- No category
Auditing Theory Quiz: Information Systems (CIS)
advertisement
DE LA SALLE UNIVERSITY MANILA RVR – COB DEPARTMENT OF ACCOUNTANCY REVDEVT 3rd Term AY 14-15 Auditing Theory AT Quizzer 9 Prof. Francis H.Villamin “Auditing in a Information Systems (CIS) Environment” 1. Which of the following is not an advantage of a computerized accounting system? a. Computers process transactions uniformly b. Computers help alleviate human errors c. Computers can process many transactions quickly d. Computers leave a thorough audit trail which can be easily followed 2. A common difficulty in auditing a computerized accounting system is a. data can be erased from the computer with no visible evidence b. because of the lack of an audit trail, computer systems have weaker controls and more substantive testing is required c. because of the uniform nature of transaction processing, computer systems have strong controls and less substantive testing is required d. the large dissemination of entry points into the computer system leads to weak overall reliance on information generated by a computer 3. Which of the following most likely represents a disadvantage for an entry that maintains computer data files rather than manual files? a. It’s unusually more difficult to detect transposition errors b. Transactions are usually authorized before they are executed and recorded c. It is usually easier for unauthorized persons to access and alter the files d. Random error is more common when similar transactions are processed in different ways 4. Which of the following statements best describes a weakness often associated with computers? a. Computer equipment is more subject to a systems error than manual processing is subject to human error b. Computer equipment processes and records similar transactions in a similar manner c. Control activities for detecting invalid and unusual transactions are less effective than manual control activities d. Functions that would normally be separated in a manual system are combined in a computer system 5. An auditor would most likely be concerned with which of the following controls in a distributed data processing system? a. Hardware controls b. Systems documentation controls c. Access controls d. Disaster recovery controls 6. Which of the following types of evidence would an auditor most likely examine to determine whether internal control is operating as designed? a. Gross margin information regarding the client’s industry b. Confirmations of receivables verifying account balances c. Client records documenting the use of computer programs d. Anticipated results documented in budgets or forecasts 7. An auditor anticipates assessing control risk at a low level in a computerized environment. Under these circumstances on which of the following activities would the auditor initially focus? a. Programmed control activities b. Application control activities c. Output control activities d. General control activities AT Quizzer 9 “ Information Systems Audit & Assurance” Page 2 8. After the preliminary phase of the review of a client’s computer controls, an auditor may decide not to perform tests of controls (compliance tests) related to the controls within the computer portion of the client’s internal control. Which of the following would not be a valid reason for choosing to omit such tests? a. The controls duplicate operative controls existing elsewhere in the structure. b. There appear to be major weaknesses that would preclude reliance on the stated procedure. c. The time and dollar costs of testing exceed the time and dollar savings in substantive testing if the tests of controls show the controls to be operative. d. The controls appear adequate. 9. Auditing by testing the input and output of a computer system instead of the computer program itself will a. Not detect program errors which do not show up in the output sampled b. Detect all program errors, regardless of the nature of the output c. Provide the auditor with the same type of evidence d. Not provide the auditor with confidence in the results of the auditing procedures 10. Which of the following client information technology (IT) systems generally can be audited without examining or directly testing the IT computer programs of the system? a. A system that performs relatively uncomplicated processes and produces detailed output b. A system that affects the number of essential master files and produces a limited output c. A system that updates a few essential master files and produces no printed output other than final balances d. A system that performs relatively complicated processing and produces very little detailed output 11. An auditor who wishes to capture an entity’s data as transactions are processed and continuously test the entity’s computerized information system most likely would use which of the following techniques? a. Snapshot application b. Embedded audit module c. Integrated data check d. Test data generator 12. Which of the following computer-assisted auditing techniques processes client input data on a controlled program under the auditor’s control to test controls in the computer system? a. Test data b. Review of program logic c. Integrated test facility d. Parallel simulation 13. To obtain evidence that on-line access controls are properly functioning, an auditor most likely would a. Create checkpoints at periodic intervals after live data processing to test for unauthorized use of the system b. Examine the transaction log to discover whether any transactions were lost or entered twice due to a system malfunction c. Enter invalid identification numbers or passwords to ascertain whether the system rejects them d. Vouch a random sample of processed transactions to assure proper authorization 14. An auditor most likely would introduce test data into a computerized payroll system to test controls related to the a. Existence of unclaimed payroll checks held by supervisors b. Early cashing of payroll checks by employees c. Discovery of invalid employee ID numbers d. Proper approval of overtime by supervisors 15. When an auditor tests a computerized accounting system, which of the following is true of the test data approach? a. Several transactions of each type must be tested b. Test data are processed by the client’s computer programs under the auditor’s control c. Test data must consist of all possible valid and invalid conditions d. The program tested is different from the program used throughout the year by the client 16 Which of the following is not among the errors that an auditor might include in the test data when auditing a client’s computer system? a. Numeric characters in alphanumeric fields b. Authorized code c. Differences in description of units of measure d. Illogical entries in fields whose logic is tested by programmed consistency checks AT Quizzer 9 “ Information Systems Audit & Assurance” Page 3 17 Which of the following computer-assisted auditing techniques allows fictitious and real transactions to be processed together without client operating personnel being aware of the testing process? a. Integrated test facility b. Input control matrix c. Parallel simulation d. Data entry monitor 18 Which of the following methods of testing application controls utilizes a generalized audit software package prepared by the auditors? a. Parallel simulation b. Integrated testing facility approach c. Test data approach d. Exception report tests 19 In creating lead schedules for an audit engagement, a CPA often uses automated work paper software. What client information is needed to begin this process? a. Interim financial information such as third quarter sales, net income, and inventory and receivables balances b. Specialized journal information such as the invoice and purchase order numbers of the last few sales and purchases of the year c. General ledger information such as account numbers, prior year account balances, and current year unadjusted information d. Adjusting entry information such as deferrals and accruals, and reclassification journal entries 20 Using microcomputers in auditing may affect the methods used to review the work of staff assistants because a. The audit fieldwork standards for supervision may differ b. Documenting the supervisory review may require assistance of consulting services personnel c. Supervisory personnel may not have an understanding of the capabilities and limitations of microcomputers d. Working paper documentation may not contain readily observable details of calculations 21. An auditor would least likely use computer software to a. Access client data files b. Prepare spreadsheets c. Assess computer control risk d. Construct parallel simulations 22. A primary advantage of using generalized audit software packages to audit the financial statement of a client that uses a computer system is that the auditor may a. Access information stored on computer files while having a limited understanding of the client’s hardware and software features b. Consider increasing the use of substantive tests of transactions in place of analytical procedures c. Substantiate the accuracy of data through self-checking digits and hash totals d. Reduce the level of required tests of controls to a relatively small amount 23. Auditors often make use of computer programs that perform routine processing functions such as sorting and merging. These programs are made available by electronic data processing companies and others and are specifically referred to as a. Compiler programs b. Supervisory programs c. Utility programs d. User programs 24. Berry Corporation has numerous customers. A customer file is kept on disk storage. Each customer file contains name, address, credit limit, and account balance. The auditor wishes to test this file to determine whether credit limits are being exceeded. The best procedure for the auditor to follow would be to a. Develop test data that would cause some account balances to exceed the credit limit and determine if the system properly detects such situations b. Develop a program to compare credit limits with account balances and print out the details of any account with a balance exceeding the credit limit c. Request a printout of all account balances so they can be manually checked against the credit limits d. Request a printout of a sample of account balances so they can be individually checked against the credit limits AT Quizzer 9 “ Information Systems Audit & Assurance” Page 4 25. How has Electronic Data Interchange (EDI) systems affected audits? a. Since orders and billing transactions are done over the computer, source documents cannot be obtained b. Auditors often need to plan ahead to capture information about selected transactions over the EDI c. There is no audit trail in an EDI system, so controls are typically assessed as weak d. Since all transactions occur over the computer, reliability is high and little substantive testing is needed 26. Since the computer can do many jobs simultaneously, segregation is not as defined as it is in a manual system. How can a computer system be modified to compensate for the lack of segregation of duties? a. The computer system should be under the direction of the internal audit department b. The computer system should be accessible to various competent partners so they can check on each other’s work c. Strong controls should be built into both the computer software and hardware to limit access and manipulation d. Many companies run complete parallel manual and automated accounting systems for a cross check on input and output 27. Internal control is ineffective when the computer personnel a. participates in computer software acquisition decisions b. designs documentation for computerized systems c. originates changes in master files d. provides physical security for program files 28. Accounting functions that are normally considered incompatible in a manual system are often combined by computer software. This necessitates an application control that prevents unapproved a. access to the computer library b. usage of software c. revisions to existing software d. testing of modified software 29. An auditor’s consideration of a computer’s control activities has disclosed the following four circumstances. Which circumstance constitutes significant deficiency in internal control? a. Computer operators do not have access to the complete software support documentation b. Computer operators are closely supervised by the programmers c. Programmers are not authorized to operate computers d. Only one generation of backup files is stored in an off-premise location 30. One key control in the organization of the information systems department is the a. separation of the systems development group and the operations (data processing) group b. operating personnel should strictly control access to the client’s database c. controller should manage the information system since it supplements the accounting work already done under the supervision of the controller d. information systems department should be under the direction of systems development personnel since they are responsible for the overall performance of the system 31. In an electronic data processing system, automated equipment controls or hardware controls are designed to a. arrange data in a logical sequential manner for processing purposes. b. correct errors in the computer programs. c. monitor and detect errors in source documents. d. detect and control errors arising from use of equipment. 32. Which of the following characteristics distinguishes computer processing from manual processing? a. Computer processing virtually eliminates the occurrence of computational error normally associated with manual processing. b. Errors or fraud in computer processing will be detected soon after their occurrences. c. The potential for systematic error is ordinarily greater in manual processing than in computerized processing. d. Most computer systems are designed so that transaction trails useful for audit purposes do not exist. 33. What is the computer process called when data processing is performed concurrently with a particular activity and the results are available soon enough to influence the particular course of actions being taken or the decision being made? a. Real-time processing b. Batch processing c. Random access processing d. Integrated data processing AT Quizzer 9 “ Information Systems Audit & Assurance” Page 5 34. Which of the following statements is false? In data processing, a. data refers to facts which have been organized in a meaningful manner. b. the sources of data are within the firm and outside the firm. c. data processing refers to the operations needed to collect and transform data into useful information. d. mechanical data processing is a system in which the operations are performed with the assistance of major mechanical devices. 35. The grandfather-father-son approach to providing protection for important computer files is a concept that is most often found in a. on-line, real-time systems b. punched-card systems c. magnetic tape systems d. magnetic drum systems 36. Which of the following employees in a company’s electronic data processing department should be responsible for designing a new or improved data processing procedures? a. Flowchart editor b. Programmer c. Systems analyst d. Control-group supervisor 37. An electronic data processing technique which collects data into groups to permit convenient and efficient processing is known as a. document-count processing b. multi-programming c. batch processing d. generalized audit processing 38. A fundamental purpose of a database management system is to a. store all data for an organization in multiple files. b. reduce data redundancy. c. use physical data organizations concepts instead of logical data organization concepts. d. change the manner in which application programs access individual data elements. 39. A partial set of standard characteristics of a real-time system is a. batched input, online files, and an extensive communication network. b. reliance upon sequential files, prompt input from users, and interactive programs. c. online files, prompt input from users, and an extensive communication network. d. the use of high-level language and the major need being for historical reports. 40. All activity related to a particular application in a manual system is recorded in a journal. The name of the corresponding item in a computerized system is a a. master file b. year-to-date file c. transaction file d. current balance file 41. Which of the following is not a major reason for maintaining an audit trail for a computer system? a. Deterrent to fraud b. Monitoring purposes c. Analytical procedures d. Query answering 42. An auditor would most likely be concerned with which of the following controls in a distributed data processing system? a. Hardware controls b. System documentation controls c. Access controls d. Disaster recovery controls 43. Which one of the following is not considered a typical risk associated with outsourcing (the practice of hiring an outside company to handle all or part of the data processing)? a. Inflexibility b. Loss of control c. Loss of confidentiality d. Less availability of expertise AT Quizzer 9 “ Information Systems Audit & Assurance” Page 6 44. The initial debugging of a computer program should normally be done by the a. programmer b. internal auditor c. machine operator d. control group 45. Which of the following is not one of the main components of a computer? a. Processing unit b. Storage (memory) unit c. Arithmetic unit d. Verifier 46. The normal sequence of documents and operations on a well-prepared systems flowchart is a. top to bottom and left to right. b. bottom to top and left to right. c. top to bottom and right to left. d. bottom to top and right to left. 47. The purpose of using generalized computer programs is to test and analyze a client’s computer a. systems b. equipment c. records d. processing logic 48. The computer system most likely to be used by a large savings bank for customers’ accounts would be a. an on-line, real-time system b. a batch processing system c. a generalized utility system d. a direct access data base system 49. Which of the following lists comprises of the components of the data processing cycle? a. Batching, processing, output b. Collection, refinement, processing, maintenance, output c. Input, classifying, batching, verification, transmission d. Collection, refinement, storing, output 50. Which of the following is not a characteristic of a batch processed computer system? a. The collection of like transactions which are sorted and processed sequentially against a master file. b. Keypunching of transactions, followed by machine processing. c. The production of numerous printouts. d. The posting of transaction, as it occurs, to several files, without intermediate printouts. 51. The internal controls over computer processing include both manual procedures and procedures designed into computer programs (programmed control procedures). These manual and programmed control procedures comprise the general CIS controls and CIS application controls. The purpose of general CIS controls is to a. Establish specific control procedures over the accounting applications in order to provide reasonable assurance that all transactions are authorized and recorded and are processed completely, accurately, and on a timely basis b. Establish a framework of overall controls over the CIS activities and to provide a reasonable level of assurance that the overall objectives of internal control are achieved c. Provide reasonable assurance that systems are developed and maintained in an authorized and efficient manner d. Provide reasonable assurance that access to data and computer programs is restricted to authorized personnel 52. CIS application controls include the following, except a. Controls over input b. Controls over processing and computer data files c. Controls over output d. Controls over access to systems software and documentation 53. The auditor is required to consider how an entity’s general CIS controls affect the CIS applications significant to the audit. Accordingly, the auditor should a. Review the design of the general CIS controls only b. Review the design of the CIS application controls only c. Review the design of the general CIS controls before reviewing the CIS application controls d. Review the design of the CIS application controls before reviewing the design of the general CIS controls AT Quizzer 9 “ Information Systems Audit & Assurance” Page 7 54. The two broad categories of CIS controls are general controls and application controls. General controls include controls a. For developing, maintaining and modifying computer programs b. That relate to the correction and resubmission of erroneous data c. Designed to provide reasonable assurance that only authorized users receive output from processing d. Designed to provide reasonable assurance that all data submitted for processing have been properly authorized 55. The significance of hardware controls is that they a. Ensure that run-to-run totals in application systems are consistent b. Reduce the incidence of user input errors in online systems c. Ensure correct programming of operating system functions d. Assure that machine instructions are executed correctly 56. The following statements relate to internal control in an electronic data interchange (EDI) environment. Which is true? a. In EDI systems, preventive controls are generally more important than detective controls b. Control objectives for EDI systems generally are different from the objectives for other computer information systems c. Internal controls that relate to the segregation of duties generally are the most important controls in EDI systems d. Internal controls in EDI systems rarely permit control risk at below the maximum 57. An entity has recently converted its revenue/receipt cycle from a manual processing to an online, real-time processing system. Which is the most probable result associated with conversion to the new computerized processing system? a. Less segregation of traditional duties b. Significant increase in processing time c. Reduction ion the entity’s risk exposures d. Increase in processing errors 58. The most important segregation of duties in the organization of the information systems function is a. Using different programming personnel to maintain utility programs from those who maintain the application programs b. Having a separate information officer at the top level of the organization outside of the accounting function c. Assuring that those responsible for programming the system do not have access to data processing operations d. Not allowing the data librarian to assist in data processing operations 59. Which of the following activities would most likely be performed in the information systems department? a. Initiation of changes to master records b. Conversion of information to machine-readable form c. Correction of transactional errors d. Initiation of changes to existing applications 60. For control purposes, which of the following should be organizationally segregated from the computer operations function? a. Data conversion b. Surveillance of CRT messages c. Systems of development d. Minor maintenance according to a schedule 61. Which of the following is not a major reason for maintaining an audit trail for a computer system? a. Deterrent to fraud b. Monitoring purposes c. Analytical procedures d. Query answering 62. Alpha National Bank has an on-line real-time system, with terminals installed in all of its branches. This system will not accept a customer’s cash withdrawal instructions in excess of P10,000 without the use of a “terminal audit key”. After the transaction is authorized by a supervisor, the bank teller then processes the transaction with the audit key. This control can be strengthened by a. On-line recording of the transaction on audit override sheet b. Increasing the dollar amount to P15,000 c. Requiring manual, rather than on-line, recording of all transactions d. Using parallel simulation AT Quizzer 9 “ Information Systems Audit & Assurance” Page 8 63. The use of header label in conjunction with magnetic tape is most likely to prevent errors by the a. Computer operator b. Keypunch operator c. Computer programmer d. Maintenance technician 64. For the accounting system of Atlantis Company, the amounts of cash disbursements entered into a terminal are transmitted to the computer that immediately transmits the amounts back to the terminal for display on the terminal screen. This display enables the operator to a. Establish the validity of the account number b. Verify the amount was entered accurately c. Verify the authorization of the disbursement d. Prevent the overpayment of the account 65. When computer programs or files can be accessed from terminals, users should be required to enter a(an) a. Parity check b. Personal identification code c. Self-diagnosis test d. Echo check 66. The possibility of erasing a large amount of information stored on magnetic tape most likely would be reduced by the use of a. File protection rings b. Check digits c. Completeness tests d. Conversion verification 67. Mark Corp. has changed from a system of recording time worked on clock cards to a computerized payroll system in which employees record time in and out with magnetic cards. The computer system automatically updates all payroll records. Because of this change a. A generalized computer audit program must be used b. Part of the audit trail is altered c. The potential for payroll related fraud is diminished d. Transactions must be processed in batches 68. Which of the following controls most likely would assure that an entity can reconstruct its financial records? a. Hardware controls are built into the computer by the computer manufacturer b. Backup diskettes or tapes of files are stored away from originals c. Personnel who are independent of data input perform parallel simulations d. Systems flowcharts provide accurate descriptions of input and output operations 69. Computer systems are typically supported by a variety of utility software packages that are important to an auditor because they a. May enable unauthorized changes to data files if not properly controlled b. Are very versatile programs that can be used on hardware of many manufacturers c. May be significant components of a client’s application program d. Are written specifically to enable auditors to extract and sort data 70. Where disk files are used, the grandfather-father-son updating backup concept is relatively difficult to implement because the a. Location of information points on disks is an extremely time consuming task b. Magnetic fields and other environmental factors cause off-site storage to be impractical c. Information must be dumped in the form of hard copy of it is to be reviewed before used in updating d. Process of updating old records is destructive 71. In creating lead schedules for an audit engagement, a CPA often uses automated work paper software. What client information is needed to begin this process? a. Interim financial information such as third quarter sales, net income, and inventory and receivables balances b. Specialized journal information such as the invoice and purchase orders numbers of the last few sales and purchase of the year c. General ledger information such as account numbers, prior year account balances, and current year unadjusted information d. Adjusting entry information such as deferrals and accruals and reclassification journal entries AT Quizzer 9 “ Information Systems Audit & Assurance” Page 9 72. Using microcomputers in auditing may affect the methods used to review the work of staff assistants because a. The audit fieldwork standards for supervision may differ b. Documenting the supervisory review may require assistance of consulting services personnel c. Supervisory personnel may not have an understanding of the capabilities and limitations of microcomputers d. Working paper documentation may not contain readily observable details of calculations 73. An entity has the following invoices in a batch: Invoice # Product Quantity Unit Price 201 F10 150 P 5.00 202 G15 200 P 10.00 203 H20 250 P 25.00 204 K35 300 P 30.00 Which of the following numbers represent the record count? a. 1 b. 4 c. 810 d. 900 74. Which of the following input controls is a numeric value computed to provide assurance that the original value has not been altered in construction or transmission? a. Hash total b. Parity check c. Encryption d. Check digit 75. Which of the following is an example of a validity check? a. The computer ensures that a numerical amount in a record does not exceed some predetermined amount b. As the computer corrects errors and data are successfully resubmitted to the system, the causes of the errors are printed out c. The computer flags any transmission for which the control field value did not match of an existing file record d. After data for transaction are entered, the computer sends certain data back to the terminal for comparison with data originally sent 76. Which of the following is a computer test made to ascertain whether a given characteristic belongs to the group? a. Parity check b. Validity check c. Echo check d. Limit check 77. A control feature in an electronic data processing system requires that central processing unit (CPU) to send signals to the printer to activate the print mechanism for each character. The print mechanism, just prior to the printing, sends a signal back to the CPU verifying that the proper print position has been activated. This type of hardware control is referred to as a. Echo control b. Validity control c. Signal control d. Check digit control 78. Which of the following is an example of a check digit? a. An agreement of the total number of employees to the total number of checks printed by the computer b. An algebraically determined number produced by the other digits of the employee number c. A logic test that ensures all employee numbers are nine digits d. A limit check that an employee’s hours do not exceed 50 hours per work week 79. In a computerized system, procedure or problem-oriented language is converted to machine language through a(an) a. Interpreter b. Verifier c. Compiler d. Converter AT Quizzer 9 “ Information Systems Audit & Assurance” Page 10 80. What type of computer system is characterized by data that are assembled from more than one location and records that are updated? a. Microcomputer system b. Minicomputer system c. Batch processing system d. On-line real time system 81. Should the auditor feel, after obtaining an understanding of the CIS internal structure, that control risk cannot be reduced, he or she will a. Issue a disclaimer. b. Issue an adverse opinion. c. Increase the sample size for tests of controls. d. Expand the substantive testing portion of the audit. 82. Control risk assessment when a computer is used would not involve a. Identifying specific control procedures designed to achieve the control objectives. b. Identifying the interdependent control procedures which must function for an identified specific control procedure to be effective. c. Evaluating the design of control procedures to determine control risk. d. Performance of specific tests of control audit procedures. 83. Which of the following represent examples of general, application and user controls activities, respectively, in the computer environment? a. Control over access to programs, computer exception reports, and manual checks of computer output. b. Manual checks of computer output, control over access to programs, and computer exception reports. c. Computer exception reports, control over access to programs, and manual checks of computer output. d. Manual checks of computer output, computer exception reports, and control over access to programs. 84. Which of the following is least likely a risk characteristic associated with a CIS environment? a. Error embedded in an application’s program logic may be difficult to manually detect on a timely basis. b. The separation of functional responsibilities diminishes in a computerized environment. c. Initiation of changes in the master file is exclusively handled by respective users. d. The potential unauthorized access to data or to alter them without visible evidence may be greater. 85. The use of a computer changes the processing, storage, and communication of financial information. A CIS environment may affect the following, except: a. The accounting and internal control systems of the entity. b. The overall objective and scope of an audit. c. The auditor’s design and performance of tests of control and substantive procedures to satisfy the audit objectives. d. The specific procedures to obtain knowledge of the entity’s accounting and internal control systems. 86. A compiler is a. A procedure-oriented language. b. A machine that converts procedure oriented language to a machine language. c. A program that converts procedure oriented language to a machine language. d. A program that translate symbolic language to machine language. 87. An operating system is a. The assembler program including the source and object program. b. All hardware and software needed to operate the computer system. c. The program that manage the processing operations of the computer. d. Only the hardware of the computer system. 88. A CIS where two or more personal computers are linked together through the use of special software and communication lines and allows the sharing of application software, data files, and computer peripherals such as printers and optical scanners is a/an a. Local area network (LAN). b. On-line system. c. Batch processing system. d. Wide area network (WAN). AT Quizzer 9 “ Information Systems Audit & Assurance” Page 11 89. What type of online computer system is characterized by data that are assembled from more than one location and records that are updated immediately? a. Online, batch processing system. b. Online, real-time processing system. c. Online, inquiry system. d. Online, downloading/uploading system. 90. Mainframe computer systems include several advanced processing procedures. Two of the most common processing procedures are multiprocessing and multiprogramming. Which of the following statements about these processing procedures is false? a. Multiprogramming allows multiple programs to be executed at exactly the same time. b. Multiprogramming switches back and forth between programs during processing. c. Multiprocessing allows the sharing of a central memory during processing. d. Multiprocessing allows multiple programs to be executed at exactly the same time. 91. When the client has a large number of transactions that processed by stand alone personal computer, the auditor a. May do tests of controls which he intends to rely on, if appropriate, to reduce the assessed control risk, and do audit work on the data a preliminary date. b. Understand the control environment and flow of transactions but must omit preliminary audit tests. c. May do tests of controls and if those controls can be relied on, do interim testing and omit year end audit testing. d. Usually omits the understanding of control environment because the stand alone personal compute environment is not reliable. 92. How does the stand alone personal computer environment of the client entity affect the auditor’s procedures? a. The auditor often assumes that control risk is reasonably low. b. Because of the advantage provided by the use of stand alone personal computers, the audit procedures are restricted to low level. c. The auditor usually concentrates the audit efforts on substantive tests at or near the end of the year. d. To be cost effective, the auditor makes an extensive review of general CIS and CIS application controls as basis of reducing the audit efforts to be performed on detailed testing of balances and transaction classes. 93. Audit team members can use the same database and programs when their PCs share a hard disk and printer on a LAN. Which of the following communication devices enables a PC to connect to a LAN? a. A network interface card (NIC) that plugs into the motherboard. b. A fax modem that sends that plugs into the motherboard. c. An internal modem that plugs into the motherboard. d. An external modem with a cable connection to a serial port. 94. Auditing in a Computer Information Systems Environment, states, “In planning the portions of the audit which may be affected by the client’s CIS environment, the auditor should obtain an understanding of the significance and complexity of the CIS activities and the availability of data for use in the audit.” The following relate to the complexity of CIS activities except when a. Transactions are exchanged electronically with other organizations (for example, in electronic data interchange systems (EDI). b. Complicated computations of financial information are performed by computer and/or material transactions or entries are generated automatically without independent validation. c. Material financial assertions are affected by computer processing. d. The volume of transactions is such that users would find it difficult to identify and correct errors in processing. 95. The auditor is required by the standard to consider the CIS environment in designing audit procedures to reduce risk to an acceptably low level. Which of the following statements is incorrect? a. The auditor’s specific audit objectives do not change whether financial information is processed manually or by the computer. b. The methods of applying audit procedures to gather audit evidence are not influenced by the methods of computer processing. c. The auditor may use either manual audit procedures, computer-assisted audit techniques (CAATs), or a combination of both to obtain sufficient appropriate audit evidence. d. In some CIS environments, it may be difficult or impossible for the auditor to obtain certain data for inspection, inquiry, or confirmation without the aid of computer. AT Quizzer 9 96. “ Information Systems Audit & Assurance” Page 12 Regardless of the nature of an entity’s environment, the auditor must consider internal control. In a CIS environment, the auditor must, at a minimum, have a. A background in programming procedures. b. An expertise in programming procedures. c. A sufficient knowledge of the computer’s operating system. d. A sufficient knowledge of the computer information system. 97. The use of CIS will least likely affect the a. The procedures followed by the auditor in obtaining a sufficient understanding of the accounting and internal control systems. b. The auditor’s specific objectives. c. The consideration of inherent risk and control risk through which the auditor arrives at the risk assessment. d. The auditor’s design and performance of tests of control and substantive procedures appropriate to meet the audit objective. 98. Who is ultimately responsible for the design and implementation of cost-effective controls in a CIS environment? a. The internal audit manager. b. The entity’s management. c. The CIS manager. d. The control group in the CIS environment. 99. Which of the following is unique to CIS? a. Error listing. b. Flowchart. c. Questionnaires. d. Pre-numbered documents. 100. Are the following risks greater in CIS than in manual systems? a b Erroneous data conversion Yes Yes Erroneous source document preparation Yes Yes Repetition of errors No No Concentration of data Yes No c Yes Yes Yes Yes d Yes No Yes Yes
0
advertisement
Download
advertisement
Add this document to collection(s)
You can add this document to your study collection(s)
Sign in Available only to authorized usersAdd this document to saved
You can add this document to your saved list
Sign in Available only to authorized users