Module 8 - Auditing with Technology [WILEY]

An advantage of using systems flowcharts to document information about internal control instead of using internal control questionnaires is that systems flowcharts

a. Identify internal control weaknesses more prominently.

b. Provide a visual depiction of clients' activities.

c. Indicate whether control procedures are operating effectively.

d. Reduce the need to observe clients' employees performing

routine tasks.

b. Provide a visual depiction of clients' activities.

A flowchart is most frequently used by an auditor in connection with the

a. Preparation of generalized computer audit plans.

b. Review of the client's internal control.

c. Use of statistical sampling in performing an audit.

d. Performance of analytical procedures of account balances.

b. Review of the client's internal control.

Matthews Corp. has changed from a system of recording time worked on clock cards to a computerized payroll system in which employees record time in and out with magnetic cards. The computer system automatically updates all payroll records. Because of this change

a. A generalized computer audit program must be used.

b. Part of the audit trail is altered.

c. The potential for payroll-related fraud is diminished.

d. Transactions must be processed in batches.

b. Part of the audit trail is altered.

Which of the following is correct concerning batch processing of transactions?

a. Transactions are processed in the order they occur, regardless of type.

b. It has largely been replaced by online real-time processing in all but legacy systems.

c. It is more likely to result in an easy-to-follow audit trail than is online transaction processing.

d. It is used only in non-database applications.

c. It is more likely to result in an easy-to-follow audit trail than is online transaction processing.

An auditor would be most likely to assess control risk at the maximum level in an electronic environment with automated system-generated information when

a. Sales orders are initiated using predetermined, automated decision rules.

b. Payables are based on many transactions and large in dollar amount.

c. Fixed asset transactions are few in number, but large in dollar amount.

d. Accounts receivable records are based on many transactions and are large in dollar amount.

c. Fixed asset transactions are few in number, but large in dollar amount.

In a highly automated information processing system tests of control

a. Must be performed in all circumstances.

b. May be required in some circumstances.

c. Are never required.

d. Are required in first year audits.

b. May be required in some circumstances.

Which of the following is least likely to be considered by an auditor considering engagement of an information technology (IT) specialist on an audit?

a. Complexity of client's systems and IT controls.

b. Requirements to assess going concern status.

c. Client's use of emerging technologies.

d. Extent of entity's participation in electronic commerce.

b. Requirements to assess going concern status.

Which of the following strategies would a CPA most likely consider in auditing an entity that processes most of its financial data only in electronic form, such as a paperless system?

a. Continuous monitoring and analysis of transaction processing with an embedded audit

module.

b. Increased reliance on internal control activities that emphasize the segregation of duties.

c. Verification of encrypted digital certificates used to monitor the authorization of transactions.

d. Extensive testing of firewall boundaries that restrict the recording of outside network traffic.

a. Continuous monitoring and analysis of transaction processing with an embedded audit

module.

Which of the following is not a major reason for maintaining an audit trail for a computer system?

a. Deterrent to fraud.

b. Monitoring purposes.

c. Analytical procedures.

d. Query answering.

c. Analytical procedures.

Computer systems are typically supported by a variety of utility software packages that are important to an auditor because they

a. May enable unauthorized changes to data files if not properly controlled.

b. Are very versatile programs that can be used on hardware of many manufacturers.

c. May be significant components of a client's application programs.

d. Are written specifically to enable auditors to extract and sort data.

a. May enable unauthorized changes to data files if not properly controlled.

An auditor would most likely be concerned with which of the following controls in a distributed data processing system?

a. Hardware controls.

b. Systems documentation controls.

c. Access controls.

d. Disaster recovery controls.

c. Access controls.

Which of the following types of evidence would an auditor most likely examine to determine whether internal control is operating as designed?

a. Gross margin information regarding the client's industry.

b. Confirmations of receivables verifying account balances.

c. Client records documenting the use of computer programs.

d. Anticipated results documented in budgets or forecasts.

c. Client records documenting the use of computer programs.

An auditor anticipates assessing control risk at a low level in a computerized environment. Under these circumstances, on which of the following activities would the auditor initially focus?

a. Programmed control activities.

b. Application control activities.

c. Output control activities.

d. General control activities.

d. General control activities.

After the preliminary phase of the review of a client's computer controls, an auditor may decide not to perform tests of controls related to the controls within the computer portion of the client's internal control. Which of the following would not be a valid reason for choosing to omit such tests?

a. The controls duplicate operative controls existing elsewhere in the structure.

b. There appear to be major weaknesses that would preclude reliance on the stated procedure.

c. The time and dollar costs of testing exceed the time and dollar savings in substantive testing if the tests of controls show the controls to be operative.

d. The controls appear adequate.

d. The controls appear adequate.

Auditing by testing the input and output of a computer system instead of the computer program itself will

a. Not detect program errors which do not show up in the output sampled.

b. Detect all program errors, regardless of the nature of the output.

c. Provide the auditor with the same type of evidence as tests of application controls.

d. Not provide the auditor with confidence in the results of the auditing procedures.

a. Not detect program errors which do not show up in the output sampled.

Which of the following client information technology (IT) systems generally can be audited without examining or directly testing the IT computer programs of the system?

a. A system that performs relatively uncomplicated processes and produces detailed output.

b. A system that affects a number of essential master files and produces a limited output.

c. A system that updates a few essential master files and produces no printed output other than final balances.

d. A system that performs relatively complicated processing and produces very little detailed output.

a. A system that performs relatively uncomplicated processes and produces detailed output.

An auditor who wishes to capture an entity's data as transactions are processed and continuously test the entity's computerized information system most likely would use which

of the following techniques?

a. Snapshot application.

b. Embedded audit module.

c. Integrated data check.

d. Test data generator.

b. Embedded audit module.

Which of the following computer-assisted auditing techniques processes client input data on a controlled program under the auditor's control to test controls in the computer system?

a. Test data.

b. Review of program logic.

c. Integrated test facility.

d. Parallel simulation.

d. Parallel simulation.

To obtain evidence that online access controls are properly functioning, an auditor most likely would

a. Create checkpoints at periodic intervals after live data processing to test for unauthorized use of the

system.

b. Examine the transaction log to discover whether any transactions were lost or entered twice due to a system malfunction.

c. Enter invalid identification numbers or passwords to ascertain whether the system rejects them.

d. Vouch a random sample of processed transactions to assure proper authorization.

c. Enter invalid identification numbers or passwords to ascertain whether the system rejects them.

An auditor most likely would introduce test data into a computerized payroll system to test controls related

to the

a. Existence of unclaimed payroll checks held by supervisors.

b. Early cashing of payroll checks by employees.

c. Discovery of invalid employee I.D. numbers.

d. Proper approval of overtime by supervisors.

c. Discovery of invalid employee I.D. numbers.

When an auditor tests a computerized accounting system, which of the following is true of the test data approach?

a. Several transactions of each type must be tested.

b. Test data are processed by the client's computer programs under the auditor's control.

c. Test data must consist of all possible valid and invalid conditions.

d. The program tested is different from the program used throughout the year by the client.

b. Test data are processed by the client's computer programs under the auditor's control.

Which of the following is not among the errors that an auditor might include in the test data when auditing a client's computer system?

a. Numeric characters in alphanumeric fields.

b. Authorized code.

c. Differences in description of units of measure.

d. Illogical entries in fields whose logic is tested by programmed consistency checks.

a. Numeric characters in alphanumeric fields.

Which of the following computer-assisted auditing techniques allows fictitious and real transactions to be processed together without client operating personnel being aware of the testing process?

a. Integrated test facility.

b. Input controls matrix.

c. Parallel simulation.

d. Data entry monitor.

a. Integrated test facility.

Which of the following methods of testing application controls utilizes a generalized audit software package prepared by the auditors?

a. Parallel simulation.

b. Integrated testing facility approach.

c. Test data approach.

d. Exception report tests.

a. Parallel simulation.

In creating lead schedules for an audit engagement, a CPA often uses automated workpaper software. What client information is needed to begin this process?

a. Interim financial information such as third quarter sales, net income, and inventory and receivables

balances.

b. Specialized journal information such as the invoice and purchase order numbers of the last few sales and purchases of the year.

c. General ledger information such as account numbers, prior year account balances, and current year unadjusted information.

d. Adjusting entry information such as deferrals and accruals, and reclassification journal entries.

c. General ledger information such as account numbers, prior year account balances, and current year unadjusted information.

Using laptop computers in auditing may affect the methods used to review the work of staff assistants because

a. The generally accepted auditing standards may differ.

b. Documenting the supervisory review may require assistance of consulting services personnel.

c. Supervisory personnel may not have an understanding of the capabilities and limitations

of laptops.

d. Working paper documentation may not contain readily observable details of calculations.

d. Working paper documentation may not contain readily observable details of calculations.

An auditor would least likely use computer software to

a. Access client data files.

b. Prepare spreadsheets.

c. Assess computer control risk.

d. Construct parallel simulations.

c. Assess computer control risk.

A primary advantage of using generalized audit software packages to audit the financial statements of a client that uses a computer system is that the auditor may

a. Access information stored on computer files while having a limited understanding of the client's

hardware and software features.

b. Consider increasing the use of substantive tests of transactions in place of analytical procedures.

c. Substantiate the accuracy of data through self-checking digits and hash totals.

d. Reduce the level of required tests of controls to a relatively small amount.

a. Access information stored on computer files while having a limited understanding of the client's

hardware and software features.

Auditors often make use of computer programs that perform routine processing functions such as sorting and merging. These programs are made available by electronic data processing companies and others and are specifically referred to as

a. Compiler programs.

b. Supervisory programs.

c. Utility programs.

d. User programs.

c. Utility programs.

Smith Corporation has numerous customers. A customer file is kept on disk storage. Each customer file contains name, address, credit limit, and account balance. The auditor wishes to test this file to determine whether credit limits are being exceeded. The best procedure for the auditor to follow would be to

a. Develop test data that would cause some account balances to exceed the credit limit and determine if the system properly detects such situations.

b. Develop a program to compare credit limits with account balances and print out the details of any account with a balance exceeding its credit limit.

c. Request a printout of all account balances so they can be manually checked against the credit limits.

d. Request a printout of a sample of account balances so they can be individually checked against the credit limits.

b. Develop a program to compare credit limits with account balances and print out the details of any account with a balance exceeding its credit limit.

An auditor most likely would test for the presence of unauthorized computer program changes by running a

a. Program with test data.

b. Check digit verification program.

c. Source code comparison program.

d. Program that computes control totals.

c. Source code comparison program.

An entity has the following invoices in a batch:

Invoice # Product Quantity Unit Price

201 F10 150 $5.00

202 G15 200 $10.00

203 H20 250 $25.00

204 K35 300 $30.00

Which of the following numbers represents the record count?

a. 1

b. 4

c. 810

d. 900

b. 4