Professional Documents
Culture Documents
(Midterm) Polytechnic University of The Philippines Auditing in Cis Environment
(Midterm) Polytechnic University of The Philippines Auditing in Cis Environment
Email *
lizettesumanting@gmail.com
Course/Year/Campus *
Multiple Choice
a. I and II only
a. The internet is a private network that only allows access to authorized persons or
entities.
b. The internet is a shared public network that enables communication with other
entities and individuals around the world.
d. The internet is interoperable, which means that any computer connected to the
internet can communicate with any other computer connected to the internet.
3. Regardless of the nature of an entity’s information system, the auditor must consider internal *
control. In an IT environment, the auditor must, at a minimum, have a sufficient knowledge of the
computer information system. Who is ultimately responsible for the design and implementation of
the cost-effective internal controls in an IT environment?
b. entity’s management
d. IT manager
4. Are the following risks greater in IT than in manual system? *
5. Uninterruptible power supplies are used in computer facilities to minimize the risk of *
c. Most computer systems are designed so that transaction trails useful for audit
purposes do not exist
d. The potential for systematic error is ordinarily greater in manual processing than
in computerized processing
7. Audit team members can use the same database and programs when their personal computers *
(PC’s) share a hard disk and printer on a local area network (LAN). Which of the following
communication devices enables a PC to connect to a LAN?
a. Hardware diagnostics
b. interrupts
c. priority allocation
d. queues
10. Workstations or terminals are an integral component of online computer systems. Which of *
the following statements concerning workstations is incorrect?
a. Both local and remote workstations require the use of telecommunications to link
them to the main computer
b. Local workstations are connected directly to the main computer through cables
a. Involves reprocessing actual entity data using the auditor’s computer software
b. Involves reprocessing actual entity data using the entity’s computer software
d. Is where the dummy transactions are prepared by the auditor and processed
under the auditors control using the entity’s computer software
12. An entity should have a disaster recovery plan to ensure that date processing capacity can be *
restored as smoothly and quickly as possible. The following would typically be part of an adequate
disaster recovery plan, except
13. Which of the following statements concerning computer program modifications is incorrect? *
a. After the amended program has received final approval, the change is
implemented by replacing the production version with the developmental version
b. During the modification process, the developmental version of the program must
be kept separate from the production version
d. When a program change is submitted for approval, a list of all required updates
should be compiled and then approved by management and program users
14. A collection of data that is shared and used by a number of different users for different *
purposes is a database. To protect the integrity of the database, data sharing by different users
requires organization, coordination, rules and guidelines. The individual responsible for managing
the database resource is the
a. Database administrator
b. IT manager
c. programmer
d. user
15. An auditor who wishes to trade data through several application programs should know what *
programs use the data, which files contain the data and which printed reports display the data. In a
database system, the information could be
a. Data dictionary
b. data encryptor
c. database schema
d. decision table
16. Which of the following is usually a benefit of transmitting transactions in an electronic data *
interchange environment?
18. The following statements relate to internal control in an electronic data interchange (EDI) *
environment. Which is true?
a. Control objectives for EDI systems generally are different from the objectives for
other computer information systems
b. In EDI systems, preventive controls are generally more important than detective
controls
c. Internal controls in EDI systems rarely permit control risk at below the maximum
d. Internal controls that relate to the segregation of duties generally are the most
important controls in EDI systems
19. An entity has recently converted its revenue and receipt cycle from a manual processing to an *
online, real-time processing system. Which is most probable result associated with conversion to
the new computerized processing system?
20. The most important segregation of duties in the organization of the information systems *
function is
a. Assuring that those responsible for programming the system do not have access
to data processing operations
b. Having a separate information officer at the top level of the organization outside
of the accounting function
21. Which of the following would represent an internal control weakness in an IT environment? *
d. The data control group is solely responsible for distributing computer generated
reports.
22. The manager of computer operations prepares a weekly schedule of planned computer *
processing and sends a copy to the computer librarian. The control objective this procedure serves
is to
b. Keep improper and unauthorized transactions from entering the computer facility
23. Which of the following groups should have the operational responsibility for the accuracy and *
completeness of computer based information?
a. External auditors
b. users
c. internal auditors
d. top management
24. An entity installed antivirus software on all its personal computers. The software was designed *
to prevent initial infections, stop replication attempts, detect infections after their occurrence,
mark affected system components and remove viruses from infected components. The major risk in
relying on antivirus software is that it may
26. What is the appropriate term for the process of monitoring, evaluating and modifying a *
system?
a. Analysis
b. feasibility study
c. implementation
d. maintenance
27. Program documentation is a control designed primarily to provide reasonable assurance that *
28. An entity updates its accounts receivable master file weekly and retains the master files and *
corresponding update transactions for the most recent two-week period. The purpose of this
periodic retention of master files and transaction data is to
b. A “cold-site” arrangement
c. a “hot-site” arrangement
30. All administrative and professional staff in an entity’s legal department prepare documents on *
terminals connected to a host local area network file server. Which of the following is the best
control over unauthorized access to sensitive documents in the system?
31. An auditor has just concluded a physical security audit of a data center which is primarily *
engaged in top-secret defense contract work. The auditor has recommended biometric
authentication for workers entering the building. The recommendation might include devices that
verify all of the following, except
a. Fingerprints
b. speech patterns
c. password patterns
a. Batching
b. recording
c. reporting
d. verifying
33. If a control total were to be computed on each of the following data items, which would best be *
identified as a hash total for a payroll IT application?
a. Employee numbers
34. An entity uses the account code 6969 for leasehold improvements account. However , one of the *
company data input clerks often codes leasehold improvements as 9696. The highest account code in
the company’s system is 6970. Which programmed control procedure would detect this error?
b. valid-code test
c. sequence check
d. valid-character test
35. Many customers, managers, employees and suppliers have blamed the computer for making *
errors. In reality, computers make very few mechanical errors. Which of the following is the most
likely source of errors in a fully operational computer-based system?
a. Input
b. operational error
c. processing
Choose True if the statement is correct and False if the statement is incorrect
1. Reliability means the quality of information relates to the accuracy and completeness of *
information as well as to its validity in accordance with business values and expectations.
TRUE
FALSE
2. DDOS Attack happens when a Denial of Service attack in which numerous SYN packets are *
transmitted to a targeted receiver, but not responding to an ACK packet.
TRUE
FALSE
3. The Big bang approach is the most time consuming and costly method in converting the old *
system to the new one.
TRUE
FALSE
TRUE
FALSE
5. Evaluators of the detailed feasibility study should not include the system designer. *
TRUE
FALSE
6. A network model does not allow children files to have multiple parent files. *
TRUE
FALSE
7. The database approach to data management is sometimes called the flat file approach. *
TRUE
FALSE
TRUE
FALSE
9. The bill of lading is a legal contract between the buyer and the seller. *
TRUE
FALSE
10. The ethical principle of justice assets that the benefits of the decision should be distributed *
fairly to those who share the risks.
TRUE
FALSE
11. Ethical issues and legal issues are essentially the same. *
TRUE
FALSE
12. A run-to-run control is an example of an output control. *
TRUE
FALSE
TRUE
FALSE
14. The base case system evaluation is a variation of the test data method. *
TRUE
FALSE
TRUE
FALSE
16. Cash larceny involves stealing cash from an organization before it is recorded in the *
organization’s books and records.
TRUE
FALSE
17. The most common access point for perpetrating computer fraud is at the data collection stage. *
TRUE
FALSE
18. Slicing and dicing permits the disaggregation of data to reveal underlying details. *
TRUE
FALSE
19. A data warehouse is a relational or multi-dimensional database that may require hundreds of *
gigabytes of storage.
TRUE
FALSE
20. An access control list specifies the user ID, the resource available to the user and the level of *
permission granted.
TRUE
FALSE
This content is neither created nor endorsed by Google. Report Abuse - Terms of Service - Privacy Policy
Forms