CH7 AUDIT IN A COMPUTERIZED ENVIRONMENT
Studied by 0 people
Call with Kai
Learn
Practice Test
Spaced Repetition
Match
Flashcards
Knowt Play1/105
There's no tags or description
Looks like no tags are added yet.
Name | Mastery | Learn | Test | Matching | Spaced | Call with Kai |
|---|
No study sessions yet.
106 Terms
1. Which statement is incorrect when auditing in a CIS environment
a. A CIS environment exists when a computer of any type or size is involved in the processing by the entity of financial information of significance to the audit, whether that computer is operated by the entity or by a third party.
b. The auditor should consider how a CIS environment affects the audit.
c. The use of a computer changes the processing, storage, and communication of financial information and may affect the accounting and internal control systems employed by the entity.
d. A CIS environment changes the overall objective and scope of an audit.
d. A CIS environment changes the overall objective and scope of an audit.
2. An important characteristic of CIS is uniformity of processing. Therefore, a risk exists that:
a. Auditors will not be able to access data quickly.
b. Auditors will not be able to determine if data is processed consistently.
c. Erroneous processing can result in the accumulation of a great number of misstatements in a short period of time.
d. All of the above.
c. Erroneous processing can result in the accumulation of a great number of misstatements in a short period of time.
3. Which of the following is not a benefit of using IT based controls?
a. Ability to process large volumes of transactions:
b. Ability to replace manual controls with computer-bascd controls.
c. Reduction in misstatements due to consistent processing of transactions.
d. Over-reliance on computer generated reports.
d. Over-reliance on computer generated reports.
4. The characteristics that distinguish computer processing from manual processing include the following:
1) Computer processing uniformly subjects like transactions to the same instructions.
2) Computer systems always ensure that complete transaction trails useful for audit purposes are preserved for indefinite periods.
3) Computer processing virtually eliminates the occurrence of clerical errors normally associated with martual processing.
4) Control procedures as to segregation of functions may no longer be necessary in computer environment.
a. All of the above statements are true.
b. Only statements (2) and (4) are true.
c. Only statements (1) and (3) are true
d. All of the above statements are false.
c. Only statements (1) and (3) are true
5. Which of the following is not a risk specific to CIS environments?
a. Reliance on the functioning capabilities of hardware and software
b. Increased human involvement
c. Loss of data due to insufficient backup
d. Unauthorized access
b. Increased human involvement
6. Which of the following is not a risk in a computerized information system (CIS)?
a. Need for CIS experienced staff
b. Separation of CIS duties from accounting functions
c. Improved audit trail
d. Hardware and data vulnerability
c. Improved audit trail
7. Which of the following statements is not correct?
a. The overall objective and scope of an audit do not change in a CIS environment.
b. When computers or CIS are introduced, the basic concept of evidence accumulation remains the same.
c. Most CIS rely extensively on the same type of procedures for control that are used in manual processing system.
d. The specific methods appropriate for implementing the basic auditing concepts do not change, as systems become more complex.
d. The specific methods appropriate for implementing the basic auditing concepts do not change, as systems become more complex.
8. The use of CIS will least likely affect the
a. The procedures followed by the auditor in obtaining a sufficient understanding of the accounting and internal control systems.
b. The auditor's specific audit objectives.
c. The consideration of inherent risk and control risk through which the auditor arrives at the risk assessment.The auditor's design and performance of tests of control and substantive procedures appropriate to meet the audit objective.
d. The auditor's designa and performance of tests of control and substantive procedures appropriate to meet the audit objective.
b. The auditor's specific audit objectives.
9. Which of the following is unique to CIS?
a. Error listing
b. Flowchart
c. Questionnaires
d. Pre-numbered documents
a. Error listing
10. CIS has several significant effects on an organization. Which of the folowing would not be important from an auditing perspective?
a. organizational changes
b. the visibility of information
c. the potential for material misstatement
d. None of the above; ie., they are all important.
d. None of the above; ie., they are all important.
11. Where computer processing is used in significant accounting applications, internal control procedures may be defined by classifying control procedures in two types: general and
a. Administrative
b. Specific
c. Application
d. Authorization
c. Application
12. A control which relates to all parts of the CIS is called a(n)
a. Systems control
b. General control
c. Applications control
d. Universal control
b. General control
13. Controls which apply to a specific use of the system are called
a. Systems controls
b. General controls.
c. Applications controls.
d. User controls.
c. Applications controls.
14. Some CIS control procedures relate to all CIS activities (general controls) and some relate to specific tasks (application controls).General controls include
a. Controls designed to ascertain that all data submitted to CIS for processing have been properly authorized.
b. Controls that relate to the correction and resubmission of data that were initially incorrect.
c. Controls for documenting and approving programs and changes to programs.
d. Controls designed to assure the accuracy of the processing results.
c. Controls for documenting and approving programs and changes to programs.
15. Which of the following statements is correct?
a. Auditors should evaluate application controls before evaluating general controls.
b. Auditors should evaluate application controls and general controls simultaneously.
c. Auditors should evaluate general controls before evaluating application controls.
d. None of these statements is correct.
c. Auditors should evaluate general controls before evaluating application controls.
16. Which of the following is a component of general controls?
a. Processing controls
b. Output controls
c. Back-up and contingency planning
d. Input controls
c. Back-up and contingency planning
17. Which of the following is least likely to be a general control over computer activities?
a. Procedures for developing new programs and systems.
b. Requirements for system documentation.
c. An access control.
d. A control total.
d. A control total.
18. Which of the following is an example of general control?
a. Input validation checks.
b. Control total.
c. Operations manual.
d. Generalized audit software
c. Operations manual.
19. Which of the following is not a general control?
a. The plan of organization and operation of CIS activity.
b. Procedures for documenting, reviewing, and approving systems and programs.
c. Processing controls.
d. Hardware controls.
c. Processing controls.
20. Which of the following activities would most likely be performed in the CIS department?
a. Initiation of changes to master records
b. Conversion of information to machine-readable form.
c. Correction of transactional errors.
d. Initiation of changes to existing applications.
b. Conversion of information to machine-readable form.
21. Which of the following IT duties should be separated from the others?
a. Systems development
b. Operations
c. IT management
d. All of the above should be separated
d. All of the above should be separated
22. For control purposes, which of the following should be organizationally segregated from the computer operations functions?
a. Data conversion
b. Systems development
c. Minor maintenance according to a schedule
d. Processing of data
b. Systems development
23. Which of the following computer related employees should not be allowed access to program listings of application programs?
a. The systems analyst.
b. The programmer.
c. The operator.
d. The librarian.
c. The operator.
24. Which of the following statements about general controls is not correct?
a. Backup and disaster recover plans should identify alternative hardware to process company data.
b. Successful IT development efforts require the involvement of IT and non-IT personnel.
c. The chief information officer should report to senior management. and the board.
d. Programmers should have access to computer operations to aid users in resolving problems.
d. Programmers should have access to computer operations to aid users in resolving problems.
25. Where computers are used, the effectiveness of internal control depends, in part, upon whether the organizational structure includes any incompatible combinations. Such a combination would exist when there is no separation of the duties between.
a. Documentation librarian and manager of programming
b. Programming and computer operator
c. Systems analyst and programmer
d. Processing control clerk and keypunch supervisor
c. Systems analyst and programmer
26. Which of the following is a general control that would most likely assist an entity whose system analyst left the entity in the middle of a major project?
a. Grandfather-father-son record retention.
b. Data encryption
c. Systems documentation.
d. Check digit verification.
c. Systems documentation.
27. Internal control is ineffective when computer department personnel
a. Participate in computer software acquisition decision.
b. Design documentation for computerized systems.
c. Originate changes in master files.
d. Provide physical security for program files.
c. Originate changes in master files.
28. An example of an access control is a:
a. Check digit.
b. Password.
c. Test facility.
d. Read only memory.
b. Password.
29. Access control in an on-line CIS can best be provided in most circumstancesby
a. An adequate librarianship function controlling access to files.
b. A label affixed to the outside of a file medium holder that identifies the contents.
c. Batch processing of all input through a centralized, well-guarded facility.
d. User and terminal identification controls, such as passwords.
d. User and terminal identification controls, such as passwords.
30. Controls which are built in by the manufacturer to detect equipment failure are called:
a. Input controls.
b. Data integrity controls.
c. Hardware controls.
d. Manufacturer's controls.
c. Hardware controls.
31. In a CIS environment, automated equipment controls or hardware controls are designed to:
a. Correct errors in the computer programs.
b. Monitor and detect errors in source documents.
c. Detect and control errors arising from the use of equipment.
d. Arrange data in a logical sequential manner for processing purposes.
c. Detect and control errors arising from the use of equipment.
32. To determine that user ID and password controls are functioning, an auditor would most likely:
a. Test the system by attempting to sign on using invalid user identifications and passwords.
b. Write a computer program that simulates the logic of the client's access control software.
c. Extract a random sample of processed transactions and ensure that the transactions were appropriately authorized.
d. Examine statements signed by employees stating that they have not divulged their user identifications and passwords to any other person.
a. Test the system by attempting to sign on using invalid user identifications and passwords.
33. Adequate control over access to data processing is required to
a. Deter improper use or manipulation of data files and programs.
b. Ensure that only console operators have access to program documentation.
c. Minimize the need for backup data files.
d. Ensure that hardware controls are operating effectively and as designed by the computer manufacturer.
a. Deter improper use or manipulation of data files and programs.
34. The management of ZNVS Co. suspects that someone is tampering with pay rates by entering changes through the Co.'s remote terminals located in the factory. The method ZNVS Co. should implement to protect the system from these unauthorized alterations to the system's files is
a. Batch totals
b. Checkpoint recovery
c. Passwords
d. Record count
c. Passwords
35. Passwords for microcomputer software programs are designed to prevent:
a. Inaccurate processing of data.
b. Unauthorized access to the computer.
c. Incomplete updating of data files.
d. Unauthorized use of the software.
d. Unauthorized use of the software.
36. The possibility of losing a large amount of information stored in computer. files most likely would be reduced by the use of
a. Back-up files
b. Check digits
c. Completeness tests
d. Conversion verification.
a. Back-up files
37. Which of the following controls most likely would assure that an entity can reconstruct its financial records?
a. Hardware controls are built into the computer by the computer manufacturer.
b. Backup diskettes or tapes of files are stored away from originals.
c. Personnel who are independent of data input perform parallel simulations.
d. System flowcharts provide accurate descriptions of input and output operations.
b. Backup diskettes or tapes of files are stored away from originals.
38. Unauthorized alteration of on-line records can be prevented by employing:
a. Key verification.
b. Computer sequence checks
c. Computer matching
d. Data base access controls
d. Data base access controls
39. XYZ Company updates its accounts receivable master file weekly and retains the master files and corresponding update transactions for the most recent 2-week period. The purpose of this practice is to
a. Verify run-to-run control totals for receivables.
b. Match internal labels to avoid writing on the wrong volume.
c. Permit reconstruction of the master file if needed.
d. Validate groups of update transactions for each
c. Permit reconstruction of the master file if needed.
40. Which of the following is not a general control?
a. Separation of duties
b. Systems development.
c. Output controls
d. Hardware controls
c. Output controls
41. General controls include all of the following except:
a. Systems development.
b. Online security.
c. Check digit
d. Hardware controls.
c. Check digit
42. Which of the following is not a general control?
a. Computer performed validation tests of input accuracy
b. Equipment failure causes error messages on monitor
c. Separation of duties between programmer and operators
d. Adequate program run instructions for operating the computer
a. Computer performed validation tests of input accuracy
43. Controls which are designed to assure that the information processed by the computer is authorized, complete, and accurate are called
a. Input controls
b. Output controls
c. Processing controls
d. General controls
a. Input controls
44. Which of the following statements related to application controls is correct?
a. Application controls relate to various aspects of the CIS operation including software acquisition and the processing of transactions.
b. Application controls relate to various aspects of the CIS operation including physical security and the processing of transactions in various cycles.
c. Application controls relate to all aspects of the CIS operation.
d. Application controls relate to the processing of individual transactions.
d. Application controls relate to the processing of individual transactions.
45. Which of the following is not an example of an applications control?
a. Back-up of data to a remote site for data security.
b. There is a preprocessing authorization of the sales transactions.
c. There are reasonableness tests for the unit selling price of a sale.
d. After processing, all sales transactions are reviewed by the sales department.
a. Back-up of data to a remote site for data security.
46. Which of the following is not an example of an application control?
a. An equipment failure causes an error message on the monitor.
b. There is a preprocessing authorization of the sales transactions.
c. There are reasonableness tests for the unit-selling price of a sale.
d. After processing, all sales transactions are reviewed by the sales department.
a. An equipment failure causes an error message on the monitor.
47. Which of the following statements related to application controls is correct?
a. Application controls relate to various aspects of the IT function including software acquisition and the processing of transactions.
b. Application controls relate to various aspects of the IT function including physical security and the processing of transactions in various cycles.
c. Application controls relate to all aspects of the IT function.
d. Application controls relate to the processing of individual transactions.
d. Application controls relate to the processing of individual transactions.
48. Which of the following is not a processing control?
a. Control risk
b. Reasonable test
c. Check digits
d. Control total
a. Control risk
49. When CIS programs or files can be accessed from terminals, users should be required to enter a(n)
a. Parity check.
b. Personal identification code.
c. Self-diagnosis test.
d. Echo check.
b. Personal identification code.
50. Which of the following is an example of a check digit?
a. An agreement of the total number of employees to the total number of checks printed by the computer.
b. An algebraically determined number produced by the other digits of the employee number.
c. A logic test that ensures all employee numbers are nine digits.
d. A limit check that an employee's hours do not exceed 50 hours per work week.
b. An algebraically determined number produced by the other digits of the employee number.
51. Controls which are designed to assure that the data that will be processed by the computer is authorized, complete, and accurate are called:
a. Input controls.
b. Processing controls.
c. Output controls.
d. General controls.
a. Input controls.
52. The completeness of computer-generated sales figures can be tested by comparing the number of items listed on the daily sales report with the number of items billed on the actual invoices. This process uses
a. Check digits
b. Validity tests.
c. Control totals.
d. Process tracing data.
c. Control totals.
53. A company's labor distribution report requires extensive cotrections each month because of labor hours charged to inactive jobs. Which of the following data processing input controls appears to be missing?
a. Completeness test.
b. Validity test.
c. Limit test.
d. Control total.
d. Control total.
54. When an on-line, real-time (OLRT) system is in use, control over input data can be strengthened by
a. Providing for the separation of duties between key punching and error listing operations.
b. Attaching plastic file protection rings to reels of magnetic tape before new data can be entered on the file.
c. Preparing batch totals to provide assurance that file updates are made for the entire input.
d. Making a validity check of an identification number before a user can obtain access to the computer files.
d. Making a validity check of an identification number before a user can obtain access to the computer files.
55. A company uses the account code 669 for maintenance expense. However, one of the company clerks often codes maintenance expense as 996. The highest account code in the system is 750. What would be the best internal control check to build into the company's computer program to detect this error?
a. A check for this type of error would have to be made before the information was transmitted to the IT department.
b. Batch total.
c. Sequence check
d. Valid-code test.
d. Valid-code test.
56. Which of the following is not an application control?
a. Preprocessing authorization of sales transactions
b. Reasonableness test for unit selling price of sale.
c. Post-processing review of sales transactions by the sales department.
d. Separation of duties between computer programmer and operators.
d. Separation of duties between computer programmer and operators.
57. Which of the following is correct?
a. Check digits should be used for all data codes.
b. Check digits are always placed at the end of a data code.
c. Check digits do not affect processing efficiency.
d. Check digits are designed to detect transcription errors.
d. Check digits are designed to detect transcription errors.
58. A clerk inadvertently entered an account number 12368 rather than account number 12638. In processing this transaction, the error would be detected with which of the following controls?
a. Batch total
b. Key verifying
c. Self-checking digit
d. An internal consistency check
c. Self-checking digit
59. Totals of amounts in computer-record data fields, which are NOT usually added but are used only for data processing control purposes are called.
a. Records totals
b. Hash totals
c. Processing data totals
d. Field totals.
b. Hash totals
60. If a control total were to be computed on each of the following data items, which would best be identified as a hash total for a payroll CIS application?
a. Net pay.
b. Hours worked.
c. Department numbers.
d. Total debits and total credits.
c. Department numbers.
61. In updating a computerized accounts receivable file, which one of the following would be used as a batch control to verify the accuracy of the posting of cash receipts remittances?
a. The sum of the cash deposits plus the discounts less the sales returns.
b. The sum of the cash deposits.
c. The sum of the cash deposits less the discounts taken by customers.
d. The sum of the cash deposits plus the discounts taken by customers.
c. The sum of the cash deposits less the discounts taken by customers.
62. Which statement is NOT correct? The goal of batch controls is to ensure that during processing
a. Transactions are not omitted.
b. Transactions are processed more than once.
c. Transactions are not added
d. An audit trail is created.
b. Transactions are processed more than once.
63. An example of a hash total Is
a. Total payroll checks - P12,315.
b. Total number of employees - 10.
c. Sum of the social security numbers - 12,555,437,251.
d. None of the above.
c. Sum of the social security numbers - 12,555,437,251.
64. The employee entered "40" in the "hours worked per day" field. Which check would detect this unintentional error?
a. Numeric/alphabetic check
b. Limit check
c. Sign check
d. Missing data check
b. Limit check
65. Output controls are not designed to assure that information generated by the computer are:
a. Accurate.
b. Distributed only to authorized people.
c. Complete.
d. Used appropriately by management.
d. Used appropriately by management.
66. Output controls necd to be designed for which of the following data integrity objectives?
a. Detecting errors after the processing is completed
b. Preventing ettors before the processing is completed
c. Detecting errors in the general ledger adjustment process
d. Preventing errors in separation of duties for CIS personnel
a. Detecting errors after the processing is completed
67. An unauthorized employee took computer printouts from output bins accessible to all employees. A control which would have prevented this occurrence is
a. A storage/retention control.
b. An output review control.
c. A spooler file control.
d. A report distribution control.
d. A report distribution control.
68. The most important output control is
a. Distribution control, which assures that only authorized personnel receive the reports generated by the system.
b. Review of the data for reasonableness by someone who knows what the output should look like.
c. Control totals, which are used to verify that the computer's results are correct.
d. Logic tests, which verify that no mistakes were made in processing.
b. Review of the data for reasonableness by someone who knows what the output should look like.
69. Which of the following is not an application control?
a. Processing controls
b. Hardware controls
c. Output control
d. Input controls
b. Hardware controls
70. Which of the following is likely to be of least importance to an auditor in considering the internal control in a company with computer processing?
a. The segregation of duties within the computer center.
b. The control over source documents.
c. The documentation maintained for accounting applications.
d. The cost/benefit of data processing operations.
d. The cost/benefit of data processing operations.
71. Controls over output are not designed to assure that data generated by the computer are
a. Accurate
b. Distributed only to authorized people
c. Complete
d. Relevant
d. Relevant
72. Most auditors evaluate application and general contiols in what manner?
a. Most auditors evaluate application and general controls simultaneously.
b. Most auditors evaluate the effectiveness of general controls before evaluating application controls.
c. Most auditors evaluate the effectiveness of application controls before evaluating general controls.
d. Most auditors evaluate application and general controls only if they do not intend to rely on systems controls
b. Most auditors evaluate the effectiveness of general controls before evaluating application controls.
73. In their consideration of a client's CIS controls, the auditors will encounter general controls and application controls. Which of the following is an application control?
a. The operations manual.
b. Hash total.
c. Systems documentation.
d. Control over program changes.
b. Hash total.
74. Which of the following is not a general control?
a. Reasonableness test for unit selling price of a sale.
b. Equipment failure causes error messages on monitor.
c. Separation of duties between programmer and operators.
d. Adequate program run instructions for operating the computer.
a. Reasonableness test for unit selling price of a sale.
75. It involves pplication of audiing procedures using the computer as an audirtool. This includes computer programs and data the auditor uses as part of the audit procedures to process data of audit significance contained in an entity's information systems.
a. Test data approach
b. Computer assisted audit technique
c. Generalized audit software
d. Auditing around the computer
b. Computer assisted audit technique
76. The process of assessing control risk considering only non IT controls is known as?
a. Integrated test facility
b. The test data approach.
c. Auditing around the computer.
d. Generalized audit software.
c. Auditing around the computer.
77. When auditing "around" the computer, the independent auditor focuses solely upon the source documents and
a. Test data
b. CIS processing
c. Compliance techniques
d. CIS output
d. CIS output
78. Which of the following CIS generally can be audited without examining or directly testing the computer programs of the system?
a. A system that performs relatively uncomplicated processes and produces detail output
b. A system that affects a number of essential master files and produces no a limited output c. A system that updates a few essential master files and produces no printed output other than final balances
d. A system that uses an on-line real-time processing feature.
a. A system that performs relatively uncomplicated processes and produces detail output
79. When the client uses a computer but the auditor chooses to use only the non-IT segment of internal control to assess control risk, it is referred to as auditing around the computer. Which one of the following conditions need not be present in order to audit around the computer?
a. Computer programs must be available in English
b. The source documents must be available in a non-machine language.
c. The documents must be filed in a manner that makes it possible to locate them.
d. The output must be listed in sufficient detail to enable the auditor to trace individual transactions
a. Computer programs must be available in English
80. Which of the following is not a characteristic of a batch-processed computersystem?
a. The production of numerous printouts.
b. Keypunching of transactions, followed by machine processing.
c. The posting of a transaction, as it occurs, to several files, without intermediate printouts.
d. The collection of like transactions that are sorted and processed sequentially against a master file.
c. The posting of a transaction, as it occurs, to several files, without intermediate printouts.
81. Which of the following procedures is an example of auditing "around" the computer?
a. The auditor traces adding machine tapes of sales order batch totals to a computer printout of the sales journal.
b. The auditor develops a set of hypothetiçal sales transactions and, using the client's computer program, enters the transactions into the system and observes the processing flow.
c. The auditor enters hypothetical transactions into the client's processing system during client processing of live" data.
d. The auditor observes client personnel as they process the biweekly payroll. The auditor is primarily concerned with computer rejection of data that fails to meet reasonableness limits.
a. The auditor traces adding machine tapes of sales order batch totals to a computer printout of the sales journal.
82. A disadvantage of auditing around the computer is that it
a. Permits no direct assessment of actual processing.
b. Requires highly skilled auditors.
c. Demands intensive use of machine resources. d. Interacts actively with auditee applications.
a. Permits no direct assessment of actual processing.
83. Auditing by testing the input and output of an IT system instead of computer program itself will
a. Not detect program errors which do not show up in the output sampled.
b. Detect all program errors, regardless of the nature of the output
c. Provide the auditor with the same type of evidence.
d. Not provide the auditor with confidence in the results of the auditing procedures.
a. Not detect program errors which do not show up in the output sampled.
84. Which of the following is NOT a common type of white box approach?
a. Test data
b. Auditing around the computer
c. Integrated test facility
d. Parallel simulation
b. Auditing around the computer
85. Compliance testing of an advanced CIS
a. Can be performed using only actual transactions since testing of simulated transactions is of no consequence
b. Can be performed using actual transactions or simulated transactions
c. Is impractical since many procedures within the CIS activity leave no visible evidence of having been performed
d. Is inadvisable because it may distort the evidence in master files
b. Can be performed using actual transactions or simulated transactions
86. Which of the following best describes the test data approach?
a. Auditors process their own test data using the clients computer system and application program
b. Auditors process their own test data using their own computers that simulate the client's computer system
c. Auditors use auditor-controlled software to do the same operations that the client's software does, using the same data files
d. Auditors use client-controlled software to do the same operations that the client's software does, using auditor created data files
a. Auditors process their own test data using the clients computer system and application program
87. When auditing a computerized system, an auditor may use the test data approach as an audit tool. This technique.
a. Is more applicable to independent audits than internal audits.
b. Involves introducing simulated transactions into the client's actual application programs. c. Is a commonly used audit technique for auditing around the computer.
d. Should not involve the actual application programs the client uses throughout the year, since use of the actual programs would contaminate the client's accounting data.
b. Involves introducing simulated transactions into the client's actual application programs.
88. Creating simulated transactions that are processed through a system to generate results that are compared with predetermined results, is an auditing procedure referred to as
a. Program checking
b. Use of test data.
c. Completing outstanding jobs.
d. Parallel simulation.
b. Use of test data.
89. An auditor estimates that 10,000 checks were issued during the accounting period. If a computer application control which performs a limit check for each check request is to be subjected to the auditor's test data approach, the sample should include
a. Approximately 1,000 test items
b. A number of test items determined by the auditor to be sufficient under the circumstances
c. A number of test items determined by the auditor's reference to the appropriate sampling tables
d. One transaction
d. One transaction
90. An integrated test facility (IT) would be appropriate when the auditor needs to
a. Trace a complex logic path through an application system.
b. Verify processing accuracy concurrently with processing.
c. Monitor transactions in an application system continuously.
d. Verify load module integrity for production programs.
b. Verify processing accuracy concurrently with processing.
91. The auditor's objective to determine whether the client's computer programs can correctly handle valid and invalid transactions as they arise is accomplished through the
a. Test data approach.
b. Generalized audit software approach.
c. Microcomputer-aided auditing approach.
d. Generally accepted auditing standards.
a. Test data approach.
92. When an auditor tests a computerized accounting system, which of the following is true of the test data approach?
a. Several transactions of each type must be tested
b. Test data must consist of all possible valid and invalid conditions
c. The program tested is different from the program used throughout the year by the client
d. Test data should include data that the clients system should accept or reject
d. Test data should include data that the clients system should accept or reject
93. Which of the following statements is not true to the test data approach when testing a computerized accounting system?
a. The test needs to consist of only those valid and invalid conditions which interest the auditor
b. Only one transaction of each type need be tested
c. The test data must cousist of all possible valid and invalid conditions
d. Test data are processed by the client's computed programs under the auditor's control
c. The test data must cousist of all possible valid and invalid conditions
94. In auditing through a computer, the test data method is used by auditors to test the
a. Accuracy of input data.
b. Validity of the output.
c. Procedures contained within the program.
d. Normalcy of distribution of test data.
c. Procedures contained within the program.
95. An auditor who is testing IT controls in a payroll system would most likely use test data that contain conditions such as
a. Time tickets with invalid job numbers
b. Overtime not approved by supervisors
c. Deductions not authorized by employees
d. Payroll checks with authorized signatures
a. Time tickets with invalid job numbers
96. Which of the following computer-assisted auditing techniques allows fictitious and real transactions to be processed together without client ocrating personnel being aware of the testing process?
a. Parallel simulation.
b. Generalized audit software programming.
c. Integrated test facility.
d. Test data approach.
c. Integrated test facility.
97. A primary reason auditors are reluctant to use an ITF is that it requires them to
a. Reserve specific master file records and process them at regular intervals
b. Collect transaction and master file records in a separate file
c. Notify user personnel so they can make manual adjustments to output
d. Identify and reverse the fictitious entries to avoid contamination of the master file
d. Identify and reverse the fictitious entries to avoid contamination of the master file
98. Which of the following is a disadvantage of the integrated test facility approach?
a. In establishing fictitious entities, the auditor may be compromising audit independence.
b. Removing the fictitious transactions from the system is somewhat difficult and, if not done carefully, may contaminate the client's
c. ITF is simply an automated version of auditing "around" the computer.
d. The auditor may not always have a current copy of the authorized version of the client's program.
b. Removing the fictitious transactions from the system is somewhat difficult and, if not done carefully, may contaminate the client's
99. The audit approach in which the auditor runs his/her own program on a controlled basis in order to verify the client's data recorded in a machine language is
a. The test data approach.
b. The generalized audit software approach. c. The microcomputer-aided auditing approach.
d. Called auditing around the computer.
b. The generalized audit software approach.
100. Brandy Corporation has numerous customers. A customer file is kept on disk storage. Each account in the customer file contains name, address, credit limit, and account balance. The auditor wishes to test this file to determine whether credit limits are being exceeded. The best procedure for the auditor to follow would be to:
a. Develop test data that would cause some account balance to exceed the credit limit and determine if the system properly detects such situations.
b. Develop a program to compare credit limits with account balances and print out the details of any account with a balance exceeding its credit limit.
c. Require a printout of all account balances so they can be manually checked against the credit limits.
d. Request a printout of a sample of account balances so they can be individually checked against the credit limits.
b. Develop a program to compare credit limits with account balances and print out the details of any account with a balance exceeding its credit limit.