CIS control procedures relates to all CIS activities (general controls) and some relates to specific task (application control). Which of the following is least likely to be a general control over computer activities? a. A control total 17. b. Auditor should evaluate applications control before evaluating general controls. Initiation of changes to existing application. Which of the following is not a general control? a. Universal control 12. Procedures for developing new programs and systems. c. General control c. General control include a. Minor maintenance according to a schedule d. c. 14. Hardware control 19. Which of the following statement is correct? a. internal control procedure may be defined by classifying control procedure in two types: general and a. User control 13. d. System control b. The programmer c. Administrative b. Correction of transactional errors. Controls that relate to the correction and resubmission of data those were initially incorrect. Control total c. Processing data 21.

b. Checkpoint recovery c. A label affixed to the outside of a file medium holder that identifies the content. The possibility of losing a large amount of information stored in computer files most likely would be reduced by the use of a. Unauthorized access to the computer c. Data encryption c.’s remote terminals located in the factory these unauthorized alterations to the system’s file is a. Detect and control errors arising from the use of equipment d. Design documentation for computerized systems. Check digits . d. Batch totals b. Manufacture’s controls 28. c. an auditor would most likely: a. Passwords for microcomputer software programs are designed to prevent : a. b. Passwords d. 31. Adequate control over access to data processing is required to a. Batch processing of all input through a centralized. c. automated equipment controls or hardware controls are designed to: a. Examine statements signed by employees stating that they have not divulged their user identifications and passwords to any other person. such as passwords. well-guarded facility. An example of an access control is a: a. Participate in computer software acquisition decision b. d. Check digit verification 24. Incomplete updating of data files d. Back-up files b. Where computers are used.22. Internal control is ineffective when computer department personnel a. Arrange data in a logical sequential manner for processing purposes. 25. Ensure that only console operators have access to program documentation c. Write a computer program that simulates the logic of the client’s access control software. Grandfather-father-son record retention b. upon whether the organizational structure includes any incompatible combinations. Data integrity controls c. To determine that users ID and password controls are functioning. Such a combination would exist when there is no separation of the duties between a. Inaccurate processing of data b. In a CIS environment. User and terminal identification controls. Password c. Ensure that hardware controls are operating effectively and designed by the computer manufacturer. Record count 32. Test the system by attempting to sign on using invalid user identification and passwords. 27. Input controls. the effectiveness of internal controls depends. Documentation librarian and manager of programming b. in part. Provide physical security for program files. The management of ABC Co. 29. Monitor and detect errors in source document c. Originate changes in master files. An adequate librarianship function controlling access to files b. 30. Test facility d. Processing control clerk and keypunch supervisor 23. Minimized the need for back up data files d. suspects that someone is tampering with pay rates by entering changes through the Co. Controls which are built in by the manufacturer to detect equipment failure are called: a. System analyst and programmer d. Extract a random sample of processed transactions and ensure that the transactions were appropriately authorized. Check digit b. Read only memory 26. Programming and computer operator c. Which of the following is a general control that would most likely assist an entity whose system analyst left the entity in the middle of a major project? a. c. Deter improper use or manipulation of data files and programs b. Hardware controls d. System documentation d. d. Unauthorized use of the software 33. Correct errors in the computer programs b. Access control in an on-line CIS can best provided in most circumstances by a.

Validate groups of update transactions for each Which of the following is not a general control? a. Separation of duties b. d. b. After processing all sales transactions are reviewed by the sales department. System development b. c. Backup diskettes or tapes of files are stored away from originals. An equipment failure causes an error message on the monitor. Check digit d. 42. 35. Application controls relate to the processing to all aspects of the CIS operation. System documentation d. Which of the following is an application control? a. Check digits d. 36. There are reasonableness tests for the units selling price of a sale. Data base access controls XYZ Company updates its account receivable master file weekly and retains the master file and corresponding update transactions for the most recent 2-week period. There is processing authorization of the sales transactions. Which of the following is not an example of an application control? a. Parity check b. Which of the following is not a processing control? a. Reasonable test c. Application controls relate to various aspects of the CIS operation including software acquisition and the processing of transactions. Separation of duties between programmer and operator d. Control over program changes Which of the following statements related controls is correct? a. Computer sequence check c. c. Match internal labels to avoid writing on the wrong volume c. Back-up of data to a remote site for data security b. Echo check . Personal identification code c. Hardware controls Which of the following is not a general control? a. Computer matching d. Self-diagnostic test d. System development c. After processing all sales transactions are reviewed by the sales department. Application controls relate to the processing of individual transactions. Control risk b. 44. Hash total c. Conversion verification Which of the following controls most likely would assure that an entity can reconstruct its financial records? a. the auditors will encounter general controls and application controls. Personnel who are independent of data input performed parallel simulation. c. Online security c. c. c. Output controls d. Key verification b. 38. Adequate program run instructions for operating the computer In their consideration of client’s CIS controls. Equipment failure causes error messages on monitor c. d. There are reasonableness tests for the unit-selling price of as sale. The operations manual b. Hardware controls are built in to the computer by the computer manufacturer. System flowcharts provide accurate descriptions of input and output operations Unauthorized alteration of on-line records can be prevented by employing: a. Verify run-to-run control totals for receivables b.34. Permit reconstruction of the master file if needed d. users should be required to enter a (n) a. d. The purpose of this practice is to a. Hardware controls General controls include all of the following except: a. Control total When CIS programs or files can be accessed from terminals. b. 43. 39. Application controls relate to various aspects of the CIS operation including physical security and the processing transactions in various cycles. Computer performed validation test of input accuracy b. 40. 37. Completeness test d. b. There is a processing authorization of the sales transactions. 41. 45. Which of the following is not an example of an application control? a. d.

c. Logic test that ensures all employee numbers are nine digits. Field totals 53. This process uses a. which one of the following would be used s batch control to verify the accuracy of the posting of cash receipts remittance? a. 315. The sum of the cash deposits. Completeness test b. Batch total b. Process tracing data 49. b. d. In updating a computerized accounts receivable files. Validity tests c. 47. Self-checking digit d. and accurate are called: a. The sum of the cash deposits less the discounts taken by customers. Sum of the social security numbers-P12. Check digits are designed to detect transcription errors. Controls which are designed to assure that the data that will be processed by the computer is authorized. The completeness of computer-generated sales figure can be tested by comparing the number of items listed on the daily sales report with the number of items billed on the actual invoices. If a control total were to be computed on each of the following data items. complete. Limit test d. b. General controls 48. Department numbers d. Total payroll checks-P12. Validity test c. Check digits are always placed at the end of a data code. A clerk inadvertently entered an accountant number 12368 rather than account number 12638. Which check would detect this unintentional error? . Output controls d. Processing controls c. d. d. 57. Hours worked c. Check digits do not affect processing efficiency. 56. Check digits b. Which of the following data processing input controls appears to be missing? a. Input control b. 51. An algebraically determined number produced by the other digits of the employee number. A Limits check that an employee’s hours do not exceed 50 hours per work week. Net pay b. Total debits and total credits 54. Which of the following is correct? a. Record totals b. c.46. The sum of the cash deposit plus the discounts less the sales returns. Check digit should be used for all data codes. In processing this transaction. The sum of the cash deposits plus the discounts taken by customers. b. A company’s labor distribution report requires extensive corrections each months because of labor hours charged to inactive jobs.437. Hash totals c. the error would be detected with wich of the following controls? a. An example of a hash total is a. Transactions are not added. Key verifying c. b. Transactions are processed more than once. d. c.251. Control total d. c. 555. Total numbers of employees-10. Transactions are not omitted. c. Processing data totals d. 55. An agreement of the total number of employees to the total number of checks printed by the computer. Which statement is NOT correct? The goal of batch control is to ensure that during processing a. Control total 50. Total of amounts in computer-record data fields. An internal consistency check 52. None of the above. d. The employee entered “40” in the “hours work per day” field. which would best be defined as a hash total for payroll CIS application? a. which are NOT usually added but are used only for data processing control purposes are called a. Which of the following is an example of a check digit? a. An audit trail is not created. b.

Which of the following procedures is an example of auditing “around” the computer? a. This includes computer programs and data the auditor uses as part of the audit procedures to process data of audit significance contained in entity’s information system. The segregation of duties within the computer center. a. Detecting errors in the general ledger adjustment process d. Limit check c. A disadvantage of auditing around the computer is that it a. The auditor develops a set of hypothetical sales transactions and. d. 66. Missing data check Output controls are not designed to assure that information generated by the computer are: a. A storage / retention control b. Detecting errors after the processing is completed b. Interacts actively with auditee applications. Accurate b. A system that affects a number of essential master files and produces no a limit output. d. 67. Auditing around the computer The process of assessing control risk considering only non IT control is known as? a. the independent auditor focuses solely upon the source document and a. c. Permits no direct assessment of actual processing. The auditor enters hypothetical transactions into the client’s processing system during client processing of live data. Distributed only to authorized people c. The auditor traces adding machine tapes of sale order batch totals to a computer printout of the sales journal. Auditing by testing the input and output of an IT system instead of the computer program itself will a. Integrated test facility b. CIS process c. A report distribution control Which of the following is likely to be least importance to an auditor in considering the internal control in a company with computer processing? a. The cost / benefit of \data processing operations. 65. Numeric / alphabetic check. The auditor is primarily concerned with the computer rejection of data that fails to meet reasonableness limits. Compliance techniques d. It involves application of auditing procedure using the computer as an audit tool. Test data approach b. A control which would have prevented this occurrence is a. Generalized audit software When auditing “around” the computer\. c. enters the transactions into the system and observes the processing flow. 59. b. The control over source documents. b. CIS output Which of the following CIS generally can be audited without examining or directly testing the computer program of the software? a. The documentation maintained for accounting applications. Test data b. The test data approach c. Used appropriate by management Output controls need to be designed for which of the following data integrity objective? a. Required highly skilled auditors. a. 60. Auditing around the computer d. using the client’s computer program. A system that updates a few essential master files and produces no printed output other than final balance. Complete d. Demands intensive use of machine resources. A spooler file control d. c. 61. Preventing errors in separation of duties forces personnel An unauthorized employee took computer printouts from output bins accessible for all employees. The auditor observes client personnel as they process the biweekly payroll. b. 63. Preventing errors before the processing is completed c. . d. b. Generalized audit software d. A system that uses an on-line real-time processing future. 68.58. 62. 64. c. Sign check d. d. Computer assisted audit techniques c. A system that performs relatively uncomplicated processed and produces details output. Not detected program errors which do not show up in the output sampled. b. An output review control c.

Integrated test facility d. Auditing around the computer c. Trace a complex logic path through an application system b. Not provide the auditor with confidence in the results of the auditing procedures. Can be performed using only actual transactions since testing is simulated transactions is of no consequence. Auditors use auditor-controlled software to do the same operations that the client’s software does. Only one transaction of each type need be tested c. The test needs to consist of only those valid and invalid conditions which interest the auditor b. Verify processing accuracy concurrently with processing c. Parallel simulation . b. Test data approach b. 73. Detect all program errors. Approximately 1. Validity of the output c. the sample should include a. Use of test data c. Several transactions of each type must be tested b. A number of test items determined by the auditor’s reference to the appropriate sample tables d. b. Which of the following is not a common type of white box approach? a. Parallel simulation An auditor estimates that 10. One transaction An integrated test facility (ITF) would be appropriate when the auditor needs to a. which of the following is true of the test data approach? a. 76. Generalized audit software approach c. Parallel simulation Compliance system of an advanced CSI a. 71. is an auditing procedure referred to as a. 000 test items b. Program checking b. 79. The test data must consist of all possible valid and invalid conditions d. Test data b. Completing outstanding jobs d. Auditors process their own test data using their own computers that simulates the client’s computer system c. Microcomputer-aided auditing approach d.69. The auditor’s objective whether the client’s computer programs can correctly handle valid transactions as they arise is accomplished through the a. d. Provide the auditor with the same type of evidence d. the test data method I used by auditors to test the a. If a computer application control which performs a limit chick for each check request is to be subjected to the auditor’s test data approach . using auditor created data files Creating simulated transactions that are processed through a system to generate results that are compared with predetermined results. Accuracy of input data b. Is impractical since many procedures within the CIS activity leave no visible evidence of having been performed d. 70. Monitor transactions in an application system continuously. Is inadvisable because it may distort the evidence in master files Which of the following best describes the test data approach? a. 78. 74. b. Test data are processed by the client’s computed programs under the auditor’s control In auditing through a computer. regardless of the nature of the output c. Which of the following statement is not true to the test data approach when testing a computerized accounting system? a. 72. Test data must consist of all possible valid and invalid conditions c. using the same data files d. 75. d. T he program tested is different from the program used throughout the year by the client. Auditors use client-controlled software to do the same operations that the client’s software does. c. 77. Generally accepted auditing standard When an auditor tests a computerized accounting system. 000 checks were issued during the accounting period. Auditors process their own test data using the client’s computer system and application program. Verify load module integrity for production programs. Test data should include data that the client’s system should accept or reject. Procedures contained within the program d. Normalcy of distribution of test data Which of the following computer-assisted auditing techniques allows fictitious and real transactions to be processed together without client operating personnel being aware of the testing process? a. A number of test items determined by the auditor to be sufficient under the circumstances c. Can be performed using actual transactions or simulated transactions.

Test data approach A primary reason auditors are reluctant to use an ITF is that it requires them to a. Parallel simulation b. Each account in the customers file contains name. Notify user personnel so they can make manual adjustments to output d. Which of the following methods of testing application controls utilizes a generalized audit software package prepared by the auditors? a. the auditor may be compromising audit independence b. c. Integrated test facility d. may contaminate the client’s file. Removing the fictitious transactions from the system is somewhat difficult and. address. Exception report test This question is based on the following flowchart Transactio n files Client’s program Output Transaction files Compare Exception s report Auditor’s program Output . The generalized audit software approach c. The microcomputer-aided auditing approach d. A customer file is kept on disk storage. 85. credit limit. Called auditing around the computer Brandy Corporation has numerous customers. Develop a program to compare credit limits with account balances and print out the details of any account with a balance exceeding its credit limit. 82. Identify and reverse the fictitious entries to avoid contamination of the master file Which of the following is a disadvantage of the IFS approach? a. Develop test data that would cause some account balance to exceed the credit limit and determine if the system properly detects such situation b. In establishing fictitious entries. 84. d. The auditor wishes to test the file to determine whether credit limits are being exceeded. Collect transaction and master file records in a separate file c. Require a printout of all account balances so they can be manually checked against the credit limits. if not done carefully. ITF is simply an automated version of auditing “around” the computer d. c. Request a printout of a sample of account balances so they can be individually checked against the credit limits. The best procedure for the auditor to follow would be to: a. 83. Test data approach d. Generalized audit software programming c. and account balance. Integrated testing facility approach c. b. The test data approach b.80. The auditor may not always have a current copy of the authorized version of the client’s program The audit approach in which the auditor runs his/her own program on a controlled basis in order to verify the client’s data recorded in a machine language is a. Reserved specific master file records and process them at regular intervals b. 81.

Which statement indicates the use of parallel simulation audit techniques? a. b. Parallel simulation testing b. Which of the following computer-assisted auditing techniques inserts an audit module in the client’s specific types of transactions? a. Parallel simulation is an audit technique employed to verify processing by making use of audit test programs. d. Test transactions are processed using test program d. When performing a parallel simulation the auditor may used generalized audit software (GAS). Live transactions are processed using live programs b. Test data approach c. Program code checking Parallel simulation Integrated test facility Controlled reprocessing 86. Can be applied to a variety of client’s with minimal adjustment to the software d. Live transactions are processed with test master file c. Auditors can learn the software in a short period of time b. These audit test programs “simulate” the processing logic of an application program or progress under review. Live transactions are processed using test programs 88. Embedded audit module d. Generalized audit software testing . Greatly accelerates audit testing over manual procedures 87.This flowchart depicts a. c. Which of the following is not seen as an advantage to using GAS? a. Can be applied to a variety of client’s after detailed customization c.