Internal Control and Computer Based Information Systems (CBIS)

Internal Control and Computer Based Information Systems

(CBIS)

MULTIPLE CHOICE:

1. In the weekly computer run to prepare payroll checks, a check

was printed for an employee who had been terminated the previous
week. Which of the following controls, if properly utilized, would
have been most effective in preventing the error or ensuring its
prompt detection?

a. A control total for hours worked, prepared from time cards

collected by the timekeeping department. b. Requiring the
treasurer's office to account for the number of the pre-numbered
checks issued to the CBIS department for the processing of the
payroll. c. Use of a check digit for employee numbers. d. Use of a
header label for the payroll input sheet.

ANSWER: A

2. An auditor is preparing test data for use in the audit of a

computer based accounts receivable application. Which of the
following items would be appropriate to include as an item in the
test data?

a. A transaction record which contains an incorrect master file

control total. b. A master file record which contains an invalid
customer identification number. c. A master file record which
contains an incorrect master file control total. d. A transaction
record which contains an invalid customer identification number.

ANSWER: D
3. Unauthorized alteration of on-line records can be prevented by
employing:

a. Key verification. b. Computer sequence checks. c. Computer

matching. d. Data base access controls.

ANSWER: D

4. In auditing through a computer, the test data method is used by

auditors to test the

a. Accuracy of input data. b. Validity of the output. c. Procedures

contained within the program. d. Normalcy of distribution of test
data.

ANSWER: C

5. In the preliminary survey the auditor learns that a department

has several microcomputers. Which of the following is usually true
and should be considered in planning the audit?

a. Microcomputers, though small, are capable of processing financial

information, and physical security is a control concern. b.
Microcomputers are limited to applications such as worksheet
generation and do not present a significant audit risk. c.
Microcomputers are generally under the control of the data
processing department and use the same control features. d.
Microcomputers are too small to contain any built-in control
features. Therefore, other controls must be relied upon.

ANSWER: A

6. The primary reason for internal auditing's involvement in the

development of new computer-based sysstems is to:

a. Plan post-implementation reviews. b. Promote adequate controls.

c. Train auditors in CBIS techniques.

d. Reduce overall audit effort.

ANSWER: B

7. Which of the following is an advantage of generalized computer

audit packages?

a. They are all written in one identical computer language.

b. They can be used for audits of clients that use differing CBIS
equipment and file formats. c. They have reduced the need for the
auditor to study input controls for CBIS related procedures. d. Their
use can be substituted for a relatively large part of the required
control testing.

ANSWER: B

8. Processing simulated file data provides the auditor with

information about the reliability of controls from evidence that
exists in simulated files. One of the techniques involved in this
approach makes use of

a. Controlled reprocessing. b. Program code checking. c. Printout

reviews. d. Integrated test facility.

ANSWER: D

9. Which of the following statements most likely represents a

disadvantage for an entity that keeps microcomputer-prepared data
files rather than manually prepared files?

a. It is usually more difficult to detect transposition errors. b.

Transactions are usually authorized before they are executed and
recorded. c. It is usually easier for unauthorized persons to access
and alter the files. d. Random error associated with processing
similar transactions in different ways is usually greater.

ANSWER: C

10. The possibility of losing a large amount of information stored in

computer files most likely would be reduced by the use of

a. Back-up files

b. Check digits

c. Completeness tests

d. Conversion verification.

ANSWER: A

11. An integrated test facility (ITF) would be appropriate when the

auditor needs to

a. Trace a complex logic path through an application system.

b. Verify processing accuracy concurrently with processing.

c. Monitor transactions in an application system continuously. d.

Verify load module integrity for production programs.

ANSWER: B

12. Where computer processing is used in significant accounting

applications, internal accounting control procedures may be defined
by classifying control procedures into two types: general and

a. Administrative. b. Specific. c. Application. d. Authorization.

ANSWER: C
13. The increased presence of the microcomputer in the workplace
has resulted in an increasing number of persons having access to
the computer. A control that is often used to prevent unauthorized
access to sensitive programs is:

a. Backup copies of the diskettes. b. Passwords for each of the

users. c. Disaster-recovery procedures. d. Record counts of the
number of input transactions in a batch being processed.

ANSWER: B

14. Checklists, systems development methodology, and staff hiring

are examples of what type of controls?

a. Detective. b. Preventive. c. Subjective. d. Corrective.

ANSWER: B

15. When an on-line, real-time (OLRT) computer-based processing

system is in use, internal control can be strengthened by

a. Providing for the separation of duties between keypunching and

error listing operations. b. Attaching plastic file protection rings to
reels of magnetic tape before new data can be entered on the file.
c. Making a validity check of an identification number before a user
can obtain access to the computer files. d. Preparing batch totals to
provide assurance that file updates are made for the entire input.

ANSWER: C

16. When auditing "around" the computer, the independent auditor

focuses solely upon the source documents and

a. Test data. b. CBIS processing. c. Control techniques. d. CBIS

output.
ANSWER: D

17. One of the features that distinguishes computer processing from

manual processing is

a. Computer processing virtually eliminates the occurrence of

computational error normally associated with manual processing. b.
Errors or fraud in computer processing will be detected soon after
their occurrences. c. The potential for systematic error is ordinarily
greater in manual processing than in computerized processing.

d. Most computer systems are designed so that transaction trails

useful for audit purposes do not exist.

ANSWER: A

18. Given the increasing use of microcomputers as a means for

accessing data bases, along with on-line real-time processing,
companies face a serious challenge relating to data security.
Which of the following is not an appropriate means for meeting
this challenge?

a. Institute a policy of strict identification and password

controls housed in the computer software that permit
only specified individuals to access the computer files and
perform a given function.

b. Limit terminals to perform only certain transactions.

c. Program software to produce a log of transactions showing

date, time, type of transaction, and operator.

d. Prohibit the networking of microcomputers and do not

permit users to access centralized data bases.

ANSWER: D
19. What type of computer-based system is characterized by data
that are assembled from more than one location and records
that are updated immediately?

a. Microcomputer system. b. Minicomputer system. c. Batch

processing system. d. Online real-time system.

ANSWER: D

20. Company A has recently converted its manual payroll to a

computer-based system. Under the old system, employees
who had resigned or been terminated were occasionally kept
on the payroll and their checks were claimed and cashed by
other employees, in collusion with shop foremen. The
controller is concerned that this practice not be allowed to
continue under the new system. The best control for
preventing this form of "payroll padding" would be to

a. Conduct exit interviews with all employees leaving the

company, regardless of reason.

b. Require foremen to obtain a signed receipt from each

employee claiming a payroll check.

c. Require the human resources department to authorize all

hires and terminations, and to forward a current
computerized list of active employee numbers to payroll
prior to processing. Program the computer to reject
inactive employee numbers.

d. Install time clocks for use by all hourly employees.

ANSWER: C

21. Compared to a manual system, a CBIS generally

1. Reduces segregation of duties. 2. Increases segregation of
duties. 3. Decreases manual inspection of processing results. 4.
Increases manual inspection of processing results.

a. 1 and 3. b. 1 and 4 c. 2 and 3 d. 2 and 4.

ANSWER: A

22. One of the major problems in a CBIS is that incompatible

functions may be performed by the same individual. One
compensating control for this is the use of

a. Echo checks. b. A self-checking digit system. c. Computer

generated hash totals. d. A computer log.

ANSWER: D

23. Which of the following processing controls would be most

effective in assisting a store manager to ascertain whether the
payroll transaction data were processed in their entirety?

a. Payroll file header record. b. Transaction identification codes. c.

Processing control totals. d. Programmed exception reporting.

ANSWER: C

24. An organizational control over CBIS operations is

a. Run-to-run balancing of control totals. b. Check digit verification

of unique identifiers. c. Separation of operating and programming
functions. d. Maintenance of output distribution logs.

ANSWER: C

25. Which of the following methods of testing application controls

utilizes a generalized audit software package prepared by the
auditors?
a. Parallel simulation. b. Integrated testing facility approach. c. Test
data approach. d. Exception report tests.

ANSWER: A

26. An unauthorized employee took computer printouts from output

bins accessible to all employees. A control which would have
prevented this occurrence is

a. A storage/retention control. b. A spooler file control. c. An output

review control. d. A report distribution control.

ANSWER: D

27. Which of the following is a disadvantage of the integrated test

facility approach?

a. In establishing fictitious entities, the auditor may be

compromising audit independence.

b. Removing the fictitious transactions from the system is

somewhat difficult and, if not done carefully, may
contaminate the client's files.

c. ITF is simply an automated version of auditing "around" the

computer.

d. The auditor may not always have a current copy of the

authorized version of the client's program.

ANSWER: B

28. Totals of amounts in computer-record data fields which are not

usually added for other purposes but are used only for data
processing control purposes are called
a. Record totals. b. Hash totals. c. Processing data totals. d. Field
totals.

ANSWER: B

29. A hash total of employee numbers is part of the input to a

payroll master file update program. The program compares the
hash total to the total computed for transactions applied to the
master file. The purpose of this procedure is to:

a. Verify that employee numbers are valid. b. Verify that only

authorized employees are paid. c. Detect errors in payroll
calculations. d. Detect the omission of transaction processing.

ANSWER: D

30. Matthews Corp. has changed from a system of recording time

worked on clock cards to a computerized payroll system in
which employees record time in and out with magnetic cards.
The CBIS automatically updates all payroll records. Because of
this change

a. A generalized computer audit program must be used. b. Part of

the audit trail is altered. c. The potential for payroll related fraud is
diminished. d. Transactions must be processed in batches.

ANSWER: B

31. Generalized audit software is of primary interest to the auditor

in terms of its capability to

a. Access information stored on computer files. b. Select a sample

of items for testing. c. Evaluate sample test results. d. Test the
accuracy of the client's calculations.

ANSWER: A
32. An accounts payable program posted a payable to a vendor not
included in the on-line vendor master file. A control which would
prevent this error is a

a. Validity check. b. Range check. c. Reasonableness test. d. Parity

check.

ANSWER: A

33. In a computerized sales processing system, which of the

following controls is most effective in preventing sales invoice
pricing errors?

a. Sales invoices are reviewed by the product managers before

being mailed to customers.

b. Current sales prices are stored in the computer, and, as

stock numbers are entered from sales orders, the
computer automatically prices the orders.

c. Sales prices, as well as product numbers, are entered as

sales orders are entered at remote terminal locations.

d. Sales prices are reviewed and updated on a quarterly basis.

ANSWER: B