Internal Controls Ch. 4 & 9
1. While offline, the auditor decides to test its' client's payroll system control to make sure that an invalid employee ID number is not entered into the system. The client's policy is to have a 6-digit numeric code for each of its 250,000 employees, the first employee has an employee ID of 000001 and should increase by 1 for each additional employee. The auditor decides to input "$1@34%6" and "105642". The auditor believes that one of these should be rejected and one of them should be processed. Which of the following is most likely the audit test that the auditor is performing and which should the system indicate as accepted or rejected inputs? Audit test Accepted input Rejected input A. Test data "105642" "$1@34%6" B. Parallel Simulation "105642" "$1@34%6" C. Integrated test facility "$1@34%6" "105642" D. embedded audit module "$1@34%6" "105642"
A
Which of the following is NOT true about ERP systems? A) ERP applications are in essence purchased application system, so it is a standard system and does not need modification. B) ERP system needs to be modified to fit with the organization's needs and goals. C) Organization sometimes need to modify its business operations to match the vendor's method of processing. D) It is sometimes costly for the organization to use the ERP systems.
A
A major advantage about CAAT is to A. Evaluate the integrity of an application, determine compliance with procedures, and continuously monitor processing results. B. Utilize the automated techniques to better gather data C. Independently access the data D. Better organize the data
A
ABC Company has hired the same auditor to perform their annual audit for five consecutive years. This year ABC decided to hire a different company to perform the audit. The auditors have come in to plan the audit and are determining audit procedures. Which of the following is an example of the auditor using judgemental sampling? A) To test accounts receivables, the auditor decides to verify all accounts with an outstanding balance of 50,000 or more. B) The auditor establishes a confidence level of 95%. C) An expected error rate of 1% has been established. D) Sales revenues have been identified as a high-risk account so the auditor has set a low tolerable error of 5%.
A
An auditor is evaluating data using a data analytics software. Which of the following is the least helpful method in displaying reasonable inventory levels for the past 5 years? A: histogram B: line graph C: comparative analysis D: modeling
A
Application systems like ERP systems are frequently exposed to many types of risks. Common risks associated with the applications systems includes: a) Weak information security b) Higher organizational costs c) Incomplete system analysis d) Absence of segregation of duties
A
Company XYZ has a processing program to ensure data accuracy and completeness. To test its accuracy, its manager reviews a sample reconciliation between billing, payment, and accounts receivable systems. Billing system - invoices out: Record count = 5 Record sum = $1,400 Payment system - payments in: Record count = 7 Record sum = $700 How much should the record sum for the accounts receivable system based on the above information given above? A. $700 B. $600 C. $500 D. $400
A
Company XZY is an agriculture company who rents produce bins to various farmers. Farmers pick up load of bins from Company XYZ to use while harvesting. Once they are done with their harvesting season they return the amount of bins rented back to Company XYZ. To keep track of all movements (pick up and drop offs) from customers, the operations manager at Company XYZ has created a spreadsheet called the invoice control. This spreadsheet is then used to calculate each customer's monthly invoice based off of the information gathered. This spreadsheet is an example of what? A) End-User Development B) Redundant System C) Incomplete System Analysis D) ERP System
A
During a pandemic, you along with your entire company work from home (remotely) using a laptop while connected to many different networks. Furthermore, you work for a corporation that has very sensitive data. What would you be most concerned with, and how would you prevent that from happening? A. Unauthorized access; Use encryption B. Unauthorized access; use long and complex passwords with capitalization, numbers, letters, and characters. C. inaccuracy; use firewalls and antivirus programs. D. inaccuracy; implement authentication controls
A
GREEN Corporation uses DBMS (Database Management System) that is commonly tested by auditors. GREEN Corporation CIO believes that the greatest advantage of a database (server) architecture is: A) Data redundancy can be reduced. B) Backup and recovery procedures are minimized. C) Multiple occurrences of data items are useful for consistency checking. D) Conversion to a database system is inexpensive and can be accomplished quickly.
A
Larry deleted the file after conducting a crime. He thought that no one would be able to review the deleted file. What tool did Larry not know that existed? A) EnCase B) CAATs for Audit Application Control C) ERM D )ISPY
A
The ALT CPA firm has been engaged to detect computer fraudulent activities. The ALT audit team would most likely detect computer related fraud: A) reviewing the systems access log B) using data encryption C) performing validity check D) conducting fraud awareness training
A
Which one of the following is a characteristic of DFD? A. It is process-oriented and emphasize logical flows and transformations of data B. It ensures the quality of system documentation C. It ensures the usefulness of output, including reports and stored files D. It helps to build automated controls over document
A
You're a CEO contemplating your IT systems. You currently get separate systems from different vendors for procurement, inventory, accounting, and HR. You're thinking about getting an integrated ERP system to integrate all of these other systems. What should you not consider in your analysis in making your decision? (TB page 242) a. The costs incurred customizing your existing systems to make them work together. b. The costs of maintaining your current systems c. The costs of obtaining/implementing the new system and training your employees d. The ability of the new system to work with legacy systems that aren't being replaced by the new ERP system
A
Your company recently introduced a new application system to send data back and forth between associates. You notice that you can access and log into this application from anywhere and on any foreign device. This exposes which application system risk? (ITCA Textbook pg 243-245) a. Unauthorized Remote Access b. weak information security c. Unauthorized access to programs or data d. Inaccurate/Incomplete output
A
What is the core of the audit process? A) Find errors in the financial statements B) Assess if the internal controls are effective or need improvement C) Find fraud in the financial statements D) Determine if management is hiding something
B
Which of the following audit functions may not be automated through auditor productivity tools? A) Audit planning and tracking B) Risk assessment C) Communication D) Resource management
B
Company YHC has its business information, such as invoices and purchase orders, frequently exchanged through Electronic Data Interchange (EDI). Recently, the business has computerized all its business processes and is fully relying on the computerized systems and files, rather than the hard copies of business information. Furthermore, the business doesn't have a third party supplier due to the nature of its industry. Given the situation, which of the following risks would be most closely associated with the company's EDI? A. Going-concern problem B. Loss of Audit Trail C. Errors in information and communication systems D. Overcharging by third-party service providers
B
End users often have access to production data and even not through the features and functions of the administrative applications; in particular, they have the ability to bypass the applications' validation and audit procedures. Which following is the MOST LIKELY EUD application risk described in this example? A. Unauthorized access to data or program B. Absence of segregation of duties C. Incomplete system analysis D. Infective implementations
B
One of the employees at XYZ company performs the following edit and validation controls. She compares data from the transaction file to that of the master file and also confirms that all necessary data is entered into the ERP system. Lastly, she makes sure that characters in a field are of a proper type. Which assertion of data does she try to prove? Also, which of the following option does represent one of the controls she performed? a. Authenticity - Sign check b. Accuracy - Validity check c. Existence - Reasonableness check d. Completeness - Check digit verification
B
Orange Corporation purchased the off-the-shelf product to run the business and changed some configurations. To make sure the program is running and the controls are in place, Orange Corporation most likely: A) Will test the purchased program B) Will test only changes in configurations C) Will not test the purchased program D) Will not test changes in configurations
B
Spreadsheet control approach used for reviewing the performance by peers or the system professionals is called - A) Documentation B) Design review C) Analysis D) Logic verification
B
Statistical sampling allows the auditor to quantify the risk that the sample is not representative of the population. Which of the following statistical sampling techniques is a method of random sampling that separates the population into similar groups, and then selects random sample of the groups: a) Discovery sampling b) Cluster sampling (Block sampling) c) Random sampling d) Stratified sampling
B
The Main CPA firm has been engaged to audit Samsung Galaxy phone manufacturer. The client provided necessary information, including files for all sales transactions. The Main audit team will use the data files to perform a non-statistical sales revenue analysis by product type. The Main audit team obtained the following information: the file provided is encrypted; total sales revenue agrees to the GL; the record count of transactions agrees with the number of transactions; the data does not include a field for product type. Most likely the auditor will concern about: A) Data accuracy B) Data clarity and relatedness C) Data integrity D) Data freshness
B
The auditor's for BOGO Inc. are trying to understand their client's applications in their information systems and how the applications relates to the organizations business. Where is a good place for the auditor to start? A) Review the client's EWPs B) Review the client's ERDs C) Make DFDs D) Know ACL
B
Which of the following is incorrect about CAATs for Sampling? A. There are two types of sampling techniques: Judgmental sampling and statistical sampling. B. Both judgmental sampling and statistical sampling allow the auditor to quantify the risk that the sample is not representative of the population. C. Random attribute sampling is a statistical technique that tests for specific, predefined attributes of transactions selected on a random basis from a file. D. Variable sampling is a statistical technique that estimates the dollar value of a population or some other quantifiable characteristics.
B
Which of the following is most likely a first step in an example of a flow chart for a cash disbursement process for Company XYZ? A) Treasurer mails check to Vendor. B) Vendor sends invoice to Company XYZ for business consulting services. C) Invoice is sent to the Company's Cash Disbursement Clerk for processing. D) None of the above.
B
Your team is auditing a sneaker company. Upon inspection you discover that shipments are sometimes held up for days because prior to shipping, one employee counts all of the sneakers in the boxes to make sure they match the style, size and quantity ordered on the corresponding invoice. What problem area is this? A) Redundant processing of data B) A bottleneck point C) Quality of system documentation D) None of the above
B
All of the following concerning IT auditor's involvement in auditing application systems is true except for? A) IT auditors can be involved as control consultants or independent reviewer B) IT auditors provide automated functions to effectively support the business process C) IT auditors has the responsibility to maintain controls that provide reasonable assurance that adequate controls exist over entity's assets and records D) IT auditors will be making control recommendations resulting from identified findings to management
C
A few customers of ABC Company have complained that they received invoices with incorrect amounts. Which of the following control(s) is a likely reason for this? a. Input Controls b. Output Controls c. Input and Processing Controls d. Processing Controls
C
A financial analyst creates a spreadsheet in excel that is used to create the company's financial statements. Which of the following accurately describes one of the risks that this type of excel spreadsheet poses for the company? A) There are often formalized procedures for how financial analysts should create their excel spreadsheets. B) Since the financial analyst is an expert in their field, they will have included all the necessary checks in order to ensure accuracy of the data. C) The maintenance is the responsibility of the end user. D) Since excel is not a complicated software, it does not require any special internal control processes.
C
ABC company successfully developed their own application system with their internal programmers. The company begins to produce the system and let programmers keep their access to the program in the case when users report the issues in the future. What kind of potential risk would weaken the produced system? a. Unauthorized remote access b. Weak information security c. Unauthorized access to programs d. Communication system failure
C
The use of spreadsheets for decision making is risky for a number of reasons, but these risks can be mitigated through implementation of appropriate controls. Which of the following is the strongest example of a mitigating control for spreadsheet use/design? A: Company culture and governance discourages improper use of spreadsheets for decision making by requiring minimum levels of documentation. B: New employees are required to attend a one hour training on spreadsheet design. C: Spreadsheets are reviewed and approved by systems professionals before they can be used. D: Application maintenance is performed daily by the original designers of the spreadsheet.
C
What is EDI Process care most about: A. Increased exposure to fraud B. Overcharged by third-party service providers C. The contract for a trading partner has not been entered D. Good communication.
C
Which of the following statements are most likely to be true about auditing through the computer rather than auditing around the computer? A. A potential test that can be performed as auditing around the computer would to be to use a parallel simulation to determine if there were any unauthorized changes to the program. B. When auditing through the computer, the use of CAATs can replace the auditor's judgement. C. By auditing through the computer, the auditor can use CAATs with a focus on both the input and processing stages D. Auditing through the computer includes the "black box", and can be used in more complex applications
C
Which of the following statements is most likely to be true in regards to the role of an IT auditor providing assurance on an organizations application systems? A. An IT auditor must always identify the symptom in the application. B. The IT auditor should communicate the control recommendations during the audit to both the application owner and steering committee regardless of the organizations culture. C. IT auditors should have an understanding of the different risks of applications and controls that come with applications, including file labels in order to provide recommendations to the clients on processing to ensure completeness and accuracy. D. Due to the independence requirements, IT auditors must always perform an independent review on an organizations application systems.
C
Which of the following tools or techniques used in IT audits include the utilization of electronic working papers? A. System documentation techniques B. Computer-assisted audit techniques C. Audit productivity tools D. None of the above
C
Which of the followings does not need to be included in flow diagrams? A) Each operating unit through which data are processed B) Action taken by each unit in which the data are processed C) Time taken for data to be processed D) Recipients of computer outputs
C
Which of the followings is an important reason for segregation of duties in application systems development? A) Different people have expertise in different phases of the development life cycle. B) There are too many phases in the development life cycle to be finished by one expert. C) Having the same person creating and testing a program leads to the risk of overlooking errors. D) Segregation of duties creates efficiency.
C
A manager of company XYZ is reviewing customer receivable reports. While reviewing the data, the manager realizes that there is a missing master file to which the customer receivable report is linked. Which of the following edit and validation control was used? A. Field check B. Sign check C. Size check D. Validity check
D
"read-only access" decreases application risk for all of the following instances except: A: a temporary entry level employee in the payroll system B: a programmer who recently completed a job updating application C: the CEO of a small business looking at the expense payment system D: an accounts payable manager reviewing monthly invoices
D
Which one of the options constitute a risk that EUD posts to the enterprise? A) Higher Organization Costs B) Incompatible Systems C) Redundant Systems D) Ineffective Communication
D
At 9:00 AM each day, the team gets on a video call. During the call the team discusses any major changes or news about the project and the progress. Twice a week the team gets on a call with their client to also discuss any changes, news and progress. Which audit productivity tool is illustrated above? A) Communication B) Documentation C) Data management D) Audit tracking
A
Carroll is an assistant principal at Bellview Elementary School. Carrol has the ability, because of her role in the elementary school, to access the entire district's student information such as grades, medical history, test scores, birth dates and more. Her daughter, who is in the running for the local High School prom queen, convinces her to go into the district system, which includes prom queen election polling, and change student votes to her daughter's name in efforts to the skew the election. Which of the following application controls would have best prevented this horrible crime from happening? A) Denied Access based on "Need to Know" basis B) Flagged activity in the election polling system based on numerous votes cast from same IP address C) Denied Access based on lack of "Consistency with job functions" D) Ability to Review student material but not enter or change student data/ information, including prom queen election polling
A
Company CYH has its processing controls to ensure that the business data are accurately and completely processed. To ensure data accuracy and completeness, the business is creating a cross-application reconciliation report based on the given information: Billing system - invoices out: Record count = 10 Record sum = $1500 Payment system - payments in: Record count = 6 Record sum = 950 How much would be the record sum for the accounts receivable system (reconciliations) based on the invoices and payments given above? A. $550 B. $2450 C. $9300 D. $20700
A
Company X wants to implement a new system that allows all documents and data to be electronically interchanged internally and externally. With this system, any information being sent/received can be read and understood by computers. Which option below is incorrect with implementing this new system? A) Higher operating cost B) Increase in the speed the information is being sent/received C) Decrease in overhead costs D) Decrease in human error
A
LT Ryan has developed an EUD spreadsheet of all family members of sailors who will be accessing Naval Base San Diego on April 21, 2021, in anticipation of greeting their family members at the dock after a 9-month deployment. LT Ryan has collected names, birthdates, social security numbers, felony records, and covid-19 vaccination status of all family members seeking access to the military base. What is LT Ryan's number one priority regarding this EUD spreadsheet? A) Privacy Compliance Issues B) Output data C) Cost to transport information to base security for a proper background check D) Remote Access to EUD spreadsheet using personal MAC computer, which does not have DOD firewall protection
A
Which answer best provides examples of audit functions that may be automated through auditor productivity tools? A) Documentation and presentations, audit planning and tracking, communication, data management, electronic working papers, resource management audit planning. B) Documentation and presentations C) Enterprise resource planning D) Developing an audit universe
A
Which of the following is NOT the reason why AICPA started working on the audit data standards? A. To help software developers make extraction of data harder B. To make sure that everyone "speaks the same language" C. To assist auditors in obtaining accurate data following a repeatable process D. To provide management and auditors a common framework
A
Which of the following is incorrect about CAAT? A. can only be used by IT auditors. B. CAAT can be used to select a sample, analyze the characteristics of a data file, identify trends in data, and evaluate data integrity. C. A large part of the skills required to use CAATs lies in planning, understanding, and supervising the audit techniques, and conducting the appropriate audit functions and tests. D. To perform tests of applications and data, the auditor may use CAATs.
A
Which of the following is incorrect about using system documentation techniques? a. DFD is short for data flowchart diagram which is a flowchart that emphasizes the logical flow and transformations of data. b. System Documentation includes the process of having an understanding company's working process and makes correct documentation. c. When using System Documentation techniques, auditors' primary focus is the control-orientated view. d. When building the understanding of the company system, it is possible that the knowledge get is not the most recent and up to date.
A
Which of the following is one of the risks identified for the use of EUD application? A. Using personal laptop for company and or department-developed resources B. Separating controls by organization levels instead of implementing the same controls overall C. End-users having to discuss with other departments for more consistent information D. Having an independent person reviewing the work that has been performed on personal devices
A
Which of the following risk requires more attention from auditor's and which reason is the main reason why? A) End user development (EUD)- Difficult to recognize and identify risk B) End user development (EUD)-Lack of segregation C) Electronic data interchange (EDI)- lack of interdependence D) Electronic data interchange (EDI)- legal liability
A
Which of the following should companies participate in to help prevent unauthorize remote access over confidential data? A) Use encrypting IDs and Passwords when performing transmission over public lines B) Sign into the company remote access every hour C) Sign into the company remote access every 5 hours D) Users access reviews should be performed by information security personal twice a week
A
You are an associate auditor working on the Apple Company engagement. Throughout the course of the audit, you observe certain areas within Apple's systems that could be improved. Your senior, impressed by your ability to generate these recommendations, advises you to select one observation to bring to Apple management. Which of the following observations would be the MOST appropriate selection? A: Apple should consider the implementation of a pull-down menu list in its existing online sale system as a type of edit check in order to cut down on the current number of inaccurate transactions. B: Apple should consider relocating several sales team members that have been known to unintentionally input inaccurate sales data. C: Apple should consider rolling-forward documentation for their application systems from year to year instead of updating it, to prevent errors and cut down on documentation costs. D: Apple should consider engaging in EUD to replace several existing application systems to promote a sense of user involvement and participation consistent with Apple's company mission.
A
You are given the task of teaching your IT audit team the inner workings of a new software your client acquired to identify where the weaknesses lie. To teach them simply and most efficiently, what tool would you use? (ITCA Textbook pg 103-105) a. Flowchart b. Modeling c. Statistical Sampling d. Histograms
A
You develop a spreadsheet in excel as a financial analyst for ABC company used to make business decisions. What type of application is this most likely to be called? A) End User Application (EUD) B) System Application C) Web application D) Application control
A
A company with a well-established and very complex system has recently switched auditors. The auditor would like to utilize Computer-Assisted Audit Techniques (CAATs) to make the audit more efficient, but the audit team does not have a lot of technical expertise. Which of the following CAAT would be most appropriate for this client? A) Integrated Test Facility, since having a built-in test environment would provide the most reliable results. B) Test Data, since the auditor would have to include both valid and invalid transactions in the test data. C) Parallel Simulation, since minimal expertise is required to run this technique. D) Embedded Audit Module, since the risk of disrupting client data is low.
B
A manager of a new small business relies on the information in spreadsheets to accurately perform his daily work and make business decisions. He can not afford much down time, and must inform IT if he senses anything destructive to the system. Which is the following would NOT alert the manager about a potential virus A) The system will not enter any of the characters he is trying to type B) Someone who is not an employee of the company has gained unauthorized remote access to the spreadsheet and has made unauthorized changes C) The network continuously crashes D) The message "You have been hacked" is displayed across the screen
B
A real estate development company has hired your company to perform their annual audit. As part of planning the audit, the auditor begins reviewing various clients' portfolios, for example, reports showing the different types of tests that were performed, payment plans and reports received from the City with comments and feedback. From this, the auditor puts together a brief overview and presentation of each of the company's top clients. Which audit productivity tool is described in the scenario above? A) Communication B) Documentation and Presentation C) Resource Management D) Audit Planning and Tracking
B
A supermarket owner is looking at the risks involved in an application system. She is learning the importance of having specific levels of authorizations in the system depending on who the user is. She is learning that it is necessary to understand who the end user is so she can make sure their access into her system aligns with their function. Which risk is she specifically looking to mitigate? A) Weak information security B) Unauthorized access to programs or data C) Unauthorized remote access D) Communications system failure
B
An ERP program is checking the Accounts Receivable balance with the Billing system. The application checks that the Accounts Receivable system 100 transactions has an amount of $4,100; the Payments System has 10 transactions of $900; and the Billing system has 90 transactions and a total of $5,000. What process is the application doing by checking the Accounts Receivable balance with the Billing system? A) Cross-footing B) Cross-application reconciliation C) Zero-balance test D) Data matching
B
An auditor is tasked with evaluating controls related to spreadsheets and databases. Which of the following controls is least likely to support a lower risk assumption? A: proper documentation of formulas, commands B: HR support to maintain and support data within spreadsheet or database C: training in design, testing, implementation D: analysis to understand requirements before building spreadsheet
B
Company X is a grocery store, and management recently hired an IT auditor to evaluate and test their application systems. Management has noticed an increased amount of changes to a predetermined set of prices on their items. Employees are given the ability to override a price to discount damaged items, items that are marked incorrectly, etc. However, this has been occurring more than usual. The IT auditor plans to use CAAT's so which of the following choices below would be a technique the auditor should use? a) Transaction tagging b) SCARF c) Test Data d) Integrated Test facility
B
End-user development (EUD) is frequently used as tools in performing daily work. Which of the following statement about EUS application risks is WRONG? A) EUD application risks are not easily identified because of lack of awareness and the absence of adequate resources. B) Since EUD is department-developed, its advantage is that it is more compatible with existing organizational IT architectures, compared to traditional IT system development. C) Since EUD is department-developed, end users may be developing redundant applications or databases because of lack of communication. D) The use of EUD extended the scope of audits outside the central IS environment.
B
Financial and IT auditors both utilize the generalized audit software to perform different works. Which one of the followings is not the work that both auditors used to perform? A) Validate the data calculations B) Evaluate application controls C) Prepare confirmation letters D) Analyze and compare client files
B
For auditors, which of the followings is the most important reason for documenting information systems? A) It helps auditor to understand the relationship of each application to the client's business. B) It helps auditor to effectively evaluate the systems being documented. C) It helps prepare for flowcharts of the client's application system. D) It is a great starting point for the audit.
B
Ginerva is performing an ACL data analysis for Trees Inc. Her auditing company has been updated that Trees Inc. mainly uses Microsoft Excel for databases. Which of the following steps is Ginerva currently on? A. Acquiring Data B. Accessing Data C. Verifying the Integrity of Data D. Analyzing and Testing the Data
B
Glossy Company is opening a new business in New York City. They think that EUD is inexpensive cost compare to traditional IT Development. What is the first step that Clossy Company should consider to lower the organizational cost? A) Create a step by step scenario to lower the cost for their business B) A hidden cost that consists with EUD should be considered C) Unauthorized Access to Programs or Data should be solved D) Incomplete system analysis leads to EUD
B
HYDRA Corp is putting together a policy for their employees to work at home if they choose to. In order for an employee to work from home, they will have to use a company cell phone and laptop to do business as opposed to their own personal devices. What application system risk are they trying to mitigate? A) Weak information security B) Unauthorized remote access C) Communications system failure D) Incomplete output
B
In which of the following scenarios might an auditor be more comfortable "auditing around the computer" compared to "auditing through the computer?" A A tech start-up company uses several, very-detailed applications to record transactions and to track internal progress. These applications were generated internally by employees who had recently graduated from MIT. B) A nail salon uses Quickbooks to record all transactions. Each service performed has its own product code and transactions are compared to the reservation booking software daily. C) A national record label uses different applications in each of their major offices across the country. The transactions recorded by each application are consolidated at the end of each week by an individual employee at HQ. D) A local garden store uses only paper records to record transactions.
B
Kayla is a manager at Green Bank. They have a policy that managers must manually input all checks over $500,000 into their ERP system which then sends a report with the details to upper management. Kayla is inputting the information for a check that she received today (April 4th). However, the system will not accept the entry because she has inputted the date on the check as April 14th. Checks cannot be accepted before the date on them has passed. What input control is this an example of? A) Authenticity B) Accuracy C) Completeness D) None of the above
B
Maria finished her work at the office around 9 pm during the busy season and left home with her laptop. The next day her office experienced a virus attack, and she could not find the file she was working on yesterday night. What crucial step did Maria not implement the night before the virus attack? A) She left the office open, and someone deleted her file B) She failed to maintain a copy of the file C) She deleted logs D) She did not finish her work and left home
B
Trader Motors recently opened their doors for business. The company sells used cars and offer credit terms to their customers. As a result, Trader has hired a developer to develop an Accounts Receivable Automation Software to help manage and track payments. One year later, during the audit of Trader Motors, the auditor noticed a few things. Which findings presents a SIGNIFICANT risk to Trader Motors? A) The developer still has a "read only" access to the software B) The inventory clerk has access to the software C) The accounts receivable clerk has open access for modification D) Trader has not conducted user access review since the implementation of the software one year ago
B
Which of the following edit and validation controls helps to validate that the type of charters in a field is proper while inputting data? (a) Validity Check (b) Field Check (c) Sign Check (d) Size check
B
Which of the following is NOT a risk associated with the data input control? A. Data is invalid B. Data is corrupted C. Data is incomplete D. Data is inaccurate
B
Which of the following statements about Auditing Around the Computer and Auditing Through the Computer is WRONG? A) Only Auditing Through the Computer can verify whether the program logic of the application being tested is correct. B) Since Auditing Through the Computer is more relevant given technology's significant increase, it is always the more adequate approach to use. C) When performing Auditing Around the Computer, how inputs are processed to provide outputs is not considered at all. D) Techniques commonly used in Auditing Through the Computer include integrated test facility, test data and embedded audit module.
B
Which of the following statements is correct about the standards for Electronic Data Interchange (EDI) assessments? A) EDIFACT standards are predominant in the United Kingdom retail sector, which deal with the electronic interchange of structured data. B) ASC X12 standards identify the data being used in the transaction, which facilitate the electronic interchange of business transactions. C) The Verband der Automobilindustire (VDA) standards are only applicable for the German automotive industry. D) GS1 EDI standards provide a set of common international standards for the electronic transmission of commercial data.
B
Which of the followings is a preventative measure to falsified data input? A) Perform weekly reconciliation on data input. B) Use DUO double factor authentication for employee log-ins. C) Restrict employee input to prevent any human error. D) Perform monthly analysis on data information to detect usual inputs.
B
Which of the followings is true about "auditing around the computer?" A) Auditors perform various steps to access the clients' application systems. B) The processing part of "auditing around the computer" is described as the "black box." C) The approach has significantly increased and impacted the audit process. D) The techniques can evaluate how the application and their embedded controls respond to various types of transactions that can contain errors.
B
Which one of the following would be the correct sequence of steps to create a flowchart? I. Invoice is directed to the Company's Accounts Payable Clerk for recording II. Vendor sends invoice to Company for business consulting services III. A/P Clerk manual records invoice in the A/P subsidiary ledger IV. Invoice is then sent to the Company's Cash Disbursement (C/D) Clerk for processing A. I, II, III, IV B. IV, III, II, I C. II, I, III, IV D. IV, I, III, II
B
XYZ company provided the following to their auditors: user manuals, input preparations and system documentation files. The auditors are most likely doing which type of audit? A) Auditing around the computer B) Auditing through the computer C) Random number sampling D) Discovery sampling
B
You are on your first audit engagement and have been tasked with sampling 500,000 invoices for ABC Company to ensure business was conducted only with companies on the approved vendor list. You decide to have IDEA provide a random list of invoice numbers and you will test those. What type of statistical sampling is this? A) Interval Sampling B) Random Number Sampling C) Block Sampling D) None of the above
B
You are the auditor for a new client who would like to understand what it means for you to "audit through the computer." Which of the following are true regarding auditing through the computer and auditing around the computer? I. Auditing around the computer is focused on how inputs are processed while auditing through the computer prioritizes output results. II. Auditing through the computer is not always used because it may impact business operations. III. Auditing around the computer involves assessing the reliability of operations and the effectiveness of various controls. A) I only B) II only C) I and III only D) I, II, and III
B
You work at a large bank and recently updated your computer systems. Unfortunately, during that update, the virus software did not properly migrate over. What is the biggest risk you might face? A: worm virus B: boot sector virus C: ransomware virus D: tire bomb virus
B
You're the CEO of a small investment bank. Your employees are all working on a remote basis due to the pandemic, and they've turned to using Google Sheets for constructing valuation financial models for clients. Your firm usually uses Excel when in the office, but your employees claim that Sheets allows them to work collaboratively on the spreadsheets in real time, and they find this functionality highly valuable. What would be one of your main concerns with respect to the use of this service in conducting your firm's operations? (Tb pg 243, 245-248) a. Lack of shortcuts traditionally found in and extensively used in Excel b. Potential unauthorized access to confidential, non-public client information c. Incompatibility between your firm's EUD Excel spreadsheets and the Google Sheets API d. Your clients won't take you seriously if you're using Google Sheets
B
Assume you are the IT auditor and decide to use one of CAATs to audit computer programs. You will submit transactions to test the system and the test facility composed of a fictitious company will process them. Which of the following is NOT true about this CAAT? a. It is designed into the application during system development b. This type of audit technique is called "Integrated Test Facility" c. It tags transactions from beginning to end d. The risk of disrupting other data is high
C
At Palogix International, Amie the AP clerk has access to Palogix's banking information at Pacific Premier. Her user information grants her access to schedule and submit various ACH vendor payments every Friday that are to be processed on the following Monday. Only the ACH vendor payments that are approved by the CEO under his own user login are processed and sent out the following Monday. Which common application system risk is being mitigated in the following example? A) Inaccurate Information B) Unauthorized remote access C) Unauthorized access to programs or data D) Erroneous or Falsified Data Input
C
Benny wants to test some Accounts Receivable accounts from Sunny Foods, a company he is auditing. Sunny Foods distributes one product throughout New York City. Which of the following methods of sampling is the least best to use for this company? A. Random Number Sampling B. Mean Per Unit C. Stratified Sampling D. Difference Estimation
C
Best CPA has been recently engaged to audit an international technology company, which operates multiple divisions and owns over 20 subsidiaries. In order to better understand the company's information systems, which of the following is typically a good way to start the process? A. Obtain the company's financial statements for the prior year B. Interview the relevant personnel within the firm C. Request an entity relationship diagrams D. Contact the previous auditor for more information
C
Due to COVID, the entirety of Flower company staff members are working remotely. Which of the following risks is MOST relevant to Flower given the change in work environment? A: The accounts payable clerk fails to input an accurate version of the approved vendor list. B: The sales team has a habit of erroneously recording transactions, either by failing to record sales completely or through accidental duplication. C: The human resources department laptops were not programmed for the use of VPNs. D: Flower's management has been struggling to adapt to Zoom for holding weekly company meetings.
C
Due to the Covid-19 pandemic, StarkX Inc. implemented the work-from-home policy to combat the virus. The company distributed standardized laptop to each employee and prohibited any additional downloads of unauthorized application to the laptop. Besides, a provided VPN, which establishes a secure connection between device and internet, must be used every time an employee needs to access the company's internal files in the central system. Which application system risk was StarkX trying to prevent? A. Weak information security B. Communication system failure C. Unauthorized remote access D. Erroneous or falsified data input
C
EFASH Company decided to implement Audit Command Language (ACL) software. What is the most important step EFASH Company should implement first? A) Customizing a view with ACL B) Filtering data C) Defining and importing data into ACL D) Data Analysis
C
Flowcharts helps IT auditors to ensure that A. The accuracy and completeness of the information generated B. The right solution is selected that integrates with other technology components C. The control strengths and weaknesses within a financial application system are identified and evaluated D. The process for handling unusual transactions is followed within the application modules and code
C
How do our objectives differ from a forensic accounting engagement to an internal audit or financial audit engagement? A) We don't use Computer-Assisted Audit Techniques (CAATs) in forensic engagements B) We use a different sample size in forensic engagements C) In forensic accounting we look to find something specifically, and the engagement is more narrow focused D) IN forensic account ting we look at things from a materiality perspective
C
In what scenario would we find Audit Command Language (ACL) most beneficial? (ITCA Textbook 115-119) a. auditor needs to present an opinion to audit manager b. auditor needs to share data with the rest of the audit team c. auditor needs help processing huge data files d. auditor needs to compare customer profiles
C
In which of the following situations is an organization LEAST likely to use flowcharting? A) Payroll has developed a new process for creating employee checks and management wants to document it B) Management wants to communicate to the external auditors how invoices are recorded in the accounts payable ledger C) IT auditors are on a time crunch and need to build a quick understanding of internal control strengths and weaknesses D) Management wants to create a graphic representation of the relationships between entities in the organization
C
Question: Which option below is not a benefit of RPA? a) Able to handle repetitive processes and tasks b) Limits the amount of human errors c) Can efficiently adapt to changes within the IT environment/interfaces d) None of the above
C
Suppose a company came to you for advice on adapting a new ERP system. What is the one disadvantage that you will remind them to look out for? A. Having all the information stored on one single database B. Multiple functions of the company have access to the database(s) C. One error in the database may quickly impact the functions D. It is a generic system that can easily fit into the company
C
Susan's company's computers require login information, a username and password, from employees in order to gain access. Her company implements a variety of validation controls to ensure her employees' safety and that the company's systems do not crash upon entering certain characters. You are a new IT Auditor, and are required to provide your own password after your first login. Which of the following passwords would be considered weak or unusable? i. ItL@b ii. 12345 iii. 44g3!yL8t4$5 iv. thisisalongpassword A. i and ii B. ii and iv C. i, ii, and iv D. ii, iii, and iv
C
The auditors answer questions to comment on the quality of system documentation do not include: A. Is the documentation complete? B. Is the documentation accurate? C. Is the documentation authorized? D. None of the above
C
The sampling technique that calculates average difference between audit value and book value of a sample is called - A) Stratified sampling B) Stop-or-go sampling C) Difference estimation D) Cluster sampling
C
What is one reason that Companies would NOT like to use CAATS systems? A) It may over analyze data B) It uses highly complex systems C) It is too costly D) Reduces the time to perform audit tasks
C
What is the following that is not related to CAATs? A. Auditor can use it to check for the data accuracy B. Auditor can use it to check for the data completeness C. Auditor can use it for control risk assessment purpose D. Auditor can use it to compare the data.
C
When auditing application controls the auditor examines input, processing, and output controls specific to the application. Of the three controls that are examined, when are CAATs most useful? A) Input B) Output C) Processing D) None of the above
C
Which CAAT would be the least appropriate for the function of analyzing and comparing" a client's files? A) Audit Analytics by Arbutus Software B) CaseWare Analytics IDEA Data Analysis C) Excel which is then transferred into Google Docs for Group work D) ACL
C
Which of the description for the edit and validation controls when inputting data is WRONG? A) Field check: confirms that characters in a field are of a proper type B) Size check: checks that the size of the data entered fits into the specific field C) Completeness check: confirms that the inputted data is not missing number digits D) Reasonableness check: checks for correctness of logical relationship between two data items
C
Which of the following audit tools is used to help auditors understanding the relationships between programs and keep track of the flow? a. CAATs b. EWP c. DFD d. IDEA
C
Which of the following common risk will likely to be reduced by password encryption? A) Weak information security B) Unauthorized access to programs or data C) Unauthorized remote access D) Communications system failure
C
Which of the following correctly describes an example of a reasonableness check? A) When entering employee ID numbers, the system displays an error message if you enter a letter B) In a statement of cash flows, all outputs must be entered as negative numbers. The system validates that all cash flows have the proper sign C) The payroll system will create an error message for an employee who enters 160 hours for the work week D) The system will match the name entered in the time sheet to the list of employees in the HR file
C
Which of the following explains why an End-User Development (EUD) application could become a major target for an audit? A. Excessive resources have been allocated to the audit service B. The use of EUD has limited the scope of audits inside the central IS environment C. An EUD might have the function to consolidate data from different departments, which would be an input into financial reporting system D. Focusing on EUD application in an audit is a cost-effective way to yield good results because EUD application risks are easily identified
C
Which of the following is NOT a difficulty when a company tries to identify the EUD risk? A) The lack of awareness of EUD leading to less or no controls of the EUD risk. B) The absence of the resources. C) No documentation to keep track of things. D) It is costly and most companies do not want to spend on it.
C
Which of the following is correct about the ERP system? A) ERP system is a widely-used, risk-free system that many companies rely on. B) Other than the purchased system, the ERP system does not need personal modification. C) ERP systems provide multiple ways to access data, which helps the consistency of data. D) ERP systems have functions to prevent the wide-range impact of other data when an error has been inputted.
C
Which of the following standards is an international standard that deals with the electronic transmission or interchange of commercial data? (a) ASC X12 (b) Tradacoms (c) EDIFACT (d) HL7
C
Which of the following statement is the BEST explanation of Flowcharting, a system documentation technique to understand application systems? A. Flowcharts reveal a big picture view of a system. B. Flowcharts present the flow of various documents within the business process throughout the organization. C. Flowcharts emphasize physical processing steps and controls (control-oriented view) and show the logic used to create a program. D. Flowcharts show the relationship of each application to the conduct of the organization's business.
C
Which of the following statements about processing control is correct? A) Write protection mechanism matches two or more items before executing a particular command or action. B) Cross-footing ensures that the correct and most updated file is being used. C) Concurrent update controls prevent errors of two or more users updating the same record at the same time. D) Zero-balance tests ensure that the correct and most updated file is being used.
C
Which of the followings is correct about Computer-Assisted Audit Techniques (CAATs)? A) CAATs can only be used by IT auditors to evaluate the integrity of an application. B) There are three broad categories of computer auditing functions, which are audit planning, audit mathematics, and data analysis. C) Data analysis programs include techniques such as histograms, modeling, and comparative analysis. D) Performing extensions and footings are examples of data analysis, which can be cost-effective payoff areas for the application of computers in auditing.
C
You are told by your manager that because a colleague of yours is leaving, you will be completing her client assignment. Before she leaves the office, she opens the client file on her company laptop, and she emails the client file to you. When you open the file on your company laptop, it will not open. What input control is this an example of? (ITCA Textbook pg 254-255) a. Completeness b. Accuracy c. Authenticity d. Control
C
You're staff auditor working on the audit of a large, public REIT (real estate investment trust).nYou've beent tasked with working on the REIT's Valuation Allowance account. You employed data mining techniques on a data set that includes general ledger transactions and intra-company emails (timestamp, sender, and recipient) to identify any relationships in the company's records. Your data mining program output says that there's a statistically significant and substantial relationship between emails sent from the CFO to the Controller and changes to Valuation Allowance accounts. What would you do with this information? (PowerPoint Slide 6) a. Begin substantive testing all Valuation Allowance account transactions for proper accounting b. Ignore it because CFO's and Controllers talk all the time, so the relationship is coincidental c. Focus your testing on Valuation Allowance changes that coincide with emails between CFO and Controller d. Notify your senior that you've detected fraudulent activity
C
After conducting detailed testing of an application system, it is necessary to certify that information is completely and accurately processed through an application. Which of the following is not an example of a processing control? A. Making sure that a submitted invoice is the same as a recorded invoice B. Ensuring that the total amount of an account can be calculated accurately in multiple ways C. Searching for payroll accounts that have balances greater than zero D. Allowing users of a system to update a file simultaneously
D
All of the following concerning generalized audit software is true except: A) It helps to identify unusual relationships between groups of information B) It would require an auditor to verify whether information contained in a given file is accurate and complete C) It would help an auditor understand the extent of erroneous data in key fields D) It would certify that only accurate and complete calculations are inputted into a system
D
An audit team senior manager is concerned about her client's spreadsheet controls being "unreliable." Which of the following tools or procedures would mitigate this risk the least? A) Check and compare with spreadsheet with known outputs B) Checking the mathematical accuracy of all records C) Ensuring the spreadsheets are free or nearly free of bad data inputs D) Ensuring information can be presented to management in a neat and clear manner for business decision making.
D
As Controller of XYZ ltd. You are setting up the payment controls for your accounting system. You must set the appropriate controls for your senior accountant who will be inputting wire payments, what control(s) would you focus on? I - Field Checks II -Sign Checks III - Range Checks A) I B) II C) III D) I, II & III
D
Assuming all the transactions tested for the following balancing steps are verified (i.e. correct), which of the following balancing steps has an error in its calculation set up? A. Billing system - invoices out Receivable system - invoices in Count = 5 ------------> Count = 5 Total = 100 Total = 100 B. Billing system - invoices out Payment system - payments in Record count = 8 Record count = 5 Record sum = 1000 Record sum= 600 |-----------------> A/R system (reconciliation <-----------------| invoices and payments) Count = 13 Total = 400 C. Billing system - invoices out Billing system - invoices out count = 30 <------------> count = 5 total = 300 total= 50 | | A/R system (Invoices in-errors) Count =25 Total = 250 D. Billing system - invoices out Payment system - payments in Record count = 8 Record count = 5 Record sum = 1000 Record sum= 600 |-----------------> A/R system (reconciliation <-----------------| invoices and payments) Count = 13 Total = 1600
D
In which situation would an auditor most likely use attribute sampling? A) To make an estimate of the amount of inventory using LIFO B) Using a sample size to compute the average accounts receivable balance at the end of each quarter C) Estimating the fair value of a real estate investment on a clients books D) Inspecting job time tickets to see if supervisors signed off on employees hours
D
Input controls are meant to minimize risks associated with data input into application systems. They prevent invalid transactions from being entered and prevent invalid data within valid transactions. Input controls ensure all the following EXCEPT: a) Authenticity b) Accuracy c) completeness d) Distribution
D
Pear Corporation recently switched from a multiple application environment to a single database environment. The organization acquires an ERP system from Microsoft and hires an IT expert to program the system so that it better aligns with business processes. Among the first modifications that the IT expert puts in place includes ensuring correct access control privileges to each employee of the organization and proper authorization of all transactions. The programmer also encrypts sensitive financial information to ensure secure information distribution. The design of the ERP also has a function that ensures that all inputted transactions are complete and executed only once. Lastly, the IT expert also programs the system so that output is not diverted to unauthorized end point. In his design of the ERP system, the technician addresses all of the application risks except: A. Unauthorized Remote Access B. Weak Information Security C. Communication D. Erroneous or Falsified Data Input
D
Q2: You created a startup audit firm. You and the few employees you hire target small businesses looking for lower cost audit work. You have been contemplating investing in CAAT programs to do audits more detailed and faster. What would be some considerations against investing in CAAT programs? A. Internal politics from misaligned interests B. Passing on the costs to engagements you work on C. Easier to do statistical sampling D. B and C
D
Spreadsheets may be straightforward, however the risks presented are significant if the spreadsheet results relied are on for decision making. Which of the following are risks associated with poor spreadsheet design: a) Lack of reliability b) Lack of auditability c) Lack of modifiability d) All of the above.
D
Suppose Alice, a new auditor for Lambertd LLC, is hired to assess the existing IT environment of the company. Management was recently notified of errors in several of its financial transactions and is especially concerned about the reliability of its processing controls. Which of the following best describes the auditing techniques that the auditor should perform to address management's concerns? A) Test Data B) Transaction Tagging C) Systems Control Audit Review File D) All of the above
D
Suppose you are an auditor who is just assigned to a new engagement with a new client, which one of the following documents will you most likely treated as least useful from the client? A) Job descriptions of programmers and system analysts B) Corporate records and documentations C) Different source documents D) A document flow diagram/flowchart when the client first started the business
D
Suppose you are the head of the engagement team for IT auditing. You decide to use electronic working papers. Which of the following is NOT a potential gain from this new tool? a. You don't have to wait for other members to complete and sign-off their parts b. You can identify audit work completed, signed-off, and ready for review c. You can share current and archived audit work by using a centralized audit file d. You can manage a remote workforce more efficiently
D
Susan's IT company allows their employees to browse the internet freely during breaks. Which of the following policies can Susan implement to ensure her company minimizes the risk of a virus attacking her company? A. Avoid non-encrypted webpages when entering confidential information B. Install an anti-virus program from a widely-trusted source (McAfee, Norton, etc.) C. Install a trusted ad blocker to ensure intrusive ads do not pop up D. All of the above
D
The CFO of ABC Inc just informed all the Finance staff that due to COVID-19, everyone will be working from home indefinitely. The Accounting system is web based, so the CFO mentioned that everyone can use their personal computers instead of company issued laptops. As CIO of ABC Inc, what is the biggest application risk you should be concerned about? A) Erroneous or falsified data input B) Inaccurate Information C) Communications system failure D) Unauthorized Remote Access
D
What is a control to mitigate weak information security and unauthorized access to data? A) Reviewing the access list B) Ones that create the program should not have access to the live applications C) Segregation of Duties D) All of the Above
D
What kind of data analysis that CAATs, such as ACL, could perform on the account receivable? A. Aging the account receivables sorts the unpaid customers and credit memos by the due date B. Enter the same entry more than once in the account receivable C. Entries with unusual amounts D. All of the above
D
What risk below would have the worst impact on a company that commits software piracy? Choose the correct answer below. A) The company will be acting unethically, which could have a negative impact on the organization. B) The company will not operate efficiently and incur a cost for IT support. C) The company's system will have deficiencies. D) Legal action could be taken and be publicized.
D
Which answer best describes what are audit productivity tools? A) software that provides financial statement reports. B) software that provides financial statement analysis. C) these are enterprise resource planning software. D) software that helps auditors reduce the amount of time spent on administrative tasks by automating the audit function and integrating information gathered as part of the audit process.
D
Which is not the general control: A. Information technology operation B. Information security C. Change Control Management D. Logic Tests
D
Which of the following are the best example(s) of input controls? A) Sequentially pre-numbering documents B) Turn around documents C) Cancellation of Source Documents D) All of the Above
D
Which of the following audit techniques involves using a case/full spectrum of transactions to test the process within a system? A. Integrated test facility B. Parallel simulation C. Embedded audit module D. Test data
D
Which of the following does not represent an instance of unauthorized access that could occur on an application? A) Someone outside the company hacks the application and leaks data. B) An employee without authorized access makes changes to the data. C) An employee with authorized access to the data in the application leaks confidential data to the public. D) A manager makes an authorized change to the data but fails to appropriately document the change.
D
Which of the following is NOT a way that data analysis today differs from what it was in the past? A) We now have easier access to the data B) Data Analysis become very mainstream C) There is much more data available now D) Helps discover useful information
D
Which of the following is NOT an example of Computer-Assisted Audit Techniques (CAATs)? A) Using computer to select unusual items to audit B) Using computer to compare and summarize data and represent data in graphic form C) Performing extensions or footings by using computer D) Using standard symbols to represent application systems
D
Which of the following is NOT an example of audit functions automated through auditor productivity tools? A) Solutions such as spreadsheets, database software, and project management software B) Tools such as Microsoft Office suite C) Use of e-mail, message boards and computer forums D) Issuance of audit report
D
Which of the following is NOT the risks of application systems? A) Weak information security B) Unauthorized access to data C) Inaccurate information D) Financial statement is materially misstated
D
Which of the following is TRUE about auditing around the computer? A) The auditor obtains source documents that are associated with certain input transactions and reconciles them against the output results B) Auditing around the computer does not consider how inputs are being processed to provide outputs C) A weakness of Auditing around the computer is that it doesn't verify whether the program logic of the application is correct D) All of the above
D
Which of the following is a false statement about CAATs for sampling? A) Judgmental sampling technique allows the auditor to select the sample based on the auditor's knowledge and experience. B) Statistical sampling technique allows the sample to be randomly selected and evaluated through the application of the probability theory. C) Only statistical sampling allows the auditor to quantify the risk that the sample is not representative of the population. D) Two common judgmental sampling techniques are random attribute sampling and variable sampling.
D
Which of the following is a false statement about statistical sampling techniques? A) Systematic sampling is a method of random sampling that begins the sample by selecting a random starting point in a population and then selecting the remaining items at fixed intervals. B) Stratified sampling is a method of random sampling that separates the population into homogeneous groups before selecting a random sample. C) Cluster sampling is a method of random sampling that separates the population into similar groups, and then selects a random sample from the group. D) Stop-or-go sampling is a method of using the dollar as a sampling unit, which increases the probability that larger dollar values will be selected.
D
Which of the following is a practice of weak information security? A. During the process of data transmission from one department to another, data is encryptedB B. Employees log into the corporation's own virtual private networks when they work C. Programers cannot access live applications and data D. Reviewers of work papers can modify incorrect inputs
D
Which one of these situation would constitute Unauthorized Remote Access? A) All employees have not only access to the company policy pdf, but also the ability to edit word docs that updates the pdf. B) All software engineers could not only audit the codes but also edit the codes. C) Monthly banking statements are sent on two different occasions at the end of each month. D) Internal networks that are not supposed to be viewed at company HQ can now be seen from anywhere with company-issued laptops
D
Who of the following is MOST likely to have access to a system application? A) The person who designed the program B) An unauthorized employee C) The manager of a team D) Someone on a "need-to-know" basis
D
You are a cost accountant for a furniture manufacturer using an excel spreadsheet to calculate unit profit using unit costs and selling price. For control purposes you specify that selling prices cells can only be entered as positive numbers while cost cells can only be entered as negatives. You put in a conditional format to compare unit profit to unit selling price to see the ratio to previous historical ratios. You create a separate tab in the workbook to calculate the unit selling price working from your pre-calculated unit profit number to make sure they agree. Lastly, the furniture your company sells never realistically exceeds $8,000 for an entire set, let alone a single piece so you put a limit to unit selling price cells to $10,000. Which of the following entry controls were not mentioned in the above scenario? A. Limit Check B. Sign Check C. Check Digit Verification D. Field Check
D
You are an auditor looking over the sales ledger of your client, you also use CAAT programs to aid you in your work. You are able to see the total amount of sales in the ledger to compare to amounts reported on the clients financial statement. Also, per your clients policies of being closed on holidays it would be unusual to see sales recorded during holidays unless it was an exception by a senior manager. Based on the above scenario CAAT is able to assist in which areas? A. Items of Audit Interest B. Audit Mathematics C. Data Analysis D. All of the above
D
You are the CEO of an automotive company. As part of your IT environment to perform day to day work and business decisions you see the following: The sales division use Excel extensively to perform financial calculations that are part of the financial statements. The supply chain management division uses Access to keep track of suppliers. The IT division uses sophisticated software from a 3rd party to protect cybersecurity. Finally the marketing division uses large amounts of Google Drive storage to make video, audio and graphical promotional material. Priority of Risk Assessment would be in which Division(s)? A. Sales division & Supply Chain Management division B. IT division C. Marketing division D. All of the divisions
D
You're an IT auditor assessing a firm's Spreadsheet Controls. Which of the following are deficiencies that you would note in your assessment? (PowerPoint Slide 19) a. The depreciation schedule for PP&E allows Land to be depreciated. b. Days of payables can be entered as a negative non-integer c. Company policy does not mandate a Notes tab in spreadsheets d. All of the above.
D