CA FINAL ADVANCED AUDITING AND PROFESSIONAL ETHICS - CHAPTER 4: SPE

SR NO. QUESTION
An __________ is an ecosystem that combines people, processes and technology within an
1
overall business environment.
2 __________used by micro and small business.
3 _______ used in small to medium business
4 ______ used in medium to large companies
5 Tally is an example for
6 SAP Business One is an example for _______
7 Oracle Enterprise Business Suite is an example for __________
8 What are the various layers of an automated environment

A ____________ is a type of automated environment in which business operations and

9
transactions are initiated, processed and recorded immediately as they happen without delay.

10 What are the componenets of Real Time Environment

11 Understanding of the automated environment of a company is required as per __

The auditor is required to document the understanding of a company’s automated

12
environment as per
In a controls-based audit in an automated environment, the audit approach can be classified
13
into _________ broad phases.

During which stage the auditor should consider risk arising from the use of IT systems at the
14
company

During which phase the results of general IT controls would impact the nature, timing and
15
extent of testing
16 ______ is the possibility that something could go wrong.

_____________is a combination of process, people, tools and techniques through which

17
companies identify, assess, respond, mitigate and monitor risks.

_____________ is a formal program or framework that is implemented across an enterprise

18
or company for enabling risk management.
Enterprise Risk Management program of a company is implemented by the __________
19
across all levels
20 The risk assessment process involves
The auditing standards _______ require an auditor to understand, assess and respond to the
21
risks within a company.

Has management established an IT Security Policy (Control Environment), communicated

22 the policy to all employees and provided relevant training (Information & Communication)?
This relates to

Are unauthorised changes to IT systems applications prevented and detected in a timely

23
manner? This is an example relating to
 Are direct data changes to database prevented, are strong passwords used
24
in the operating system? This is an example relating to

The controls to mitigate the IT risks and to maintain the confidentiality,

25
integrity, availability and security of data are
___________ are policies and procedures that relate to many applications and support the
26
effective functioning of application controls.
27 General IT Controls apply to
28 __________maintain the integrity of information and security of data.
29 General IT controls are known as
30 Application controls include

Application controls include both automated or manual controls that operate at

31
a ____________.

32 IT dependent controls are

The controls that operate across a company at all levels from board and top management to
33
the department and transaction level are known as _________

Entity Level controls are known as __________ since they operate across all organisation
34
levels.
ELCs are part of a company’s overall internal control framework and relate to the internal
35
control components other than ________

36 Entity level controls are _______ by nature.

Statement 1: Direct ELCs operate at a level higher than business activity or transaction level
such as a business process or sub-process level
37
Statement 2: Direct ELCs operate at a level higher than business process or sub-process level
such as a business activity or transaction level
Monitoring of effectiveness of controls activities by Internal Audit function is an example for
38
________
39 Employee job roles & responsibilities is an example for
___________- require the auditor to understand the business process that makes up an
40
account balance or financial statement line item (FSLI).

41 Domestic Sales account balance in the financial statements is an example of an __________.

Generating and preparing meaningful information from raw system data using processes,
42
tools, and techniques is known as _________

43 The data analytics methods used in an audit are known as ___________

44 Which of the following is a General IT control?
45 Which of the following is an automated control?
46 Who is mainly responsible for implementation of internal financial controls in a company?
 The GuidanceNote onAudit ofInternalFinancialControlsoverFinancialReporting has been
47
issued by
48 The standard that requires auditors to analyse journal entries in an audit is?

KPL Private Limited is a large software company based out of Hyderabad. The annual
turnover of the company is INR 2,100 crores.During the financial year ended 31 March 2023,
the auditors during the course of their audit obtained various audit evidences some of which
were in hard copy but mostly in soft copy. On conclusion of the audit, the auditors are in a
49
dilemma whether to maintain their documentation entirely in hard copy or soft copy or can it
be mixed of both. After consultations with various persons, the auditors stood that the
documentation for this company, being operated in fully automated environment should be in
soft copy only. Please advise whether this understanding is correct.

50 Risks includes
AL ETHICS - CHAPTER 4: SPECIAL ASPECTS OF AUDITING IN AN AUTOMATED ENVIRONMENT
Option - A Option - B Option - C
Internal control framework real time environment automated environment
Packaged software Small ERPs ERP applications
Packaged software Small ERPs ERP applications
Packaged software Small ERPs ERP applications
Packaged software Small ERPs ERP applications
Packaged software Small ERPs ERP applications
Packaged software Small ERPs ERP applications
Networks Operating systems Databases

real basis environment real-time environment Both A and B

Applications Networks Middleware

SA 200 SA 330 SA 210

SA 230 SA 330 SA 210

four seven five

Obtaining an understanding of Assessing the entity level

Risk assessment
the business controls

Planning phase Testing phase Execution phase

Misstatement Risk Error

Risk Management Risk Assessment Risk Mitigation

Enterprise Risk Management Enterprise Risk Assessment Enterprise Risk Mitigation

board of directors top management employees

Risk identification risk appetite assess risks
SA 315 SA 330 Both A and B

Entity level aspects of risks

Risks in the IT processes and that are related to the IT risks at each layer of the
procedures governance, organisation and automated environment
management of IT

Entity level aspects of risks

Risks in the IT processes and that are related to the IT risks at each layer of the
procedures governance, organisation and automated environment
management of IT
 Entity level aspects of risks
Risks in the IT processes and that are related to the IT risks at each layer of the
procedures governance, organisation and automated environment
management of IT

General IT Controls Application Controls IT-Dependent Controls

General IT Controls Application Controls IT-Dependent Controls

mainframe miniframe end-user environment.
General IT Controls Application Controls IT-Dependent Controls
pervasive controls indirect controls Both A and B
both automated or manual
automated manual controls
controls

Transaction level business process level Sub process level

both automated or manual

automated manual controls
controls

business process level controls Entity level controls Sub process level controls

Active controls Monitoring of controls pervasive controls

control activities Monitoring of controls Control environment

Partly subjective and partly

Objective Judgemental
objective

Statement 1 is correct Statement 2 is correct Both are correct

Indirect ELCs Direct ELCs Both A and B

Indirect ELCs Direct ELCs Both A and B
SA 200 SA 330 SA 210

Account balance financial statement line item Sub process

CAATS GAS Data Analytics

Computer Assisted Auditing

Generalized Audit Software Common Software Tool
Techniques
IT Environment Application Control Access Security
Program change System generated report Application control
Auditors Directors Employees
ICAI SEBI MCA
SA 260 SA 230 SA 315

This is a matter of Since the client is operating in

As per the requirements of
documentation of audit a fully automated environment,
auditing standards, this
evidence for a client working it would be important to check
documentation can be in a mix
in fully automated environment with them
of both soft and hard
and hence it should be in soft because all this documentation
copy.
copy only has come from the client only.

Market Risks Credit Risk Operational Risks

NVIRONMENT
Option - D Right - Option
Right - Ans
All the above C automated environment
All the above A Packaged software
All the above B Small ERPs
All the above C ERP applications
All the above A Packaged software
All the above B Small ERPs
All the above C ERP applications
All the above D All the above

None of the above B real-time environment

All the above D All the above

SA 315 D SA 315

SA 315 A SA 230

three D three

testing phase A Risk assessment

Design phase B Testing phase

Fraud B Risk

Risk control A Risk Management

Enterprise Risk control A Enterprise Risk Management

All the above D All the above

All the above D All the above
None of the above C Both A and B

Entity level aspects of risks

that are related to the
All the above B
governance, organisation and
management of IT

Risks in the IT processes and

All the above A
procedures
 IT risks at each layer of the
All the above C
automated environment

All the above D All the above

All the above A General IT Controls

All the above D All the above
All the above A General IT Controls
None of the above C Both A and B
both automated or manual
None of the above C
controls

Account balance B business process level

None of the above B manual controls

Account balance level controls B Entity level controls

All the above C pervasive controls

Risk Assessment A control activities

subjective D subjective

None of the above A Statement 1 is correct

None of the above B Direct ELCs

None of the above A Indirect ELCs
SA 315 D SA 315

All the above B financial statement line item

CST C Data Analytics

Computer Assisted Auditing

Data Mining C
Techniques
IT Dependent Control C Access Security
Configurations D Configurations
Regulators B Directors
RBI A ICAI
SA 240 D SA 240

As per the requirements of

auditing standards,
As per the requirements of
documentation is not required
auditing standards, this
in case of a client working in
B documentation can be in a mix
automated environment
of both soft and hard
because everything is
copy.
automated and can be accessed
easily at any point of time.

All the above D All the above