Which of the following is not a risk in a computerized information system (CIS)

0% found this document useful (0 votes)

275 views22 pages

Chapter 7: Auditing in A Computerized Environment (No 85)

Original Title:

CHAPTER_7_SALOSAGCOL.docx

Jump to Page

You are on page 1of 22

You're Reading a Free Preview
Pages 6 to 11 are not shown in this preview.

You're Reading a Free Preview
Pages 15 to 20 are not shown in this preview.

Reward Your Curiosity

Everything you want to read.

Anytime. Anywhere. Any device.

No Commitment. Cancel anytime.

CEBU CPAR CENTER

Mandaue City, Cebu

AUDITING THEORY

AUDITING IN A COMPUTER INFORMATION SYSTEMS (CIS) ENVIRONMENT

Related PSAs/PAPSs: PSA 401; PAPS 1001, 1002, 1003, 1008 and 1009

PSA 401 – Auditing in a Computer Information Systems (CIS) Environment

1. Which statement is incorrect when auditing in a CIS environment? a. A CIS environment exists when a computer of any type or size is involved in the processing by the entity of financial information of significance to the audit, whether that computer is operated by the entity or by a third party. b. The auditor should consider how a CIS environment affects the audit. c. The use of a computer changes the processing, storage and communication of financial information and may affect the accounting and internal control systems employed by the entity. d. A CIS environment changes the overall objective and scope of an audit.

2. Which of the following standards or group of standards is mostly affected by a computerized information system environment? a. General standards c. Reporting standards b. Second standard of field work d. Standards of fieldwork

3. Which of the following is least considered if the auditor has to determine whether specialized CIS skills are needed in an audit? a. The auditor needs to obtain a sufficient understanding of the accounting and internal control system affected by the CIS environment. b. The auditor needs to determine the effect of the CIS environment on the assessment of overall risk and of risk at the account balance and class of transactions level. c. Design and perform appropriate tests of controls and substantive procedures. d. The need of the auditor to make analytical procedures during the completion stage of audit.

4. It relates to materiality of the financial statement assertions affected by the computer processing. a. Threshold b. Relevance c. Complexity d. Significance

5. Which of the following least likely indicates a complexity of computer processing? a. Transactions are exchanged electronically with other organizations without manual review of their propriety. b. The volume of the transactions is such that users would find it difficult to identify and correct errors in processing. c. The computer automatically generates material transactions or entries directly to another applications. d. The system generates a daily exception report.

6. The nature of the risks and the internal characteristics in CIS environment that the auditors are mostly concerned include the following except: a. Lack of segregation of functions. c. Lack of transaction trails. b. Dependence of other control over computer processing. d. Cost-benefit ratio.

7. Which of the following is least likely a risk characteristic associated with CIS environment? a. Errors embedded in an application’s program logic maybe difficult to manually detect on a timely basis. b. Many control procedures that would ordinarily be performed by separate individuals in manual system maybe concentrated in CIS. c. The potential unauthorized access to data or to alter them without visible evidence maybe greater. d. Initiation of changes in the master file is exclusively handled by respective users.

8. Which of the following significance and complexity of the CIS activities should an auditor least understand? a. The organizational structure of the client’s CIS activities. b. Lack of transaction trails. c. The significance and complexity of computer processing in each significant accounting application. d. The use of software packages instead of customized software.

PAPS 1001 – CIS Environments – Stand-Alone Personal Computers

1. Which statement is correct regarding personal computer systems? a. Personal computers or PCs are economical yet powerful self-contained general purpose computers consisting typically of a central processing unit (CPU), memory, monitor, disk drives, printer cables and modems. b. Programs and data are stored only on non-removable storage media. c. Personal computers cannot be used to process accounting transactions and produce reports that are essential to the preparation of financial statements. d. Generally, CIS environments in which personal computers are used are the same with other CIS environments.

2. A personal computer can be used in various configurations, including a. A stand-alone workstation operated by a single user or a number of users at different times. b. A workstation which is part of a local area network of personal computers. c. A workstation connected to a server. d. All of the above.

3. Which statement is incorrect regarding personal computer configurations? a. The stand-alone workstation can be operated by a single user or a number of users at different times accessing the same or different programs. b. A stand-alone workstation may be referred to as a distributed system. c. A local area network is an arrangement where two or more personal computers are linked together through the use of special software and communication lines. d. Personal computers can be linked to servers and used as part of such systems, for example, as an intelligent on-line workstation or as part of a distributed accounting system.

4. Which of the following is the least likely characteristic of personal computers? a. They are small enough to be transportable. b. They are relatively expensive. c. They can be placed in operation quickly. d. The operating system software is less comprehensive than that found in larger computer environments.

5. Which of the following is an inherent characteristic of software package? a. They are typically used without modifications of the programs. b. The programs are tailored-made according to the specific needs of the user. c. They are developed by software manufacturer according to a particular user’s specifications. d. It takes a longer time of implementation.

6. Which of the following is not normally a removable storage media? a. Compact disk c. Tapes b. Diskettes d. Hard disk

7. It is a computer program (a block of executable code) that attaches itself to a legitimate program or data file and uses its as a transport mechanism to reproduce itself without the knowledge of the user. a. Virus c. System management program b. Utility program d. Encryption

8. Which statement is incorrect regarding internal control in personal computer environment? a. Generally, the CIS environment in which personal computers are used is less structured than a centrally-controlled CIS environment. b. Controls over the system development process and operations may not be viewed by the developer, the user or management as being as important or cost-effective. c. In almost all commercially available operating systems, the built-in security provided has gradually increased over the years. d. In a typical personal computer environment, the distinction between general CIS controls and CIS application controls is easily ascertained.

9. Personal computers are susceptible to theft, physical damage, unauthorized access or misuse of equipment. Which of the following is least likely a physical security to restrict access to personal computers when not in use? a. Using door locks or other security protection during non-business hours. b. Fastening the personal computer to a table using security cables. c. Locking the personal computer in a protective cabinet or shell. d. Using anti-virus software programs.

d. Workstations cannot be used by many users, for different purposes, in different locations, all at the same time.

1. On-line computer systems may be classified according to a. How information is entered into the system. b. How it is processed. c. When the results are available to the user. d. All of the above.

2. In an on-line/real time processing system a. Individual transactions are entered at workstations, validated and used to update related computer files immediately. b. Individual transactions are entered at a workstation, subjected to certain validation checks and added to a transaction file that contains other transactions entered during the period. c. Individual transactions immediately update a memo file containing information which has been extracted from the most recent version of the master file. d. The master files are updated by other systems.

3. It combines on-line/real time processing and on-line/batch processing. a. On-Line/Memo Update (and Subsequent Processing) b. On-Line Downloading/Uploading Processing c. On-Line/Inquiry d. On-Line/Combined Processing

4. It is a communication system that enables computer users to share computer equipment, application software, data and voice and video transmissions. a. Network b. File server c. Host d. Client

5. A type of network that multiple buildings are close enough to create a campus, but the space between the buildings is not under the control of the company is a. Local Area Network (LAN) c. Metropolitan Area Network (MAN) b. Wide Area Network (WAN) d. World Wide Web (WWW)

6. Which of the following is least likely a characteristic of Wide Area Network (WAN)? a. Created to connect two or more geographically separated LANs. b. Typically involves one or more long-distance providers, such as a telephone company to provide the connections. c. WAN connections tend to be faster than LAN. d. Usually more expensive than LAN.

7. Gateway is a. A hardware and software solution that enables communications between two dissimilar networking systems or protocols. b. A device that forwards frames based on destination addresses. c. A device that connects and passes packets between two network segments that use the same communication protocol. d. A device that regenerates and retransmits the signal on a network.

8. A device that works to control the flow of data between two or more network segments a. Bridge b. Router c. Repeater d. Switch

9. The undesirable characteristics of on-line computer systems least likely include a. Data are usually subjected to immediate validation checks. b. Unlimited access of users to all of the functions in a particular application. c. Possible lack of visible transaction trail. d. Potential programmer access to the system.

10. Certain general CIS controls that are particularly important to on-line processing least likely include a. Access controls. b. System development and maintenance controls. c. Edit, reasonableness and other validation tests. d. Use of anti-virus software program.

11. Certain CIS application controls that are particularly important to on-line processing least likely include a. Pre-processing authorization. c. Transaction logs. b. Cut-off procedures. d. Balancing.

12. Risk of fraud or error in on-line systems may be reduced in the following circumstances, except a. If on-line data entry is performed at or near the point where transactions originate, there is less risk that the transactions will not be recorded. b. If invalid transactions are corrected and re-entered immediately, there is less risk that such transactions will not be corrected and re-submitted on a timely basis. c. If data entry is performed on-line by individuals who understand the nature of the transactions involved, the data entry process may be less prone to errors than when it is performed by individuals unfamiliar with the nature of the transactions. d. On-line access to data and programs through telecommunications may provide greater opportunity for access to data and programs by unauthorized persons.

13. Risk of fraud or error in on-line computer systems may be increased for the following reasons, except a. If workstations are located throughout the entity, the opportunity for unauthorized use of a workstation and the entry of unauthorized transactions may increase. b. Workstations may provide the opportunity for unauthorized uses such as modification of previously entered transactions or balances. c. If on-line processing is interrupted for any reason, for example, due to faulty telecommunications, there may be a greater chance that transactions or files may be lost and that the recovery may not be accurate and complete. d. If transactions are processed immediately on-line, there is less risk that they will be processed in the wrong accounting period.

14. The following matters are of particular importance to the auditor in an on-line computer system, except a. Authorization, completeness and accuracy of on-line transactions. b. Integrity of records and processing, due to on-line access to the system by many users and programmers. c. Changes in the performance of audit procedures including the use of CAAT's. d. Cost-benefit ratio of installing on-lin e computer system.

PAPS 1003 – CIS Environments – Database Systems

1. A collection of data that is shared and used by a number of different users for different purposes. a. Database b. Information file c. Master file d. Transaction file

2. Which of the following is least likely a characteristic of a database system? a. Individual applications share the data in the database for different purposes. b. Separate data files are maintained for each application and similar data used by several applications may be repeated on several different files. c. A software facility is required to keep track of the location of the data in the database. d. Coordination is usually performed by a group of individuals whose responsibility is typically referred to as "database administration."

3. Database administration tasks typically include I. Defining the database structure. II. Maintaining data integrity, security and completeness. III. Coordinating computer operations related to the database. IV. Monitoring system performance. V. Providing administrative support. a. All of the above b. All except I c. II and V only d. II, III and V only

4. Due to data sharing, data independence and other characteristics of database systems a. General CIS controls normally have a greater influence than CIS application controls on database systems. b. CIS application controls normally have a greater influence than general CIS controls on database systems. c. General CIS controls normally have an equal influence with CIS application controls on database systems. d. CIS application controls normally have no influence on database systems.

5. Which statement is incorrect regarding the general CIS controls of particular importance in a database environment? a. Since data are shared by many users, control may be enhanced when a standard approach is used for developing each new application program and for application program modification.

b. The purpose of general CIS controls is to establish a framework of overall control over the CIS activities and to provide a reasonable level of assurance that the overall objectives of internal control are achieved. c. The purpose of CIS application controls is to establish specific control procedures over the application systems in order to provide reasonable assurance that all transactions are authorized and recorded, and are processed completely, accurately and on a timely basis. d. The internal controls over computer processing, which help to achieve the overall objectives of internal control, include only the procedures designed into computer programs.

1. General CIS controls may include, except: a. Organization and management controls. c. Delivery and support controls. b. Development and maintenance controls. d. Controls over computer data files.

2. CIS application controls include, except a. Controls over input. b. Controls over processing and computer data files. c. Controls over output. d. Monitoring controls.

3. Which statement is incorrect regarding the review of general CIS controls and CIS application controls? a. The auditor should consider how these general CIS controls affect the CIS applications significant to the audit. b. General CIS controls that relate to some or all applications are typically interdependent controls in that their operation is often essential to the effectiveness of CIS application controls. c. Control over input, processing, data files and output may be carried out by CIS personnel, by users of the system, by a separate control group, or may be programmed into application software. d. It may be more efficient to review the design of the application controls before reviewing the general controls.

4. Which statement is incorrect regarding the evaluation of general CIS controls and CIS application controls? a. The general CIS controls may have a pervasive effect on the processing of transactions in application systems. b. If general CIS controls are not effective, there may be a risk that misstatements might occur and go undetected in the application systems. c. Manual procedures exercised by users may provide effective control at the application level. d. Weaknesses in general CIS controls cannot preclude testing certain CIS application controls.

PAPS 1009 – Computer-Assisted Audit Techniques (CAATs)

1. The applications of auditing procedures using the computer as an audit tool refer to a. Integrated test facility c. Auditing through the computer b. Data-based management system d. Computer assisted audit techniques

2. Which statement is incorrect regarding CAATs? a. CAATs are often an efficient means of testing a large number of transactions or controls over large populations. b. To ensure appropriate control procedures, the presence of the auditor is not necessarily required at the computer facility during the running of a CAAT. c. The general principles outlined in PAPS 1009 apply in small entity IT environments. d. Where smaller volumes of data are processed, the use of CAATs is more cost effective.

3. Consists of generalized computer programs designed to perform common audit tasks or standardized data processing functions. a. Package or generalized audit software c. Utility programs b. Customized or purpose-written programs d. System management programs

4. Audit automation least likely include a. Expert systems. b. Tools to evaluate a client’s risk management procedures. c. Manual working papers. d. Corporate and financial modeling programs for use as predictive audit tests.

1. An internal auditor noted the following points when conducting a preliminary survey in connection with the audit of an EDP department. Which of the following would be considered a safeguard in the control system on which the auditor might rely? a. Programmers and computer operators correct daily processing problems as they arise. b. The control group works with user organizations to correct rejected input. c. New systems are documented as soon as possible after they begin processing live data. d. The average tenure of employees working in the EDP department is ten months.

2. An on-line access control that checks whether the user’s code number is authorized to initiate a specific type of transaction or inquiry is referred to as a. Password c. Compatibility test b. Limit check d. Reasonableness test

3. A control procedure that could be used in an on-line system to provide an immediate check on whether an account number has been entered on a terminal accurately is a a. Compatibility test c. Record count b. Hash total d. Self-checking digit

4. A control designed to catch errors at the point of data entry is a. Batch total c. Self-checking digit b. Record count d. Checkpoints

5. Program documentation is a control designed primarily to ensure that a. Programmers have access to the tape library or information on disk files. b. Programs do not make mathematical errors. c. Programs are kept up to date and perform as intended. d. Data have been entered and processed.

6. Some of the more important controls that relate to automated accounting information systems are validity checks, limit checks, field checks, and sign tests. These are classified as a. Control total validation routines c. Output controls b. Hash totaling d. Input validation routines

7. Most of today’s computer systems have hardware controls that are built in by the computer manufacturer. Common hardware controls are a. Duplicate circuitry, echo check, and internal header labels b. Tape file protection, cryptographic protection, and limit checks c. Duplicate circuitry, echo check, and dual reading d. Duplicate circuitry, echo check, tape file protection, and internal header labels

8. Computer manufacturers are now installing software programs permanently inside the computer as part of its main memory to provide protection from erasure or loss if there is interrupted electrical power. This concept is known as a. File integrity c. Random access memory (RAM) b. Software control d. Firmware

9. Which one of the following represents a lack of internal control in a computer-based information system? a. The design and implementation is performed in accordance with management’s specific authorization. b. Any and all changes in application programs have the authorization and approval of management. c. Provisions exist to protect data files from unauthorized access, modification, or destruction. d. Both computer operators and programmers have unlimited access to the programs and data files.

10. In an automated payroll processing environment, a department manager substituted the time card for a terminated employee with a time card for a fictitious employee. The fictitious employee had the same pay rate and hours worked as the terminated employee. The best control technique to detect this action using employee identification numbers would be a a. Batch total b. Hash total c. Record count d. Subsequent check

11. An employee in the receiving department keyed in a shipment from a remote terminal and inadvertently omitted the purchase order number. The best systems control to detect this error would be a. Batch total c. Sequence check b. Completeness test d. Reasonableness test

12. For control purposes, which of the following should be organizationally segregated from the computer operations function? a. Data conversion c. Systems development b. Surveillance of CRT messages d. Minor maintenance according to a schedule

13. Which of the following is not a major reason for maintaining an audit trail for a computer system? a. Deterrent to irregularities c. Analytical procedures b. Monitoring purposes d. Query answering

14. In an automated payroll system, all employees in the finishing department were paid the rate of P75 per hour when the authorized rate was P70 per hour. Which of the following controls would have been most effective in preventing such an error? a. Access controls which would restrict the personnel department’s access to the payroll master file data. b. A review of all authorized pay rate changes by the personnel department. c. The use of batch control totals by department. d. A limit test that compares the pay rates per department with the maximum rate for all employees.

15. Which of the following errors would be detected by batch controls? a. A fictitious employee as added to the processing of the weekly time cards by the computer operator. b. An employee who worked only 5 hours in the week was paid for 50 hours. c. The time card for one employee was not processed because it was lost in transit between the payroll department and the data entry function. d. All of the above.

16. The use of a header label in conjunction with magnetic tape is most likely to prevent errors by the a. Computer operator c. Computer programmer b. Keypunch operator d. Maintenance technician

17. For the accounting system of ACME Company, the amounts of cash disbursements entered into an EDP terminal are transmitted to the computer that immediately transmits the amounts back to the terminal for display on the terminal screen. This display enables the operator to

a. Establish the validity of the account number

b. Verify the amount was entered accurately

c. Verify the authorization of the disbursements

d. Prevent the overpayment of the account

1. When EDP programs or files can be accessed from terminals, users should be required to enter a(an) a. Parity check c. Self-diagnostic test b. Personal identification code d. Echo check

2. The possibility of erasing a large amount of information stored on magnetic tape most likely would be reduced by the use of a. File protection ring c. Completeness tests b. Check digits d. Conversion verification

3. Which of the following controls most likely would assure that an entity can reconstruct its financial records?

a. Hardware controls are built into the computer by the computer manufacturer.

b. Backup diskettes or tapes of files are stored away from originals.

c. Personnel who are independent of data input perform parallel simulations.

d. System flowcharts provide accurate descriptions of input and output operations.

1. Mill Co. uses a batch processing method to process its sales transactions. Data on Mill’s sales transaction tape are electronically sorted by customer number and are subject to programmed edit checks in preparing its invoices, sales journals, and updated customer account balances. One of the direct outputs of the creation of this tape most likely would be a

a. Report showing exceptions and control totals.

b. Printout of the updated inventory records.

c. Report showing overdue accounts receivable.

d. Printout of the sales price master file.

1. Using microcomputers in auditing may affect the methods used to review the work of staff assistants because

a. The audit field work standards for supervision may differ.

b. Documenting the supervisory review may require assistance of consulting services

personnel.

c. Supervisory personnel may not have an understanding of the capabilities and limitations of

microcomputers.

d. Working paper documentation may not contain readily observable details of calculations.

1. An auditor anticipates assessing control risk at a low level in a computerized environment. Under these circumstances, on which of the following procedures would the auditor initially focus? a. Programmed control procedures c. Output control procedures b. Application control procedures d. General control procedures

2. After the preliminary phase of the review of a client’s EDP controls, an auditor may decide not to perform tests of controls (compliance tests) related to the control procedures within the EDP portion of the client’s internal control structure. Which of the following would not be a valid reason for choosing to omit such tests?

a. The controls duplicate operative controls existing elsewhere in the structure.

b. There appear to be major weaknesses that would preclude reliance on the stated

procedure.

c. The time and costs of testing exceed the time and costs in substantive testing if the tests of

controls show the controls to be operative.

d. The controls appear adequate.

1. Which of the following client electronic data processing (EDP) systems generally can be audited without examining or directly testing the EDP computer programs of the system?

a. A system that performs relatively uncomplicated processes and produces detailed output.

b. A system that affects a number of essential master files and produces a limited output.

c. A system that updates a few essential master files and produces no printed output other

than final balances.

d. A system that performs relatively complicated processing and produces very little detailed

output.

1. Computer systems are typically supported by a variety of utility software packages that are important to an auditor because they

a. May enable unauthorized changes to data files if not properly controlled.

b. Are very versatile programs that can be used on hardware of many manufacturers.

c. May be significant components of a client’s application programs.

d. Are written specifically to enable auditors to extract and sort data.

1. To obtain evidence that online access controls are properly functioning, an auditor most likely would

a. Create checkpoints at periodic intervals after live data processing to test for unauthorized

use of the system.

b. Examine the transaction log to discover whether any transactions were lost or entered twice

due to a system malfunction

c. Enter invalid identification numbers or passwords to ascertain whether the system rejects

them.

d. Vouch a random sample of processed transactions to assure proper authorization

1. Which of the following statements most likely represents a disadvantage for an entity that keeps microcomputer-prepared data files rather than manually prepared files?

a. Attention is focused on the accuracy of the programming process rather than errors in

individual transactions.

b. It is usually easier for unauthorized persons to access and alter the files.

c. Random error associated with processing similar transactions in different ways is usually

greater.

d. It is usually more difficult to compare recorded accountability with physical count of assets.

1. An auditor would least likely use computer software to

a. Access client data files c. Assess EDP controls

b. Prepare spreadsheets d. Construct parallel simulations

c. Differences in description of units of measure.

d. Illogical entries in fields whose logic is tested by programmed consistency checks.

1. An auditor who is testing EDP controls in a payroll system would most likely use test data that contain conditions such as

a. Deductions not authorized by employees.

b. Overtime not approved by supervisors.

c. Time tickets with invalid job numbers.

d. Payroll checks with unauthorized signatures.

1. Auditing by testing the input and output of an EDP system instead of the computer program itself will

a. Not detect program errors which do not show up in the output sampled.

b. Detect all program errors, regardless of the nature of the output.

c. Provide the auditor with the same type of evidence.

d. Not provide the auditor with confidence in the results of the auditing procedures.

1. Which of the following computer-assisted auditing techniques allows fictitious and real transactions to be processed together without client operating personnel being aware of the testing process?

a. Integrated test facility c. Parallel simulation

b. Input controls matrix d. Data entry monitor

1. Which of the following methods of testing application controls utilizes a generalized audit software package prepared by the auditors?

a. Parallel simulation c. Test data approach

b. Integrated testing facility approach d. Exception report tests

1. Misstatements in a batch computer system caused by incorrect programs or data may not be detected immediately because

a. Errors in some transactions may cause rejection of other transactions in the batch.

b. The identification of errors in input data typically is not part of the program.

c. There are time delays in processing transactions in a batch system.

d. The processing of transactions in a batch system is not uniform.

1. Which of the following is not a characteristic of a batch processed computer system?

a. The collection of like transactions which are sorted and processed sequentially against a

master file.

b. Keypunching of transactions, followed by machine processing.

c. The production of numerous printouts.

d. The posting of a transaction, as it occurs, to several files, without immediate printouts.

1. Where disk files are used, the grandfather-father-son updating backup concept is relatively difficult to implement because the

a. Location of information points on disks is an extremely time consuming task.

b. Magnetic fields and other environmental factors cause off-site storage to be impractical.

c. Information must be dumped in the form of hard copy if it is to be reviewed before used in

updating.

d. Process of updating old records is destructive.

1. A n auditor would most likely be concerned with which of the following controls in a distributed data processing system?

a. Hardware controls c. Access controls

b. Systems documentation controls d. Disaster recovery controls

1. If a control total were computed on each of the following data items, which would best be identified as a hash total for a payroll EDP application?

a. Total debits and total credits c. Department numbers

b. Net pay d. Hours worked

1. Which of the following is a computer test made to ascertain whether a given characteristic belongs to the group?

a. Parity check c. Echo check

b. Validity check d. Limit check

1. A control feature in an electronic data processing system requires the central processing unit (CPU) to send signals to the printer to activate the print mechanism for each character. The print mechanism, just prior to printing, sends a signal back to the CPU verifying that the proper print position has been activated. This type of hardware control is referred to as

a. Echo check c. Signal control

b. Validity control d. Check digit control

1. Which of the following is an example of a check digit?

a. An agreement of the total number of employees to the total number of checks printed by the

computer.

b. An algebraically determined number produced by the other digits of the employee number.

c. A logic test that ensures all employee numbers are nine digits.

d. A limit check that an employee’s hours do not exceed 50 hours per work week.

1. In a computerized system, procedure or problem-oriented language is converted to machine language through a(an)

a. Interpreter b. Verifier c. Compiler d. Converter

1. A customer erroneously ordered Item No. 86321 rather than item No. 83621. When this order is processed, the vendor’s EDP department would identify the error with what type of control?

a. Key verifying c. Batch total

b. Self-checking digit d. Item inspection

1. The computer process whereby data processing is performed concurrently with a particular activity and the results are available soon enough to influence the course of action being taken or the decision being made is called:

a. Random access sampling c. On-line, real-time system

b. Integrated data processing d. Batch processing system

1. Internal control is ineffective when computer department personnel

a. Participate in computer software acquisition decisions.

b. Design documentation for computerized systems.

c. Originate changes in master file.

d. Provide physical security for program files.

1. Test data, integrated test data and parallel simulation each require an auditor to prepare data and computer programs. CPAs who lack either the technical expertise or time to prepare programs should request from the manufacturers or EDP consultants for

a. The program Code c. Generalized audit software

b. Flowchart checks d. Application controls

1. Which of the following best describes a fundamental control weakness often associated with electronic data processing system?

a. EDP equipment is more subject to system error than manual processing is subject to

human error.

b. Monitoring is not an adequate substitute for the use of test data.

c. EDP equipment processes and records similar transactions in a similar manner.

d. Functions that would normally be separated in a manual system are combined in the EDP

system like the function of programmers and operators.

1. Which of the following tasks could not be performed when using a generalized audit software package?

a. Selecting inventory items for observations.

b. Physical count of inventories.

c. Comparison of inventory test counts with perpetual records.

d. Summarizing inventory turnover statistics for obsolescence analysis.

1. All of the following are “auditing through the computer” techniques except

a. Reviewing source code c. Automated tracking and mapping

b. Test-decking d. Integrated test facility

1. The output of a parallel simulation should always be

a. Printed on a report.

b. Compared with actual results manually.

c. Compared with actual results using a comparison program.

d. Reconciled to actual processing output.

Which of the following is not a risk in an IT system?

What is CIS computerized information system?

What are the effects of CIS in audit?

Which of the following represents a lack of internal control in a computer based information system?