AIS Chapter 7

16. Which of the following is a general control to test for external access to a client's computerized systems? A. Penetration tests B. Hash totals C. Field checks D. Program tracing

A

17. Suppose that during the planning phase of an audit, the auditor determines that weaknesses exist in the client's computerized systems. These weaknesses make the client company susceptible to the risk of an unauthorized break-in. Which type of audit procedures should be emphasized in the remaining phases of this audit? A. Tests of controls B. Penetration tests C. Substantive tests D. Rounding errors tests

A

18. Generalized audit software can be used to: A. Examine the consistency of data maintained on computer files. B. Perform audit tests of multiple computer files concurrently. C. Verify the processing logic of operating system software. D. Process test data against master files that contain both real and fictitious data.

A

45. This organization is part of the AICPA and was the group responsible for issuing Statements on Auditing Standards which were historically widely used in practice. A. Auditing Standards Board B. Public Company Accounting Oversight Board C. International Audit Practices Committee D. Information Systems Audit and Control Association

A

49. Independence in mental attitude is to be maintained in all matters related to the audit engagement. This is one of the generally accepted auditing standards that is part of the: A. General Standards B. Operating Standards C. Fieldwork Standards D. Reporting Standards

A

52X. Although there are a number of organizations that provide detailed guidance, it is still necessary for auditors to rely on other direction regarding the types of audit tests to use and the manner in which the conclusions are drawn. These sources of information include: A. Industry Guidelines B. PCAOB C. ASB D. ASACA

A

54. Audit tests developed for an audit client are documented in a(n): A. Audit Program B. Audit Objective C. Management Assertion D. General Objectives

A

67. This approach, referred to as the whitebox approach, requires auditors to evaluate IT controls and processing so that they can determine whether the information generated from the system is reliable. A. Auditing through the system B. Auditing around the system C. Computer assisted audit techniques D. Auditing with the computer

A

74X. Auditors should perform this type of test to determine the valid use of the company's computer system, according to the authority tables. A. Authenticity tests B. Penetration tests C. Vulnerability assessments D. IT systems documentation

A

77. One of the most effective ways a client can protect its computer system is to place physical controls in the computer center. Physical controls include all of the following, except: A. Proper temperature control B. Locks C. Security guards D. Cameras

A

87. This piece of audit evidence is often considered to be the most important because it is a signed acknowledgment of management's responsibility for the fair presentation of the financial statements and a declaration that they have provided complete and accurate information to the auditors during all phases of the audit. A. Letter of Representation B. Audit Report C. Encounter Statement D. Auditors Contract

A

34. The IT environment plays a key role in how auditors conduct their work in all but which of the following areas: A. Consideration of Risk B. Consideration of Information Fairness C. Design and Performance of Audit Tests D. Audit Procedures Used

B

38. The existence of IT-based business processes often result in details of transactions being entered directly into the computer system, results in a lack of physical evidence to visibly view. This situation is referred to as: A. Physical Evidence Risk B. Loss of Audit Trail Visibility C. Transaction Summary Chart D. Lack of Evidence View

B

64X. Auditing standards address the importance of understanding both the automated and manual procedures that make up an organization's internal controls and consider how misstatements may occur, including all of the following, except: A. How transactions are entered into the computer B. How financial statement are printed from the computer C. How nonstandard journal entries and adjusting entries are initiated, recorded, and processed. D. How standard journal entries are initiated, recorded, and processed.

B

66. Many companies design their IT system so that all documents and reports can be retrieved from the system in readable form. Auditors can then compare the documents used to input the data into the system with reports generated from the system, without gaining any extensive knowledge of the computer system and does not require the evaluation fo computer controls. This process is referred to as: A. Auditing through the system B. Auditing around the system C. Computer assisted audit techniques D. Auditing with the computer

B

78X. One of the most effective ways a client can protect its computer system is to place environmental controls in the computer center. Environmental controls include: A. Card keys B. Emergency power supply C. Alarms D. Security guards

B

83. Regardless of whether the results are printed or retained electronically, auditors may perform all of the following procedures to test application outputs, except: A. Integrated Tests B. Reasonableness Tests C. Audit Trail Tests D. Rounding Errors Tests

B

88. Which of the following is a proper description of an auditor report? A. Unqualified opinion - identifies certain exceptions to the clean opinion. B. Adverse opinion - notes that there are material misstatements presented. C. Qualified opinion - states that the auditors believe the financial statements are fairly and consistently presented in accordance with GAAP. D. Unqualified opinion - states that the auditors were not able to reach a conclusion.

B

92X. All types of auditors must follow guidelines promoting ethical conduct. For financial statement auditors, the PCAOB/AICPA has established a Code of Professional Conduct, commonly called the Code of Ethics, which consists of two sections. Which of the following correctly states the two sections? A. Integrity and responsibility B. Principles and rules C. Objectivity and independence D. Scope and nature

B

33. The independence of a CPA could be impaired by: A. Having no knowledge of the company or the company management B. By owning stock of a similar company C. Having the ability to influence the client's decisions D. Being married to a stockbroker

C

39. The existence of IT-based business processes, that result in the details of the transactions being entered directly into the computer system, increases the likelihood of the loss or alternation of data due to all of the following, except: A. System Failure B. Database Destruction C. Programmer Incompetence D. Environmental Damage

C

55X. The management assertion related to valuation of transactions and account balances would include all of the following, except: A. Accurate in terms of dollar amounts and quantities B. Supported by detailed evidence C. Real D. Correctly summarized

C

68X. The IT auditing approach referred to as "Auditing through the system" is necessary under which of the following conditions? A. Supporting documents are available in both electronic and paper form. B. The auditor does not require evaluation of computer controls. C. The auditor wants to test computer controls as a basis for evaluating risk and reducing the amount of substantive audit testing required. D. The use of the IT system has a low impact on the conduct of the audit.

C

79X. This type of application control is performed to verify the correctness of information entered into software programs. Auditors are concerned about whether errors are being prevented and detected during this stage of data processing. A. Security controls B. Processing controls C. Input controls D. Output controls

C

82X. This is one of the computer-assisted audit techniques, related to processing controls, that involves processing company data through a controlled program designed to resemble the company's application. This test is run to find out whether the same results are achieved under different systems. A. Integrated Test Facility B. Embedded Audit Module C. Parallel Simulation D. Test Data Method

C

89. When PCs are used for accounting instead of mainframes or client-server system, they face a greater risk of loss due to which of the following: A. Authorized access B. Segregation of duties C. Lack of backup control D. All of the above

C

93X. The rule in thePCAOB/AICPA Code of Professional Conduct that is referred to as Responsibilities, can be stated as: A. CPAs should act in a way that will serve the public interest, honor the public trust, and demonstrate commitment to professionalism. B. To maintain and broaden public confidence, CPAs should perform their professional duties with the highest sense of integrity. C. In carrying out their professional duties, CPAs should exercise sensitive professional and moral judgments in all their activities. D. CPAs in public practice should observe the principles of the Code of Professional

C

24. The main purpose of an audit is to assure users of the financial information about the: A. Effectiveness of the internal controls of the company. B. Selection of the proper GAAP when preparing financial statements. C. Proper application of GAAS during the examination. D. Accuracy and completeness of the information.

D

46X. This organization was established by the IFAC to set International Standards on Auditing (ISAs) that contribute to the uniform application of auditing practices on a worldwide basis. A. International Systems Audit and Control Association B. Auditing Standards Board C. Public Company Accounting Oversight Board D. International Auditing and Assurance Standards Board (IAASB)

D

47. This organization issues guidelines for conducting the IT audit. The standards issued address practices related to control and security of the IT system. A. Auditing Standards Board B. Public Company Accounting Oversight Board C. International Audit Practices Committee D. Information Systems Audit and Control Association

D

51X. The general guidelines, known as the generally accepted auditing standards, which include the concepts of presentation in accordance with the established criteria, the consistent application of established principles, adequate disclosure, and the expression of an opinion, relate to the: A. General Standards B. Operating Standards C. Fieldwork Standards D. Reporting Standards

D

57X. The proof of the fairness of the financial information is: A. Tests of Controls B. Substantive Tests C. Audit Completion D. Audit Evidence

D

59. During this phase of the audit, the auditor must gain a thorough understanding of the client's business and financial reporting systems. When completing this phase, the auditors review and assess the risks and controls related to the business. A. Tests of Controls B. Substantive Tests C. Audit Completion / Reporting D. Audit Planning

D

62. A large part of the work performed by an auditor in the audit planning process is the gathering of evidence about the company's internal controls. This can be completed in any of the following ways, except: A. Interviewing key members of the accounting and IT staff. B. Observing policies and procedures C. Review IT user manuals and systems D. Preparing memos to summarize their findings

D

81. This type of processing control test involves a comparison of different items that are expected to have the same values, such s comparing two batches or comparing actual data against a predetermined control total. A. Validation Checks B. Batch Totals C. Run-to-Run Totals D. Balancing Tests

D

104A2. As a business grows, the volume and complexity of its transactions increase. At the same timed, there is a decrease in the chance that misstated information may exist undetected.

F

104X. A financial statement audit is conducted in order for an opinion to be expressed on the fair presentation of financial statements. This goal is affected by the presence or absence of IT accounting systems.

F

107. Auditors have the primary responsibility to make sure that they comply with international standards in all cases.

F

109X. The responsibility for operations, compliance, and financial reporting lies with the auditors.

F

112. The same audit tests would test for completeness of a liability or an asset.

F

113. Auditing testing for any single general auditing objective would involve the same testing techniques even though there are different types of information collected to support different accounts and transactions.

F

114X. Auditors must think about how the features of a company's IT systems influence its management assertions and the general audit objectives even though these matters have little or not impact on the choice of audit methodologies used.

F

115A3. IFRS does not allow as much use of judgment as is allowed under GAAP.

F

118. The process of evaluating internal controls and designing meaningful audit tests is more complex for manual systems than for automated systems.

F

124. Control tests verify whether financial information is accurate, where substantive tests determine whether the financial information is managed under a system that promotes accuracy.

F

128X. Network operations typically involve a large number of computers, many users, and a high volume of data transfers, so any lack of network controls could cause widespread damage. Because of this, it is necessary for auditors to apply strict tests to a representative sample of the network.

F

130A4. When an auditor is engaged to audit a company that uses cloud computing, the auditor must rely on the SOC reports provided by the service company's auditors.

F

130X. When a client company is using IT outsourcing, and that service center has its own auditors who report on internal control, the third-party report (from the independent auditors) can not be used as audit evidence without the auditor performing an adequate amount of compliance testing.

F

134X. Of all the principles applicable to auditors, the one that generally receives the most attention is the requirement that financial statement auditors maintain integrity.

F

136. The Sarbanes-Oxley Act decreased management's responsibilities regarding the fair presentation of the financial statements.

F

140X. The PCAOB/AICPA Code of Professional Conduct is made up of two sections. One section, the rules, are the foundations for the honorable behavior expected of CPAs while performing professional duties.

F

99. An important requirement for CPA firms is that they must be personally involved with the management of the firm that is being audited.

F

101. All types of auditors should have knowledge abut technology-based systems so that they can properly audit IT systems.

T

111. Management assertions relate to the actual existence and proper valuation of transactions and account balances.

T

119A1. In order to enhance controls, reconciliations should be performed by company personnel who are independent from the tasks of initiating or recording the transactions with the accounts being reconciled.

T

125. Regardless of the results of the control testing, some level of substantive testing must take place.

T

130A3. Because there is no such thing as a standard cloud, it is not possible to standardize a risk assessment process and audit procedures for a cloud computing environment.

T

98. Any professionally trained accountant is able to perform an operational audit.

T