Audit Module H LearnSmart
Which of the following is NOT a processing control?
computer prompting
Which of the following is both an output and a processing control?
control total reports
Frauds that get past prevention controls should be discovered by __ controls.
detection
Which of the following are NOT processing controls?
missing data tests, master file changes
True or false: All passwords should be at least six characters long to make hacking by computer-generated algorithms difficult.
False (A six character lower case alphabetic password can be hacked in ten minutes)
True or false: Audit team members need to be concerned about random errors in an IT environment.
False (Audit team members need to be concerned about systematic processing errors)
Which of the following is NOT a program development control?
Processing failures are resolved on a timely basis. (This is a computer operations control)
Which of the following is NOT a computer operations control?
Programs and software support the entity's financial reporting requirements. (This is a program development control)
Which of the following is NOT an input control?
Run-to-run totals (This is a processing control)
Which of the following is NOT a technical control?
Transaction limit amounts (This is an administrative control)
Experts have two definitions related to computer chicanery: computer __ and computer __.
abuse, fraud
Which of the following is NOT an administrative control?
access control software and passwords (This is a technical control)
Individuals employed by the entity and limitations or limits on the nature and scope of activities they perform are the focus of __ controls.
administrative
Computer operations controls are implemented for files and data used in processing with the major objectives of ensuring files:
are appropriately secured and protected from loss, used in automated processing are appropriate, can be reconstructed from earlier versions of processing information
Which of the following is NOT a category of general controls?
automated application
Extra numbers tagged onto the end of basic ID numbers designed to detect coding or keying errors are called __.
check digits
"The science of acquiring, preserving, retrieving, and presenting data that has been processed electronically and stored on computer media" is the FBI definition of __.
computer forensics
One objective of __ controls is to provide reasonable assurance that processing failures do not affect or delay the processing of other transactions.
computer operations
The objectives of __ controls parallel those related to program development.
program change
Record counts, batch totals, hash totals and run-to-run totals should be calculated during processing operations and summarized in a(n) __ report.
control totals
In an IT environment, __ prepare data for machine processing by converting manual data into machine-readable form or directly entering transactions into the system using remote terminals.
data conversion operators
Restrictions on access to input devices and standard screens and computer prompting are examples of __ controls in end-user computing environments.
data entry
Standardized formats and screens are examples of __ controls.
data entry and formatting
The client's use of information technology:
does not affect the audit objective, evaluation of internal control or need for the audit team to gather appropriate evidence
Whether the entity should purchase, develop or modify a system is determined during the __ analysis stage of the SDLC.
feasibility
A log that records time and use statistics for specific computer applications is an example of a(n) __ control.
file and operator
Controls that apply to all applications of an accounting information system are called __ controls.
general
An important difference in assessing control risk in an IT environment versus a manual environment is:
identifying the points in the flow of transactions where specific types of misstatements could occur
Controls that provide the opportunity for entity personnel to correct and resubmit data initially rejected as erroneous are called __ controls.
input
Automated application controls are organized under three categories, __ controls, __ controls and __ controls.
input, processing, output
An important program development control is the entity's use of the systems development __ process.
life cycle
Which of the following is both an input and a processing control?
limit and reasonableness tests
Reasonable assurance that only authorized persons have access to files produced by the systems is one concern of __ controls.
output
Which type of controls are concerned with detecting rather than preventing errors?
output
The most common form of control related to access is the use of __.
passwords
Placing computer devices out of the way of casual traffic is an example of a(n) __ control.
physical
Audit considerations in an IT environment include:
possibility of inappropriate access to computer files and programs, possibility of input errors, lack of an audit trail
Errors and frauds are kept from entering the system by __ controls.
prevention
Data comparisons and audit trails are examples of __ controls.
processing
The most fundamental __ control a client can implement is periodically testing and evaluating the accuracy of its programs.
processing
Which type of controls are similar in nature to input controls?
processing
An important general control is the separation of duties performed by system analysis, __ and __.
programmers, computer operators
An individual knowledgeable about the nature or transactions and processing should perform an overall review of the output for __.
reasonableness
Which of the following is NOT a method of testing the operating effectiveness of controls?
reconciliation
Compensating controls include:
rotation of duties, required vacation, investigation of excess computer usage
Which of the following is NOT a typical end-user computing environment control issue that audit teams must consider?
separation of programming and operations functions (The lack of separation is an issue)
User entities may outsource specialized data processing to other companies referred to as __.
service organizations
Emergency change requests and the migration of new programs into operations,
should be subject ti standard approval procedures after they are made, should be migrated by appropriate individuals, require appropriate documentation
Which of the following is NOT a data entry control in end-user computing environments?
transaction logs(this is a processing control)
