FIRST GLOBAL REVIEW CENTER, INC.

3 Floor, San Agustin Mall Builders, San Agustin, San Fernando, Pampanga
rd

AUDITING THEORY Integrated Review

Module 4 M.C. Cerda, CPA, MBA,RCA
COMPUTERIZED ACCTG. INFO. SYSTEM M2018

1. The use of computerized information system will least likely affect the:
A. Auditor’s design and performance of tests of controls and substantive procedures
appropriate to meet their audit objectives.
B. Auditor’s specific audit objectives.
C. Consideration of inherent risks and control risks through which the auditor arrives at the
risk assessments.
D. Procedures followed by the auditor in obtaining a sufficient understanding of the
accounting and internal control systems.

2. A control which relates to all parts of the CIS is called a/an:

A. Applications control.
B. General control.
C. Systems control.
D. User control.

3. Controls which relate to a specific use of the system are called:

A. Applications control.
B. General control.
C. Systems control.
D. User control.

4. Which of the following is not a general control?

A. Hardware controls.
B. Procedures for documenting, reviewing, and approving systems and programs.
C. Processing controls.
D. The plan of organization and operation of a CIS activity.

5. For control purposes, which of the following should be organizationally segregated from the
computer operations functions?
A. Data conversion.
B. Minor maintenance according to a schedule.
C. Processing of data.
D. Systems development.

6. Internal control is ineffective when computer department personnel:

A. Design documentation for computerized systems.
B. Originate changes in master files.
C. Participate in computer software acquisition decision.
D. Provide physical security for program files.

7. The possibility of losing a large amount of information stored in computer files most likely
would be reduced by the use of:
A. Back-up files.
B. Check digits.
C. Completeness tests.
D. Conversion verification.

8. When CIS programs or files can e accessed from terminals, users should be required to enter
a/an:
A. Echo check.
B. Parity check.
C. Personal identification code.
D. Self-diagnosis test.
9. The completeness of computer-generated sales figures can be tested by comparing the
number of items on the daily sales report which the number of items billed on the actual
invoices. This process uses:
A. Check digits.
B. Control totals.
C. Process tracing data.
D. Validity tests.

10. A clerk inadvertently entered an account number 13456 rather than account number 14356. In
processing the transaction, the error would be detected by which of the following controls/
A. An internal consistency check.
B. Batch totals.
C. Key verification.
D. Self-checking digit.

11. Totals of amounts in computer record data fields, which are not usually added but are used
only for data processing control purposes are called:
A. Hash totals.
B. Field totals.
C. Processing data totals.
D. Records totals.

12. This involves the application of auditing procedures using the computer as an audit tool. This
also includes computer programs and data the auditor uses as part of the audit procedures to
process data of audit significance contained in an entity’s information systems:
A. Auditing around the computer.
B. Computer assisted audit technique.
C. Generalized audit software.
D. Test data approach.

13. Creating simulated transactions that are processed through a system to generate results that
are compared with predetermined results, is an auditing procedure referred to as:
A. Completed outstanding jobs.
B. Parallel simulation.
C. Program checking.
D. Use of test data.

14. Which of the following statements is not true to the test data approach when testing a
computerized accounting system?
A. Only one transactions of each type need be tested.
B. Test data are processed by the client’s computerized programs under the auditor’s control.
C. The test data must consist of all possible valid and invalid conditions.
D. The test needs to consist of only those valid and invalid conditions which interest the
auditor.

15. Which of the following methods of testing application controls utilizes a generalized audit
software package prepared by the auditor?
A. Exception report tests.
B. Integrated testing facility approach.
C. Parallel simulation.
D. Test data approach.

16. The characteristics that distinguishes computer processing from manual processing include
the following:
I. Computer processing uniformly subjects the transactions to the same transactions.
II. Computer systems always ensure that complete transaction trails useful for audit
procedures are preserved for indefinite periods.
III. Computer processing virtually eliminates the occurrence of clerical errors normally
associated with manual processing.
IV. Control procedures as to segregation of duties may no longer be necessary in computer
environment.

A. All the above information are true.

B. Only statements II & IV are true.
C. Only statements I and II are true.
D. All of the above statements are false.
17. Which of the following statements is not correct?
A. The overall objective and scope of audit do not change in a CIS environment.
B. When computers or CIS are introduced, the basic concept of evidence accumulation
remains the same.
C. Most CIS rely extensively on the same type of procedure s for control that used in manual
processing system.
D. The specific methods appropriate for implementing the basic auditing concepts do not
change, as systems become more complex.

18. Which of the following is unique to CIS?

A. Error listing
B. Flowcharting.
C. Questionnaires.
D. Pre-numbered documents.

19. When computer processing is used in significant accounting applications, internal control
procedures may be defined by classifying control procedures into two types – general and
A. Administrative.
B. Applications control.
C. Authorization.
D. Specific.

20. Some CIS control procedures relate to all CIS activities ( general controls ) and some relate to
specific tasks ( application controls ). General controls include controls:
A. Designated to ascertain that all data submitted to CIS for processing have been properly
authorized.
B. Designed to assure the accuracy of the processing results.
C. For documenting and approving programs and changes to programs.
D. That relate to the correction and re-submission of data that were initially incorrect.

21. An auditor anticipates assessing control risks at a low level in a CIS environment. Under tehse
circumstances, on which of the following procedures would the auditor initially focus?
A. Application control procedures.
B. General control procedures.
C. Programmed control procedures.
D. Output control procedures.

22. Which of the following activities is not a general control?

A, Conversion of information to machine-readable forms.
B. Correction of transaction errors.
C. Initiation of changes to existing applications.
D. Initiation of changes to master records.

23. When computers are used, the effectiveness of internal control depends, in part, upon whether
the organizational structure includes any incompatible combinations. Such a combination
would exist when there is no separation of duties between:
A. Documentation librarian and manager of programming.
B. Programming and computer operator.
C. Systems analyst and programmer.
D. Processing control clerk and keypunch supervisor.

24. Which of the following is a general control that would most likely assit an entity whose system
analyst left the entity in the middle pf a major project?
A. Check digit verification.
B. Data encryption.
C. Grandfather-father-son record retention.
D. Systems documentation.

25. Access control in an on-line CIS can best be provided in most circumstances by:
A. Batch processing of all input through a centralized-well guarded facility.
B. An adequate librarianship function controlling access to files.
C. A label affixed to the outside of a file mediums holder that identifies the contents.
D. User and terminal identification controls, such as passwords.
26. Adequate control over access to data processing is required to:
A. Deter improper use or manipulation of data files and programs.
B. Ensure that hardware controls are operating effectively and as designed by the computer
manufacturer.
C. Ensure that only console operators have access to program documentation.
D. Minimize the need for backup data files.

27. The management of a company suspects that someone is tampering with pay rates by
entering changes through the company’s remote terminals located in the factory. The method
the company should implement to protect the systems from these unauthorized alterations to
the system’s data files is:
A. Batch totals.
B. Checkpoint recovery.
C. Passwords.
D. Record count.

28. Which of the following controls most likely would assure that the entity can reconstruct its
financial records?
A. Backup diskettes or tapes of files are stored away from originals.
B. Hardware controls are built into the computer by the computer manufacturer.
C. Personnel who are independent of data input perform parallel simulations.
D. Systems flowcharts provide accurate description of input and output operations.

29. Unauthorized alteration of on-line records can be presented by employing:

A. Computer matching.
B. Computer sequence checks.
C. Data base access controls.
D. Key verification.

30. A company updates its accounts receivable master file weekly and retains the master files and
corresponding update transactions for the most recent 2-week period. The purpose of this
practice is to:
A. Match internal labels to avoid writing on the wrong volume.
B. Permit reconstruction of the master file if needed.
C. Validate groups of update transactions for each receivables.
D. Verify run-to-run control totals for receivables.

31. Which of the following is not a processing control?

A. Check digit.
B. Control risk.
C. Control totals.
D. Reasonable test.

32. Which of the following is not an example of an application controls?

A. After processing, all transactions are reviewed by the sales department.
B. An equipment failure causes an error message on the monitor.
C. There are reasonableness tests for the unit selling price of a sale.
D. There is a re-processing authorization of the sales transactions.

33. Which of the following is an example of a check digit?

A. A limit check that an employee’s hours do not exceed 50 hours per work-week.
B. A logic testr that ensures all employee numbers are 9 digits.
C. An agreement of the total number of employees to the total number of checks printed by
the computer.
D. An algebraically determined number produced by the other digits of the employee number.

34. Which of the following is correct?

A. Check digits are always placed at the end pf a data code.
B. Check digits are designed to detect transcription errors.
C. Check digits do not affect processing efficiency.
D. Check digits should be used for all data codes.
.
35. If a control total; were to be computed on each of the following data items, which would be
identified as a hash total for a payroll CIS application?
A. Department numbers.
B. Hours worked.
C. Net pay.
D. Total debits and total credits.
36. In updating a computerized accounts receivable file, which one of the following would be used
as a batch control to verify the accuracy of the posting of cash receipts remittances?
A. The sum of the cash deposits.
B. The sum of the cash deposits less the discounts taken by customers.
C. The sum of the cash deposits plus the discount taken by the customers.
D. The sum of the cash deposits plus the discounts less the sales returns.

37. Which statement is not correct? The goal od batch controls is to ensure that during
processing
A. An audit trail is created.
B. Transactions are not added.
C. Transactions are not omitted.
D. Transactions are processed more than once.

38. An example of a has total is:

A. Sum of SSS numbers – 13,450,265,123
B. Total number of employees – 20
C. Total payroll checks – P25,000
D. None of the given.

39. The employee entered “30” in the “ hours worked per day “ filed. Which would detect this
unintentional error?
A. Numeric/alphabetic check.
B. Limit check.
C. Missing data check..
D. Sign check.

40. An authorized employee took computer printouts from output bins accessible to all employees.
A control which would have prevented this occurrence is:
A. An output review control.
B. A report distribution control.
C. A spooler file control.
D. A storage/retention control.

41. When auditing “ around “ the computer, the independent auditor focuses solely upon the
source documents and
A. CIS output.
B. CIS processing.
C. Compliance techniques.
D. Test data.

42. Which of the following CIS generally can be audited without examining or directly testing the
computer programs of the system?
A. A system that affects a number of essential master files and produces no printed output.
B. A system that performs relatively uncomplicated processes and produces detail outputs.
C. A system that updates a few essential master files and produces no printed output other
than the final balances.
D. A system that uses an on-line real-time processing feature.

43. A disadvantage of auditing around the computer is that it

A. Demands intensive use of machine resources.
B. Interacts actively with auditee applications.
C. Permits no direct assessment of actual processing.
D. Requires highly skilled auditors.

44. Auditing by testing the input and output of an IT system instead of the computer program itself
will
A. Detect all program errors, regardless of the nature of the output.
B. Not detect program errors which do not show up in the output sampled.
C. Not provide the auditor with confidence in the results of the auditing procedures.
D. Provide the auditor with the same type of evidence.

45. Which of the following is not a common type of white box approach?
A. Auditing around the computer.
B. Integrated test facility.
C. Parallel simulation.
D. Test data.
46. An integrated test facility would be appropriate when the auditor needs to
A. Monitor transactions in an application system continuously.
B. Trace a complex logic path through an application system.
C. Verify load module integrity for production programs.
D. Verify processing accuracy concurrently with processing.

47. The auditor’s objective to determine whether the client’s computer programs can correctly
handle valid and invalid transactions as they arise is accomplished through
A. Generally accepted auditing standards.
B. Generalized audit software approach.
C. Microcomputer-aided auditing approach.
D. Test data approach.

48. When an auditor tests a CIS, which of the following is true of the test data approach?
A. Several transactions of each type must be tested.
B. Test data are processed by the client’s computer programs under the auditor’s control.
C. Test data must consist of all possible valid and invalid conditions.
D. The program tested is different from the program used during the year by the client.

49. Which of the CAATs allows fictitious and real transactions to be processed together without
client operating personnel being aware of the testing process?
A. Generalized audit software programming.
B. Integrated test facility.
C. Parallel simulation.
D. Test data approach.

50. The audit approach in which the auditor runs his/her own program on a controlled basis in
order to verify the client’s data recorded in a machine language is:
A. Called auditing around the computer.
B. Generalized audit software approach.
C. Microcomputer aided auditing approach.
D. Test data approach.