Professional Documents
Culture Documents
1. CIS has several significant effects on an organization. Which of the following would not be important
from an auditing perspective?
b. The visibility of information d. None of the above; i.e., they are all important.
a. A CIS environment exists when a computer of any type or size is involved in the processing by
the entity of financial information of significance to the audit, whether that computer is
operated by the entity or by a third party.
b. The auditor should consider how a CIS environment affects the audit.
c. The use of a computer changes the processing, storage and communication of financial
information and may affect the accounting and internal control systems employed by the entity.
3. The characteristics that distinguish computer processing from manual processing include the
following:
2) Computer systems always ensure that complete transaction trails useful for audit purposes
are preserved for indefinite periods.
3) Computer processing virtually eliminates the occurrence of clerical errors normally
associated with manual processing.
a. All of the above statements are true. c. Only statements (1) and (3) ate true
b. Only statements (2) and (4) are true. d. All of the above statements are false.
d. Unauthorized access
a. The overall objective and scope of an audit do not change in a CIS environment.
b. When computers or CIS are introduced, the basic concept of evidence accumulation remains the
same.
c. Most CIS rely extensively on the same type of procedures for control that are used in manual
processing system.
d. The specific methods appropriate for implementing the basic auditing concepts do not change,
as systems become more complex.
D
a. The procedures followed by the auditor in obtaining a sufficient understanding of the accounting
and internal control systems.
c. The consideration of inherent risk and control risk through which the auditor arrives at the risk
assessment.
d. The auditor’s design and performance of tests of control and substantive procedures appropriate
to meet the audit objective.
10. A control which relates to all parts of the CIS is called a(n)
11. Controls which apply to a specific use of the system are called
C
12. Some CIS control procedure relate to all CIS activities (general controls) and some relate to specific
tasks (application controls). General controls include
a. Controls designed to ascertain that all data submitted to CIS for processing have been properly
authorized.
b. Controls that relate to the correction and resubmission of data that were initially incorrect
15. Which of the following is least likely to be a general control over computer activities?
c. An access control.
d. A control total.
D
16. Which of the following is an example of general control?
c. Processing controls.
d. Hardware controls.
18. Which of the following activities would most likely be performed in CIS department?
19. For control purposes, which of the following should be organizationally segregated from the
computer operations functions?
20. Which of the following computer related employees should not be allowed access to program
listings of application programs?
21. Where computers are used, the effectiveness of internal control depends, in part, upon whether the
organizational structure includes any incompatible combinations. Such a combination would exist
when there is no separation of the duties between
22. Which of the following is a general control that would most likely assist an entity whose system
analyst left the entity in the middle of a major project?
B
25. Access control in an online CIS can best be provided in most circumstances by
b. A label affixed to the outside of a file medium holder that identifies the contents.
26. Controls which are built in by the manufacturer to detect equipment failure are called:
27. In a CIS environment, automated equipment controls or hardware controls are designed to:
28. To determine that user ID and password controls are functioning, an auditor would most likely:
a. Test the system by attempting to sign on using invalid user identifications and passwords.
b. Write a computer program that simulates the logic of the client's access control software.
c. Extract a random sample of processed transactions and ensure that the transactions were
appropriately authorized
d. Examine statements signed by employees stating that they have not divulged their user
identifications and passwords to any other person
A
29. Adequate control over access to data processing is required to
d. Ensure that hardware controls are operating effectively and as designed by the computer
manufacturer.
30. The management of ABC Co. suspects that someone is tampering with pay rates by entering changes
through the Co.’s remote terminals located in the factory. The method ABC Co. should implement to
protect the system from these unauthorized alterations to the system’s files is
32. The possibility of losing a large amount of information stored in computer files most likely would be
reduced by the use of
33. Which of the following controls most likely would assure that an entity can reconstruct its financial
records?
a. Hardware controls are built into the computer by the computer manufacturer.
b. Backup diskettes or tapes of files are stored away from originals.
35. XYZ Company updates its accounts receivable master file weekly and retains the master files and
corresponding update transactions for the recent 2-week period. The purpose of this practice is to
39. In their consideration of a client's CIS controls, the auditors will encounter general controls and
application controls. Which of the following is an application control?
a. Application controls relate to various aspects of the CIS operation including software acquisition
and the processing of transactions.
b. Application controls relate to various aspects of the CIS operation including physical security and
the processing of transactions in various cycles.
c. There are reasonableness tests for the unit selling price of a sale.
d. After processing, all sales transactions are reviewed by the sales department.
A
42. Which of the following is not an example of an application control?
d. After processing, all sales transactions are reviewed by the sales department.
44. When CIS programs or files can be accessed from terminals, users should be required to enter a(n)
a. An agreement of the total number of employees to the total number of checks printed by the
computer.
b. An algebraically determined number produced by the other digits of the employee number.
c. A logic test that ensures all employee numbers are nine digits.
d. A limit check that an employee’s hours do not exceed 50 hours per work week.
46. Controls which are designed to assure that the data that will be processed by the computer is
authorized, complete, and accurate are called:
A
47. The completeness of computer-generated sales figures can be tested by comparing the number of
items listed on the daily sales report with the number of items billed on the actual invoices. This
process uses
48. A company's labor distribution report requires extensive corrections each month because of labor
hours charged to inactive jobs. Which of the following data processing input controls appears to be
missing?
50. A clerk inadvertently entered an account number 12368 rather than account number 12638. In
processing this transaction, the error would be detected with which of the following controls?
51. Totals of amounts in computer-record data fields, which are not usually added but are used only for
data processing control purposes, are called
52. If a control total were to be computed on each of the following data items, which would best be
identified as a hash total for a payroll application?
53. In updating a computerized accounts receivable file, which one of the following would be used as a
batch control to verify the accuracy of the posting of cash receipts remittances?
a. The sum of the cash deposits plus the discounts less the sales returns.
c. The sum of the cash deposits less the discounts taken by customers.
d. The sum of the cash deposits plus the discounts taken by customers.
54. Which statement is NOT correct? The goal of batch controls is to ensure that during processing
a. Total payroll checks - P12,315 c. Sum of the social security numbers - 12,
555, 437,251.
b. Total number of employees -10.
d. None of the above.
C
56. The employee entered “40" in the “hours worked per day” field. Which check would detect this
unintentional error?
57. Output controls are not designed to assure that information generated by the computer are:
a. Accurate. c. Complete
58. Output controls need to be designed for which of the following data integrity objectives?
59. An unauthorized employee took computer printouts form output bins accessible to all employees. A
control which would have prevented this occurrence is
a. A storage/retention control.
60. Which of the following is likely to be of least importance to an auditor in considering the internal
control in a company with computer processing?
a. The segregation of duties within the computer center.
61. It involves application of auditing procedures using the computer as an audit tool. This includes
computer programs and data the auditor uses as part of the audit procedures to process data of
audit significance contained in an entity’s information systems.
62. The process of assessing control risk considering only non IT controls is known as?
63. When auditing “around” the computer, the independent auditor focuses solely upon the source
documents and
65. Which of the following CIS generally can be audited without examining or directly testing the
computer programs of the system?
a. A system that performs relatively uncomplicated processes and produces detail output
b. A system that affects a number of essential master files and produces no a limited output
c. A system that updates a few essential master files and produces no printed output other than
final balances
66. Which of the following procedures is an example of auditing "around" the computer?
a. The auditor traces adding machine tapes of sales order batch totals to a computer printout of
the sales journal.
b. The auditor develops a set of hypothetical sales transactions and, using the client's computer
program, enters the transactions into the system and observes the processing flow.
c. The auditor enters hypothetical transactions into the client's processing system during client
processing of live data.
d. The auditor observes client personnel as they process the biweekly payroll. The auditor is
primarily concerned with computer rejection of data that fails to meet reasonableness limits.
68. Auditing by testing the input and output of an IT system instead of the computer program itself will
a. Not detect program errors which do not show up in the output sampled.
d. Not provide the auditor with confidence in the results of the auditing procedures.
A
69. Which of the following is NOT a common type of white box approach?
a. Can be performed using only actual transactions since testing of simulated transactions is of no
consequence
c. Is impractical since many procedures within the CIS activity leave no visible evidence of having
been performed
71. Which of the following best describes the test data approach?
a. Auditors process their own test data using the client’s computer system and application program
b. Auditors process their own test data using their own computers that stimulate the client's
computer system
c. Auditors use auditor-controlled software to do the same operations that the client's software
does, using the same data files
d. Auditors use client-controlled software to do the same operations that the client's software
does, using auditor created data files
72. Creating simulated transactions that are processed through a system to generate results that are
compared with predetermined results, is an auditing procedure referred to as
B
73. An auditor estimates that 10,000 checks were issued during the accounting period. If a computer
application control which performs a limit check for each check request is to be subjected to the
auditor’s test data approach, the sample should include
b. A number of test items determined by the auditor to be sufficient under the circumstances
c. A number of test items determined by the auditor’s reference to the appropriate sampling tables
d. One transaction
74. An integrated test facility (ITF) would be appropriate when the auditor needs to
75. The auditor’s objective to determine whether the client’s computer programs can correctly handle
valid and invalid transactions as they arise accomplished through the
76. When an auditor tests a computerized accounting system which of the following is true of the test
data approach?
b. Test data must consist of all possible valid and invalid conditions
c. The program tested is different from the program used throughout the year by the client
d. Test data should include data that the client's system should accept or reject
D
77. Which of the following statements is not true to the test data approach when testing a computerized
accounting system?
a. The test needs to consist of only those valid and invalid conditions which interest the auditor.
c. The test data must consist of all possible valid and invalid conditions.
d. Test data are processed by the client’s computed programs under the auditor’s control
78. In auditing through a computer, the test data method is used by auditors to test the
79. Which of the following computer-assisted auditing techniques allows fictitious and real transactions
to be processed together without client operating personnel being aware of the testing process?
80. A primary reason auditors are reluctant to use an ITF is that it requires them to
a. Reserve specific master file records and process them at regular intervals
d. Identify and reverse the fictitious entries to avoid contamination of the master file
81. Which of the following is a disadvantage of the integrated test facility approach?
a. In establishing fictitious entities, the auditor may be compromising audit independence.
b. Removing the fictitious transactions from the system is somewhat difficult and, if not done
carefully, may contaminate the client's files.
d. The auditor may not always have a current copy of the authorized version of the client's
program.
82. The audit approach in which the auditor runs his/her own program on a controlled basis in order to
verify the client’s data recorded in a machine language is
b. The generalized audit software approach. d. Called auditing around the computer.
83. Bandy Corporation has numerous customers. A customer file is kept on disk storage. Each account in
the customer file contains name, address, credit limit, and account balance. The auditor wishes to
test this tile to determine whether credit limits are being exceeded. The best procedure the auditor
to follow would be to:
a. Develop test data that would cause some account balance to exceed the credit limit and
determine if the system properly detects such situations.
b. Develop a program to compare credit limits with account balances and print out the details of
any account with a balance exceeding its credit limit.
c. Require a printout of all account balances so they can be manually checked against the credit
limits.
d. Request a printout of a sample of account balances so they can be individually checked against
the credit limits.
84. Which of the following methods of testing application controls utilizes a generalized audit software
package prepared by the auditors?
85. When performing a parallel simulation the auditor may use generalized audit software (GAS). Which
of the following is not seen as an advantage to using GAS?
86. Parallel simulation is an audit technique employed to verify processing by making use of audit test
programs. These audit test programs “simulate” the processing logic of an application program or
progress under review. Which statement indicates the use of parallel simulation audit techniques?
87. Which of the following computer-assisted auditing techniques inserts an audit module in the client's
application system to identify specific tests of transactions?