AIS-Chapter 11
The __________ audit examines the reliability and integrity of accounting records. a) financial b) informational c) information systems d) operational
) financial
1.Auditing involves the A.collection, review, and documentation of audit evidence. B.planning and verification of economic events. C.collection of audit evidence and approval of economic events. D.testing, documentation, and certification of audit evidence.
A.collection, review, and documentation of audit evidence.
1. The ________ audit reviews the general and application controls of an AIS to assess its compliance with internal control policies and procedures and its effectiveness in safeguarding assets. A.financial B.information systems C.management D.internal control
B.information systems
The ________ audit examines the reliability and integrity of accounting records.
Financial
. Regarding program modifications, which statement below is incorrect? a) Only material program changes should be thoroughly tested and documented. b) When a program change is submitted for approval, a list of all required updates should be compiled and then approved by management and program users. c) During the change process, the developmental version of the program must be kept separate from the production version. d) After the amended program has received final approval, the change is implemented by replacing the production version with the developmental version.
a) Only material program changes should be thoroughly tested and documented
The risk-based audit approach is a) a four-step approach to internal control evaluation. b) a four-step approach to financial statement review and recommendations. c) a three-step approach to internal control evaluation. d) a three-step approach to financial statement review and recommendations.
a) a four-step approach to internal control evaluation
When it is suspected that a particular application program contains unauthorized code or serious errors, a detailed analysis of the program logic may be necessary. The auditor has several types of software packages available to help in analyzing program logic. A program which identifies unexecuted program code is a) a mapping program. b) an audit log. c) a scanning routine. d) program tracing
a) a mapping program.
. To document the review of source data controls, an auditor may use a) an input control matrix. b) test data processing. c) computer audit software. d) analysis of program logic.
a) an input control matrix.
. The purpose of __________ is to determine why, how, when, and who will perform the audit. a) audit planning b) the collection of audit evidence c) the communication of audit results d) the evaluation of audit evidence
a) audit planning
. With which stage in the auditing process are the consideration of risk factors and materiality most associated? a) audit planning b) collection of audit evidence c) communication of audit results d) evaluation of audit evidence
a) audit planning
The scope of a(n) __________ audit encompasses all aspects of information systems management. a) operational b) information systems c) financial d) internal control
a) operational
The __________ to auditing provides auditors with a clear understanding of possible errors and irregularities and the related risks and exposures. a) risk-based approach b) risk-adjusted approach c) financial audit approach d) information systems approach
a) risk-based approach
The auditor has various software programs available to help in the audit effort. A program that, based on auditor specifications, generates programs that perform certain audit functions is referred to a(n) a) input controls matrix. b) CAS. c) VAN. d) mapping program.
b) CAS.
Determining whether the necessary control procedures are in place is accomplished by conducting a) a systems overhaul. b) a systems review. c) tests of controls. d) none of the above
b) a systems review.
Auditors have several techniques available to them to test computer-processing controls. An audit routine that flags suspicious transactions is known as a) SCARF. b) an audit hook. c) an audit sinker. d) the snapshot technique.
b) an audit hook.
. Practically all audits follow a similar sequence of activities that can be divided into four stages. Organizing the audit team and the physical examination of assets are components of which two separate audit stages? a) audit planning; evaluation of audit evidence b) audit planning; collection of audit evidence c) collection of audit evidence; communication of audit results d) audit planning only
b) audit planning; collection of audit evidence
During all stages of the audit, findings and conclusions are documented in a) audit trails. b) audit working papers. c) audit reports. d) audit objectives.
b) audit working papers.
The __________ part of the auditing process involves (among other things) the auditors observing the operating activities and having discussion with employees. a) audit planning b) collection of audit evidence c) communication of audit results d) evaluation of audit evidence
b) collection of audit evidence
. Much of the effort spent in an audit entails the collection of evidence. Verifying the accuracy of certain information, often through communication with certain third parties, is known in the language of the auditor as a) reperformance. b) confirmation. c) substantiation. d) documentation.
b) confirmation
. The use of a secure file library and restrictions on physical access to data files is a control procedure used in conjunction with a) computer processing controls. b) data files. c) program modification procedures. d) program development.
b) data files.
The possibility that a material error will occur even though auditors are following audit procedures and using good judgment is referred to as a) control risk. b) detection risk. c) inherent risk. d) investigating risk.
b) detection risk.
In the __________ stage of an operational audit, the auditor measures the actual system against an ideal standard. a) evidence collection b) evidence evaluation c) testing d) internal control
b) evidence evaluation
The three different types of audits commonly performed today are a) internal, external, defense contracting. b) financial, operational, information systems. c) financial, operational, management. d) internal, external, public.
b) financial, operational, information systems.
The __________ audit reviews the general and application controls of an AIS to assess its compliance with internal control policies and procedures and its effectiveness in safeguarding assets.
b) information systems
Evaluating effectiveness, efficiency, and goal achievement are objectives of __________ audits. a) financial b) operational c) information systems d) all of the above
b) operational
Strong __________ controls sometimes can compensate for inadequate __________ controls. a) development; processing b) processing; development c) operational; internal d) internal; operational
b) processing; development
The evidence collection method that is used to gather data about the system is a) reperformance. b) questionnaires. c) valuation. d) none of the above
b) questionnaires.
When the auditor wants to read data in different formats and convert it into a single common format, the __________ function of a generalized audit software package is used. a) data selection b) reformatting c) file processing d) statistics
b) reformatting
The __________ procedure for auditing computer process controls uses a hypothetical series of valid and invalid transactions. a) concurrent audit techniques b) test data processing c) integrated test facility d) dual process
b) test data processing
An audit should be planned so that the greatest amount of audit work focuses on the areas with the highest risk factors. Regarding risk factors, control risk is defined as a) the susceptibility to material risk in the absence of controls. b) the risk that a material misstatement will get through the internal control structure and into the financial statements. c) the risk that auditors and their audit procedures will not detect a material error or misstatement. d) the risk auditors will not be given the appropriate documents and records by management who wants to control audit activities and procedures.
b) the risk that a material misstatement will get through the internal control structure and into the financial statements.
What is the primary purpose of computer audit software? a) to free the auditor from the attest phase of the audit b) to assist the auditor in reviewing and retrieving information in computer files c) to look for unauthorized modifications and changes to system program code d) to assist the auditor in reviewing and retrieving information in accounting records and systems documentation
b) to assist the auditor in reviewing and retrieving information in computer files
What is the purpose of an AIS audit? a) to determine the inherent risk factors found in the system b) to review and evaluate the internal controls that protects the system c) to examine the reliability and integrity of accounting records d) to examine whether resources have been used in an economical and efficient manner in keeping with organization goals and objectives
b) to review and evaluate the internal controls that protects the system
The evidence collection method that examines all supporting documents to determine the validity of a transaction is called a) review of documentation. b) vouching. c) physical examination. d) analytical review.
b) vouching
The American Accounting Association has formulated a general definition of auditing. What is not a characteristic of this general definition? a) Auditing is a systematic process. b) Auditors are responsible for objectively obtaining and evaluating evidence regarding assertions about economic actions and events. c) Auditors are responsible for financial management and the investment of corporate assets. d) Auditors are responsible for communicating the results of audits to interested users.
c) Auditors are responsible for financial management and the investment of corporate assets.
One way to document the review of source data controls is to use a) a flowchart generator program. b) a mapping program. c) an input control matrix. d) a program algorithm matrix.
c) an input control matrix.
The type of audit in which the primary responsibility of the auditors is the management of the organization is a) an external audit. b) a governmental audit. c) an internal audit. d) a public audits.
c) an internal audit.
How would auditors determine if unauthorized program changes have been made? a) by interviewing and making inquiries of the programming staff b) by examining the systems design and programming documentation c) by using a source code comparison program d) by interviewing and making inquiries of recently terminated programming staff
c) by using a source code comparison program
The auditor uses __________ to continuously monitor the system and collect audit evidence while live data are processed. a) test data processing b) parallel simulation c) concurrent audit techniques d) analysis of program logic
c) concurrent audit techniques
Which of the following is the first step in the risk-based audit approach? a) identify the control procedures that should be in place b) evaluate the control procedures c) determine the threats facing the AIS d) evaluate weaknesses to determine their effect on the audit procedures
c) determine the threats facing the AIS
One way an auditor gauges how much audit work and testing needs to be performed is through evaluating materiality and seeking reasonable assurance about the nature of the information or process. What is key to determining materiality during an audit? a) determining if material errors exist in the information or processes undergoing audit b) the testing of records, account balances, and procedures on a sample basis c) determining what is and is not important given a set of circumstances is primarily a matter of judgment d) none of the above
c) determining what is and is not important given a set of circumstances is primarily a matter of judgment
. Assessing the quality of internal controls, the reliability of information, and operating performance are all part of which stage of the auditing process? a) audit planning b) collection of audit evidence c) evaluation of audit evidence d) communication of audit results
c) evaluation of audit evidence
9. There are different types of internal audit work. Which type of work listed below is not typical of internal auditors? a) operational and management audits b) information system audits c) financial statement audit d) financial audit of accounting records
c) financial statement audit
A system that employs various types of advanced technology has more __________ risk than traditional batch processing. a) control b) detection c) inherent d) investing
c) inherent
Which auditing technique will not assist in determining if unauthorized programming changes have been made? a) use of a source code comparison program b) use of the reprocessing technique to compare program output c) interviewing and making inquiries of the programming staff d) use of parallel simulation to compare program output
c) interviewing and making inquiries of the programming staff
. An auditor must be willing to accept some degree of risk that the audit conclusion is incorrect. Accordingly, the auditor's objective is to seek __________ that no material error exists in the information audited. a) absolute reliability b) reasonable evidence c) reasonable assurance d) reasonable objectivity
c) reasonable assurance
The auditor's role in systems development should be a) an advisor and developer of internal control specifications. b) a developer of internal controls. c) that of an independent reviewer only. d) A and B above
c) that of an independent reviewer only.
Consideration of risk factors and materiality is most associated with which audit stage? a.collection of audit evidence b.communication of audit results c.audit planning d.evaluation of audit evidence
c.audit planning
The purpose of an internal audit is a) to evaluate the adequacy and effectiveness of company's internal controls. b) to determine the extent to which assigned responsibilities are actually carried out. c) to collect evidence on whether the company is continuing as a going concern. d) A and B only
d) A and B only
. There are six objectives of an AIS audit. The objective that pertains to source data being processed into some form of output is a) Objective 1: overall security. b) Objective 2: program development. c) Objective 3: program modifications. d) Objective 4: processing.
d) Objective 4: processing.
The evidence collection method that considers the relationship and trends among information to detect items that should be investigated further is called a) review of the documentation. b) vouching. c) physical examination. d) analytical review.
d) analytical review.
. Using the risk-based auditing approach, when the auditor identifies a control deficiency, the auditor should inquire about a) tests of controls. b) the feasibility of a systems review. c) materiality and inherent risk factors. d) compensating controls.
d) compensating controls.
One function of CAS is to review data files to retrieve records meeting a specified criteria. What is this function called? a) reformatting b) file processing c) data analysis d) data selection
d) data selection
To maintain the objectivity necessary for performing an independent evaluation function, auditors should not be involved in a) making recommendations to management for improvement of existing internal controls. b) examining system access logs. c) examining logical access policies and procedures. d) developing the system.
d) developing the system.
. The __________ audit is concerned with the economical and efficient use of resources and the accomplishment of established goals and objectives. a) financial b) informational c) information systems d) operational
d) operational
One type of audit that is concerned with the economical and efficient use of resources and the accomplishment of established goals and objectives corresponds to the fourth and fifth standards set forth by the IIA. This is known as a(n) __________ audit. a) financial b) information systems c) internal control d) operational or management
d) operational or management
The Institute of Internal Auditors (IIA) has established five audit scope standards that outline the internal auditor's responsibilities. Which standard below deals with the principles of reliability and integrity? a) determining whether the systems are designed to comply with operating and reporting policies b) review of how assets are safeguarded and verification of their existence as appropriate c) review of company operations and programs to determine whether they are being carried out as planned d) review of operating and financial information and how it is identified, measured, classified, and
d) review of operating and financial information and how it is identified, measured, classified, and
Which characteristics below is not a characteristic of auditing? a) evidence collection b) establishing audit criteria c) objectivity d) systems development
d) systems development
Which of the following is NOT one of the six objectives of an information systems audit?
obtaining evidence to provide reasonable assurance the financial statements are NOT materially misstated.