Auditing - Appendix H Information Technology and the Auditor

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

Frauds that get past prevention controls should be discovered by controls.

detection

Which of the following is NOT an administrative level control? Multiple choice question. Program testing after modification Access control software and passwords Rotation of computer duties Security checks on personnel

Access control software and passwords

Which of the following is NOT a processing control? Multiple choice question. Computer prompting Audit trail Data comparisons Control totals Transaction logs

Computer prompting

Which of the following is both an output and a processing control? Multiple choice question. Master file changes Control total reports Run-to-run totals Limit and reasonableness tests

Control total reports

True or false: All passwords should be at least six characters long to make hacking by computer-generated algorithms difficult.

False

True or false: Small entities often fail to separate the functions of programming and operations due to indifference with respect to internal control. True false question.TrueFalse

False

True or false: The process of identifying the points in the flow of transactions where specific types of misstatements could occur is virtually the same in both manual and and IT processing environments. True false question. True False

False

Which type of controls are designed to provide reasonable assurance that data received for processing by the computer department have been properly authorized and accurately entered or converted for processing? Multiple choice question. Input Output Processing Authorization

Input

Which of the following is both an input and a processing control? Multiple choice question. Run-to-run totals Limit and reasonableness tests Data entry and formatting controls Valid character tests

Limit and reasonableness tests

Which of the following are NOT processing controls? Multiple select question. Run-to-run totals Control total reports Missing data tests Master file changes

Missing data tests Master file changes

Which of the following statements is correct? Multiple choice question. When forming the IT testing plan, only entirely automated controls need to be tested. Manual control activities that rely on a system generated report get special consideration when forming the IT audit testing plan. Only purely manual control activities can be ignored in the IT audit testing plan.

Only purely manual control activities can be ignored in the IT audit testing plan.

Which type of controls are concerned with detecting rather than preventing errors? Multiple choice question. Reasonableness Output Input Processing

Output

Which type of controls are similar in nature to input controls? Multiple choice question. Reasonableness Authorization Processing Output

Processing

Which of the following is NOT a program development control? Multiple choice question. All software and programs have appropriate documentation. Programs and software are tested and validated prior to being placed in operations. Processing failures are resolved on a timely basis. Programs and software support the entity's financial reporting requirements.

Processing failures are resolved on a timely basis.

Which of the following is NOT a computer operations control? Multiple choice question. Transactions are processed in accordance with the entity's objectives. Programs and software support the entity's financial reporting requirements. Actions are taken to facilitate backup and recovery of data when needed. Processing failures are resolved on a timely basis.

Programs and software support the entity's financial reporting requirements.

Which of the following is NOT an input control? Multiple choice question. Run-to-run totals Check digits Batch totals Data entry and formatting controls

Run-to-run totals

Which of the following is NOT a typical end-user computing environment control issue that audit teams must consider? Multiple choice question. Lack of program documentation and testing Limited computer knowledge Separation of programming and operations functions Lack of physical security

Separation of programming and operations functions

Which of the following is NOT a technical control? Multiple choice question. Range checks Transaction logging reports Transaction limit amounts Data encryption

Transaction limit amounts

Which of the following is NOT a physical control? Multiple choice question. Preprinted limits on documents Data backup storage Transaction logging reports Controlled access

Transaction logging reports

Which of the following is NOT a data entry control in end-user computing environments? Multiple choice question. Online editing and sight verification Transaction logs Access restriction to input devices Standard screens and computer prompting

Transaction logs

True or false: When a user entity employs a service organization for specialized processing, the user entity's auditors must still evaluate controls related to the service organization's computerized processing for the user entity.

True

Experts have two definitions related to computer chicanery: computer and computer .

abuse, fraud

The use of information technology by a perpetrator to achieve a gain at the expense of a victim is called computer or computer .

abuse, fraud

Individuals employed by the entity and limitations or limits on the nature and scope of activities they perform are the focus of level controls.

administrative

In an IT environment, a chain of evidence and documentation known as a(n) _________ _________ does not exist.

audit trail

Controls applied to specific business activities within an accounting information system to achieve financial reporting objectives are called controls.

automated application

Providing reasonable assurance that processing failures do not affect or delay the processing of other transactions is one objective of _ _controls.

computer operations

Computer operations controls are implemented for files and data used in processing with the major objectives of ensuring files ______. Multiple select question. can be reconstructed from earlier versions of processing information used in automated processing are appropriate are free from input and output errors are appropriately secured and protected from loss

can be reconstructed from earlier versions of processing information used in automated processing are appropriate are appropriately secured and protected from loss

Extra numbers tagged onto the end of basic ID numbers designed to detect coding or keying errors are called

check digits

Rotation of assigned tasks, proper supervision, and required vacations are all important controls when there is inadequate separation of duties.

compensating

"The science of acquiring, preserving, retrieving, and presenting data that has been processed electronically and stored on computer media" is the FBI definition of

computer forensics

Impeaching a president, terrorist tracking and child pornographer prosecution have all been helped by

computer forensics

Having an appropriate disaster recovery plan to ensure files are secured and protected from loss is a major objective of _ _ controls

computer operations

Having an appropriate disaster recovery plan to ensure files are secured and protected from loss is a major objective of _____ _____ controls.

computer operations

Record counts, batch totals, hash totals and run-to-run totals should be calculated during processing operations and summarized in a(n) report.

control totals

Restrictions on access to input devices and standard screens and computer prompting are examples of controls in end-user computing environments.

data entry

In determining whether an audit team can rely on IT controls, auditors must determine the scope of the IT testing plan completed by carefully identifying each of the IT ____________

dependencies or dependency

Audit professionals generally categorize ___________ level controls as either general controls or application controls.

entity

Within a client's IT environment, there are essential, general IT controls that apply to all applications that are called _____ level controls.

entity

When computerized processing is used ______. Multiple choice question. transaction errors are virtually eliminated the auditor needs to be able to test for the occurrence of random errors errors will result in all similar transactions being processed incorrectly

errors will result in all similar transactions being processed incorrectly

The assessment process that needs to be undertaken for IT controls is ______ the assessment process that needs to be taken for manual controls.

essentially the same as

Whether the entity should purchase, develop or modify a system is determined during the analysis stage of the SDLC.

feasibility

A log that records time and use statistics for specific computer applications is an example of a(n) ______ control. Multiple choice question. authorization and approval data entry and formatting limit and reasonableness file and operator

file and operator

A safe and secure computing environment that allows the operating controls to operate effectively is provided by the ______ IT controls.

general

Controls that apply to all applications of an accounting information system are called ______ controls.

general

Totals that allow input errors to be detected prior to submission for processing but are not meaningful for accounting records are called totals.

hash

Controls that provide the opportunity for entity personnel to correct and resubmit data initially rejected as erroneous are called __ controls.

input

Controls that provide the opportunity for entity personnel to correct and resubmit data initially rejected as erroneous are called controls.

input

In an information technology environment, audit teams need to be concerned with ______ errors. Multiple select question. random processing input systematic processing

input systematic processing

Automated application controls are organized under three categories, _ controls, _ controls and _ controls.

input, processing, output

Compensating controls include ______. Multiple select question. investigation of excess computer usage required vacation separation of duties rotation of duties

investigation of excess computer usage required vacation rotation of duties

When scoping the IT audit procedures that need to be completed, auditors need to be concerned with ______ Multiple choice question. the full range of control activities implemented by management key control activities being relied on the mitigate the RMM only those control activities deemed important by the IT auditors

key control activities being relied on the mitigate the RMM

An important program development control is the entity's use of the systems development __ __ process.

life cycle

IT dependencies must be tested for ______. Multiple select question. purely manual control activities that do not rely on a system generated report manual control activities that rely on a system generated report entirely automated controls

manual control activities that rely on a system generated report entirely automated controls

Reasonable assurance that only authorized persons have access to files produced by the system is one concern of controls.

output

The most common form of control related to access is the use of ______.

passwords

Placing computer devices out of the way of casual traffic is an example of a(n) control.

physical

When evaluating tests of controls within an IT environment, auditors need to consider the ______. Multiple select question. possible occurrence of random errors possibility of temporary transactions trails potential for increased management supervision potential for errors and frauds

possibility of temporary transactions trails potential for increased management supervision potential for errors and frauds

Errors and frauds are kept from entering the system by controls.

prevention

Data comparisons and audit trails are examples of controls.

processing

Periodically testing and evaluating the accuracy of programs is the most fundamental control a client can implement.

processing

The objectives of _________ _________ controls parallel are to provide reasonable assurances regarding modifications to existing programs.

program change

Having reasonable assurance that appropriate users participate in the software acquisition process is an objective of _ _ controls.

program development

An important general control is the separation of duties performed by system analysts, ______ and ______ ______

programmers, computer operators

An individual knowledgeable about the nature or transactions and processing should perform an overall review of the output for

reasonableness

Which of the following is NOT a method of testing the operating effectiveness of controls? Multiple choice question. observation reconciliation reperformance inquiry inspection of documents

reconciliation

User entities may outsource specialized data processing to other companies referred to as

service organizations

Emergency change requests and the migration of new programs into operations, ______. Multiple select question. should occur within the SDLC process should be subject to standard approval procedures after they are made require appropriate documentation should be migrated by appropriate individuals

should be subject to standard approval procedures after they are made require appropriate documentation should be migrated by appropriate individuals

Data encryption, reasonableness checks and password software are examples of controls.

technical

The major phases that need to be completed in order to determine whether an audit team can rely on IT controls are ______ Multiple select question. discussing the IT controls with the manager in charge testing the IT controls understanding the IT controls and processes that need to be tested determining the scope of the IT testing plan by identifying each IT dependency

testing the IT controls understanding the IT controls and processes that need to be tested determining the scope of the IT testing plan by identifying each IT dependency

Multiple Choice Question One important difference in assessing control risk in an IT environment is in identifying ______. Multiple choice question. whether the design of control procedures suggest a low control risk the types of misstatements that can occur in significant accounting applications the points in the flow of transactions where misstatements could occur specific control procedures designed to prevent or detect misstatements

the points in the flow of transactions where misstatements could occur

The identification of IT applications and systems typically occurs during the _______ of each financial reporting process.

walkthrough


Kaugnay na mga set ng pag-aaral

1.4 - Opportunity Cost - Instruction

View Set

BAS 283: Chapter 13: Groups and Teams: Increasing Cooperation, Reducing Conflict: SmartBook

View Set

Fluid, Electrolyte, and Acid-Base Regulation

View Set

Critical Care Exam 3: Burns Specifics

View Set