Audit Module H LearnSmart

Ace your homework & exams now with Quizwiz!

Which of the following is NOT a processing control?

computer prompting

Which of the following is both an output and a processing control?

control total reports

Frauds that get past prevention controls should be discovered by __ controls.

detection

Which of the following are NOT processing controls?

missing data tests, master file changes

True or false: All passwords should be at least six characters long to make hacking by computer-generated algorithms difficult.

False (A six character lower case alphabetic password can be hacked in ten minutes)

True or false: Audit team members need to be concerned about random errors in an IT environment.

False (Audit team members need to be concerned about systematic processing errors)

Which of the following is NOT a program development control?

Processing failures are resolved on a timely basis. (This is a computer operations control)

Which of the following is NOT a computer operations control?

Programs and software support the entity's financial reporting requirements. (This is a program development control)

Which of the following is NOT an input control?

Run-to-run totals (This is a processing control)

Which of the following is NOT a technical control?

Transaction limit amounts (This is an administrative control)

Experts have two definitions related to computer chicanery: computer __ and computer __.

abuse, fraud

Which of the following is NOT an administrative control?

access control software and passwords (This is a technical control)

Individuals employed by the entity and limitations or limits on the nature and scope of activities they perform are the focus of __ controls.

administrative

Computer operations controls are implemented for files and data used in processing with the major objectives of ensuring files:

are appropriately secured and protected from loss, used in automated processing are appropriate, can be reconstructed from earlier versions of processing information

Which of the following is NOT a category of general controls?

automated application

Extra numbers tagged onto the end of basic ID numbers designed to detect coding or keying errors are called __.

check digits

"The science of acquiring, preserving, retrieving, and presenting data that has been processed electronically and stored on computer media" is the FBI definition of __.

computer forensics

One objective of __ controls is to provide reasonable assurance that processing failures do not affect or delay the processing of other transactions.

computer operations

The objectives of __ controls parallel those related to program development.

program change

Record counts, batch totals, hash totals and run-to-run totals should be calculated during processing operations and summarized in a(n) __ report.

control totals

In an IT environment, __ prepare data for machine processing by converting manual data into machine-readable form or directly entering transactions into the system using remote terminals.

data conversion operators

Restrictions on access to input devices and standard screens and computer prompting are examples of __ controls in end-user computing environments.

data entry

Standardized formats and screens are examples of __ controls.

data entry and formatting

The client's use of information technology:

does not affect the audit objective, evaluation of internal control or need for the audit team to gather appropriate evidence

Whether the entity should purchase, develop or modify a system is determined during the __ analysis stage of the SDLC.

feasibility

A log that records time and use statistics for specific computer applications is an example of a(n) __ control.

file and operator

Controls that apply to all applications of an accounting information system are called __ controls.

general

An important difference in assessing control risk in an IT environment versus a manual environment is:

identifying the points in the flow of transactions where specific types of misstatements could occur

Controls that provide the opportunity for entity personnel to correct and resubmit data initially rejected as erroneous are called __ controls.

input

Automated application controls are organized under three categories, __ controls, __ controls and __ controls.

input, processing, output

An important program development control is the entity's use of the systems development __ process.

life cycle

Which of the following is both an input and a processing control?

limit and reasonableness tests

Reasonable assurance that only authorized persons have access to files produced by the systems is one concern of __ controls.

output

Which type of controls are concerned with detecting rather than preventing errors?

output

The most common form of control related to access is the use of __.

passwords

Placing computer devices out of the way of casual traffic is an example of a(n) __ control.

physical

Audit considerations in an IT environment include:

possibility of inappropriate access to computer files and programs, possibility of input errors, lack of an audit trail

Errors and frauds are kept from entering the system by __ controls.

prevention

Data comparisons and audit trails are examples of __ controls.

processing

The most fundamental __ control a client can implement is periodically testing and evaluating the accuracy of its programs.

processing

Which type of controls are similar in nature to input controls?

processing

An important general control is the separation of duties performed by system analysis, __ and __.

programmers, computer operators

An individual knowledgeable about the nature or transactions and processing should perform an overall review of the output for __.

reasonableness

Which of the following is NOT a method of testing the operating effectiveness of controls?

reconciliation

Compensating controls include:

rotation of duties, required vacation, investigation of excess computer usage

Which of the following is NOT a typical end-user computing environment control issue that audit teams must consider?

separation of programming and operations functions (The lack of separation is an issue)

User entities may outsource specialized data processing to other companies referred to as __.

service organizations

Emergency change requests and the migration of new programs into operations,

should be subject ti standard approval procedures after they are made, should be migrated by appropriate individuals, require appropriate documentation

Which of the following is NOT a data entry control in end-user computing environments?

transaction logs(this is a processing control)


Related study sets

Ch.5 - A Closer Look at Instruction Set Architectures

View Set

Chapter 6: Financing the Small Business

View Set

MGMT 456 Ch.11 Managing Capacity and Demand

View Set

Valdamesta fólk heims 2018 (skv. Forbes)

View Set