Chapter 8 - Questions
For the definition (or partial definition), identify the most closely related term. 1. Batch processing 2. Data warehouse 3. Database system 4. Decentralized processing system 5. End user computing 6. Extranet 7. Operating system 8. System software A system in which like transactions are processed periodically as a group.
1
For the following description, select the computer audit procedure most closely related. 1. Auditing "around" the computer 2. Tagging and tracing 3. Integrated test facility 4. Parallel simulation 5. Limit test 6. Test data Auditing by manually testing the input and output of a computer system.
1
A computer master file that is the output of the most recent updating operation is referred to as the: a. son file. b. grandfather file. c. scratch file. d. father file.
A
Audit software can help confirm _____ in public warehouses by extracting inventory items with a code denoting that they are stored there for future comparison to the confirmation received from the warehouse. a. existence b. issues c. procedures d. purchases
A
Data processed and transmitted by the system in arrays of bits to prevent unauthorized access to information when it is being transmitted is called ___________. a. a parity check b. an echo check c. data encryption
A
Passwords prevent against: a. Alteration of data by an unauthorized terminal user. b. An error when entering an account number. c. Interception of data when it is transmitted. d. Loss of a transaction during processing of data. e. Loss of data as it is processed internally by the computer. f. Processing a transaction that is unreasonable in amount. g. Unauthorized entry of data after business hours. h. Update of the wrong master file of accounts.
A
What is the IT process called when data processing is performed concurrently with a particular activity and the results are available soon enough to influence the particular course of action being taken or the decision being made? a. Real-time processing. b. Batch processing. c. Random access processing. d. Integrated data processing.
A
____________ may be used to mitigate the risk of viruses in electronic commerce. a. Firewalls b. IT networks c. Password systems d. Physical controls e. Testing of user applications
A
(E) A service auditor's report on a service center should include?
A detailed description of the service centers internal control
Application control activities can be classified into the following categories: (Select all that apply) a. manual follow-up b. programmed control activities c. automatically generated
A, B
Auditors' should document their understanding of IT-based system controls by using __________. (Select all that apply) a. systems flowcharts b. internal control questionnaires c. written narrative d. video recording of controls
A, B, C
A primary approach to assess __________ control activities is to test the manual follow-up activities by inspecting the exception reports generated by the system and review the way in which the exceptions were handled.
Application
A manual that contains the instructions for processing a program is called a(n) __________ manual. a. general b. operations c. systems
B
Backup copies may be used to mitigate the risk of ____________. a. backup copies b. destruction of data c. IT networks d. password systems e. physical controls
B
IT may impact which areas of the audit trail? (Select all that apply) a. there are fewer internal controls to be tested with IT systems b. paper trail may be reduced c. internal controls are harder to test d. makes it impossible to issue an unqualified opinion
B, C
____________ may be used to mitigate unauthorized access to programs. a. Backup copies b. IT networks c. Password systems d. Physical controls e. Testing of user applications
C
Identify which of the following is NOT a common component of an operating system. a. end user computing b. online capabilities c. off-the-shelf software d. IT networks
C (used by system, not part of system)
A log that consists of suggestions for changes in programs is called a(n) ___________ log.
Change request
___________ may be used to mitigate the risk of unauthorized access in computer operations. a. Backup copies b. IT networks c. Password systems d. Physical controls e. Testing of user applications
D
(E) Which of the following personnel is responsible for determining the computer processing needs of users?
Systems analyst - responsible for designing the system
The overall approach in a FS audit is completed in the following order. 1. Perform further audit procedures 2. Plan the audit 3. Complete the audit 4. Form an opinion and issue the audit report 5. Obtain an understanding of the client 6. Assess the risks of material misstatement and design further audit procedures
2, 5, 6, 1, 3, 4
Match the following computer systems to the correct definition. 1. Cloud computing 2. Client/server 3. Off-the-shelf software a. enables on-demand user network access to a shared pool of computing resources b. several computers share memory and printers with a larger computer c. commercially available software available for a variety of users with a similar need
1 - A 2 - B 3 - C
Match the following terms to the correct statements. 1. Data warehouse 2. Decision support systems 3. Expert system a. Subject-oriented, integrated collection of data used to support management decision-making processes b. Computerized information system that guides decision processes within a well-defined area and allows the making of decisions c. Information systems that combine models and data in an attempt to solve non-structured problems with extensive user involvement
1 - A 2 - C 3 - B
Match the following IT network items to the correct statement. 1. Fiber optics transmission 2. Local area network 3. Microwave transmission a. Interconnects computers within limited area b. Uses glass or plastic filament cable to communicate signals in the form of light waves c. Uses electromagnetic waves of certain radio frequencies
1 - B 2 - A 3 - C
Match the following IT network terms to the correct statement. 1. Distributed data processing 2. Cloud computing 3. Extranet a. Private corporate IT networks that link employees and business partners b. Enables network access to a shared pool of computing resources c. Uses communication links to share data and programs among various users in remote locations
1 - C 2 - B 3 - A
Match the information system roles with the responsibilities listed. 1. Systems programmers 2. Telecommunications specialists 3. Data control group 4. Application programmers a. Design flowcharts of the computer programs required by the system, code the required programs, and test the programs b. Maintain and enhance IT networks and network connections c. Troubleshoot the operating system in use, implement new software releases d. Review and tests all input procedures, monitors processing, reviews exception reports, and reviews and distributes all IT output
1 - C 2 - B 3 - D 4 - A
Identify CAAT techniques to the correct statement. 1. Test data 2. Integrated test facility 3. Controlled programs 4. Program analysis techniques a. Techniques for testing programmed control activities that involve the examination of computer-generated flowcharts b. Duplicate client application programs that are maintained under the auditors' control in order to test the programmed control activities c. Set of dummy records and transactions developed to test the adequacy of a computer program or system d. Set of dummy records and files included in an IT system enables test data to be processed simultaneously with live input
1 - C 2 - D 3 - B 4 - A
For the definition (or partial definition), identify the most closely related term. 1. Batch processing 2. Data warehouse 3. Database system 4. Decentralized processing system 5. End user computing 6. Extranet 7. Operating system 8. System software A system that eliminates data redundancy and enforces data integrity by storing data separately from (outside) programs and that contains data for two or more IT applications.
3
For the following description, select the computer audit procedure most closely related. 1. Auditing "around" the computer 2. Tagging and tracing 3. Integrated test facility 4. Parallel simulation 5. Limit test 6. Test data Fictitious and real transactions are processed together without the client's operating personnel knowing the testing process.
3
For the following description, select the computer audit procedure most closely related. 1. Auditing "around" the computer 2. Tagging and tracing 3. Integrated test facility 4. Parallel simulation 5. Limit test 6. Test data May include a simulated division or subsidiary in the accounting system with the purpose of running fictitious transactions through it.
3
For the definition (or partial definition), identify the most closely related term. 1. Batch processing 2. Data warehouse 3. Database system 4. Decentralized processing system 5. End user computing 6. Extranet 7. Operating system 8. System software Computer systems in different locations.
4
For the following description, select the computer audit procedure most closely related. 1. Auditing "around" the computer 2. Tagging and tracing 3. Integrated test facility 4. Parallel simulation 5. Limit test 6. Test data The auditors use generalized audit software to perform processing functions essentially equivalent to those of the client's programs.
4
A comparison of data against a master file or table for accuracy is called a ____________ test. a. validity b. self-checking number c. limit
A
A log that consists of suggestions for changes in programs is called a ___________ log. a. change request b. data interchange c. database
A
An accounts payable program posted a payable to a vendor not included in the online vendor master file. A control which would prevent this error is a: a. validity check b. range check c. limit test d. control total
A
Traditional IT-based systems maintain multiple master files within each application; __________ systems use a single master file for multiple applications. a. database b. master c. end-user
A
When a significant amount of information supporting the FS is in electronic form, the auditor may decide it is necessary to test __________ in addition to performing substantive procedures. a. controls b. commerce c. processing
A
When erroneous data are detected by computer program controls, data may be excluded from processing and printed on an exception report. The exception report should probably be reviewed and followed up by the: a. data control group b. systems analyst c. supervisor of IT operations d. computer programmer
A
Identify characteristics of a decentralized processing system. (Select all that apply) a. processing is usually performed with commercial off-the-shelf packages b. computers are operated by end users with little computer experience c. there is a decreased risk of use by unauthorized end users
A, B
Identify the ways that auditors may access and analyze client records. (Select all that apply) a. obtain a copy of the client's records that may be analyzed on the auditors' computer b. download the client's data to be analyzed on the auditors' computer c. use the client's generalized audit software on the client's IT-based system d. use the auditors' generalized audit software on the client's IT-based system
A, B, D
The role of internal auditors in an IT environment include: (Select all that apply) a. test the controls to ensure they are operating properly b. maintain day-to-day maintenance of the controls c. participation in the design of the IT-based system
A, C
Which of the following is not a characteristic of a batch processed IT system? a. Production of numerous printouts. b. Data input, followed by machine processing. c. The collection of like transactions which are sorted and processed sequentially against a master file. d. Posting of a transaction, as it occurs, to several files, without intermediate printouts.
D
A type of control activity that applies to a number of IT applications is called a ___________ control activity.
General
Computer __________ is composed of physical elements, primarily a central processing unit (CPU).
Hardware
(E) An example of an access control?
Passwords
T or F: A limit test in a computer program is comparable to a decision that an individual makes in a manual system to judge a transaction's reasonableness.
True
T or F: A limit test is a program control that is used to test the reasonableness of a particular transaction.
True
T or F: A major advantage of disk files is the ability to gain random access to data on the disk.
True
T or F: A weakness in internal control would exist if the data control group also operated the computer.
True
T or F: An internal-audit computer program that continuously monitors IT processing is a feasible approach for improving internal control in OLRT systems.
True
T or F: Distributed data processing systems have data communication capabilities.
True
T or F: Elimination of data redundancy is a chief advantage of a database system.
True
T or F: Generalized computer audit software is used for both substantive procedures and tests of controls.
True
T or F: Programs designed to perform specific data processing tasks are known as application software.
True
T or F: The auditors will usually begin their consideration of IT control activities by testing general control activities.
True
T or F: The control of input and output to and from the information systems department should be performed by an independent data control group.
True
T or F: The term grandfather-father-son refers to a method of protecting computer records rather than to generations in the evolution of computer hardware.
True
T or F: When they are not in use, tape and disk files should be stored apart from the computer room under the control of a librarian.
True
Match the following programmed control activities to the correct statement. 1. Item count 2. Limit test 3. Control total 4. Validity test a. Total of one field of information in a batch b. Test of the reasonableness of a field of data using a predetermined upper or lower limit c. Count on the number of items being input in a given batch d. Comparison of data against a master file for accuracy
1 - C 2 - B 3 - A 4 - D
For the definition (or partial definition), identify the most closely related term. 1. Batch processing 2. Data warehouse 3. Database system 4. Decentralized processing system 5. End user computing 6. Extranet 7. Operating system 8. System software A subject-oriented, integrated collection of data used to support management decisionmaking processes.
2
For the definition (or partial definition), identify the most closely related term. 1. Batch processing 2. Data warehouse 3. Database system 4. Decentralized processing system 5. End user computing 6. Extranet 7. Operating system 8. System software An environment in which a user department is responsible for developing, or purchasing and running, an IT system (application) with minimal or no support from the central information systems department.
5
For the following description, select the computer audit procedure most closely related. 1. Auditing "around" the computer 2. Tagging and tracing 3. Integrated test facility 4. Parallel simulation 5. Limit test 6. Test data Dummy transactions developed by the auditor and processed by the client's computer programs, generally for a batch processing system.
6
Which of the following situations is compatible with good internal control in an information systems department? a. Computer librarians have physical control of program documentation. b. Computer programmers have access to input data. c. Computer operators have detailed knowledge of computer programs. d. Computer programmers have unsupervised access to computer terminals.
A
Clico uses an online sales order processing system to process its sales transactions. Clico's sales data are electronically sorted and subjected to edit checks. A direct output of the edit checks most likely would be a: a. report of missing sales invoices. b. file of all rejected sales transactions. c. list of all voided shipping documents. d. printout of all user code numbers and passwords.
B
Independent auditors obtain an understanding of a client's computer system and perform tests of controls. The latter phase might include which of the following? a. Examination of the systems manuals to determine whether existing procedures are satisfactory. b. Examination of the machine room logbook to determine whether control information is properly recorded. c. Examination of systems flowcharts to determine whether they reflect the current status of the system. d. Examination of organization charts to determine whether electronic data processing department responsibilities are properly separated to afford effective control.
B
Self-checking numbers prevent against: a. Alteration of data by an unauthorized terminal user. b. An error when entering an account number. c. Interception of data when it is transmitted. d. Loss of a transaction during processing of data. e. Loss of data as it is processed internally by the computer. f. Processing a transaction that is unreasonable in amount. g. Unauthorized entry of data after business hours. h. Update of the wrong master file of accounts.
B
When auditing an IT-based system, the auditors may use the "integrated test facility" technique, sometimes referred to as the mini-company approach, as an audit tool. This technique: a. is the most commonly used audit tool for "auditing through the computer." b. involves introducing simulated transactions into a system simultaneously with actual transactions. c. involves using test decks. d. is more applicable to independent audits than internal audits.
B
Which of the following is an example of application control activities in IT systems? a. Controls over access to equipment and data files. b. Programmed control activities. c. Documentation procedures. d. Hardware controls.
B
____________ may be used to mitigate the risk of unauthorized changes to computer programs. a. Backup copies b. Controls over access c. Password systems d. Physical controls e. Testing of user applications
B
The auditors may decide not to perform tests of the controls within the computerized portion of the client's internal control. Which of the following would not be a valid reason for choosing to omit such tests? a. The time and dollar costs of testing exceed the time and dollar savings in substantive testing if the tests show the controls operating effectively. b. The controls appear adequate. c. The controls duplicate operative controls existing elsewhere in the system. d. There appear to be major weaknesses that would preclude reliance on the stated procedures.
B (D: you would go straight to substantive testing)
Extremely large data sets that may be analyzed to reveal patterns, trends, and associations are called ___________ data.
Big
Audit _________ can be selected from client files on a random basis. a. issues b. reports c. samples
C
Audit ____can be compared to client records. a. files b. issues c. results
C
Inventory files contain _______ number and cost per unit. a. audit b. employee c. part d. person e. staff
C
Private lines prevent against: a. Alteration of data by an unauthorized terminal user. b. An error when entering an account number. c. Interception of data when it is transmitted. d. Loss of a transaction during processing of data. e. Loss of data as it is processed internally by the computer. f. Processing a transaction that is unreasonable in amount. g. Unauthorized entry of data after business hours. h. Update of the wrong master file of accounts.
C
A customer inadvertently ordered part number 12368 rather than part number 12638. In processing this order, the error could be detected by the vendor with which of the following controls? a. Key verifying. b. Batch totals. c. Limit test. d. Self-checking digit.
D
Data control group activities in an information systems department would appropriately include: a. reviewing error listings and maintaining error logs and reports. b. investigating deviations from standard procedures in data handling. c. supervising distribution of output. d. all of the above.
D
Item counts prevent against: a. Alteration of data by an unauthorized terminal user. b. An error when entering an account number. c. Interception of data when it is transmitted. d. Loss of a transaction during processing of data. e. Loss of data as it is processed internally by the computer. f. Processing a transaction that is unreasonable in amount. g. Unauthorized entry of data after business hours. h. Update of the wrong master file of accounts.
D
Low turnover rates for given inventory items may be indicators of ______. a. consignment b. employees c. high purchases d. obsolescence e. poor cutoff
D
Parity checks prevent against: a. Alteration of data by an unauthorized terminal user. b. An error when entering an account number. c. Interception of data when it is transmitted. d. Loss of a transaction during processing of data. e. Loss of data as it is processed internally by the computer. f. Processing a transaction that is unreasonable in amount. g. Unauthorized entry of data after business hours. h. Update of the wrong master file of accounts.
E
The electronic processing and transmission of data between customer and client is known as ___________.
Electronic commerce
Limit tests prevent against: a. Alteration of data by an unauthorized terminal user. b. An error when entering an account number. c. Interception of data when it is transmitted. d. Loss of a transaction during processing of data. e. Loss of data as it is processed internally by the computer. f. Processing a transaction that is unreasonable in amount. g. Unauthorized entry of data after business hours. h. Update of the wrong master file of accounts.
F
T or F: A recent improvement in computer hardware is the ability to automatically produce error listings. Previously, this was possible only when provisions for such a report were included in the program.
False
Locking operating switches prevent against: a. Alteration of data by an unauthorized terminal user. b. An error when entering an account number. c. Interception of data when it is transmitted. d. Loss of a transaction during processing of data. e. Loss of data as it is processed internally by the computer. f. Processing a transaction that is unreasonable in amount. g. Unauthorized entry of data after business hours. h. Update of the wrong master file of accounts.
G
Internal file labels prevent against: a. Alteration of data by an unauthorized terminal user. b. An error when entering an account number. c. Interception of data when it is transmitted. d. Loss of a transaction during processing of data. e. Loss of data as it is processed internally by the computer. f. Processing a transaction that is unreasonable in amount. g. Unauthorized entry of data after business hours. h. Update of the wrong master file of accounts.
H
T or F: Personal computers are generally operated by end user personnel.
True
Auditors often make use of computer programs that perform routine processing functions such as sorting and merging. These programs are made available by IT companies and others and are referred to as: a. compiler programs b. utility programs c. user programs d. supervisory programs
B
Compensating controls to help prevent computer-based fraud include: a. use of systems programmer b. use of predetermined batch totals c. use of program and file library
B
Processing data through the use of simulated files provides an auditor with information about the operating effectiveness of controls. One of the techniques involved in this approach makes use of: a. input validation. b. an integrated test facility. c. controlled reprocessing. d. program code checking.
B
The increased presence of user operated computers in the workplace has resulted in an increasing number of persons having access to the system. A control that is often used to prevent unatuhorized access to sensitive programs is: a. backup copies of data on diskettes b. user identification passwords c. input validation checks d. record counts of the number of input transactions in a batch being processed
B
Which of the following is an advantage of generalized audit software packages? a) they are all written in one identical computer language b) they can be used for audits of clients that use differing computing equipment and file formats c) they have reduced the need for the auditor to study input controls for computer related procedures d) their use can be substituted for a relatively large part of the required tests of controls
B
Which of the following is an example of a validity test? a. As the computer corrects errors and data are successfully resubmitted to the system, the causes of the errors are printed out. b. The computer flags any transmission for which the control field value did not match that of an existing file record. c. After data for a transaction are entered, the computer sends certain data back to the terminal for comparison with data originally sent. d. The computer ensures that a numerical amount in a record does not exceed some predetermined amount.
B
Which of the following is least likely to be considered by the auditors considering engagement of an information technology specialist on an audit? a) complexity of the client's systems and IT controls b) number of financial institutions at which the client has accounts c) client's use of emerging technologies d) extent of the clients participation in electronic commerce
B
Which software is designed to perform a specific task? a. system b. application c. processing
B
To test the effectiveness of general controls for development of new programs and systems, the auditors may: (Select all that apply) a. examine input controls by accounting for the serial sequence of source documents b. inspect the documentation of the tests performed before the program was implemented c. interview personnel that developed the program
B, C
General control activities include activities to control: (Select all that apply) a. output of programs and data b. changes to existing programs c. development of new programs d. access to programs and data
B, C, D
A graphic representation of the major steps and logic of a computer program is called a(n) __________. a. operating system b. wide area network c. program flowchart
C
An IT system that uses communication links to share data and programs among various users in remote locations throughout the organization and allows users to process data in their own departments is known as a(n) ___________ data processing system. a. integrated b. off-the-shelf c. distributed
C
End user computing is most likely to occur on which of the following types of computers? a. mainframe b. decision support systems c. personal computers d. personal reference assistants
C
The auditors would be least likely to use software to: a. access client data files b. prepare spreadsheets c. assess computer control risk d. construct parallel simulations
C
The auditors would most likely be concerned with which of the following controls in a distributed data processing system? a. hardware controls b. systems documentation controls c. access controls d. disaster recovery controls
C
Under end user computing, the ___________ supports the purchase and maintenance of the software systems. a. information systems department b. support desk c. user department
C
User control activities appraise the reliability of __________ from the information systems department by extensive review and testing. a. input b. both input and output c. output
C
When an online real-time (OLRT) IT processing system is in use, internal control can be strengthened by: a) providing for the separation of duties between data input and error handling operations b) attaching plastic file protection rings to reels of magnetic tape before new data can be entered on the file c) making a validity check of an identification number before a user can obtain access to the computer files d) preparing batch totals to provide assurance that file updated are made for the entire input
C
An auditor will use the computer test data method in order to gain assurances with respect to the: a) security of data in a system b) IT system capacity c) controls contained within a program d) degree of data entry accuracy for batch input data
C - test data = test of control
The types of online systems that allow the users to have direct (online) access to the data stored in the system are: (Select all that apply) a. online operations processing b. off-the-shelf software processing c. online transaction processing d. online analytical processing
C, D
T or F: Advanced computer systems do not generally produce audit trails.
False
T or F: An advantage to batch-processing is that you can review up-to-date information at any time during the day.
False
T or F: An internal label is one of the controls built into magnetic tape drive hardware by the hardware manufacturers.
False
T or F: Distributed data processing by a client requires that an auditor use computer-assisted audit techniques.
False
T or F: Internal auditors are not necessary when the client has a data control group.
False
T or F: Segregation of duties is not a feasible method to help establish control over computer systems.
False
T or F: The objective of the auditor's consideration of internal control is different for a client with a computer system.
False
T or F: To improve control over a computer system, the computer operator should have access to all programs at all times.
False
T or F: Application control activities include controls over making changes to programs and systems.
False - apply to processing individual transactions
T or F: The program analysis technique involves examination of the details of the processing steps for tagged transactions.
False - for testing programmed control activities that involve examination of computer-generated flowcharts of application programs
T or F: A principal advantage of using magnetic tape files is that data need not be recorded sequentially.
False - must be sequential
T or F: Internal file labels are printed labels that are placed on the inside of a tape container.
False - outside
T or F: An echo check is an example of a control that is performed by a user.
False - performed by system
T or F: Data stored on a device with direct access must be stored sequentially.
False - randomly
T or F: Back-up copies of files and records should be maintained with the originals.
False - separate from originals
T or F: Using "test data" is primarily a substantive procedure approach.
False - test of control
Direct (random) access drives offer (faster/slower) _________ retrieval than sequential access drives.
Faster
Hardware that supports and is in direct communication with the CPU is said to be (offline/online) ___________.
Online
A manual that contains the instructions for processing a program is called a(n) ___________ manual.
Operations
(E) Which of the following is an example of a general computer control?
Operations manual
(E) Which of the following computer related employees should not be allowed access to program listings of application programs?
Operator