Professional Documents
Culture Documents
CPAR
1. Which statement is incorrect when auditing in a CIS environment?
a. A CIS environment exists when a computer of any type or size is involved in the processing
by the entity of financial information of significance to the audit, whether that computer is
operated by the entity or by a third party.
b. The auditor should consider how a CIS environment affects the audit.
c. The use of a computer changes the processing, storage and communication of financial
information and may affect the accounting and internal control systems employed by the
entity.
d. A CIS environment changes the overall objective and scope of an audit.
2. Which of the following standards or group of standards is mostly affected by a computerized
information system environment?
a. General standards c. Reporting standards
b. Second standard of field work d. Standards of fieldwork
3. Which of the following is least considered if the auditor has to determine whether specialized
CIS skills are needed in an audit?
a. The auditor needs to obtain a sufficient understanding of the accounting and internal control
system affected by the CIS environment.
b. The auditor needs to determine the effect of the CIS environment on the assessment of
overall risk and of risk at the account balance and class of transactions level.
c. Design and perform appropriate tests of controls and substantive procedures.
d. The need of the auditor to make analytical procedures during the completion stage of audit.
4. It relates to materiality of the financial statement assertions affected by the computer
processing.
a. Threshold b. Relevance c. Complexity d. Significance
5. Which of the following least likely indicates a complexity of computer processing?
a. Transactions are exchanged electronically with other organizations without manual review
of their propriety.
b. The volume of the transactions is such that users would find it difficult to identify and correct
errors in processing.
c. The computer automatically generates material transactions or entries directly to another
applications.
d. The system generates a daily exception report.
6. The nature of the risks and the internal characteristics in CIS environment that the auditors are
mostly concerned include the following except:
a. Lack of segregation of functions. c. Lack of transaction trails.
b. Dependence of other control over computer processing. d. Cost-benefit ratio.
7. Which of the following is least likely a risk characteristic associated with CIS environment?
a. Errors embedded in an application’s program logic maybe difficult to manually detect on a
timely basis.
b. Many control procedures that would ordinarily be performed by separate individuals in
manual system maybe concentrated in CIS.
c. The potential unauthorized access to data or to alter them without visible evidence maybe
greater.
d. Initiation of changes in the master file is exclusively handled by respective users.
8. Which of the following significance and complexity of the CIS activities should an auditor least
understand?
a. The organizational structure of the client’s CIS activities.
b. Lack of transaction trails.
c. The significance and complexity of computer processing in each significant accounting
application.
d. The use of software packages instead of customized software.
PAPS 1001 – CIS Environments – Stand-Alone Personal Computers
9. Which statement is correct regarding personal computer systems?
a. Personal computers or PCs are economical yet powerful self-contained general purpose
computers consisting typically of a central processing unit (CPU), memory, monitor, disk
drives, printer cables and modems.
b. Programs and data are stored only on non-removable storage media.
c. Personal computers cannot be used to process accounting transactions and produce
reports that are essential to the preparation of financial statements.
d. Generally, CIS environments in which personal computers are used are the same with
other CIS environments.
10. A personal computer can be used in various configurations, including
a. A stand-alone workstation operated by a single user or a number of users at different times.
b. A workstation which is part of a local area network of personal computers.
c. A workstation connected to a server.
d. All of the above.
11. Which statement is incorrect regarding personal computer configurations?
a. The stand-alone workstation can be operated by a single user or a number of users at
different times accessing the same or different programs.
b. A stand-alone workstation may be referred to as a distributed system.
c. A local area network is an arrangement where two or more personal computers are linked
together through the use of special software and communication lines.
d. Personal computers can be linked to servers and used as part of such systems, for
example, as an intelligent on-line workstation or as part of a distributed accounting system.
12. Which of the following is the least likely characteristic of personal computers?
a. They are small enough to be transportable.
b. They are relatively expensive.
c. They can be placed in operation quickly.
d. The operating system software is less comprehensive than that found in larger computer
environments.
13. Which of the following is an inherent characteristic of software package?
a. They are typically used without modifications of the programs.
b. The programs are tailored-made according to the specific needs of the user.
c. They are developed by software manufacturer according to a particular user’s
specifications.
d. It takes a longer time of implementation.
14. Which of the following is not normally a removable storage media?
a. Compact disk c. Tapes
b. Diskettes d. Hard disk
15. It is a computer program (a block of executable code) that attaches itself to a legitimate
program or data file and uses its as a transport mechanism to reproduce itself without the
knowledge of the user.
a. Virus c. System management program
b. Utility program d. Encryption
16. Which statement is incorrect regarding internal control in personal computer environment?
a. Generally, the CIS environment in which personal computers are used is less structured
than a centrally-controlled CIS environment.
b. Controls over the system development process and operations may not be viewed by the
developer, the user or management as being as important or cost-effective.
c. In almost all commercially available operating systems, the built-in security provided has
gradually increased over the years.
d. In a typical personal computer environment, the distinction between general CIS controls
and CIS application controls is easily ascertained.
17. Personal computers are susceptible to theft, physical damage, unauthorized access or misuse
of equipment. Which of the following is least likely a physical security to restrict access to
personal computers when not in use?
a. Using door locks or other security protection during non-business hours.
b. Fastening the personal computer to a table using security cables.
c. Locking the personal computer in a protective cabinet or shell.
d. Using anti-virus software programs.
18. Which of the following is not likely a control over removable storage media to prevent
misplacement, alteration without authorization or destruction?
a. Using cryptography, which is the process of transforming programs and information into an
unintelligible form.
b. Placing responsibility for such media under personnel whose responsibilities include duties
of software custodians or librarians.
c. Using a program and data file check-in and check-out system and locking the designated
storage locations.
d. Keeping current copies of diskettes, compact disks or back-up tapes and hard disks in a
fireproof container, either on-site, off-site or both.
19. Which of the following least likely protects critical and sensitive information from unauthorized
access in a personal computer environment?
a. Using secret file names and hiding the files.
b. Keeping of back up copies offsite.
c. Employing passwords.
d. Segregating data into files organized under separate file directories.
20. It refers to plans made by the entity to obtain access to comparable hardware, software and
data in the event of their failure, loss or destruction.
a. Back-up b. Encryption c. Anti-virus d. Wide Area Network (WAN)
21. The effect of personal computers on the accounting system and the associated risks will least
likely depend on
a. The extent to which the personal computer is being used to process accounting
applications.
b. The type and significance of financial transactions being processed.
c. The nature of files and programs utilized in the applications.
d. The cost of personal computers.
22. The auditor may often assume that control risk is high in personal computer systems since , it
may not be practicable or cost-effective for management to implement sufficient controls to
reduce the risks of undetected errors to a minimum level. This least likely entail
a. More physical examination and confirmation of assets.
b. More analytical procedures than tests of details.
c. Larger sample sizes.
d. Greater use of computer-assisted audit techniques, where appropriate.
PAPS 1008 – Risk Assessments and Internal Control – CIS Characteristics and Considerations
52. Which statement is incorrect regarding the characteristics of a CIS organizational structure?
a. Certain data processing personnel may be the only ones with a detailed knowledge of the
interrelationship between the source of data, how it is processed and the distribution and
use of the output.
b. Many conventional controls based on adequate segregation of incompatible functions may
not exist, or in the absence of access and other controls, may be less effective.
c. Transaction and master file data are often concentrated, usually in machine-readable form,
either in one computer installation located centrally or in a number of installations
distributed throughout an entity.
d. Systems employing CIS methods do not include manual operations since the number of
persons involved in the processing of financial information is significantly reduced.
53. System characteristics that may result from the nature of CIS processing include, except
a. Absence of input documents.
b. Lack of visible transaction trail.
c. Lack of visible output.
d. Difficulty of access to data and computer programs.
54. The development of CIS will generally result in design and procedural characteristics that are
different from those found in manual systems. These different design and procedural aspects
of CIS include, except:
a. Consistency of performance.
b. Programmed control procedures.
c. Vulnerability of data and program storage media
d. Multiple transaction update of multiple computer files or databases.
55. Which statement is incorrect regarding internal controls in a CIS environment?
a. Manual and computer control procedures comprise the overall controls affecting the CIS
environment (general CIS controls) and the specific controls over the accounting
applications (CIS application controls).
b. The purpose of general CIS controls is to establish a framework of overall control over the
CIS activities and to provide a reasonable level of assurance that the overall objectives of
internal control are achieved.
c. The purpose of CIS application controls is to establish specific control procedures over the
application systems in order to provide reasonable assurance that all transactions are
authorized and recorded, and are processed completely, accurately and on a timely basis.
d. The internal controls over computer processing, which help to achieve the overall objectives
of internal control, include only the procedures designed into computer programs.
56. General CIS controls may include, except:
a. Organization and management controls. c. Delivery and support controls.
b. Development and maintenance controls. d. Controls over computer data files.
57. CIS application controls include, except
a. Controls over input.
b. Controls over processing and computer data files.
c. Controls over output.
d. Monitoring controls.
58. Which statement is incorrect regarding the review of general CIS controls and CIS application
controls?
a. The auditor should consider how these general CIS controls affect the CIS applications
significant to the audit.
b. General CIS controls that relate to some or all applications are typically interdependent
controls in that their operation is often essential to the effectiveness of CIS application
controls.
c. Control over input, processing, data files and output may be carried out by CIS personnel,
by users of the system, by a separate control group, or may be programmed into
application software.
d. It may be more efficient to review the design of the application controls before reviewing the
general controls.
59. Which statement is incorrect regarding the evaluation of general CIS controls and CIS
application controls?
a. The general CIS controls may have a pervasive effect on the processing of transactions in
application systems.
b. If general CIS controls are not effective, there may be a risk that misstatements might occur
and go undetected in the application systems.
c. Manual procedures exercised by users may provide effective control at the application
level.
d. Weaknesses in general CIS controls cannot preclude testing certain CIS application
controls.
RESA
ReSA - THE REVIEW SCHOOL OF ACCOUNTANCY
CPA Review Batch 42 October 2021 CPA Licensure Exam Weeks 12-13
4. Which of the following types of transactions are suitable for real-time processing?
A B C D
Airline reservations Yes No Yes No
Payroll processing No Yes No Yes
Fund transfer via GCash or PayMaya No Yes Yes No
5. These control procedures relate to all computer activities and are designed to make sure an
organization’s control environment is stable and well managed.
A. General IT controls C. Overall controls
B. Application controls D. Pervasive IT controls
7. These relate to procedures used to initiate, record, process, and report transactions and other financial data.
Their purpose is to provide reasonable assurance that all transactions are authorized and recorded, and are
processed completely, accurately, and on a timely basis.
A. General IT controls. C. IT Input controls.
B. Application controls. D. IT Processing controls.
10. Systems development is separated from data processing activities because failure to do so
A. weakens database access security.
B. allows programmers access to make unauthorized changes to applications during
execution.
C. results in inadequate documentation.
D. results in master files being inadvertently erased.
11. When dealing with the administration of the IT function and the segregation of IT duties
A. in large organizations, management should assign technology issues to outside
consultants.
B. programmers should investigate all security breaches.
C. the board of directors should not get involved in IT decisions since it is a routine function
handled by middle management.
D. in complex environments, management may establish IT steering committees.
12. Which of the following is a general IT control that would most likely assist an entity whose system analysts left
the entity in the middle of a major project?
A. Grandparent-parent-child record retention C. Systems documentation controls
B. Input and output validation routines D. Check digit verification
13. Control which are built in by the manufacturer to detect equipment failure are called:
A. Input controls C. Fail-safe controls
B. Hardware controls D. Manufacturer’s controls
14. Which of the following is the auditor’s concern regarding a distributed data processing set-up?
A. Hardware controls C. Systems documentation controls
B. Access controls D. Organizational controls
16. A client is concerned that a power outage or disaster could impair the computer hardware’s ability to function as
designed. The client desires off-site backup hardware facilities that are fully configured and ready to operate
within several hours. The client most likely should consider a:
A. Cold site B. Mutual aid pact C. Hot site D. Internally developed backup
17. Which of the following procedures would an entity most likely include in its business continuity plan (BCP)?
A. Develop an auxiliary power supply to provide uninterrupted electricity.
B. Store duplicate copies of critical files in a location away from the computer center.
C. Maintain a listing of entity passwords with the network manager.
D. Translate data for storage purposes with a cryptographic secret code.
18. Controls which are designed to assure that the information processed by the computer is valid, complete, and
accurate are called:
A. Input controls C. Output controls
B. Processing controls D. General controls
19. Which input control check would detect a payment made to a nonexistent vendor?
A. Check digit B. Validity check C. Range check. D. Limit check.
20. The employee entered "40" in the "hours worked per day" field. Which check would detect this unintentional
error?
A. Sign check B. Validity check C. Range check. D. Limit check.
21. Totals of amounts in computer-recorded data fields, which are not usually added but are used only for data
processing control purposes are called:
A. Record totals C. Cross-foot totals
B. Hash totals D. Field totals
22. If a control total were to be computed on each of the following data items, which total would best be identified as
a hash total for a payroll application processed by computer?
A. Net pay C. Total debits
B. Department numbers D. Hours worked
23. Run-to-run control totals can be used for all of the following except
A. to ensure that all data input is validated
B. to ensure that only transactions of a similar type are being processed
C. to ensure the records are in sequence and are not missing
D. to ensure that no transaction is omitted
24. Methods used to maintain an audit trail in a computerized environment include all of the following
except
A. transaction logs C. data encryption
B. transaction listings D. log of automatic transactions
25. One output control is known as bursting control. When output reports are removed from the printer, they go to
the bursting stage to have their pages separated and collated. The primary control at this stage is/are:
A. Collation B. Distribution C. Supervision D. All of the choices.
26. Risk exposures associated with creating an output file as an intermediate step in the printing process
(spooling) include all of the following actions by a computer criminal except
A. gaining access to the output file and changing critical data values
B. using a remote printer and incurring operating inefficiencies
C. making a copy of the output file and using the copy to produce illegal output reports
D. printing an extra hardcopy of the output file
27. Jadi Corp. has changed from a system of recording time worked on clock cards to a computerized payroll
system in which employees record time in and out with magnetic cards. The computer system automatically
updates all payroll records. Because of this change:
A. a generalized computer audit program must be used.
B. part of the audit trail is altered.
C. the potential for payroll-related fraud is diminished.
D. transactions must be processed in batches.
28. Which of the following is least likely to be considered by an auditor considering engagement of an information
technology (IT) specialist on an audit?
A. Complexity of client’s systems and IT controls
B. Requirements to assess going concern status
C. Client’s use of emerging technologies
D. Extent of entity’s participation in electronic commerce
29. Which of the following computer documentation would an auditor most likely utilize in obtaining
an understanding of an entity’s internal control structure?
A. System flowcharts C. Program listings
B. Record counts D. Record layouts
30. An auditor anticipates assessing control risk at a low level in a computerized environment. Under these
circumstances, on which of the following procedures would the auditor initially focus?
A. Programmed control procedures. C. Output control procedures.
B. Application control procedures. D. General control procedures.
31. Internal control is ineffective when computer department personnel
A. Participate in computer software acquisition decisions.
B. Design documentation for computerized systems.
C. Originate changes in master files.
D. Provide physical security for program files.
32. To obtain evidence that user identification and password controls are functioning as designed, an auditor would
most likely:
A. Attempt to sign-on to the system using invalid user identifications and passwords.
B. Write a computer program that simulates the logic of the client’s access control software.
C. Extract a random sample of processed transactions and ensure that the transactions were
appropriately authorized.
D. Examine statements signed by employees stating that hey have not divulged their user
identifications and password to any other person.
33. When evaluating IT controls, the auditor is faced with the choice of auditing around the computer or auditing
through the computer. When auditing around the computer, the processing of computer applications is not
investigated. This approach is appropriate when:
A. inherent risk is assessed to be high
B. the processing logic of the program used is complex
C. the computer system is simple or uses proven commercial software
D. most of the controls reside within the computer application itself
34. Auditing by testing the input and output of an IT system instead of the computer program itself:
A. Will not detect program errors which do not show up in the output sampled.
B. Will detect all program errors, regardless of the nature of the output.
C. Will provide the auditor with the same type of evidence.
D. Will not provide the auditor with confidence in the results of the auditing procedures.
36. An auditor most likely would test for the presence of unauthorized CIS program change by running a
A. Program with test data C. Source code comparison program
B. Check digit verification program D. Program that computes control totals
38. Computer-assisted audit techniques (CAATs) may be utilized to facilitate the tests of controls in an IT system.
Which of the following approaches are usually used?
A B C D
Test data approach Yes Yes No Yes
Integrated test facility (ITF) No Yes Yes No
Parallel simulation No Yes Yes Yes
39. Which of the following statements is not true of the test data approach when testing a
computerized accounting system?
A. The test data needs to consist of only those valid and invalid conditions that interest the auditor.
B. Only one transaction of each type needs to be tested.
C. The test data must consist of all possible valid and invalid conditions.
D. Test data are processed by the client’s computer software under the auditor’s control.
40. Which of the following computer-assisted audit techniques allows fictitious and real transactions to be
processed together without client-operating personnel being aware of the testing process?
A. Parallel simulation. C. Mapping.
B. Integrated test facility. D. Test data.
43. An increase in the effectiveness of auditing software will have the effect of
A. increasing detection risk. C. increasing control risk.
B. reducing detection risk. D. reducing control risk.
45. When the auditor is obtaining an understanding of the service organization’s internal controls,
the auditor should
A. use the same criteria used to evaluate the client's internal controls.
B. use different criteria because the service organization resides outside the company.
C. use the same criteria used to evaluate the client's internal controls but omit tests of transactions.
D. use different criteria for the service organization by including substantive tests of balances.
- END -
Reo
1. What consists an accounting information system?
a. Internal controls, journals and ledgers
b. People, hardware and software
c. Information, software and computers
d. People, procedures, data software and information technology infrastructure.
2. Which of the following statements is incorrect?
a. The components of IT system include hardware, software, telecommunications, databases, and human resources.
b. Keyboards, external disk drives, and routers are examples of hardware.
c. A software can either be a system software or an application software.
d. A point-of-sale device is an example of processing hardware.
3. Which of the following statements is not correct?
a. The overall objective and scope of an audit do not change in a CIS environment
b. When computers or CIS are introduced, the basic concept of evidence accumulation remains the same
c. Most CIS rely extensively on the same type of procedures for control that are used in manual processing system
d. The specific methods appropriate for implementing the basic auditing concepts do not change, as systems become
more complex
4. Which of the following characteristics distinguishes computer processing from manual processing?
a. Most computer systems are designed so that transaction trails useful for audit purposes do not exist.
b. The potential of systematic error is ordinarily greater in manual processing than in computerized processing.
c. Computer processing virtually eliminates the occurrence of computational error normally associated with manual
processing.
d. Errors or fraud in computer processing will be detected soon after their occurrences.
5. The development of CIS will generally result in design and procedural characteristics that are different from those found
in manual systems. These different design and procedural aspects of CIS include, except:
a. Consistency of performance.
b. Programmed control procedures.
c. Vulnerability of data and program storage media
d. Multiple transaction update of multiple computer files or databases.
6. Which of the following is least likely to be considered by an auditor considering engagement of an information
technology (IT) specialist on an audit?
a. Complexity of client’s systems and IT controls.
b. Requirements to assess going concern status.
c. Client’s use of emerging technologies.
d. Extent of entity’s participation in electronic commerce.
7. Which statement is correct regarding personal computer systems?
a. Personal computers or PCs are economical yet powerful self-contained general purpose computers consisting
typically of a central processing unit (CPU), memory, monitor, disk drives, printer cables and modems.
b. Programs and data are stored only on non-removable storage media.
c. Personal computers cannot be used to process accounting transactions and produce reports that are essential to
the preparation of financial statements.
d. Generally, CIS environments in which personal computers are used are the same with other CIS environments.
8. End user computing is most likely to occur on which of the following types of computers?
a. Mainframe c. Personal computers
b. Minicomputers d. Personal reference assistants
9. Which of the following is the least likely characteristic of personal computers?
a. They are small enough to be transportable.
b. They are relatively expensive.
c. They can be placed in operation quickly.
d. The operating system software is less comprehensive than that found in larger computer environments.
10. Which of the following is an inherent characteristic of software package?
a. They are typically used without modifications of the programs.
b. The programs are tailored-made according to the specific needs of the user.
c. They are developed by software manufacturer according to a particular user’s specifications.
d. It takes a longer time of implementation.
11. Which of the following is not normally a removable storage media?
a. Compact disk b. Tapes c. Diskettes d. Hard disk
12. It is a computer program (a block of executable code) that attaches itself to a legitimate program or data file and uses
it as a transport mechanism to reproduce itself without the knowledge of the user.
a. Virus c. System management program
b. Utility program d. Encryption
13. Personal computers are susceptible to theft, physical damage, unauthorized access or misuse of equipment. Which of
the following is least likely a physical security to restrict access to personal computers when not in use?
a. Using door locks or other security protection during non-business hours.
b. Fastening the personal computer to a table using security cables.
c. Locking the personal computer in a protective cabinet or shell.
d. Using anti-virus software programs.
14. What technology is needed in order to convert a paper document into a computer file?
a. Optical character recognition c. Bar-coding scanning
b. Electronic data interchange d. Joining and merging
15. The auditor may often assume that control risk is high in personal computer systems since it may not be practicable or
cost-effective for management to implement sufficient controls to reduce the risks of undetected errors to a minimum
level. This least likely entail
a. More physical examination and confirmation of assets.
b. More analytical procedures than tests of details.
c. Larger sample sizes.
d. Greater use of computer-assisted audit techniques, where appropriate.
16. Computer systems that enable users to access data and programs directly through workstations are referred to as
a. On-line computer systems c. Database management systems (DBMS)
b. Personal computer systems d. Database systems
17. On-line systems allow users to initiate various functions directly. Such functions include:
I. Entering transactions III. Requesting reports
II. Making inquiries IV. Updating master files
a. I, II, III and IV b. I and II c. I, II and III d. I and IV
18. Types of workstations include General Purpose Terminals and Special Purpose Terminals. Special Purpose Terminals
include
a. Basic keyboard and monitor c. Point of sale devices
b. Intelligent terminal d. Personal computers
46. An advantage of using systems flowcharts to document information about internal control instead of using internal
control questionnaires is that systems flowcharts
a. Identify internal control weaknesses more prominently.
b. Provide a visual depiction of clients’ activities.
c. Indicate whether control procedures are operating effectively.
d. Reduce the need to observe clients’ employees performing routine tasks.
47. In studying a client's internal controls, an auditor must be able to distinguish between prevention controls and detection
controls. Of the following data processing controls, which is the best detection control?
a. Policy requiring password security. c. Backup and recovery procedure.
b. Access controls. d. Review of machine utilization logs.
48. In a highly automated information processing system, tests of control
a. Must be performed in all circumstances.
b. May be required in some circumstances.
c. Are never required.
d. Are required in first year audits.
49. An auditor anticipates assessing control risk at a low level in a computerized environment. Under these circumstances,
on which of the following activities would the auditor initially focus?
a. Programmed control activities c. Output control activities
b. Application control activities d. General control activities
50. Should the auditor feel, after obtaining an understanding of the CIS internal control structure, that control risk cannot be
reduced, he or she will
a. Expand the substantive testing portion of the audit
b. Increase the sample size for tests of controls
c. Issue a disclaimer
d. Issue an adverse opinion
51. An auditor would be most likely to assess control risk at the maximum level in an electronic environment with automated
system-generated information when
a. Sales orders are initiated using predetermined, automated decision rules.
b. Payables are based on many transactions and large in peso amount.
c. Fixed asset transactions are few in number, but large in peso amount.
d. Accounts receivable records are based on many transactions and are large in peso amount.
52. Which of the following client information technology (IT) systems generally can be audited without examining or directly
testing the IT computer programs of the system?
a. A system that performs relatively uncomplicated processes and produces detailed output.
b. A system that affects a number of essential master files and produces a limited output.
c. A system that updates a few essential master files and produces no printed output other than final balances.
d. A system that performs relatively complicated processing and produces very little detailed output.
53. The application of auditing procedures using the computer as an audit tool refer to
a. Integrated test facility c. Data-based management system
b. Auditing through the computer d. Computer assisted audit techniques
54. When an auditor tests a computerized accounting system, which of the following is true of the test data approach?
a. Several transactions of each type must be tested
b. Test data are processed by the client’s computer programs under the auditor’s control
c. Test data must consist of all possible valid and invalid conditions
d. The program tested is different from the program used throughout the year by the client
55. Which of the following is not among the errors that an auditor might include in the test data
when auditing a client’s computer system?
a. Numeric characters in alphanumeric fields.
b. Authorized code.
c. Differences in description of units of measure.
d. Illogical entries in fields whose logic is tested by programmed consistency checks.
56. Which of the following computer-assisted auditing techniques allows fictitious and real
transactions to be processed together without client operating personnel being aware of the
testing process?
a. Integrated test facility c. Parallel simulation
b. Input controls matrix d. Data entry monitor
57. Which of the following methods of testing application controls utilizes a generalized audit software
package prepared by the auditors?
a. Parallel simulation c. Test data approach
b. Integrated test facility d. Exception report tests
58. Consists of generalized computer programs designed to perform common audit tasks or
standardized data processing functions.
a. Package or generalized audit software.
b. Customized or purpose-written programs
c. Utility programs
d. System management programs
59. A primary advantage of using generalized audit software packages to audit the financial
statements of a client that uses a computer system is that the auditor may
a. Access information stored on computer files while having a limited understanding of the
client’s hardware and software features
b. Consider increasing the use of substantive tests of transactions in place of analytical procedures
c. Substantiate the accuracy of data through self-checking digits and hash totals
d. Reduce the level of required tests of controls to a relatively small amount
60. An auditor most likely would test for the presence of unauthorized computer program changes by
running a
a. Program with test data. c. Check digit verification program.
b. Source code comparison program. d. Program that computes control totals.
61. An auditor would least likely use computer software to
a. Access client data files. c. Prepare spreadsheets.
b. Assess computer control risk. d. Construct parallel simulations.
62. Audit automation least likely include
a. Expert systems.
b. Tools to evaluate a client’s risk management procedures.
c. Manual working papers.
d. Corporate and financial modeling programs for use as predictive audit tests.
63. Auditors often make use of computer programs that perform routine processing functions such as
sorting and merging. These programs are made available by electronic data processing
companies and others and are specifically referred to as
a. Compiler programs. c. Supervisory programs.
b. Utility programs. d. User programs.