Information Technology Auditing

INSTRUCTIONS:
 Encircle the letter of the BEST answer for each Multiple Choice Question.
 Any form of cheating will be dealt accordingly. Failure to comply with any of these rules will
get no merit in this examination.

I. Multiple Choice Questions

1. Which control is not associated with new systems development activities?
a. reconciling program version numbers c. user involvement
b. program testing d. internal audit participation

2. Which test of controls will provide evidence that the system as originally implemented was
free from material errors and free from fraud? Review of the documentation indicates that
a. a cost-benefit analysis was conducted
b. the detailed design was an appropriate solution to the user's problem
c. tests were conducted at the individual module and total system levels prior to
implementation
d. problems detected during the conversion period were corrected in the maintenance phase

3. Routine maintenance activities require all of the following controls except

a. documentation updates c. formal authorization
b. testing d. internal audit approval

4. Which statement is correct?

a. compiled programs are very susceptible to unauthorized modification
b. the source program library stores application programs in source code form
c. modifications are made to programs in machine code language
d. the source program library management system increases operating efficiency

5. Which control is not a part of the source program library management system?
a. using passwords to limit access to application programs
b. assigning a test name to all programs undergoing maintenance
c. combining access to the development and maintenance test libraries
d. assigning version numbers to programs to record program modifications

6. Which control ensures that production files cannot be accessed without specific permission?
a. Database Management System c. Source Program Library Management System
b. Recovery Operations Function d. Computer Services Function

7. Program testing
a. involves individual modules only, not the full system
b. requires creation of meaningful test data
c. need not be repeated once the system is implemented
d. is primarily concerned with usability

8. Which statement is not true?

a. An audit objective for systems maintenance is to detect unauthorized access to application
databases.
b. An audit objective for systems maintenance is to ensure that applications are free from

1
 errors.
c. An audit objective for systems maintenance is to verify that user requests for maintenance
reconcile to program version numbers.
d. An audit objective for systems maintenance is to ensure that the production libraries are
protected from unauthorized access.

9. When the auditor reconciles the program version numbers, which audit objective is being
tested?
a. protect applications from unauthorized changes
b. ensure applications are free from error
c. protect production libraries from unauthorized access
d. ensure incompatible functions have been identified and segregated

10. Which is not a level of a data flow diagram?

a. conceptual level c. intermediate level
b. context level d. elementary level

11. Which statement is not correct? The structured design approach

a. is a top-down approach
b. is documented by data flow diagrams and structure diagrams
c. assembles reusable modules rather than creating systems from scratch
d. starts with an abstract description of the system and redefines it to produce a more detailed
description of the system

12. The benefits of the object-oriented approach to systems design include all of the
following except
a. this approach does not require input from accountants and auditors
b. development time is reduced
c. a standard module once tested does not have to be retested until changes are made
d. system maintenance activities are simplified

13. Which level of a data flow diagram is used to produce program code and database
tables?
a. context level c. intermediate level
b. elementary level d. prototype level

14. Evaluators of the detailed feasibility study should not include

a. the internal auditor c. a user representative
b. the project manager d. the system designer

15. A cost-benefit analysis is a part of the detailed

a. operational feasibility study c. legal feasibility study
b. schedule feasibility study d. economic feasibility study

16. Examples of one-time costs include all of the following except

a. hardware acquisition c. site preparation
b. Insurance d. programming

17. Examples of recurring costs include

a. software acquisition c. personnel costs
b. data conversion d. systems design

2
18. A commercial software system that is completely finished, tested, and ready for
implementation is called a
a. backbone system c. benchmark system
b. vendor-supported system d. turnkey system

19. Which of the following is not an advantage of commercial software? Commercial software
a. can be installed faster than a custom system
b. can be easily modified to the user’s exact specifications
c. is significantly less expensive than a system developed in-house
d. is less likely to have errors than an equivalent system developed in-house

20. Which step is least likely to occur when choosing a commercial software package?
a. a detailed review of the source code c. preparation of a request for proposal
b. contact with user groups d. comparison of the results of a benchmark problem

21. The output of the detailed design phase of the Systems Development Life Cycle (SDLC) is a
a. fully documented system report c. detailed system design report
b. systems selection report d. systems analysis report

22. The detailed design report contains all of the following except
a. input screen formats c. report layouts
b. alternative conceptual designs d. process logic

23. System documentation is designed for all of the following groups except
a. systems designers and programmers
b. end users
c. accountants
d. all of the above require systems documentation

24. Which type of documentation shows the detailed relationship of input files, programs, and
output files?
a. structure diagrams c. system flowchart
b. overview diagram d. program flowchart

25. Typical contents of a run manual include all of the following except
a. run schedule c. file requirements
b. logic flowchart d. explanation of error messages

26. Computer operators should have access to all of the following types of documentation except
a. a list of users who receive output c. a list of all master files used I the system
b. a program code listing d. a list of required hardware devices

27. Which task is not essential during a data conversion procedure?

a. decomposing the system c. reconciliation of new and old databases
b. validating the database d. backing up the original files
28. When converting to a new system, which cutover method is the most conservative?
a. cold turkey cutover c. parallel operation cutover
b. phased cutover d. data coupling cutover

29. Site preparation costs include all of the following except

3
a. crane used to install equipment c. supplies
b. freight charges d. reinforcement of the building floor

30. The testing of individual program modules is a part of

a. software acquisition costs c. data conversion costs
b. systems design costs d. programming costs

31. A common use for sequential coding is

a. creating the chart of accounts c. identifying documents
b. identifying inventory items d. identifying fixed assets

32. The most important advantage of sequential coding is that

a. missing or unrecorded documents can be identified c. items cannot be inserted
b. the code itself lacks informational content d. deletions affect the sequence

33. When a firm wants its coding system to convey meaning without reference to any other
document, it would choose
a. an alphabetic code c. a group code
b. a mnemonic code d. a block code

34. The most important advantage of an alphabetic code is that

a. meaning is readily conveyed to users c. the capacity to represent items is increased
b. sorting is simplified d. missing documents can be identified

35. Which statement is not true?

a. The journal voucher is the only source of input into the general ledger.
b. A journal voucher can be used to represent summaries of similar transactions or a single unique
transaction.
c. Journal vouchers are not used to make adjusting entries and closing entries in the general
ledger.
d. Journal vouchers offer a degree of control against unauthorized general ledger entries.

36. Entries into the General Ledger System (GLS) can be made using information from
a. the general journal
b. a journal voucher which represents a summary of similar transactions
c. a journal voucher which represents a single, unusual transaction
d. all of the above

37. Which statement is not correct? The general ledger master file
a. is based on the firm’s chart of account
b. contains a record for control accounts
c. is an output of the Financial Reporting System (FRS)
d. supplies information for management decision making

38. What type of data is found in the general ledger master file?
a. a chronological record of all transactions
b. the balance of each account in the chart of accounts
c. budget records for each account in the chart of accounts
d. subsidiary details supporting a control account

39. Which report is not an output of the Financial Reporting System (FRS)?

4
a. variance analysis report c. tax return
b. statement of cash flows d. comparative balance sheet

40. Which steps in the Financial Accounting Process are in the correct sequence?
a. record the transaction, post to the ledger, prepare the adjusted trial balance, enter adjusting
entries, prepare financial statements
b. record the transaction, prepare the unadjusted trial balance, record adjusting journal
entries, record closing entries, prepare financial statements
c. record the transaction, post to the ledger, record adjusting entries, prepare the unadjusted
trial balance, prepare financial statements
d. record the transaction, post to the ledger, prepare the adjusted trial balance, prepare
financial statements, record closing entries

41. Which statement is not correct?

a. the post-closing trial balance reports the ending balance of each account in the general
ledger
b. one purpose of preparing the unadjusted trial balance is to ensure that debits equal credits
c. financial statements are prepared based on the unadjusted trial balance
d. the unadjusted trial balance reports control account balances but omits subsidiary ledger
detail

42. What account appears on the post-closing trial balance?

a. income summary c. rent expense
b. Machinery d. interest income

43. Financial statements are prepared from the

a. trial balance c. general ledger
b. adjusted trial balance d. general journal

44. Risk exposures in the General Ledger and Financial Reporting Systems include all of the
following except
a. loss of the audit trail
b. unauthorized access to the general ledger
c. loss of physical assets
d. general ledger account out of balance with the subsidiary account

45. Which situation indicates an internal control risk in the General Ledger/Financial Reporting
Systems (GL/FRS)?
a. the employee who maintains the cash journal computes depreciation expense
b. the cash receipts journal voucher is approved by the Treasurer
c. the cash receipts journal vouchers are prenumbered and stored in a locked safe
d. the employee who maintains the cash receipts journal records transactions in the accounts
receivable subsidiary ledger

46. With a limited work force and a desire to maintain strong internal control, which combination
of duties performed by a single individual presents the least risk exposure?
a. maintaining the inventory ledger and recording the inventory journal voucher in the
general ledger
b. recording the inventory journal voucher in the general ledger and maintaining custody of
inventory
c. maintaining the cash disbursements journal and recording direct labor costs applied to

5
 specific jobs
d. preparing the accounts payable journal voucher and recording it in the general ledger

47. XBRL
a. is the basic protocol that permits communication between Internet sites.
b. controls Web browsers that access the Web.
c. is the document format used to produce Web pages.
d. was designed to provide the financial community with a standardized method for
preparing
e. is a low-level encryption scheme used to secure transmissions in higher-level (HTTP)
format.

48. An XBRL taxonomy:

a. is the document format used to produce web pages.
b. is the final product (report).
c. is a classification scheme.
d. is a tag stored in each database record.
e. none of the above is true.

49. Which statement is not correct? The audit trail in a computerized environment
a. consists of records that are stored sequentially in an audit file
b. traces transactions from their source to their final disposition
c. is a function of the quality and integrity of the application programs
d. may take the form of pointers, indexes, and embedded keys

50. All of the following concepts are associated with the black box approach to auditing computer
applications except
a. the application need not be removed from service and tested directly
b. auditors do not rely on a detailed knowledge of the application's internal logic
c. the auditor reconciles previously produced output results with production input
transactions
d. this approach is used for complex transactions that receive input from many sources

51. Which test is not an example of a white box test?

a. determining the fair value of inventory
b. ensuring that passwords are valid
c. verifying that all pay rates are within a specified range
d. reconciling control totals

52. When analyzing the results of the test data method, the auditor would spend the least
amount of time reviewing
a. the test transactions c. updated master files
b. error reports d. output reports

53. All of the following are advantages of the test data technique except
a. auditors need minimal computer expertise to use this method
b. this method causes minimal disruption to the firm's operations
c. the test data is easily compiled
d. the auditor obtains explicit evidence concerning application functions

54. All of the following are disadvantages of the test data technique except

6
a. the test data technique requires extensive computer expertise on the part of the auditor
b. the auditor cannot be sure that the application being tested is a copy of the current
application used by computer services personnel
c. the auditor cannot be sure that the application being tested is the same application used
throughout the entire year
d. preparation of the test data is time-consuming

55. Program testing

a. involves individual modules only, not the full system
b. requires creation of meaningful test data
c. need not be repeated once the system is implemented
d. is primarily concerned with usability

56. The correct purchase order number,is123456. All of the following are transcription errors
except
a. 1234567 c. 124356
b. 12345 d. 123454

57. Which of the following is correct?

a. check digits should be used for all data codes
b. check digits are always placed at the end of a data code
c. check digits do not affect processing efficiency
d. check digits are designed to detect transcription and transposition errors

58. Which statement is not correct? The goal of batch controls is to ensure that during processing
a. transactions are not omitted
b. transactions are not added
c. transactions are free from clerical errors
d. an audit trail is created

59. An example of a hash total is

a. total payroll checks–$12,315
b. total number of employees–10
c. sum of the social security numbers–12,555,437,251
d. none of the above

60. Which statement is not true? A batch control record

a. contains a transaction code
b. records the record count
c. contains a hash total
d. control figures in the record may be adjusted during processing
e. All the above are true

61. Which of the following is not an example of a processing control?

a. hash total c. batch total
b. record count d. check digit

62. Which of the following is an example of input control test?

a. sequence check c. spooling check
b. zero value check d. range check

7
63. Which input control check would detect a payment made to a nonexistent vendor?
a. missing data check c. range check
b. numeric/alphabetic check d. validity check

64. Which input control check would detect a posting to the wrong customer account?
a. missing data check c. reasonableness check
b. check digit d. validity check

65. The employee entered "40" in the "hours worked per day" field. Which check would detect
this unintentional error?
a. numeric/alphabetic data check c. limit check
b. sign check d. missing data check

66. An inventory record indicates that 12 items of a specific product are on hand. A customer
purchased two of the items, but when recording the order, the data entry clerk mistakenly entered
20 items sold. Which check could detect this error?
a. numeric/alphabetic data checks c. range check
b. limit check d. reasonable check

67. Which check is not an input control?

a. reasonableness check c. spooling check
b. validity check. d. missing data check

68. A computer operator was in a hurry and accidentally used the wrong master file to
process a transaction file. As a result, the accounts receivable master file was erased.
Which control would prevent this from happening?
a. header label check c. version check
b. expiration date check d. validity check

69. Run-to-run control totals can be used for all of the following except
a. to ensure that all data input is validated
b. to ensure that only transactions of a similar type are being processed
c. to ensure the records are in sequence and are not missing
d. to ensure that no transaction is omitted

70. Methods used to maintain an audit trail in a computerized environment include all of the
following except
a. transaction logs c. data encryption
b. Transaction Listings. d. log of automatic transactions

*** Nothing Follows***