Chp 11
Which of the following is not a risk specific to IT environments? A) Increased segregation of duties B) unauthorized access C) need for IT experience D) loss of data E) all of the above are risks specific to IT environments
A
Which of the following statements is correct with respect to separation of duties? A) employees should not have temporary and permanent custody of assets B) it is permissible to allow an employee to open cash receipts and record those receipts C) employees who have operational responsibility should not have record-keeping responsibility D) employees who authorize transactions should have recording responsibility for these transactions E) employees who authorize transactions should have custody of related assets
C
General controls include all of the following expect: A) output controls B) access control (Physical & online security) C) Organization and Operations (Segregation of Duties) D) Hardware controls
A
Parallel testing is more expensive than pilot testing A) true B) false
A
The auditor should obtain knowledge of the activities management uses to monitor internal control over financial reporting and understand how those activities are used to initiate corrective action when necessary. A) true B) false
A
The primary emphasis by auditors is on controls over classes of transactions. A) true B) false
A
What tools do companies use to limit access to sensitive company data? Encryption techniques, digital signatures, firewall A) yes, yes, yes B) yes, no , no C) no , yes, yes D) yes , no, yes
A
When a client uses microcomputer for the accounting functions, the auditor should normally rely only on non-IT controls or take a substantive approach to the audit. A) True B) False
A
When auditing a client who uses a database management system, the auditor is principally aware of elevated risk due to the fact that: A) multiple users can access and update data files B) the accounting information is only in one place C) the database administrator may lack appropriate accounting knowledge D) multiple users could all access the data simultaneously causing a system shutdown
A
A ________ total represents the summary total of codes from all records in a batch that do not represent a meaningful total. A) record B) hash C) output D) financial
B
Many clients have outsourced the IT functions. The difficulty the independent auditor faces when a computer service center is used to gain the permission of the service center to review their work. A) True B) False
B
Sarbanes- Oxley requires management to issue an internal control report that includes a statement that management and board of directors are jointly responsible for establishing and maintaining an adequate internal control structure and procedures for financial reporting. A) true B) false
B
The three primary objectives of internal controls re reliability of financial reporting, efficiency and effectiveness of operations, and reducing business risk. A) True B) False
B
Which of the following best explains the relationship between general controls and application controls? A) application controls are effective even if general controls are extremely weak B) application controls are likely to be effective only when general controls are effective C) general controls have no impact on application controls D) none of the above
B
Which of the following is not a risk specific to IT environments? A) reliance on the functioning capabilities of hardware and software B) increase human involvement C) visibility of audit trail D) systematic errors E) lack of traditional authorization
B
Companies with non-complex IT environment often rely on desktops and networked servers to perform accounting system functions. Which of the following is not an audit consideration in such an environment? A) Network configuration B) Unauthorized access to master files C) Vulnerability to viruses and other risks D) Excess reliance on automated controls
D
Controls which apply to a specific element of the system are called A) user controls B) general controls C) system controls D) applications controls
D
Which of the following is not an application control A) input control B) processing control C) output control D) software control E) All of the above are an application control
D
Which of the following is not a limitation of internal control: A) Human errors B) Management override C) Changing condition D) Collusion E) All of the above are limitations of internal control
E
Which of the following is not a risk specific to IT environments? A) Unauthorized changes to data in master files B) Unauthorized changes to systems or programs C) Inappropriate manual intervention D) Failure to make necessary changes to systems or programs E) All of the above are risks specific to IT environment
E
Which of the following is the most important component of COSO internal control framework: A) control activities B) risk assessment C) information and communication d) monitoring e) environmental control (control environment)
E