DE LA SALLE UNIVERSITY MANILA
RVR – COB DEPARTMENT OF ACCOUNTANCY
REVDEVT 3rd Term AY 14-15
Auditing Theory
AT Quizzer 9
Prof. Francis H.Villamin
“Auditing in a Information Systems (CIS) Environment”
1.
Which of the following is not an advantage of a computerized accounting system?
a. Computers process transactions uniformly
b. Computers help alleviate human errors
c. Computers can process many transactions quickly
d. Computers leave a thorough audit trail which can be easily followed
2.
A common difficulty in auditing a computerized accounting system is
a. data can be erased from the computer with no visible evidence
b. because of the lack of an audit trail, computer systems have weaker controls and more substantive
testing is required
c. because of the uniform nature of transaction processing, computer systems have strong controls and
less substantive testing is required
d. the large dissemination of entry points into the computer system leads to weak overall reliance on
information generated by a computer
3.
Which of the following most likely represents a disadvantage for an entry that maintains computer data
files rather than manual files?
a. It’s unusually more difficult to detect transposition errors
b. Transactions are usually authorized before they are executed and recorded
c. It is usually easier for unauthorized persons to access and alter the files
d. Random error is more common when similar transactions are processed in different ways
4.
Which of the following statements best describes a weakness often associated with computers?
a. Computer equipment is more subject to a systems error than manual processing is subject to human
error
b. Computer equipment processes and records similar transactions in a similar manner
c. Control activities for detecting invalid and unusual transactions are less effective than manual control
activities
d. Functions that would normally be separated in a manual system are combined in a computer system
5.
An auditor would most likely be concerned with which of the following controls in a distributed data
processing system?
a. Hardware controls
b. Systems documentation controls
c. Access controls
d. Disaster recovery controls
6.
Which of the following types of evidence would an auditor most likely examine to determine whether
internal control is operating as designed?
a. Gross margin information regarding the client’s industry
b. Confirmations of receivables verifying account balances
c. Client records documenting the use of computer programs
d. Anticipated results documented in budgets or forecasts
7. An auditor anticipates assessing control risk at a low level in a computerized environment. Under these
circumstances on which of the following activities would the auditor initially focus?
a. Programmed control activities
b. Application control activities
c. Output control activities
d. General control activities
AT Quizzer 9
“ Information Systems Audit & Assurance”
Page 2
8.
After the preliminary phase of the review of a client’s computer controls, an auditor may decide not to
perform tests of controls (compliance tests) related to the controls within the computer portion of the
client’s internal control. Which of the following would not be a valid reason for choosing to omit such
tests?
a. The controls duplicate operative controls existing elsewhere in the structure.
b. There appear to be major weaknesses that would preclude reliance on the stated procedure.
c. The time and dollar costs of testing exceed the time and dollar savings in substantive testing if the
tests of controls show the controls to be operative.
d. The controls appear adequate.
9.
Auditing by testing the input and output of a computer system instead of the computer program itself will
a. Not detect program errors which do not show up in the output sampled
b. Detect all program errors, regardless of the nature of the output
c. Provide the auditor with the same type of evidence
d. Not provide the auditor with confidence in the results of the auditing procedures
10. Which of the following client information technology (IT) systems generally can be audited without
examining or directly testing the IT computer programs of the system?
a. A system that performs relatively uncomplicated processes and produces detailed output
b. A system that affects the number of essential master files and produces a limited output
c. A system that updates a few essential master files and produces no printed output other than final
balances
d. A system that performs relatively complicated processing and produces very little detailed output
11. An auditor who wishes to capture an entity’s data as transactions are processed and continuously test the
entity’s computerized information system most likely would use which of the following techniques?
a. Snapshot application
b. Embedded audit module
c. Integrated data check
d. Test data generator
12. Which of the following computer-assisted auditing techniques processes client input data on a controlled
program under the auditor’s control to test controls in the computer system?
a. Test data
b. Review of program logic
c. Integrated test facility
d. Parallel simulation
13. To obtain evidence that on-line access controls are properly functioning, an auditor most likely would
a. Create checkpoints at periodic intervals after live data processing to test for unauthorized use of the
system
b. Examine the transaction log to discover whether any transactions were lost or entered twice due to a
system malfunction
c. Enter invalid identification numbers or passwords to ascertain whether the system rejects them
d. Vouch a random sample of processed transactions to assure proper authorization
14. An auditor most likely would introduce test data into a computerized payroll system to test controls related
to the
a. Existence of unclaimed payroll checks held by supervisors
b. Early cashing of payroll checks by employees
c. Discovery of invalid employee ID numbers
d. Proper approval of overtime by supervisors
15. When an auditor tests a computerized accounting system, which of the following is true of the test data
approach?
a. Several transactions of each type must be tested
b. Test data are processed by the client’s computer programs under the auditor’s control
c. Test data must consist of all possible valid and invalid conditions
d. The program tested is different from the program used throughout the year by the client
16
Which of the following is not among the errors that an auditor might include in the test data when auditing
a client’s computer system?
a. Numeric characters in alphanumeric fields
b. Authorized code
c. Differences in description of units of measure
d. Illogical entries in fields whose logic is tested by programmed consistency checks
AT Quizzer 9
“ Information Systems Audit & Assurance”
Page 3
17
Which of the following computer-assisted auditing techniques allows fictitious and real transactions to be
processed together without client operating personnel being aware of the testing process?
a. Integrated test facility
b. Input control matrix
c. Parallel simulation
d. Data entry monitor
18
Which of the following methods of testing application controls utilizes a generalized audit software
package prepared by the auditors?
a. Parallel simulation
b. Integrated testing facility approach
c. Test data approach
d. Exception report tests
19
In creating lead schedules for an audit engagement, a CPA often uses automated work paper software.
What client information is needed to begin this process?
a. Interim financial information such as third quarter sales, net income, and inventory and receivables
balances
b. Specialized journal information such as the invoice and purchase order numbers of the last few sales
and purchases of the year
c. General ledger information such as account numbers, prior year account balances, and current year
unadjusted information
d. Adjusting entry information such as deferrals and accruals, and reclassification journal entries
20
Using microcomputers in auditing may affect the methods used to review the work of staff assistants
because
a. The audit fieldwork standards for supervision may differ
b. Documenting the supervisory review may require assistance of consulting services personnel
c. Supervisory personnel may not have an understanding of the capabilities and limitations of
microcomputers
d. Working paper documentation may not contain readily observable details of calculations
21. An auditor would least likely use computer software to
a. Access client data files
b. Prepare spreadsheets
c. Assess computer control risk
d. Construct parallel simulations
22. A primary advantage of using generalized audit software packages to audit the financial statement of a
client that uses a computer system is that the auditor may
a. Access information stored on computer files while having a limited understanding of the client’s
hardware and software features
b. Consider increasing the use of substantive tests of transactions in place of analytical procedures
c. Substantiate the accuracy of data through self-checking digits and hash totals
d. Reduce the level of required tests of controls to a relatively small amount
23. Auditors often make use of computer programs that perform routine processing functions such as sorting
and merging. These programs are made available by electronic data processing companies and others
and are specifically referred to as
a. Compiler programs
b. Supervisory programs
c. Utility programs
d. User programs
24. Berry Corporation has numerous customers. A customer file is kept on disk storage. Each customer file
contains name, address, credit limit, and account balance. The auditor wishes to test this file to determine
whether credit limits are being exceeded. The best procedure for the auditor to follow would be to
a. Develop test data that would cause some account balances to exceed the credit limit and determine if
the system properly detects such situations
b. Develop a program to compare credit limits with account balances and print out the details of any
account with a balance exceeding the credit limit
c. Request a printout of all account balances so they can be manually checked against the credit limits
d. Request a printout of a sample of account balances so they can be individually checked against the
credit limits
AT Quizzer 9
“ Information Systems Audit & Assurance”
Page 4
25. How has Electronic Data Interchange (EDI) systems affected audits?
a. Since orders and billing transactions are done over the computer, source documents cannot be
obtained
b. Auditors often need to plan ahead to capture information about selected transactions over the EDI
c. There is no audit trail in an EDI system, so controls are typically assessed as weak
d. Since all transactions occur over the computer, reliability is high and little substantive testing is needed
26. Since the computer can do many jobs simultaneously, segregation is not as defined as it is in a manual
system. How can a computer system be modified to compensate for the lack of segregation of duties?
a. The computer system should be under the direction of the internal audit department
b. The computer system should be accessible to various competent partners so they can check on each
other’s work
c. Strong controls should be built into both the computer software and hardware to limit access and
manipulation
d. Many companies run complete parallel manual and automated accounting systems for a cross check
on input and output
27. Internal control is ineffective when the computer personnel
a. participates in computer software acquisition decisions
b. designs documentation for computerized systems
c. originates changes in master files
d. provides physical security for program files
28. Accounting functions that are normally considered incompatible in a manual system are often combined
by computer software. This necessitates an application control that prevents unapproved
a. access to the computer library
b. usage of software
c. revisions to existing software
d. testing of modified software
29. An auditor’s consideration of a computer’s control activities has disclosed the following four
circumstances. Which circumstance constitutes significant deficiency in internal control?
a. Computer operators do not have access to the complete software support documentation
b. Computer operators are closely supervised by the programmers
c. Programmers are not authorized to operate computers
d. Only one generation of backup files is stored in an off-premise location
30.
One key control in the organization of the information systems department is the
a. separation of the systems development group and the operations (data processing) group
b. operating personnel should strictly control access to the client’s database
c. controller should manage the information system since it supplements the accounting work already
done under the supervision of the controller
d. information systems department should be under the direction of systems development personnel
since they are responsible for the overall performance of the system
31. In an electronic data processing system, automated equipment controls or hardware controls are
designed to
a. arrange data in a logical sequential manner for processing purposes.
b. correct errors in the computer programs.
c. monitor and detect errors in source documents.
d. detect and control errors arising from use of equipment.
32. Which of the following characteristics distinguishes computer processing from manual processing?
a. Computer processing virtually eliminates the occurrence of computational error normally associated
with manual processing.
b. Errors or fraud in computer processing will be detected soon after their occurrences.
c. The potential for systematic error is ordinarily greater in manual processing than in computerized
processing.
d. Most computer systems are designed so that transaction trails useful for audit purposes do not exist.
33. What is the computer process called when data processing is performed concurrently with a particular
activity and the results are available soon enough to influence the particular course of actions being taken
or the decision being made?
a. Real-time processing
b. Batch processing
c. Random access processing
d. Integrated data processing
AT Quizzer 9
“ Information Systems Audit & Assurance”
Page 5
34. Which of the following statements is false? In data processing,
a. data refers to facts which have been organized in a meaningful manner.
b. the sources of data are within the firm and outside the firm.
c. data processing refers to the operations needed to collect and transform data into useful information.
d. mechanical data processing is a system in which the operations are performed with the assistance of
major mechanical devices.
35. The grandfather-father-son approach to providing protection for important computer files is a concept that
is most often found in
a. on-line, real-time systems
b. punched-card systems
c. magnetic tape systems
d. magnetic drum systems
36. Which of the following employees in a company’s electronic data processing department should be
responsible for designing a new or improved data processing procedures?
a. Flowchart editor
b. Programmer
c. Systems analyst
d. Control-group supervisor
37. An electronic data processing technique which collects data into groups to permit convenient and efficient
processing is known as
a. document-count processing
b. multi-programming
c. batch processing
d. generalized audit processing
38. A fundamental purpose of a database management system is to
a. store all data for an organization in multiple files.
b. reduce data redundancy.
c. use physical data organizations concepts instead of logical data organization concepts.
d. change the manner in which application programs access individual data elements.
39. A partial set of standard characteristics of a real-time system is
a. batched input, online files, and an extensive communication network.
b. reliance upon sequential files, prompt input from users, and interactive programs.
c. online files, prompt input from users, and an extensive communication network.
d. the use of high-level language and the major need being for historical reports.
40.
All activity related to a particular application in a manual system is recorded in a journal. The name of the
corresponding item in a computerized system is a
a. master file
b. year-to-date file
c. transaction file
d. current balance file
41.
Which of the following is not a major reason for maintaining an audit trail for a computer system?
a. Deterrent to fraud
b. Monitoring purposes
c. Analytical procedures
d. Query answering
42.
An auditor would most likely be concerned with which of the following controls in a distributed data
processing system?
a. Hardware controls
b. System documentation controls
c. Access controls
d. Disaster recovery controls
43.
Which one of the following is not considered a typical risk associated with outsourcing (the practice of hiring
an outside company to handle all or part of the data processing)?
a. Inflexibility
b. Loss of control
c. Loss of confidentiality
d. Less availability of expertise
AT Quizzer 9
“ Information Systems Audit & Assurance”
Page 6
44.
The initial debugging of a computer program should normally be done by the
a. programmer
b. internal auditor
c. machine operator
d. control group
45.
Which of the following is not one of the main components of a computer?
a. Processing unit
b. Storage (memory) unit
c. Arithmetic unit
d. Verifier
46.
The normal sequence of documents and operations on a well-prepared systems flowchart is
a. top to bottom and left to right.
b. bottom to top and left to right.
c. top to bottom and right to left.
d. bottom to top and right to left.
47.
The purpose of using generalized computer programs is to test and analyze a client’s computer
a. systems
b. equipment
c. records
d. processing logic
48.
The computer system most likely to be used by a large savings bank for customers’ accounts would be
a. an on-line, real-time system
b. a batch processing system
c. a generalized utility system
d. a direct access data base system
49.
Which of the following lists comprises of the components of the data processing cycle?
a. Batching, processing, output
b. Collection, refinement, processing, maintenance, output
c. Input, classifying, batching, verification, transmission
d. Collection, refinement, storing, output
50.
Which of the following is not a characteristic of a batch processed computer system?
a. The collection of like transactions which are sorted and processed sequentially against a master file.
b. Keypunching of transactions, followed by machine processing.
c. The production of numerous printouts.
d. The posting of transaction, as it occurs, to several files, without intermediate printouts.
51.
The internal controls over computer processing include both manual procedures and procedures designed
into computer programs (programmed control procedures). These manual and programmed control
procedures comprise the general CIS controls and CIS application controls. The purpose of general CIS
controls is to
a. Establish specific control procedures over the accounting applications in order to provide reasonable
assurance that all transactions are authorized and recorded and are processed completely,
accurately, and on a timely basis
b. Establish a framework of overall controls over the CIS activities and to provide a reasonable level of
assurance that the overall objectives of internal control are achieved
c. Provide reasonable assurance that systems are developed and maintained in an authorized and
efficient manner
d. Provide reasonable assurance that access to data and computer programs is restricted to authorized
personnel
52.
CIS application controls include the following, except
a. Controls over input
b. Controls over processing and computer data files
c. Controls over output
d. Controls over access to systems software and documentation
53.
The auditor is required to consider how an entity’s general CIS controls affect the CIS applications
significant to the audit. Accordingly, the auditor should
a. Review the design of the general CIS controls only
b. Review the design of the CIS application controls only
c. Review the design of the general CIS controls before reviewing the CIS application controls
d. Review the design of the CIS application controls before reviewing the design of the general CIS
controls
AT Quizzer 9
“ Information Systems Audit & Assurance”
Page 7
54.
The two broad categories of CIS controls are general controls and application controls. General controls
include controls
a. For developing, maintaining and modifying computer programs
b. That relate to the correction and resubmission of erroneous data
c. Designed to provide reasonable assurance that only authorized users receive output from processing
d. Designed to provide reasonable assurance that all data submitted for processing have been properly
authorized
55.
The significance of hardware controls is that they
a. Ensure that run-to-run totals in application systems are consistent
b. Reduce the incidence of user input errors in online systems
c. Ensure correct programming of operating system functions
d. Assure that machine instructions are executed correctly
56.
The following statements relate to internal control in an electronic data interchange (EDI) environment.
Which is true?
a. In EDI systems, preventive controls are generally more important than detective controls
b. Control objectives for EDI systems generally are different from the objectives for other computer
information systems
c. Internal controls that relate to the segregation of duties generally are the most important controls in
EDI systems
d. Internal controls in EDI systems rarely permit control risk at below the maximum
57.
An entity has recently converted its revenue/receipt cycle from a manual processing to an online, real-time
processing system. Which is the most probable result associated with conversion to the new
computerized processing system?
a. Less segregation of traditional duties
b. Significant increase in processing time
c. Reduction ion the entity’s risk exposures
d. Increase in processing errors
58.
The most important segregation of duties in the organization of the information systems function is
a. Using different programming personnel to maintain utility programs from those who maintain the
application programs
b. Having a separate information officer at the top level of the organization outside of the accounting
function
c. Assuring that those responsible for programming the system do not have access to data processing
operations
d. Not allowing the data librarian to assist in data processing operations
59. Which of the following activities would most likely be performed in the information systems department?
a. Initiation of changes to master records
b. Conversion of information to machine-readable form
c. Correction of transactional errors
d. Initiation of changes to existing applications
60. For control purposes, which of the following should be organizationally segregated from the computer
operations function?
a. Data conversion
b. Surveillance of CRT messages
c. Systems of development
d. Minor maintenance according to a schedule
61. Which of the following is not a major reason for maintaining an audit trail for a computer system?
a. Deterrent to fraud
b. Monitoring purposes
c. Analytical procedures
d. Query answering
62.
Alpha National Bank has an on-line real-time system, with terminals installed in all of its branches. This
system will not accept a customer’s cash withdrawal instructions in excess of P10,000 without the use of a
“terminal audit key”. After the transaction is authorized by a supervisor, the bank teller then processes the
transaction with the audit key. This control can be strengthened by
a. On-line recording of the transaction on audit override sheet
b. Increasing the dollar amount to P15,000
c. Requiring manual, rather than on-line, recording of all transactions
d. Using parallel simulation
AT Quizzer 9
“ Information Systems Audit & Assurance”
Page 8
63. The use of header label in conjunction with magnetic tape is most likely to prevent errors by the
a. Computer operator
b. Keypunch operator
c. Computer programmer
d. Maintenance technician
64. For the accounting system of Atlantis Company, the amounts of cash disbursements entered into a
terminal are transmitted to the computer that immediately transmits the amounts back to the terminal for
display on the terminal screen. This display enables the operator to
a. Establish the validity of the account number
b. Verify the amount was entered accurately
c. Verify the authorization of the disbursement
d. Prevent the overpayment of the account
65. When computer programs or files can be accessed from terminals, users should be required to enter
a(an)
a. Parity check
b. Personal identification code
c. Self-diagnosis test
d. Echo check
66. The possibility of erasing a large amount of information stored on magnetic tape most likely would be
reduced by the use of
a. File protection rings
b. Check digits
c. Completeness tests
d. Conversion verification
67. Mark Corp. has changed from a system of recording time worked on clock cards to a computerized payroll
system in which employees record time in and out with magnetic cards. The computer system
automatically updates all payroll records. Because of this change
a. A generalized computer audit program must be used
b. Part of the audit trail is altered
c. The potential for payroll related fraud is diminished
d. Transactions must be processed in batches
68.
Which of the following controls most likely would assure that an entity can reconstruct its financial
records?
a. Hardware controls are built into the computer by the computer manufacturer
b. Backup diskettes or tapes of files are stored away from originals
c. Personnel who are independent of data input perform parallel simulations
d. Systems flowcharts provide accurate descriptions of input and output operations
69.
Computer systems are typically supported by a variety of utility software packages that are important to an
auditor because they
a. May enable unauthorized changes to data files if not properly controlled
b. Are very versatile programs that can be used on hardware of many manufacturers
c. May be significant components of a client’s application program
d. Are written specifically to enable auditors to extract and sort data
70.
Where disk files are used, the grandfather-father-son updating backup concept is relatively difficult to
implement because the
a. Location of information points on disks is an extremely time consuming task
b. Magnetic fields and other environmental factors cause off-site storage to be impractical
c. Information must be dumped in the form of hard copy of it is to be reviewed before used in updating
d. Process of updating old records is destructive
71. In creating lead schedules for an audit engagement, a CPA often uses automated work paper software.
What client information is needed to begin this process?
a. Interim financial information such as third quarter sales, net income, and inventory and receivables
balances
b. Specialized journal information such as the invoice and purchase orders numbers of the last few sales
and purchase of the year
c. General ledger information such as account numbers, prior year account balances, and current year
unadjusted information
d. Adjusting entry information such as deferrals and accruals and reclassification journal entries
AT Quizzer 9
“ Information Systems Audit & Assurance”
Page 9
72. Using microcomputers in auditing may affect the methods used to review the work of staff assistants
because
a. The audit fieldwork standards for supervision may differ
b. Documenting the supervisory review may require assistance of consulting services personnel
c. Supervisory personnel may not have an understanding of the capabilities and limitations of
microcomputers
d. Working paper documentation may not contain readily observable details of calculations
73.
An entity has the following invoices in a batch:
Invoice #
Product
Quantity
Unit Price
201
F10
150
P 5.00
202
G15
200
P 10.00
203
H20
250
P 25.00
204
K35
300
P 30.00
Which of the following numbers represent the record count?
a. 1
b. 4
c. 810
d. 900
74.
Which of the following input controls is a numeric value computed to provide assurance that the original
value has not been altered in construction or transmission?
a. Hash total
b. Parity check
c. Encryption
d. Check digit
75.
Which of the following is an example of a validity check?
a. The computer ensures that a numerical amount in a record does not exceed some predetermined
amount
b. As the computer corrects errors and data are successfully resubmitted to the system, the causes of
the errors are printed out
c. The computer flags any transmission for which the control field value did not match of an existing file
record
d. After data for transaction are entered, the computer sends certain data back to the terminal for
comparison with data originally sent
76.
Which of the following is a computer test made to ascertain whether a given characteristic belongs to the
group?
a. Parity check
b. Validity check
c. Echo check
d. Limit check
77.
A control feature in an electronic data processing system requires that central processing unit (CPU) to
send signals to the printer to activate the print mechanism for each character. The print mechanism, just
prior to the printing, sends a signal back to the CPU verifying that the proper print position has been
activated. This type of hardware control is referred to as
a. Echo control
b. Validity control
c. Signal control
d. Check digit control
78.
Which of the following is an example of a check digit?
a. An agreement of the total number of employees to the total number of checks printed by the computer
b. An algebraically determined number produced by the other digits of the employee number
c. A logic test that ensures all employee numbers are nine digits
d. A limit check that an employee’s hours do not exceed 50 hours per work week
79.
In a computerized system, procedure or problem-oriented language is converted to machine language
through a(an)
a. Interpreter
b. Verifier
c. Compiler
d. Converter
AT Quizzer 9
“ Information Systems Audit & Assurance”
Page 10
80. What type of computer system is characterized by data that are assembled from more than one
location and records that are updated?
a. Microcomputer system
b. Minicomputer system
c. Batch processing system
d. On-line real time system
81. Should the auditor feel, after obtaining an understanding of the CIS internal structure, that control risk
cannot be reduced, he or she will
a. Issue a disclaimer.
b. Issue an adverse opinion.
c. Increase the sample size for tests of controls.
d. Expand the substantive testing portion of the audit.
82. Control risk assessment when a computer is used would not involve
a. Identifying specific control procedures designed to achieve the control objectives.
b. Identifying the interdependent control procedures which must function for an identified specific
control procedure to be effective.
c. Evaluating the design of control procedures to determine control risk.
d. Performance of specific tests of control audit procedures.
83. Which of the following represent examples of general, application and user controls activities,
respectively, in the computer environment?
a. Control over access to programs, computer exception reports, and manual checks of computer
output.
b. Manual checks of computer output, control over access to programs, and computer exception
reports.
c. Computer exception reports, control over access to programs, and manual checks of computer
output.
d. Manual checks of computer output, computer exception reports, and control over access to
programs.
84.
Which of the following is least likely a risk characteristic associated with a CIS environment?
a. Error embedded in an application’s program logic may be difficult to manually detect on a timely
basis.
b. The separation of functional responsibilities diminishes in a computerized environment.
c. Initiation of changes in the master file is exclusively handled by respective users.
d. The potential unauthorized access to data or to alter them without visible evidence may be
greater.
85. The use of a computer changes the processing, storage, and communication of financial information.
A CIS environment may affect the following, except:
a. The accounting and internal control systems of the entity.
b. The overall objective and scope of an audit.
c. The auditor’s design and performance of tests of control and substantive procedures to satisfy
the audit objectives.
d. The specific procedures to obtain knowledge of the entity’s accounting and internal control
systems.
86.
A compiler is
a. A procedure-oriented language.
b. A machine that converts procedure oriented language to a machine language.
c. A program that converts procedure oriented language to a machine language.
d. A program that translate symbolic language to machine language.
87.
An operating system is
a. The assembler program including the source and object program.
b. All hardware and software needed to operate the computer system.
c. The program that manage the processing operations of the computer.
d. Only the hardware of the computer system.
88. A CIS where two or more personal computers are linked together through the use of special
software and communication lines and allows the sharing of application software, data files, and
computer peripherals such as printers and optical scanners is a/an
a. Local area network (LAN).
b. On-line system.
c. Batch processing system.
d. Wide area network (WAN).
AT Quizzer 9
“ Information Systems Audit & Assurance”
Page 11
89. What type of online computer system is characterized by data that are assembled from more than
one location and records that are updated immediately?
a. Online, batch processing system.
b. Online, real-time processing system.
c. Online, inquiry system.
d. Online, downloading/uploading system.
90. Mainframe computer systems include several advanced processing procedures. Two of the most
common processing procedures are multiprocessing and multiprogramming. Which of the following
statements about these processing procedures is false?
a. Multiprogramming allows multiple programs to be executed at exactly the same time.
b. Multiprogramming switches back and forth between programs during processing.
c. Multiprocessing allows the sharing of a central memory during processing.
d. Multiprocessing allows multiple programs to be executed at exactly the same time.
91. When the client has a large number of transactions that processed by stand alone personal
computer, the auditor
a. May do tests of controls which he intends to rely on, if appropriate, to reduce the assessed
control risk, and do audit work on the data a preliminary date.
b. Understand the control environment and flow of transactions but must omit preliminary audit
tests.
c. May do tests of controls and if those controls can be relied on, do interim testing and omit year
end audit testing.
d. Usually omits the understanding of control environment because the stand alone personal
compute environment is not reliable.
92. How does the stand alone personal computer environment of the client entity affect the auditor’s
procedures?
a. The auditor often assumes that control risk is reasonably low.
b. Because of the advantage provided by the use of stand alone personal computers, the audit
procedures are restricted to low level.
c. The auditor usually concentrates the audit efforts on substantive tests at or near the end of the
year.
d. To be cost effective, the auditor makes an extensive review of general CIS and CIS application
controls as basis of reducing the audit efforts to be performed on detailed testing of balances
and transaction classes.
93. Audit team members can use the same database and programs when their PCs share a hard disk
and printer on a LAN. Which of the following communication devices enables a PC to connect to a
LAN?
a. A network interface card (NIC) that plugs into the motherboard.
b. A fax modem that sends that plugs into the motherboard.
c. An internal modem that plugs into the motherboard.
d. An external modem with a cable connection to a serial port.
94. Auditing in a Computer Information Systems Environment, states, “In planning the portions of the
audit which may be affected by the client’s CIS environment, the auditor should obtain an
understanding of the significance and complexity of the CIS activities and the availability of data for
use in the audit.” The following relate to the complexity of CIS activities except when
a. Transactions are exchanged electronically with other organizations (for example, in electronic
data interchange systems (EDI).
b. Complicated computations of financial information are performed by computer and/or material
transactions or entries are generated automatically without independent validation.
c. Material financial assertions are affected by computer processing.
d. The volume of transactions is such that users would find it difficult to identify and correct errors in
processing.
95.
The auditor is required by the standard to consider the CIS environment in designing audit
procedures to reduce risk to an acceptably low level. Which of the following statements is
incorrect?
a. The auditor’s specific audit objectives do not change whether financial information is processed
manually or by the computer.
b. The methods of applying audit procedures to gather audit evidence are not influenced by the
methods of computer processing.
c. The auditor may use either manual audit procedures, computer-assisted audit techniques
(CAATs), or a combination of both to obtain sufficient appropriate audit evidence.
d. In some CIS environments, it may be difficult or impossible for the auditor to obtain certain data
for inspection, inquiry, or confirmation without the aid of computer.
AT Quizzer 9
96.
“ Information Systems Audit & Assurance”
Page 12
Regardless of the nature of an entity’s environment, the auditor must consider internal control. In a
CIS environment, the auditor must, at a minimum, have
a. A background in programming procedures.
b. An expertise in programming procedures.
c. A sufficient knowledge of the computer’s operating system.
d. A sufficient knowledge of the computer information system.
97. The use of CIS will least likely affect the
a. The procedures followed by the auditor in obtaining a sufficient understanding of the
accounting and internal control systems.
b. The auditor’s specific objectives.
c. The consideration of inherent risk and control risk through which the auditor arrives at the risk
assessment.
d. The auditor’s design and performance of tests of control and substantive procedures
appropriate to meet the audit objective.
98.
Who is ultimately responsible for the design and implementation of cost-effective controls in a CIS
environment?
a. The internal audit manager.
b. The entity’s management.
c. The CIS manager.
d. The control group in the CIS environment.
99. Which of the following is unique to CIS?
a. Error listing.
b. Flowchart.
c. Questionnaires.
d. Pre-numbered documents.
100. Are the following risks greater in CIS than in manual systems?
a
b
Erroneous data conversion
Yes
Yes
Erroneous source document preparation
Yes
Yes
Repetition of errors
No
No
Concentration of data
Yes
No
c
Yes
Yes
Yes
Yes
d
Yes
No
Yes
Yes