Chapter 11 Questions

Which of the following factors may increase risks to an organization? (1) Geographic dispersion of company operations (2) Presence of new information technologies A) (1) Yes (2) Yes B) (1) Yes (2) No C) (1) No (2) No D) (1) No (2) Yes

A) (1) Yes (2) Yes (1) Geographic dispersion of company operations (2) Presence of new information technologies

Which of the following is not an example of an applications control? A) Back-up is made to a remote site for data security B) After processing, all sales transaction are reviewed by the sales department C) There is a pre-processing authorization of the sales transactions D) There are reasonableness tests for the unit selling price of a sale

A) Back-up is made to a remote site for data security

Back and contingency plans should also identify alternate hardware that can be used to process company data. A) True B) False

A) True

In IT systems, if general controls are effective, it increases the auditor's ability to rely on application controls to reduce control risk. A) True B) False

A) True

LANs link equipment within a single or small cluster of buildings and are used within a company. A) True B) False

A) True

Sabanes-Oxley requires management to issue an internal control report that includes two specific items. Which of the following is one of these two requirements? A) a statement that management is responsible for establishing and maintaining an adequate internal control structure and procedures for financial reporting B) a statement that management and the board of directors are jointly responsible for establishing and maintaining an adequate internal control structure and procedures for financial reporting C) a statement that external auditors are solely responsible for establishing and maintaining an adequate system of internal control D) a statement that management, the board of directors, and the external auditors are jointly responsible for establishing and maintaining an adequate internal control structure and procedures for financial reporting

A) a statement that management is responsible for establishing and maintaining an adequate internal control structure and procedures for financial reporting

An example of a specific authorization is management setting a policy authorizing the ordering of inventory when less than one week supply is on hand. A) True B) False

B) False

Section 404 of the Sarbanes-Oxley Act requires that both private and public companies issue an internal control report. A) True B) False

B) False

The primary emphasis by auditors is on controls over A) accounting balances B) classes of transactions C) both A and B, because they are equally important D) both A and B, because they vary from client to client

B) classes of transactions

A ___ is responsible for controlling the use of computer programs, transaction files and other computer records and documentation and releases them to the operators only when authorized. A) data control operator B) librarian C) chief computer operator D) software engineer

B) librarian

The PCAOB places responsibility for the reliability of internal controls over financial reporting process on A) the audit committee of the board of directors B) management C) the company's board of directors D) the CFO and the independent auditors

B) management

The most important output control is A) control totals, which are used to verify that the computer's results are correct B) review of data for reasonableness by someone who knows what the output should look like C) logic tests, which verify that no mistakes were made in processing D) distribution control, which assures that only authorized personnel receive the reports generated by the system

B) review of data for reasonableness by someone who knows what the output should look like

When the auditor is obtaining an understanding of the independent computer service center's internal controls, the auditor should A) use the same criteria used to evaluate the client's internal controls but omit tests of transactions B) use the same criteria used to evaluate the client's internal controls C) use difference criteria for the service center by including substantive tests of balances D) use different criteria because the service center resides outside of the company

B) use the same criteria used to evaluate the client's internal controls

Which of the following best describes an entity's accounting information and communication system? (1) Monitor transactions (2) Record and process transactions (3) Initiate transactions A) (1) Yes (2) Yes (3) Yes B) (1) Yes (2) No (3) No C) (1) No (2) Yes (3) Yes D) (1) No (2) No (3) No

C) (1) No (2) Yes (3) Yes (1) Monitor transactions (2) Record and process transactions (3) Initiate transactions

What tools do companies use to limit access to sensitive company data? (1) Encryption techniques (2) Digital signatures (3) Firewall A) (1) No (2) Yes (3) Yes B) (1) Yes (2) Yes (3) No C) (1) Yes (2) Yes (3) Yes D) (1) Yes (2) No (3) No

C) (1) Yes (2) Yes (3) Yes (1) Encryption techniques (2) Digital signatures (3) Firewall

Internal controls A) guarantee that the company complies with all laws and regulations B) are implemented by and are the responsibility of the auditors C) consist of policies and procedures designed to provide reasonable assurance that the company achieves its objectives D) only apply to SEC companies

C) consists of policies and procedures designed to provide reasonable assurance that the company achieves its objectives and goals

Which of the following statements related to application controls is correct? A) Application controls relate to various aspects of the IT function including physical security and the processing of transactions in various cycles B) Application controls relate to various aspects of the IT function including software acquisition and the processing of transactions C) Application controls relate to all aspects of the IT function D) Application controls relate to the processing of individual transactions

D) Application controls relate to the processing of individual transactions

Controls which are designed to assure that the information entered into the computer is authorized, complete, and accurate are called A) general controls B) output controls C) processing controls D) input controls

D) input controls

Hanlon Corp. maintains a large internal audit staff that reports directly to the accounting department. Audit reports prepared by the internal auditors indicate that the system is functioning as it should and that the accounting records are reliable. An independent auditor will probably A) eliminate tests of controls. B) increase the depth of the study and evaluation of administrative controls. C) avoid duplicating the work performed by the internal audit staff. D) place limited reliance on the work performed by the internal audit staff.

D) place limited reliance on the work performed by the internal audit staff.

Firewalls are used to protect from A) insufficient documentation of transactions Illogical programming commands C) erroneous internal handling of data D) unauthorized external users

D) unauthorized external users