POLYTECHNIC UNIVERSITY OF THE PHILIPPINES

AUDITING IN CIS ENVIRONMENT

Auditing In CIS Environment
Mid-term Examination
By: Benjamin Abarquez

Email *

lizettesumanting@gmail.com

Last Name/First Name/M.I. *

Sumanting, Lizette Janiya C.

Course/Year/Campus *

BSA 3-1, Taguig

Multiple Choice

Choose the letter of the correct answer

1. It has several significant effects on an entity. Which of the following would be important from *
an audit perspective?

a. I and II only

b. I and III only

c. I, II, and III

d. II and III only

2. Which of the following statements concerning the internet is incorrect? *

a. The internet is a private network that only allows access to authorized persons or
entities.

b. The internet is a shared public network that enables communication with other
entities and individuals around the world.

c. The internet is a worldwide network that allows entities to engage in e-

commerce/e-business activities

d. The internet is interoperable, which means that any computer connected to the
internet can communicate with any other computer connected to the internet.

3. Regardless of the nature of an entity’s information system, the auditor must consider internal *
control. In an IT environment, the auditor must, at a minimum, have a sufficient knowledge of the
computer information system. Who is ultimately responsible for the design and implementation of
the cost-effective internal controls in an IT environment?

a. Control group in the IT dept

b. entity’s management

c. internal audit manager

d. IT manager
4. Are the following risks greater in IT than in manual system? *

5. Uninterruptible power supplies are used in computer facilities to minimize the risk of *

a. Crashing disk drive read-write heads

b. Dropping bits in data transmission

c. failing to control concurrent access to data

d. losing data stored in main memory

6. A characteristic that distinguishes computer processing from manual processing is *

a. Computer processing virtually eliminates the occurrence of computational errors

normally associated with manual processing

b. Errors or fraud in computer processing will be detected soon after their

occurrences

c. Most computer systems are designed so that transaction trails useful for audit
purposes do not exist

d. The potential for systematic error is ordinarily greater in manual processing than
in computerized processing
7. Audit team members can use the same database and programs when their personal computers *
(PC’s) share a hard disk and printer on a local area network (LAN). Which of the following
communication devices enables a PC to connect to a LAN?

a. A fax modem that sends signals through telephone lines

b. An external modem with a cable connection to a serial port

c. A network interface card that plugs into the motherboard

d. An internal modem that plugs into the motherboard

8. The following are risks specific to IT environment, except *

a. Increased human involvement

b. Loss of data due to insufficient backup

c. reduced segregation of duties

d. reliance on the functioning capabilities of hardware and software

9. Online, real-time processing system is a type of online computer system is characterized by *

data that are assembled from more than one location and records that are updated immediately.
Which of the following is usually not a factor to consider in designing and implementing an online,
real-time system?

a. Hardware diagnostics

b. interrupts

c. priority allocation

d. queues

10. Workstations or terminals are an integral component of online computer systems. Which of *
the following statements concerning workstations is incorrect?

a. Both local and remote workstations require the use of telecommunications to link
them to the main computer

b. Local workstations are connected directly to the main computer through cables

c. Workstations may be located either locally or at remote sites

d. Workstations may be used by different users, for different purposes, in different

locations, all at the same time
11. Test data approach *

a. Involves reprocessing actual entity data using the auditor’s computer software

b. Involves reprocessing actual entity data using the entity’s computer software

c. Is where actual transactions are prepared by the auditor

d. Is where the dummy transactions are prepared by the auditor and processed
under the auditors control using the entity’s computer software

12. An entity should have a disaster recovery plan to ensure that date processing capacity can be *
restored as smoothly and quickly as possible. The following would typically be part of an adequate
disaster recovery plan, except

a. A system upgrade due to operating system software changes

b. Back up computer and telecommunication facilities

c. Scheduled electronic vaulting of files

d. Uninterruptible power systems installed for key system components

13. Which of the following statements concerning computer program modifications is incorrect? *

a. After the amended program has received final approval, the change is
implemented by replacing the production version with the developmental version

b. During the modification process, the developmental version of the program must
be kept separate from the production version

c. Only material program changes should be thoroughly tested and documented

d. When a program change is submitted for approval, a list of all required updates
should be compiled and then approved by management and program users

14. A collection of data that is shared and used by a number of different users for different *
purposes is a database. To protect the integrity of the database, data sharing by different users
requires organization, coordination, rules and guidelines. The individual responsible for managing
the database resource is the

a. Database administrator

b. IT manager

c. programmer

d. user
15. An auditor who wishes to trade data through several application programs should know what *
programs use the data, which files contain the data and which printed reports display the data. In a
database system, the information could be

a. Data dictionary

b. data encryptor

c. database schema

d. decision table

16. Which of the following is usually a benefit of transmitting transactions in an electronic data *
interchange environment?

a. A compressed business cycle with lower year-end receivable balances

b. A reduced need to test computer controls related to sales and collections

transactions

c. An increased opportunity to apply statistical sampling techniques to account

balances

d. No need to rely on third party service providers to ensure security

17. IT application controls include the following except *

a. Controls over access to systems software and documentation

b. Controls over processing and computer data files

c. controls over input

d. controls over output

18. The following statements relate to internal control in an electronic data interchange (EDI) *
environment. Which is true?

a. Control objectives for EDI systems generally are different from the objectives for
other computer information systems

b. In EDI systems, preventive controls are generally more important than detective
controls

c. Internal controls in EDI systems rarely permit control risk at below the maximum

d. Internal controls that relate to the segregation of duties generally are the most
important controls in EDI systems
19. An entity has recently converted its revenue and receipt cycle from a manual processing to an *
online, real-time processing system. Which is most probable result associated with conversion to
the new computerized processing system?

a. Increase in processing errors

b. Less segregation of traditional duties

c. significant increase in processing time

d. reduction in the entity’s risk exposure

20. The most important segregation of duties in the organization of the information systems *
function is

a. Assuring that those responsible for programming the system do not have access
to data processing operations

b. Having a separate information officer at the top level of the organization outside
of the accounting function

c. Not allowing the data librarian to assist in data processing operations

d. Using different programming personnel to maintain utility programs from those

who maintain the application programs.

21. Which of the following would represent an internal control weakness in an IT environment? *

a. Computer operator have access to operator instructions ad have the authority to

modify application programs

b. Computer programmers write and modify programs designed by systems analyst.

c. The computer librarian maintains custody of computer application program and

files

d. The data control group is solely responsible for distributing computer generated
reports.
22. The manager of computer operations prepares a weekly schedule of planned computer *
processing and sends a copy to the computer librarian. The control objective this procedure serves
is to

a. Authorize the release of data files to computer operators

b. Keep improper and unauthorized transactions from entering the computer facility

c. Specify file retention and disaster recovery policies

d. Specify the distribution of computer results

23. Which of the following groups should have the operational responsibility for the accuracy and *
completeness of computer based information?

a. External auditors

b. users

c. internal auditors

d. top management

24. An entity installed antivirus software on all its personal computers. The software was designed *
to prevent initial infections, stop replication attempts, detect infections after their occurrence,
mark affected system components and remove viruses from infected components. The major risk in
relying on antivirus software is that it may

a. Consume too many systems resources

b. Interfere with system operations

c. make software installation too compels

d. not detect certain viruses

25. The accountant who prepared a spreadsheet model for workload forecasting left the company, *
and his successor was unable to understand how to use the spreadsheet. The best control to permit
new employees to understand internally developed programs is

a. Adequate backups are made for spreadsheet models

b. End user computing efforts are consistent with strategic plans

c. Documentation standards exist and are followed

d. Use of end-user computing resources is monitored

26. What is the appropriate term for the process of monitoring, evaluating and modifying a *
system?

a. Analysis

b. feasibility study

c. implementation

d. maintenance

27. Program documentation is a control designed primarily to provide reasonable assurance that *

a. No one uses the computer hardware for personal reasons

b. Programs are free of syntax and logic errors

c. Programmers have access to operational materials

d. Programs are kept up to date and performed as intended

28. An entity updates its accounts receivable master file weekly and retains the master files and *
corresponding update transactions for the most recent two-week period. The purpose of this
periodic retention of master files and transaction data is to

a. Match internal labels to avoid writing on the wrong volume

b. Validate groups of update transactions for each version

c. Permit reconstruction of the master file if needed

d. Verify run-to-run control totals for receivables

29. An entity’s contingency plans for computer information systems should include appropriate *
backup arrangements. Which of the following arrangements would be considered to vendor-
dependent when vital operations require almost immediate availability of computer resources?

a. A “cold and hot-site” arrangement

b. A “cold-site” arrangement

c. a “hot-site” arrangement

d. using excess capacity at another data center within the entity

30. All administrative and professional staff in an entity’s legal department prepare documents on *
terminals connected to a host local area network file server. Which of the following is the best
control over unauthorized access to sensitive documents in the system?

a. Periodic server backup and storage in a secure area

b. Required entry of passwords for access to the system

c. Physical security for all disks containing document files

d. Required entry of passwords for access to individual documents

31. An auditor has just concluded a physical security audit of a data center which is primarily *
engaged in top-secret defense contract work. The auditor has recommended biometric
authentication for workers entering the building. The recommendation might include devices that
verify all of the following, except

a. Fingerprints

b. speech patterns

c. password patterns

d. none of the above

32. Data processing activities may be classified in terms of three stages or processes: input, *
processing and output. Which of the following activities is not normally associated with the input
stage?

a. Batching

b. recording

c. reporting

d. verifying

33. If a control total were to be computed on each of the following data items, which would best be *
identified as a hash total for a payroll IT application?

a. Employee numbers

b. total debit and credit amounts

c. gross wages earned by employees

d. total hours worked

34. An entity uses the account code 6969 for leasehold improvements account. However , one of the *
company data input clerks often codes leasehold improvements as 9696. The highest account code in
the company’s system is 6970. Which programmed control procedure would detect this error?

a. Pre-data input check

b. valid-code test

c. sequence check

d. valid-character test

35. Many customers, managers, employees and suppliers have blamed the computer for making *
errors. In reality, computers make very few mechanical errors. Which of the following is the most
likely source of errors in a fully operational computer-based system?

a. Input

b. operational error

c. processing

d. system analysis and programming

True or False

Choose True if the statement is correct and False if the statement is incorrect

1. Reliability means the quality of information relates to the accuracy and completeness of *
information as well as to its validity in accordance with business values and expectations.

TRUE

FALSE

2. DDOS Attack happens when a Denial of Service attack in which numerous SYN packets are *
transmitted to a targeted receiver, but not responding to an ACK packet.

TRUE

FALSE

3. The Big bang approach is the most time consuming and costly method in converting the old *
system to the new one.

TRUE

FALSE

4. Backbone systems provide a basic system structure on which to build. *

TRUE

FALSE

5. Evaluators of the detailed feasibility study should not include the system designer. *

TRUE

FALSE
6. A network model does not allow children files to have multiple parent files. *

TRUE

FALSE

7. The database approach to data management is sometimes called the flat file approach. *

TRUE

FALSE

8. A remittance advice is a form of turn-around document. *

TRUE

FALSE

9. The bill of lading is a legal contract between the buyer and the seller. *

TRUE

FALSE

10. The ethical principle of justice assets that the benefits of the decision should be distributed *
fairly to those who share the risks.

TRUE

FALSE

11. Ethical issues and legal issues are essentially the same. *

TRUE

FALSE
12. A run-to-run control is an example of an output control. *

TRUE

FALSE

13. Shredding computer printouts is not an example of output control. *

TRUE

FALSE

14. The base case system evaluation is a variation of the test data method. *

TRUE

FALSE

15. Spooling is a form of processing control. *

TRUE

FALSE

16. Cash larceny involves stealing cash from an organization before it is recorded in the *
organization’s books and records.

TRUE

FALSE

17. The most common access point for perpetrating computer fraud is at the data collection stage. *

TRUE

FALSE
18. Slicing and dicing permits the disaggregation of data to reveal underlying details. *

TRUE

FALSE

19. A data warehouse is a relational or multi-dimensional database that may require hundreds of *
gigabytes of storage.

TRUE

FALSE

20. An access control list specifies the user ID, the resource available to the user and the level of *
permission granted.

TRUE

FALSE

This content is neither created nor endorsed by Google. Report Abuse - Terms of Service - Privacy Policy

Forms