Add to collection(s) Add to saved
  1. Business
Uploaded by Gian Carlo Rodriguez

Auditing in CIS Environment FinalEXAM 2005

advertisement 
MULTIPLE CHOICE (60 POINTS)
Direction: In the answer sheet provided, place the letter that identifies the correct response. (1.5 points each)
1. The most important reason for an IS auditor to obtain sufficient and appropriate audit evidence is
to
a. Ensure complete audit coverage
b. Comply with regulatory requirements
c. Perform the audit according to the defined scope
d. Provide a basis for drawing reasonable conclusions
2. While reviewing sensitive electronic working paper, the IS auditor noticed that they were not
encrypted. This could compromise the
a. Approval of the audit phase
b. Access right to the working papers
c. Confidentiality of the working papers
d. Audit trail of the versioning of the working papers
3. When preparing an audit report, the IS auditor should ensure that the results are supported by
a. Working papers of other auditors
b. Statement from IS management
c. Sufficient and appropriate evidence
d. An organizational control self-assessment
4. System flowcharts
a. illustrate the relationship between database entities in systems.
b. describe the internal logic of computer applications in systems.
c. depict logical tasks that are being performed, but not who is performing them
d. represent relationships between key elements of both manual and computer
systems.
5. the primary purpose for meeting with auditees prior to formally closing reviews is to
a. Gain agreements on the findings
b. Test the structure of final presentation
c. Receive feedback on the adequacy of the audit procedures
d. Confirm that the auditor did not overlook important issues
6. the primary reason an IS auditor performs a functional walkthrough during the preliminary phase
of an audit assignment is to
a. Identify control weakness
b. Develop the risk assessment
c. Comply with auditing standard
d. Understand the business process
7. An IS auditors finds that the answers received during an interview with the payroll clerk do not
support descriptions and documented procedures. Under these circumstances, the IS auditor
should
a. Suspend the audit
b. Place greater reliance on previous audit
c. Conclude that the controls are inadequate
d. Expand the scope to include substantive testing
8. An appropriate control for ensuring the authenticity of orders received in an electronic data
interchange
a. Encrypt electronic orders
b. Acknowledge receipt of electronic orders with a confirmation message
c. Perform reasonable checks on quantities ordered before filling orders
d. Verify the identity of senders and determine if orders correspond to contract terms
9. When selecting audit procedures, an IS auditors should use professional judgment to ensure that
a. Sufficient evidence will be collected
b. All material weaknesses will be identified
c. Audit cost will be kept at a minimum level
d. Significant deficiencies will be corrected within a reasonable time
10. During the planning stage of an IS audit, the primary goal of an IS auditor is to
a. Address audit objectives
b. Specify appropriate test
c. Minimize audit resources
d. Collect sufficient evidence
11. Which of the following represents the greatest potential risk in an electronic data interchange
environment
a. Transmission delay
b. Lack of transaction authorizations
c. Loss of duplication of EDI transmission
d. Deletion or manipulation of transactions prior to, or after, establishment of
application control
12. An organization uses a bank to process its weekly payroll. Time sheets and payroll adjustment
forms are completed and delivered to the banks, which prepares the check and reports for
distribution. To best ensure payroll data accuracy
a. Check should be compared to input forms
b. Gross payroll should be recalculated manually
c. Check should be reconciled with output reports
d. Payroll reports should be compared to input reports
13. An IS auditor should use statistical sampling, and not judgment sampling, when
a. The probability of error must be objective quantified
b. The auditor wants to avoid sampling risk
c. General audit software is unavailable
d. The tolerable error rate cannot be determined
14. Real-time processing would be most beneficial in handling a firm’s
a. fixed asset records
b. depreciation records
c. merchandise inventory
d. retained earning information
15. Risk exposures in the General Ledger and Financial Reporting Systems include all of the
following except
a. loss of the audit trail
b. loss of physical assets
c. unauthorized access to the general ledger
d. general ledger account out of balance with the subsidiary account
16. During an exit interview, in cases where there is disagreement regarding the impact of a finding,
an IS auditor should
a. Report the disagreement to the audit committee for resolution
b. Accept the auditee’s position because they are the process owner
c. Ask the auditee to sign a release form accepting full legal responsibility
d. Elaborate on the significance of the finding and the risk of not correcting it
17. Which statement is not correct? The audit trail in a computerized environment
a. may take the form of pointers, indexes, and embedded keys
b. consists of records that are stored sequentially in an audit file
c. traces transactions from their source to their final disposition
d. is a function of the quality and integrity of the application programs
18. When developing a risk-based audit strategy, an Is auditor should conduct a risk assessment to
ensure that
a. Audit risk is considered
b. A gap analysis is appropriate
c. Vulnerabilities and threats are identified
d. Controls needed to mitigate risk are in place
19. How does the process of systems auditing benefit from using a risk-based approach to audit
planning?
a. Auditing risk is reduced.
b. Controls testing starts earlier.
c. Controls testing is more thorough.
d. Auditing resources are allocated to the areas of highest concern.
20. Corrective action has been taken by an auditee immediately after the identification of a
reportable finding. The auditor should:
a. include the finding in the closing meeting for discussion purposes only
b. not include the finding in the final report, because the audit report should include
only unresolved findings.
c. include the finding in the final report, because the IS auditor is responsible for an
accurate report of all findings.
d. not include the finding in the final report, because corrective action can be verified
by the IS auditor during the audit.
21. An IS auditor is validating a control that involved a review of system generated exception
reports. Which of the following is the best evidence of the effectiveness of the control.
a. Walkthrough with the reviewer of the operation of the control
b. System generated exception report for the review period with the reviewers sign
off
c. Management's confirmation of the effectiveness of the control for the review
period.
d. A sample system generated exceptions report for the review period, with follow-up
action items noted by the reviewer
22. Which of the following forms of evidence for the auditor would be considered the MOST
reliable?
a. An oral statement from the auditee
b. The results of a test performed by an IS auditor
c. An internally generated computer accounting report
d. A confirmation letter received from an outside source
23. An IS auditor should ensure that the review of online electronic funds transfer reconciliation
procedures include
a. Tracing
b. Vouching
c. Corrections
d. Authorizations
24. Which audit techniques provides the best evidence of segregation of duties in an IT department
a. Observation and interviews
b. Testing of user access rights
c. Discussion with management
d. Review of the organizational chart
25. When evaluating the collective effect of preventive, detective or corrective controls within a
process, an IS auditor should be aware of which of the following?
a. Only preventive and detective controls are relevant
b. Corrective controls can only be regarded as compensating
c. Classification allows an IS auditor to determine which controls are missing
d. The point at which controls are exercised as data flow through the system
26. Which of the following would normally be the MOST reliable evidence for an auditor?
a. Trend data obtained from World Wide Web (Internet) sources
b. A confirmation letter received from a third party verifying an account balance
c. Assurance from line management that an application is working as designed
d. Ratio analysts developed by the IS auditor from reports supplied by line
management
27. Which of the following should be of most concern to an IS auditor?
a. Lack of periodic examination of access rights
b. Lack of notification to the public of an intrusion
c. Failure to notify police of an attempted intrusion
d. Lack of reporting of a successful attack on the network
28. In the course of performing a risk analysis, an IS auditor has identified threats and potential
impacts. Next, the IS auditor should
a. identify and evaluate the existing controls.
b. disclose the threats and impacts to management.
c. identify information assets and the underlying systems.
d. identify and assess the risk assessment process used by management.
29. During a security audit of IT processes, an IS auditor found that there were no documented
security procedures. The IS auditor should:
a. Terminate the audit.
b. Conduct compliance testing.
c. Create the procedures document.
d. Identify and evaluate existing practices.
30. An IS auditor has imported data from the clients database. The next step-confirming whether the
imported data are complete-is performed by:
a. Filtering data for different categories and matching them to the original data.
b. Matching control totals of the imported data to control totals of the original data.
c. Sorting the data to confirm whether the data are in the same order as the original
data.
d. Reviewing the printout of the first 100 records of original data with the first 100
records of imported data.
II. SAP TEST OF TRANSACTIONS (40 POINTS) In the SAP link provided, please screenshot the
following requirements that are necessary for auditors in the conduct of IT audit. Indicate your
answers in the box provided below.
1. Show a sample screenshot of the following documents and reports necessary for accountants and auditors:
a. Screenshot the related transactions for purchase order number 15 from purchase orders to
outgoing payment relationship and discuss its corresponding journal entries.
b. Screenshot the related transactions for sales order number 25 from sales orders to incoming
payment relationship and discuss its corresponding journal entries.
c. Transaction Journal Report for all Transactions performed on the months of October to
December, 2013.
d. Financial Statements for CY 2013
e. Generate the Journal Entry of A/R Invoice no. 7
f.
How much is the Total Trade Receivable (before any adjustments)?
g. Compute the amount of Allowance for Doubtful Accounts. According to the industry
experiences, the collectability of accounts are as follow:
0 – 1 month = 100%
Over one month not over two months = 98%
Over two months not over three months = 95%
Over three months not over four months = 92%
Over four months = 90%
h. Reperform Bank Reconciliation for Metrobank Account No. 9021.
Balance per Bank
Ref.
No.
184,871.20
Add: Deposits in Transit
Less: Outstanding Checks
Total adjustments
Adjusted Balance
Balance per Book
Add:
1,101,550.40
Less:
Total Adjustments
Adjusted Balance
-END OF EXAMINATION-
Related documents
Question: 1. If the auditor finds only one instance of... the auditor assume that this is an isolated instance? Why...
Question: 1. If the auditor finds only one instance of... the auditor assume that this is an isolated instance? Why...
Information System Audit Checklist A hardware review evaluates the structure of:
Information System Audit Checklist A hardware review evaluates the structure of:
New DOCX Document
New DOCX Document
Download
advertisement