Acctg.

325 - MT Quiz#3 Total points 25/32

Western Institute of Technology

College of Business and Accountancy
2nd Semester, A.Y. 2020-2021
Acctg. 325 - Auditing in CIS Environment
MT Quiz #3

Email address *

gonzales.gloreejoyabsa1993@gmail.com

An auditor would most likely be concerned with which of the following 0/1
controls in a distributed data processing system?

Access controls.

Systems documentation controls.

Disaster recovery controls.

Hardware controls.

Which of the following standards or group of standards is mostly affected 1/1

by a computerized information system environment?

Standards of fieldwork

General standards

Reporting standards

Second standard of field work

An on-line access control that checks whether the user’s code number is 1/1
authorized to initiate a specific type of transaction or inquiry is referred to
as

Password

Compatibility test

Limit check

Reasonableness test

Which statement is incorrect regarding internal control in personal 1/1

computer environment?

Controls over the system development process and operations may not be viewed by
the developer, the user or management as being as important or cost-effective.

In almost all commercially available operating systems, the built-in security provided
has gradually increased over the years.

Generally, the CIS environment in which personal computers are used is less
structured than a centrally-controlled CIS environment.

In a typical personal computer environment, the distinction between general CIS

controls and CIS application controls is easily ascertained.
The undesirable characteristics of on-line computer systems least likely 0/1
include

Potential programmer access to the system.

Unlimited access of users to all of the functions in a particular application.

Possible lack of visible transaction trail.

Data are usually subjected to immediate validation checks.

Correct answer

Data are usually subjected to immediate validation checks.

Certain general CIS controls that are particularly important to on-line 0/1
processing least likely include

Edit, reasonableness and other validation tests.

Use of anti-virus software program.

Access controls.

System development and maintenance controls.

Correct answer

Edit, reasonableness and other validation tests.

Which of the following numbers represents the record count? 1/1

810

900

Personal computers are susceptible to theft, physical damage, 1/1

unauthorized access or misuse of equipment. Which of the following is
least likely a physical security to restrict access to personal computers
when not in use?

Using door locks or other security protection during non-business hours.

Locking the personal computer in a protective cabinet or shell.

Fastening the personal computer to a table using security cables.

Using anti-virus software programs.

It is a computer program (a block of executable code) that attaches itself 1/1
to a legitimate program or data file and uses it as a transport mechanism
to reproduce itself without the knowledge of the user.

Virus

Utility program

Encryption

System management program

Which statement is incorrect when auditing in a CIS environment? 1/1

A CIS environment exists when a computer of any type or size is involved in the
processing by the entity of financial information of significance to the audit; whether
that computer is operated by the entity or by a third party.

A CIS environment changes the overall objective and scope of an audit.

The auditor should consider how a CIS environment affects the audit.

The use of a computer changes the processing, storage and communication of

financial information and may affect the accounting and internal control systems
employed by the entity.

It relates to materiality of the financial statement assertions affected by the 1/1

computer processing.

Complexity

Significance

Threshold

Relevance

Computer systems are typically supported by a variety of utility software 0/1

packages that are important to an auditor because they

Are very versatile programs that can be used on hardware of many manufacturers.

Are written specifically to enable auditors to extract and sort data.

May enable unauthorized changes to data files if not properly controlled.

May be significant components of a client’s application programs.

Correct answer

May enable unauthorized changes to data files if not properly controlled.

Which statement is incorrect regarding the evaluation of general CIS 1/1

controls and CIS application controls?

If general CIS controls are not effective, there may be a risk that misstatements might
occur and go undetected in the application systems.

The general CIS controls may have a pervasive effect on the processing of
transactions in application systems.

Manual procedures exercised by users may provide effective control at the application
level.

Weaknesses in general CIS controls cannot preclude testing certain CIS application
controls.
A control feature in an electronic data processing system requires the 1/1
central processing unit (CPU) to send signals to the printer to activate the
print mechanism for each character. The print mechanism, just prior to
printing, sends a signal back to the CPU verifying that the proper print
position has been activated. This type of hardware control is referred to as

Validity control

Echo check

Signal control

Check digit control

For the accounting system of ERMOSO Company, the amounts of cash 1/1
disbursements entered into an EDP terminal are transmitted to the
computer that immediately transmits the amounts back to the terminal for
display on the terminal screen. This display enables the operator to

Verify the authorization of the disbursements

Verify the amount was entered accurately

Prevent the overpayment of the account

Establish the validity of the account number

Which of the following is least considered if the auditor has to determine 1/1
whether specialized CIS skills are needed in an audit?

The auditor needs to obtain a sufficient understanding of the accounting and internal
control system affected by the CIS environment.

Design and perform appropriate tests of controls and substantive procedures.

The need of the auditor to make analytical procedures during the completion stage of
audit.

The auditor needs to determine the effect of the CIS environment on the assessment
of overall risk and of risk at the account balance and class of transactions level.

Which of the following least likely protects critical and sensitive information 0/1
from unauthorized access in a personal computer environment?

Segregating data into files organized under separate file directories.

Employing passwords.

Keeping of backup copies offsite.

Using secret file names and hiding the files.

Correct answer

Keeping of backup copies offsite.

The effect of personal computers on the accounting system and the 1/1
associated risks will least likely depend on

The nature of files and programs utilized in the applications.

The type and significance of financial transactions being processed.

The cost of personal computers.

The extent to which the personal computer is being used to process accounting
applications.
CIS application controls include, except 1/1

Controls over input.

Controls over processing and computer data files.

Monitoring controls.

Controls over output.

Which of the following is not a major reason for maintaining an audit trail 1/1
for a computer system?

Monitoring purposes.

Query answering.

Deterrent to fraud.

Analytical procedures.

Which of the following least likely indicates a complexity of computer 1/1

processing?

The volume of the transactions is such that users would find it difficult to identify and
correct errors in processing.

The computer automatically generates material transactions or entries directly to

another application.

The system generates a daily exception report.

Transactions are exchanged electronically with other organizations without manual

review of their propriety.

Which one of the following input validation routines is not likely to be 1/1
appropriate in a real time operation?

Sequence check

Redundant data check

Sign check

Field check

It refers to plans made by the entity to obtain access to comparable 1/1

hardware, software and data in the event of their failure, loss or
destruction.

Wide Area Network (WAN)

Encryption

Anti-virus

Back-up
Most of today’s computer systems have hardware controls that are built in 0/1
by the computer manufacturer. Common hardware controls are

Duplicate circuitry, echo check, and dual reading

Tape file protection, cryptographic protection, and limit checks

Duplicate circuitry, echo check, tape file protection, and internal header labels

Duplicate circuitry, echo check, and internal header labels

Correct answer

Duplicate circuitry, echo check, and dual reading

Computer systems that enable users to access data and programs directly 1/1
through workstations are referred to as

Personal computer systems

On-line computer systems

Database systems

Database management systems (DBMS)

After the preliminary phase of the review of a client’s computer controls, an 1/1
auditor may decide not to perform tests of controls related to the controls
within the computer portion of the client’s internal control. Which of the
following would not be a valid reason for choosing to omit such tests?

The time and peso costs of testing exceed the time and peso savings in substantive
testing if the tests of controls show the controls to be operative.

The controls appear adequate.

There appear to be major weaknesses that would preclude reliance on the stated
procedure.

The controls duplicate operative controls existing elsewhere in the structure.

An auditor would least likely use computer software to 1/1

Assess computer control risk.

Prepare spreadsheets.

Construct parallel simulations.

Access client data files.

An auditor most likely would test for the presence of unauthorized 0/1
computer program changes by running a

Program that computes control totals.

Program with test data.

Check digit verification program.

Source code comparison program.

Correct answer

Source code comparison program.

Which of the following is least likely a risk characteristic associated with CIS 1/1
environment?

Errors embedded in an application’s program logic maybe difficult to manually detect

on a timely basis.

Many control procedures that would ordinarily be performed by separate individuals in

manual system maybe concentrated in CIS.

The potential unauthorized access to data or to alter them without visible evidence
maybe greater.

Initiation of changes in the master file is exclusively handled by respective users.

Certain CIS application controls that are particularly important to on-line 1/1
processing least likely include

Pre-processing authorization.

Balancing.

Cut-off procedures.

Transaction logs.

The nature of the risks and the internal characteristics in CIS environment 1/1
that the auditors are mostly concerned include the following except:

Dependence of other control over computer processing.

Lack of transaction trails.

Cost-benefit ratio.

Lack of segregation of functions.

Which of the following is not likely a control over removable storage media 1/1
to prevent misplacement, alteration without authorization or destruction?

Placing responsibility for such media under personnel whose responsibilities include
duties of software custodians or librarians.

Keeping current copies of diskettes, compact disks or back-up tapes and hard disks in
a fireproof container, either on-site, off-site or both.

Using a program and data file check-in and check-out system and locking the
designated storage locations.

Using cryptography, which is the process of transforming programs and information

into an unintelligible form.

This form was created inside Western Institute of Technology.

 Forms