Multiple Choice Questions
Which type of audit involves a review of
1. Information that needs to be stored for
10 years or more would most likely be
stored in which type of file?
a. Back up
b. Archive
c. Encrypted
d. Log
2. Which of the following is an example of
the kind of batch total called a hash
total?
a. The sum of the purchase
amount field in a set of
purchase orders
b. The sum of the purchase order
number field in a set of
purchase orders
c. The number of completed
documents in a set of purchase
orders
d. All of the Above
3. Which of the following is a
characteristic of auditing?
a. Auditing is a systematic, step-
by-step process
b. Auditing involves the collection
and review of evidence
c. Auditing involves the use of
established criteria to evaluate
evidence
d. All of the above are
characteristic of the auditing
4. Which of the following is not a reason
an internal auditor should participate in
internal control reviews during the
design of new system?
a. It is more economical to design
controls during the design than
to do so later
b. It eliminates the need for
testing controls during regular
audits
c. It minimizes the need for
expensive modifications after
the system is implemented
d. It permits the design of audit
trails while they are economical
5.
general and application controls, with a
focus on determining if there is
compliance with policies and adequate
safeguarding of assets?
a. Information systems audit
b. Financial Audit
c. Operational Audit
d. Compliance Audit
6. At what step in audit process do the
concepts of reasonable assurance and
materiality enter into the auditor’s
decision process?
a. Planning
b. Evidence Collection
c. Evidence Evaluation
d. They are important in all three
steps
7. Which of the following procedures is
not used to detect unauthorized
program changes
a. Source code comparison
b. Parallel Simulation
c. Reprocessing
d. Reprogramming code
8. The fundamental purpose of internal
control is to
a. Safeguard the resources of the
organization
b. Provide reasonable assurance
that the objective of the
organization are achieved
c. Encourage compliance with
organization objectives
d. Ensure the accuracy, reliability,
and timeliness of information
e. All of the above
f. None of the Above
9. The auditor would most likely be
concerned with internal control policies
and procedures that provide reasonable
assurance about the
a. Efficiency of management’s
decision making process
b. Appropriate prices the entity
should charge for its products
c. Methods of assigning
production tasks to employees
 d. Entity’s ability to process and b. The auditor’s specific audit
summarize financial data objectives
e. All of the Above c. The consideration of inherent
10. Components of internal control risk and control risk through
includes: which the auditor arrives at the
a. Control Environment risk assessment
b. Risk Assessment d. The auditor’s design and
c. Information and performance of tests of control
Communication Systems and substantive procedures
d. Control Activities appropriate to meet the audit
e. All of the Above objective
f. None of the Above 13. Which of the following statement is not
11. The characteristics the distinguish correct?
computer processing from manual a. The overall objective and scope
processing include the following: of an audit do not change in a
I. Computer processing uniformly CIS Environment
subjects like transactions to the b. When computer or CIS are
same instructions introduced, the basic concept
II. Computer System always ensure of evidence accumulation
that complete transaction trails remain the same
useful for audit purposes are c. Most CIS rely extensively on
preserved for indefinite periods (1 the same type of procedures for
characteristics of CIS is the lack of control that are used in manual
visible transaction trail) processing system
III. Compute processing virtually d. The specific methods
eliminates the occurrence of clerical appropriate for implementing
errors normally associated with the basic auditing concepts do
manual processing not change
IV. Control procedures as to 14. Which of the following is not a general
segregation of functions may no control?
longer be necessary in computer D. Processing Controls
environment (may be combined but 15. Which of the following activities would
is necessary) most likely be performed in the CIS
a. All of the above statements Department?
are true B. Conversion of information to machine-
b. Only Statements 2 and 4 readable form
are True 16. For control purposes, which of the
c. Only Statements 1 and 3 following should be organizationally
are True segregated from the computer
d. All of the above statement operations functions?
are False B. System Development
12. The use of CIS will least likely affect the 17. Unauthorized alteration of online
a. The procedures followed by the records can be prevented by employing
auditor in obtaining a sufficient D. Database Access Controls
understanding of the 18. Some CIS control procedures relate to
Accounting and Internal Control all CIS activities (general controls) and
Systems some relate to specific tasks
 (application controls). General Controls
include
C. Controls for documenting and approving
programs and changes to the programs
19. The management of ABC Co. suspects
that someone is tampering with pay
rates by entering changes through the
Company’s remote terminals located in
the factory. The method ABC Co. should
implement to protect the system from
these unauthorized alterations to the
system’s file is
C. Passwords
20. Which of the following controls most
likely would assure that an entity can
reconstruct its financial records?
B. Back up disks or tapes of files is stored
away from originals
21. A Co. updates its accounts receivable
master file weekly and retains the master
files and corresponding update transactions
for the most recent 2- week period. The
purpose of this practice is to
C. Permit reconstruction of the master file if
needed
22. Which of the following is correct?
D. Check digits are designed to detect
transcription errors
23. In updating a computerized accounts
receivable file, which one of the following
would be used a batch controls to verify the
accuracy of the posting of cash receipts
remittances?
D. The sum of the cash deposits plus the
discounts taken by customers
24. Which statement is not correct? The
goal of batch controls is to ensure that
during processing
C. Transactions are not added
25. The employee entered “40” in the hours
worked per day field. Which check would detect
this unintentional error?
C. Limit Check
True or False
FALSE
1. Data and computer program can’t be
access and altered by unauthorized
persons without leaving visible evidence.
TRUE
2. Incorporating appropriate controls to the
system to limit the access of data files and
programs only to authorized personnel is
very important.
TRUE
3. In a CIS environment, functions that are
normally segregated in manual processing
are combined.
FALSE
4. All transactions are initiated by the CIS
itself without the need for an input
document.
TRUE
5. The information on the computed can be
easily changed, leaving no trace of the
original content.
FALSE
6. The elements of internal control are the
same; the computer just changes the
methods by which these elements are
implemented.
TRUE
7. General controls are those control
policies and procedures that relate to the
overall computer information system.
These controls include input controls,
processing controls and output controls.
FALSE
8. Application controls refer to the
transactions and data relating to each
computer- based application system,
therefore, they are specific to each
application.
TRUE
9. Input controls are used mainly to check
the integrity of data entered into a
business application, whether the data is
entered directly by staff, remotely by a
business partner or through a Web-
enabled application or interface. Data
input is checked to ensure that is remain
within specified parameters.
TRUE