Chapter 8 SB
The use of information technology ______. Multiple select question. - generally reduces the paper trail - makes it easier to alter data - affects the fundamental manner of transactions - reduces the number of controls to be tested
- generally reduces the paper trail - makes it easier to alter data - affects the fundamental manner of transactions
A service organization's Type ______ report provides information on the suitability of the design of controls. Multiple choice question. 2 1
1
A service organization's Type ______ report provides information on the operating effectiveness of controls. Multiple choice question. 1 2
2
True or false: An advantage of controlled programs is that the auditor may test the client's program by using test data only.
False
True or false: Generally accepted auditing standards prohibit the use of IT specialists to act as consultants for the auditors during a financial statement audit.
False
The process of verifying the identify of a person accessing a system or data is referred to as____
authentication
Application control activities may be classified as ______ activities. Multiple select question. programmed control automatically generated manual follow-up
programmed control manual follow-up
As part of organizational controls, at least ______ information systems employees should be present whenever the IT facility is in use. Multiple choice question. two four three
two
To reduce data redundancy and inconsistent data it is best to ______. Multiple choice question. use transaction files to store data use master files to store data maintain a database system
maintain a database system
Cyber criminals may gain access to an organization's system and destroy the data using ______. Multiple choice question. malware ransomware virusware
malware
Cyber criminals may gain access to an organization's system and destroy the data using _____or, demand money for releasing the system using____
malware ransomware
General control activities include all of the following except ______. Multiple choice question. IT operations and controls access to programs development of new programs manual checks of computer output
manual checks of computer output
An application control activity that analyzes outputs generated in the form of exception reports is called a ______ activity. Multiple choice question. programmed control manual follow-up processing control
manual follow-up
When an audit client has an IT-based system, the auditor CPA firm ______ assist with understanding internal control or designing effective audit tests. Multiple choice question. may rely on outside consultants to must use their own firm's IT specialists to
may rely on outside consultants to
The two major types of software are the ______system and _____software.
operating application
A manual that contains the instructions for processing a program is called a(n) ____ manual.
operations
The computer operators should have access to ______. Multiple choice question. systems manuals only both program documentation and operations manuals operations manuals only program documentation only
operations manuals only
User control activities appraise the reliability of ______ from the information systems department by extensive review and testing. Multiple choice question. both input and output output input
output
To protect IT equipment against sabotage, fire and water damage, appropriate ____ controls are necessary.
physical
Requiring user involvement in the purchase, development, and testing of programs before they are implemented is an example of a(n)____ ____ control.
system development
Auditors document their understanding of IT-based system controls by using ______. Multiple select question. systems flowcharts internal control questionnaires written narrative video recording of controls
systems flowcharts internal control questionnaires written narrative
In the audit of an IT system, an approach comparable to tracing sample transactions from inception to final disposition is the use of ______. Multiple choice question. controlled programs tagging and tracing generalized audit software programs test data
test data
The role of internal auditors in an IT environment include ______. Multiple select question. testing controls to ensure they are operating properly maintaining day-to-day maintenance of the controls participation in the design of the IT-based system
testing controls to ensure they are operating properly participation in the design of the IT-based system
In a computerized system ______. Multiple choice question. the programming function should control data entry controls are in place that make segregation of duties unnecessary the computer operator should not have detailed knowledge of the programs
the computer operator should not have detailed knowledge of the programs
General control activities include activities to control ______. Multiple select question. the development of new programs output of programs and data changes to existing programs access to programs and data
the development of new programs changes to existing programs access to programs and data
Select all that apply In an IT-based system ______. Multiple select question. - the importance of internal control is diminished due to the integration of functions - segregation of duties is no longer an issue - work normally divided among many employees may be performed electronically - controls and written into the computer program
- work normally divided among many employees may be performed electronically - controls and written into the computer program
Which of the following is NOT an organizational control that should be in place in the information systems department? Multiple choice question. All programming functions should be separated to prevent collusion. Adequate fidelity bonds should be obtained for all IT employees. Mandatory vacations should be required. Operator assignments should be rotated.
All programming functions should be separated to prevent collusion.
Identify which responsibilities fall in the application systems roles. Multiple select question. Application programming Data entry Telecommunications Systems analysis
Application programming Systems analysis
Identify which responsibilities fall in the operations roles. Multiple select question. Systems analysis Telecommunications Computer operations Data control
Computer operations Data control
True or false: User control activities are more efficient than application control activities.
False
Auditors consider IT control most in which of the following stages of the audit? Multiple choice question. Forming an opinion and issuing the audit report Planning the audit including the audit strategy Obtaining an understanding of the client
Obtaining an understanding of the client
What is the difference between a control total and a hash total? Multiple choice question. The hash total has meaning but the control total does not. There is no difference - these are two terms for the same thing. The control total has meaning but the hash total does not.
The control total has meaning but the hash total does not.
True or false: Preventive and detective controls often work together. True false question. True False
True+
Unauthorized access to a computer or private network is prevented with the use of ______. Multiple choice question. a firewall biometric identifiers programmed control activities encryption
a firewall
A log that consists of suggestions for changes in programs is called a(n) _____ _____ log.
change request
A log that consists of suggestions for changes in programs is called a ______ log. Multiple choice question. change request data interchange database
change request
When auditors are unsure of the software's operation, testing using ______ is useful. Multiple choice question. user control activities computer-assisted audit techniques decentralized processing
computer-assisted audit techniques
Data redundancy and inconsistent data can be reduced by maintaining a(n) ______ system.
database
The role of internal auditors in an IT environment include all of the following tasks except ______. Multiple choice question. day-to-day maintenance of the controls participation in the design of the IT-based system testing the controls to ensure they are operating properly
day-to-day maintenance of the controls
Most manual follow-up activities consist of review and analysis of outputs that have been generated in the form of ______ reports. Multiple choice question. control total processing control item count exception
exception
Hardware, software, or a combination of both can be used to implement a(n)____ to prevent unauthorized access to a computer or private network
firewall
A type of control activity that applies to a number of IT applications is called a(n) ______ control activity. Multiple choice question. application user general
general
Computer ______ is composed of physical elements, primarily a central processing unit (CPU). Multiple choice question. software commerce hardware
hardware
The computer and peripheral equipment for input, output, and storage of data is called_____
hardware
To test the effectiveness of general controls for development of new programs and systems, the auditors may ______. Multiple select question. interview personnel that developed the program inspect the documentation of the tests performed before the program was implemented examine input controls by accounting for the serial sequence of source documents
interview personnel that developed the program inspect the documentation of the tests performed before the program was implemented
To develop new systems many firms use a multiphased, structured method called the systems development ____ ______approach
life cycle
Specialized hardware and software that allow different IT devices to connect with each other to share data, software, and other hardware resources is called a(n)
network
Analysis of exception reports may be especially effective for testing application control activities when ______ is used. Multiple choice question. off-the-shelf software with no modifications off-the-shelf software with user modifications custom software programmed by client information technology staff
off-the-shelf software with no modifications
A(n) ______ system coordinates and controls hardware components. Multiple choice question. processing application operating
operating
Segregation of duties is an example of a(n)______ control designed to stop errors, inaccuracy, or fraud before it occurs, whereas _______ controls are intended to uncover the existence of issues that have already occurred
preventative detective
Application control activities may be classified as _____ control activities and ____ follow-up activities.
programmed manual
To test general controls over program changes the auditors may ______. Multiple choice question. inspect exception reports generated by the system and review the way in which exceptions were handled review input controls by testing the serial sequence of source documents in selected batches review documentation of changes to the log of manager approvals
review documentation of changes to the log of manager approvals
An accuracy check that uses redundant information, such as the last two digits being a mathematical combination of the others is called a ______. Multiple choice question. self-checking number validity test limit field test
self-checking number
Computer-based fraud is commonly performed by the person that ______. Multiple choice question. prepares and verifies input data for processing maintains and enhances IT networks and network connections set up the system and controls the modifications
set up the system and controls the modifications
Computer-based fraud is commonly performed by the person that ______. Multiple choice question. prepares and verifies input data for processing set up the system and controls the modifications maintains and enhances IT networks and network connections
set up the system and controls the modifications
A significant risk in the use of decentralized computer is the possibility of ______, which can cause loss of data and programs. Multiple choice question. management fraud software viruses unauthorized use
software viruses
When a client's IT-based system is relatively simple and produces hard-copy documents and records, the auditor can audit around the computer and use more ___ procedures to reduce _____ risk to an acceptable level.
substantive detection
In the audit of an IT system, an approach comparable to tracing sample transactions from inception to final disposition is the use of___ data
test
An information technology control activity that is performed to test the accuracy and completeness of IT reports is called a(n)_____ control activity.
user
A comparison of data against a master file or table for accuracy is called a ______ test. Multiple choice question. validity limit self-checking number
validity
A comparison of data against a master file or table for accuracy is called a ______ test. Multiple choice question. validity self-checking number limit
validity
A program that has the ability to attach itself to a legitimate program and modify other programs and systems is called a software____
virus
In a computerized system ______. Multiple choice question. the computer operator should not have detailed knowledge of the programs controls are in place that make segregation of duties unnecessary the programming function should control data entry
Answer Mode Multiple Choice QuestionYour Answer correct In a computerized system ______. Multiple choice question. the computer operator should not have detailed knowledge of the programs controls are in place that make segregation of duties unnecessary the programming function should control data entry Reason: These should be separate. Correct Answer the computer operator should not have detailed knowledge of the programs
Internet transactions are secured through public-key encryption and ______ that verify the identities of individuals or servers. Multiple choice question. Certificate Authorities Firewall Networks Biometric Identifiers
Certificate Authorities
Identify substantive procedures that can be performed with audit software. Multiple select question. Confirm all client data is accurate providing proof that the financial statements present fairly in all respects Examine the client's records for quality, completeness, and valid conditions Select random audit samples Rearrange data and perform analyses
Examine the client's records for quality, completeness, and valid conditions Select random audit samples Rearrange data and perform analyses
True or false: The electronic processing of information has obscured, and in some cases, eliminated the audit trail.
False
True or false: The electronic processing of information has obscured, and in some cases, eliminated the audit trail. True false question. True False
False
True or false: The integration of functions in an IT-based system diminishes the importance of internal controls. True false question. True False
False
Which of the following is NOT a common authentication technique used today? Multiple choice question. Biometric identifiers Smart cards User names and passwords Firewalls
Firewalls
When performing a financial statement audit, the auditors' consideration of IT controls relate most directly to which of the following steps? Multiple select question. Obtain an understanding of the client Assess the risks of material misstatement Complete the audit Perform further audit procedures Plan the audit including an overall audit strategy
Obtain an understanding of the client Assess the risks of material misstatement Perform further audit procedures
Identify the ways that auditors may access and analyze client records. Multiple select question. Use the auditors' generalized audit software on the client's IT-based system Download the client's data to be analyzed on the auditors' computer Obtain a copy of the client's records that may be analyzed on the auditors' computer Use the client's generalized audit software on the client's IT-based system
Use the auditors' generalized audit software on the client's IT-based system Download the client's data to be analyzed on the auditors' computer Obtain a copy of the client's records that may be analyzed on the auditors' computer
Specialized hardware and software that allow different IT devices to connect with each other to share data, software, and other hardware resources is called ______. Multiple choice question. a database cloud computing a network an operating system
a network
Data processed and transmitted by the system in arrays of bits to prevent unauthorized access to information when it is being transmitted is called ______. Multiple choice question. a parity check echo check data encryption
a parity check
Auditing around the computer is ______. Multiple choice question. acceptable when the system is relatively simple never acceptable acceptable when auditors lack understanding of the IT processing activities always acceptable
acceptable when the system is relatively simple
Due to the increasing volume of digital information and the Internet, organizations should consider using information security standards such as ISO 27002 in evaluating their systems for proper _____ _____.
access security
Due to the increasing volume of digital information and the Internet, organizations should consider using information security standards such as ISO 27002 in evaluating their systems for proper ______. Multiple choice question. physical control access security infrastructure controls systems development and maintenance
access security
Generalized audit software ______. Multiple select question. results in reduced sample sizes of transactions to be tested allows auditors to conduct independent processing of live data performs many specific audit functions
allows auditors to conduct independent processing of live data performs many specific audit functions
A primary approach to assess ___ control activities is to test the manual follow-up activities by inspecting the exception reports generated by the system and review the way in which the exceptions were handled.
application
An advantage to the use of ____ programs is that the auditor may test the client's program with both live and test data.
controlled
There is an increased risk of use by unauthorized personnel; therefore, the computers should be programed to require the user to enter an authorization code to gain access to application menus in a(n) ____ processing system.
decentralized
One of the most common techniques to protect the privacy and integrity of digital information and ensure private secure communication is the use of ____
encryption
To test the reliability of the client's programs and perform many specific auditing functions, many CPA firms use ____ audit software.
generalized
A programmed control activity that sums one field of information for all items in a batch but has no intrinsic meaning is called a(n)___ ____
hash total
A method often used by internal auditors to test and monitor controls in computer applications is a(n) ____ ____facility.
integrated test
A set of dummy records and files included in an IT system enabling test data to be processed simultaneously with live input is called ______. Multiple choice question. program analysis techniques integrated test facility controlled programs
integrated test facility
Appropriate physical controls for IT equipment include ______. Multiple select question. limited access a fire-suppression system numerous windows in the facility proper personnel screening
limited access a fire-suppression system proper personnel screening
For a system with simple internal control, a(n) ______ might be adequate to document the system. Multiple choice question. internal control questionnaire system flowchart written narrative
written narrative
For a system with simple internal control, a(n) ______ might be adequate to document the system. Multiple choice question. internal control questionnaire written narrative system flowchart
written narrative