Censiderng tomatin Tehnoogy (OPA REVIEW sounansuvracuiaricarsente Environment in Audit May 2023 DISCUSSION QUESTIONS 1, Which ofthe folowing statements is correct concerning the security of messages in’ an electronic data Interchange (EDI) system? 2. When the confidentiality of data isthe primary risk, message authentication is the preferred contol, rather than encryption Message authentication in EDI systems performs the same function as segregation of duties in other information systems. ‘Security atthe transaction phase in EDI systems is not necessary because problems at that level will usually be identified by the service provider. 2. Which of the following could be dificult to determine because electronic evidence may not be retrievable after a specific period? ‘a. The acceptance level of detection risk © Whether to adopt substantive or reliance test strategies. dd. The assessed level of inherent risk 3. An aucitor would most likely be concerned with which ofthe following controls ina distributed data processing system? 2. Hardware controls Systems documentation controls. d,_ Disaster recovery controls. 4. Which of the following statements most likely represents a disadvantage for an entity that keeps ‘microcomputer-prepared data files rather than ‘manually prepared files? 2. Random error associated with processing similar transactions in diferent ways is Usually greater. 1b. It is usually more difficult to compare recorded ‘accountability with physical count of assets. Attention 's focused on the accuracy of the programming process, rather than an errors in inavigua transactions. 5. In auditing through a computer, the test data method Is used by aucttors to test the 3. Accuracy of input dat. '._ Validity of the output. 4d. Normalcy of distribution of test data 6. In auciting an entity's computerized payroll transactions, an auditor would be least likely to use test data to test controls concerning 2. Overpayment of employees for hours not worked. 7. 10, a. Withholding of Social contributions, d. Missing employee identification numbers, taxes and Security Which of the following Is usually a benefit. of transmitting transactions in an ‘electronic data Interchange (EDI) environment? A reduced need to test computer controls related to Sales and collections transactions. ‘An increased opportunity to apply statistical ‘sampling techniques to account balances. No need to rely on third-party service providers to censure security. Which of the following is @ computer-assisted auelt technique thet permits an auditor to use the auditor's version of a client's program to process data and Compare the output with the client's output? b. Frame relay protocol Remote nade router. dd. Parallel simulation. Which of the following is not among the errors that an ‘auditor might include in the test data when auditing 2 Client's computer system? {a Numeric characters in alphanumeric fields. Authorization code. €_Differences in description of units of measure. ‘An auditor anticipates assessing control risk at a low level ina computerized environment. Under these rcumstances, on which ofthe following controls would the auditor initially focus? 2. Programmed controls Output contross. d. General controls ‘Smith Corporation has numerous customers. A caustomer file i kept on disk storage. Each customer fle contains name, address, credit limit, and. account balance. The auditor wishes to test this file to determine Whether credit limits are being exceeded. The bast procedure for the ausitar to follow would be to 3. Develop test data that would cause some account balances to exceed the credit imit and determine f the system properiy detects such situations. Request a printout of all account balances so they can be manually checked against the credit limits. , Request a printout of a sample of account balances so they can be indvidually checked against the credit limits. Page 1 of 4 www.teamprtc.com.ph cisEXCEL PROFESSIONAL SERVICES, INC. 12, An entty has the folowing invoices ina batch: Trvaice # | Product_[ Quartity_| Ua prce 201 FI0 150 F250 202 Gis 200 500 203 FI 250 750 Tae 300 [2,500 Which of the following numbers represents the record count? al ge c 8 6 6 13. In parallel simulation, actual client data are reprocessed Using an autitor software program. An advantage of Using parallel srmulation, instead of performing tests of controls without a computer, is that a. The test includes all types of transaction errors and exceptions that may be encountered. ‘The cllent’s computer personnel do not know when the cata are being tested There Is no risk of creating potentially material errors in the clients data, 14, An auditor using audit software probably would be least Interested in which of the following fields in a computerized perpetual inventory file? b. Warehouse location. © Date of last purchase. 4. Quantity sol 15.As part of a fraud audit, @ CPA wishes to identity templayees with invalid Social Securty numbers in the client's payrol-transaction data. Which of the following Buait tests oF controls using computer-assisted aut techniques would best meet the objective? a. Obtaining statistics on the population of the payroll file to identify unusual pay emounts to employees, authorized Socal Security numbers Randomly selecting 25 payments from the payroll report and comparing the results to employee Social Security cards in the human resources records, 6. Comparing the payroll transaction fle to. the employee master file to extract payments to employees who are not in the employee master fle 16. To obtain evidence that user identification and password contrals are functioning as designed, an auditor would most likely a, Review the online transaction lag to ascertain whether employees using passwords have access to data files and computer programs. incompatible with their other responsibiites Extract a random sample of processed transactions anc ensure that transactions are appropriately authorized 4. Observe the file librarian’s activities to discover whether other systems personnel are permitted to operate computer equipment without restriction, 17, A computer-assisted audit technique that is most Ikely| to be effective in a continuous aueiting environment is 2, Parallel simulation. Controlled reprocessing, 4, Transaction tripping, 18, Which of the following computer-assisted auctting techniques allows Feitious and real transactions to be processed togetner without client operating personnel being aware of the testing process? ity, Input controls matrix. Parallel simulation 4. Data entry monitor 19, Which of the following strategies would @ CPA most likely consider in auditing en entty that processes most of its financial data only in electronic form, such as a paperless system? b._Increasee reliance on internal control activites that emphasize the segregation of duties. © Verification of encrypted digital certificates used to monitor the authorization of transaction, 4. Extensive testing of firewall boundaries that restrict the recording of outside network trac 20. Which of the following is an advantage of generalized computer audlt packages? 3, They are all writen in one identical computer language. They have reduced the need forthe auditor to study input cantrels for computer-related procedures. 4, Their use can be substituted for a relatively large. part ofthe required tests of controls. 21. Ta obtain evidence that online access controls are properly functioning, an auditor most likely would a, Create checkpoints at periodic intervals after ive data processing to test for unauthorized use of the system. b. Examine the transaction log to discover whether any transactions were lost or entered twice due to a system malfunction Enter inva identification numbers or passwords 0 scr mater the system Flees tere 4. Vouch a random sample of processed transactions to assure proper authorization 22, In bullding an electronic data interchange (EDI) system, what process Is used to determine waich elements in the entity's computer system correspond to the standard data elements? b. Translation, © Encryption 4. Decoding, 23, Auditors often make use of computer programs that perform routine processing functions such as sorting and merging. These programs are made available by Page 2 of 4 www,teamprtc,.com,ph cisEXCEL PROFESSIONAL SERVICES, INC. electronic data processing companies and others and are specitcaly referred to as a. Compiler programs. ._ Supervisory programs. 4. User programs. 24, Which of the following methods of testing application controls utilzes @ generalized audit software package prepared by the auditors? b. Integrated testing faciity approach © Test data approach 4. Exception report tests 25.A primary advantage of using generalized aucit packages in the audit of an advanced computer system Is that enables the auctor to a, Substentlate the accuracy of data through self- Checking digits and hash totals ©. Venfy the performance of machine operations which leave visible evidence of accurrence, 4. Gather and store large quantities of supportive aucit evidence In machine reacable form, 26. An auditor would least likely use computer software to a. Construct parallel simulations b. Access client data files. ©. Prepare spreadsheets. 27. Which ofthe following is not 2 problem associated with the use of test data for computer-audit purposes? It's difficu to design test data that incorporate all Potential variations in transactions. ‘Test data may be commingled with live data causing operating problems for the client. ‘The program with which the test data are processed ‘may differ from the one used in actual operation. 28. In a highly automated information processing system tests of contral 2, Must be performed in all circumstances, ©. Are never required. 4. Are required in first year audits, 29. When an aucitor tests the internal controls of a computerized accounting system, which ofthe folowing Is true of the test data approach? a. Test data are coced to a dummy subsidiary so they can be extracted from the system under actual ‘operating conditions. Test date programs need not be talor-made by the aueiter fer each client's computer applications. ‘Test data programs usually consist of all possible valid and invalid concitions regarding compliance with internal controls 30. Which ofthe following statements isnot true of the test data approach to testing an accounting system? a, Test date are processed by the client's computer programs under the aucltor's control 31 35, 37, b, The test data need consist of only those valid and Invalid conditions that interest the auditor, © Only one transaction of each type need be tested. | Which of the following is an essential element of the ‘audit trail In an electronic cata interchange (ED!) system? 2. Disaster recovery plans that ensure proper backup of files. Encrypted hash totals that authenticate messages, 4. Hardware security modules that store sensitive ata, hich of the following Is an acvantage of sing 2 value- fdded networ for EDI transactions? 2. Mating corroborative muir B._Observing the separation of duties of personnel and comparing them to related output. ° 4. Reviewing the run manual ‘Auditing by testing the input and output of a computer system instead of the computer program itself will Detect all program errors, regardless of the nature of the output. Provide the auditor with the same type of evidence. Not provide the auditor with confidence in the results of the auciting procedures. Carmel Department Store has_an ERP information system and is planning to issue crecit cards to creditworthy customers. To strengthen internal contral by making it dificult for one to create a val¢ customer ‘account number, the company’s independent auditor has suggested the inclusion of a check digit Which should be placed a. At the beginning of a valid account number only, . In the middle of a valid account number only. At the end of a valid account number only ‘An aucitor most likely would introduce test data into ‘computerized payroll system to test controls related to the a, Existence of unclaimed payroll checks held by ‘supervisors. b._ Early cashing of payroll checks by employees. Tepper efprva af ovens by upervaoes The individual with whom an auditor would be most likely to discuss specific access controls within a client's relational database management system isthe b. Contraler © Systems analyst 4. Systems librarian, When companies use Information technology (IT) extensively, evidence may be available only in electronic form. What is an auditor's best course of ‘action in such situations? 2, Assess the contro risk as high, Page 3 of 4 www,teamprtc,.com,ph cisEXCEL PROFESSIONAL SERVICES, INC. b. Use audit software to perform analytical procedures 4. Perform limited tests of controls over electronic cata 38. Which ofthe following client information techaology (TT) systems generally can be audited without examining or Girectly testing the IT computer programs of the system? A system that affects 2 number of essential master ‘les and produces a limited output. AA system that updates 2 few essential master fles ‘ane produces no printed output other than final balances, A system that performs relatively complicated processing and produces very little detailed output. 39, An auditor most likely would test for the presence of unauthorized computer program changes by running a. Program with test data b._ Check digit verification program. 4. Program that computes control totals. 40, When conducting fleldwork for a physical inventory, an auditor cannot perform which of the following steps Using @ generalized audit software package? b. Selecting sample Items of inventory. Analyzing data resulting trom inventory. 4. Recaleulating balances in inventary reports. End of CIS, Page 4 of 4 www,teamprtc.com.ph cis