Add to collection(s) Add to saved
  1. No category
Uploaded by Heziel Frianeza

436356489-Audit-in-Cis-Environment

advertisement 
1.
d.
2.
b.
When on-line, real-time processing is used, the grandfather-father-son updating backup
concept is relatively difficult to implement because:
a. Locating information points on files is an extremely time-consuming
task.
b. Magnetic fields and other environmental factors cause off-site storage
be impracticable.
c. Information must be dumped in the form of hard copy if it is to be
reviewed before used in updating.
The process of updating old records is destructive.
Which of the following, when used in multiples in a single computer, can help a
corporation reduce its processing time?
a. Input/output devices
c. Central processing units
Physical storage devices
d. Communication devices
3.
Analysis of data in a database using tools which look for trends or anomalies without
knowledge in advance of the meaning of the data is referred to as:
a. Artificial intelligence
b. Data mining c. Virtual reality d. Transitory analysis
4.
ABC Company needs an internal communication network that provides high speed
communication among nodes. Which of the following is appropriate for ABC?
a. Wide Area Network (WAN)
c. File server
b. Local Area network (LAN)
d. Value added network (VAN)
5.
A client is concerned that a power outage or disaster could impair the computer
hardware's ability to function as designed. The client desires of-site back up hardware
facilities that are fully configured and ready to operate within several hours. The client
most likely should consider a:
a. Cold site b. Cool site
c. Warm site
d. Hot site
6.
The use of message encryption software:
a. Guarantees the secrecy of data.
b. Requires manual distribution of keys.
c. Increases system overhead.
d. Reduces the need for periodic password changes.
7.
Which of the following strategies would a CPA most likely consider in auditing an entity
that possesses most of its financial data only in electronic form, such as a papaeriess
system?
a. Continuous monitoring and analysis of transaction processing with an embedded
audit module.
b. Increased reliance on internal control activities that emphasize the segregation of
duties.
c. Verification of encrypted digital certificates used to monitor the authorization of
transactions.
d. Extensive testing of firewall boundaries that restrict the recording of outside
network traffic.
8.
When evaluating internal control of an entity that processes sales transactions on the
Internet, an auditor would be most concerned about the:
a. Lack of sales invoice documents as an audit trail.
c.
d.
b. Potential for computer disruptions in recording sales.
Inability to establish an integrated test facility.
Frequency of archiving and data retention.
9. Josh is the data administrator (DA) for ABC Corporation. An example of Josh's
responsibilities as the DA is to monitor:
a. The database industry.
c. The database security
b. The performance of the database
d. Back up of the system
10. Which of the following is an example of a validity check?
a. The computer ensures that a numerical amount in a record does not exceed some
predetermined amount.
b. As the computer corrects errors and data are successfully resubmitted to the system, the
causes of the errors are printed out.
c. The computer flags any transmission for which the control field value did not match that of
an existing file record.
d. After the data for a transaction are entered, the computer sends certain data back to the
terminal for comparison with data originally sent.
14. A control feature in an electronic data processing system requires the central processing unit
(CPU) to send signals to the printer to activate the print mechanism for each character. The
print mechanism, just prior to printing, sends a signal back to the CPU verifying that the
proper print position has been activated. This type of hardware control is:
a. Echo control
b. Validity control c. Signal control d. Check digit control
15. Which of the following is an example of a validity check?
a. The computer ensures that a numerical amount in a record does not exceed
some predetermined amount.
b. As the computer corrects errors and data are successfully resubmitted to the
system, the causes of the errors are printed out.
c. The computer flags any transmission for which the control field value did not
match that of an existing file record.
d. After data for a transaction are entered, the computer sends certain data back
to the terminal for comparison with data originally sent.
16. Which of the following statements about general controls is not correct?
a. Disaster recovery plans should identify alternative hardware to process company data.
b. Successful IT development efforts require the involvement of IT and non-IT personnel.
c. The chief information officer should report to senior management and the board.
d. Programmers should have access to computer operations to aid users in resolving
problems.
17. A retailing entity uses the internet to execute its purchase transactions. The entity's auditor
recognizes that the documentation of details of transactions will be retained for only a short
period of time. To compensate for this limitation, the auditor most likely would:
a.
b.
c.
d.
Compare a sample of paid vendors' invoices to the receiving records at year-end.
Plan for large measure of tolerable misstatement in substantive tests.
Perform tests several times during the year, rather than only at year-end.
Increase the sample of transactions to be selected for cut-off tests.
18. One of the major problems in a computer system is that incompatible functions may
be performed by the same individual. One compensating control is the use of:
a. Echo checks
c. Computer generated hash totals
b. A check digit systems
d. A computer log
19. Which of the following is the most effective user account management control in
preventing the unauthorized use of a computer system?
a. Management enforces an aggressive password policy that requires
passwords to be 10 characters long, to be non-reusable and to be changed
weekly.
b. An account manager is responsible for authorizing and issuing new
accounts.
c. The passwords and usernames of failed log in attempts are logged and
documented in order to cite attempted infiltration of the system.
d. Employees are required to renew their accounts semiannually.
20. An internet firewall is designed to provide adequate protection against which of the
following?
a. A computer virus.
c. Insider leaking of confidential
information
b. Unauthenticated logins from outsider users, d. A Trojan horse application
21. A client communicates sensitive data across the internet. Which of the following
controls would be most effective to prevent the use of the information if it were
intercepted by an unauthorized party?
a.
A firewall b. An access log c. Passwords
d. Encryption
22. When companies use information technology (IT) extensively, evidence may be
available only in electronic form. What is an auditor's best course of action in such
situations?
a. Assess the control risk as high.
b. Use audit software to perform analytical procedures.
c. Use generalized audit software to extract evidence from client databases.
d. Perform limited tests of controls over electronic data.
23. An auditor is gaining an understanding of a client's internet controls. Which of the
following would likely be the least effective control?
a. The client requires all users to select passwords that are not easily guessed.
b. The client requires users to share potentially useful downloaded programs from public
electronic bulletin boards with only authorized employees.
c. The client uses a proxy server to provide information to external web page users.
d. The client uses a firewall system that produces reports on internet usage patterns.
a.
b.
c.
d.
24. An auditor should obtain sufficient knowledge of an entity's information system relevant
to financial reporting to understand the:
Safeguards used to limit access to computer facilities.
Process used to prepare significant accounting estimates.
Procedures used to assure proper authorization of transactions.
Policies used to detect the concealment of fraud.
29. To achieve audit efficiency and effectiveness with a personal computer, the two crucial
requirements are selecting
a. The appropriate audit tasks for personal computer applications and the appropriate
software to perform the selected audit tasks
b. The appropriate software to perform the selected audit tasks and data that can be
accessed by the auditor’s personal computer
c. Company data that can be accessed by the auditor’s personal computer and the
appropriate audit tasks for personal computer applications
d. The appropriate sample of company data to test with the auditor’s personal computer and
the appropriate software to perform the selected audit tasks
30. At which point in an ordinary sales transaction of wholesaling business is a lack of specific
authorization of least concern to the auditor in the conduct of an audit?
a. Granting of credit
c. Determination of discounts
b. Shipment of goods
d. Selling of goods for cash
31. An online sales order processing system most likely would have an advantage over a batch
sales order processing system by:
a. Detecting errors in the data entry process more easily by the use of edit programs.
b. Enabling shipment of customer orders to be initiated as soon as the orders are received.
c. Recording more secure backup copies of the database on magnetic tape files.
d. Maintaining more accurate records of customer accounts and finished goods inventories.
32. When evaluating internal control of an entity that processes sales transactions on the internet,
an auditor would be most concerned about the:
a. Lack of sales invoice documents as an audit trail.
b. Potential for computer disruptions in recording sales.
c. Inability to establish an integrated test facility.
d. Frequency of archiving and data retention.
33. After obtaining a preliminary understanding of a client's computer control structure, an auditor
may decide not to perform test of controls auditing related to the control procedures within
the computerized portion of the client's control system. Which of the following would not be
a valid reason for choosing to omit tests of controls auditing?
a. The client's computer control procedures duplicate manual control procedures existing
elsewhere in the system.
b. There appear to be major weaknesses that indicate a high control risk.
c. The time and peso costs of testing exceed the time and peso savings in substantive work if
the tests of computer controls show the controls to operate effectively.
d. The client's control procedures appear adequate enough to justify a low control risk
assessment.
34. A client's program that recorded receiving report information entered directly by the receiving
department on vendor shipment receipt included a reasonableness or limit test. Which of
the following errors would this test likely detect?
a. The receipt was for a shipment from unauthorized vendor.
b. The vendor shipped the wrong item.
c. The receiving department clerk entered the quantity of the product received as 0.
d.
The shipment received from the vendor was past due by 2 weeks.
35. All activities related to a particular application in a manual system is recorded in a journal.
The name of the corresponding item in a computerized system is a:
a. master file
c. transaction file
b year-to-date file
d. current balance file
36. Which of the following statements is correct concerning internal control in an electronic data
interchange (EDI) system?
a. Preventive controls generally are more important than detective controls in EDI
systems.
b. Control objectives for EDI systems generally are different from the objectives for
other information systems.
c. Internal controls in EDI systems rarely permit control risk to be assessed at below
maximum.
d. Internal controls related to the segregation of duties generally are the most important
controls in EDI systems.
37. Which of the following is usually a benefit of transmitting transactions in an electronic data
interchange (EDI) environment?
a.
A compressed business cycle with lower year-end receivable balances.
b.
A reduced need to test computer controls related to sales and collections transactions.
c.
An increased opportunity to apply statistical sampling techniques to account balances.
d.
No need to rely on third-party service providers to ensure security.
38.
Many clients now have their data processed at an independent computer service rather
than have their own computer. The difficulty the independent auditor faces when a
computer service center is used is:
a. Gaining the permission of the service center to review their work.
b. Finding compatible programs that will analyze the service center programs.
c. In trying to abide by the Code of Ethics to maintain the security and confidentiality of the
client's data.
d. In determining the adequacy of the service center's internal controls.
39.
Which of the following statements is correct concerning the security of messages in an
electronic data interchange (EDI) system?
a. When confidentiality of data is the primary risk, message authentication is the
preferred control rather than encryption.
b. Encryption performed by physically secure hardware devices is more secure
than encryption performed by software.
c. Message authentication in EDI systems performs the same function as
segregation of duties in other information systems.
d. Security in the transaction phase in EDI systems is not necessary because
problems at that level will usually be identified by the service provider.
40.
Which of the following is usually a benefit of using electronic funds transfer for international
cash transactions?
a. Improvement of the audit trail for cash receipts and disbursements.
b. Creation of self-monitoring access controls.
c. Reduction of the frequency of data entry errors.
d.
Off-site storage of source documents for cash transactions.
41.
Which of the following is an essential element of the audit trail in an electronic data
interchange (EDI) system?
a. Disaster recovery plans that ensure proper backup of files.
b. Encrypted hash totals that authenticate messages.
c. Activity logs that indicate failed transactions.
d. Hardware security modules that store sensitive data.
42.
When the IT system is significant, the auditor should also obtain an understanding of the
IT environment and whether it may influence the assessment of:
a. Inherent and control risks
c. Inherent and detection risks
b. Control and detection risks
d. General and application controls
43.
A personal computer can be used in any of the following configurations, except:
A stand-alone workstation operated by a single users or a number of users at the
different times.
b. A workstation which is part of a local area network of personal computers.
c. A workstation connected to a server.
d. A server connected to another server.
a.
44.
In a computerized payroll system environment, an auditor would be least likely to use test
data to test controls related to:
a. Missing employee numbers.
b. Proper approval of overtime by supervisors.
c. Time tickets with invalid job numbers.
d. Agreement of hour per clock cards with hours on time tickets.
45. Which of the following statements is incorrect?
a. The purpose of CIS application controls is to establish specific control procedures over the
application systems in order to provide reasonable assurance that all transactions are
authorized and recorded, and are processed accurately and on a timely basis.
b. It may be more efficient to review the design of the general CIS controls before reviewing the
CIS application controls.
c. If general CIS controls are not effective, there may be a risk that misstatements might occur
and go undetected in the application systems.
d. The purpose of general CIS controls is to establish a framework of overall control over the
CIS activities and to provide an absolute level of assurance that the overall objectives of
internal control are achieved.
55.
a.
b.
There are two common types of workstations - general purpose terminals and special
purpose terminals. Which of the following is not a general purpose terminal?
Personal computers
c. Point of sale devices
Intelligent terminal
d. Basic keyboard and monitor
User authorization procedures are designed to prevent or detect the following, except:
Unauthorized access to on-line terminal devices, programs and data.
b. Entry of authorized transactions.
c. Unauthorized changes to data files.
d. The use of computer programs by unauthorized personnel and the use of the computer
programs that have not been authorized.
56.
a.
57.
a.
b.
These are programmed routines that check the input data and processing results for
completeness, accuracy and reasonableness.
Pre-processing authorization
c. Master file controls
Cut-off procedures
d. Edit, reasonableness and validation controls
This is the process of establishing control totals over data being submitted for processing
through workstations and comparing the control totals during and after processing to
ensure that complete and accurate data are transferred to each processing phase.
a. Footing
b. Cross-casting
c. Balancing
d. Posting
58.
An entity's contingency plans for computer information systems should include appropriate
backup agreements. Which of the following arrangements would be considered too
vendor-dependent when vital operations require almost immediate availability of
computer resources?
A "cold site" arrangement
A "hot site" arrangement
A "cold and hot site" arrangement
Using excess capacity at another data center within reality
59.
a.
b.
c.
d.
60. The operating system performs all of the following tasks except
a. schedules job processing
b. assigns memory to applications
c. translates third-generation languages into machine language
d. authorizes user access
The most important output control is:
a. Control totals, which are used to verify that the computer's results are correct.
b. Distribution control, which assures that only authorized personnel receive the reports
generated by the system.
c. Review of the data for reasonableness by someone who knows what the output should look
like.
d. Logic tests, which verify that no mistakes were made in processing.
61.
62.
Accounting systems are designed to attain some objectives. Which of the following cannot
be considered an objective of accounting systems?
a.
To protect the business owners and safeguard their assets.
To provide a means by which interested parties may be given information on the financial
position and results of operations of a business organization.
c. To facilitate management planning, control and decision making.
d. To accomplish the different routinary administrative activities of the business organization.
b.
63.
a.
b.
64.
Passwords for microcomputer software programs are designed to prevent:
Inaccurate processing of data c. Unauthorized use of the software
Unauthorized access to the computer d. Incomplete updating of data files
When auditing "around the computer", the auditor performs tests of
a. General computer controls but does not test application computer controls.
b. Application computer controls but does not test general computer controls.
c. Both general and application computer controls.
d. Neither general nor application computer controls.
Related documents
Information System Audit Checklist A hardware review evaluates the structure of:
Information System Audit Checklist A hardware review evaluates the structure of:
Question: 1. If the auditor finds only one instance of... the auditor assume that this is an isolated instance? Why...
Question: 1. If the auditor finds only one instance of... the auditor assume that this is an isolated instance? Why...
NORTH PENN SCHOOL DISTRICT School Board Policy
NORTH PENN SCHOOL DISTRICT School Board Policy
Download
advertisement