Chapter 8
Which of the following represent examples of general, application and user control activities, respectively, in the computer environment? A) Control over access to programs, computer exception reports, and manual checks of computer output. B) Manual checks of computer output, control over access to programs, and computer exception reports. C) Computer exception reports, control over access to programs, and manual checks of computer output. D) Manual checks of computer output, computer exception reports, and control over access to programs.
A) Control over access to programs, computer exception reports, and manual checks of computer output
One of the greatest difficulties in auditing a computerized accounting system is: A) Data can be erased from the computer with no visible evidence. B) Because of the lack of an audit trail, computer systems have weaker controls and more substantive testing is required. C) Because of the uniform nature of transaction processing, computer systems have strong controls and less substantive testing is required. D) The large dissemination of entry points into the computer system leads to weak overall reliance on information generated by a computer.
A) Data can be erased from the computer with no visible evidence
One key control in the organization of the information systems department is the: A) Separation of the systems development group and the operations (data processing) group. B) Operating personnel should strictly control access to the client's database. C) Controller should manage the information system since it supplements the accounting work already done under the supervision of the controller. D) Information systems department should be under the direction of systems development personnel since they are responsible for the overall performance of the system.
A) Separation of the systems development group and the operations (data processing) group
How have electronic data interchange (EDI) systems affected audits? A) Since orders and billing transactions are done over the computer, source documents cannot be obtained. B) Auditors often need to plan ahead to capture information about selected transactions over the EDI. C) There is no audit trail in an EDI system, so controls are typically assessed as weak. D) Since all transactions occur over the computer, reliability is high and little substantive testing is needed.
B) Auditors often need to plan ahead to capture information about selected transactions over the EDI.
Which of the following is not a computer-assisted audit technique? A) Test data B) Tagging and lagging C) Integrated test facility D) Program analysis
B) Tagging and lagging
When would "auditing around the computer" be appropriate? A) When controls over the computer system are strong. B) When controls over the computer system are non-existent. C) When controls over the computer system are adequate. D) It is never appropriate to audit around the computer.
B) When controls over the computer system are non-existent.
If an auditor is using test data in a client's computer system to test the integrity of the systems output, which of the following type of controls is the auditor testing: A) General controls. B) User controls. C) Quantitative test controls. D) Application controls.
D) Application controls
Which of the following is not an advantage of a computerized accounting system? A) Computers process transactions uniformly. B) Computers help alleviate human errors. C) Computers can process many transactions quickly. D) Computers leave a thorough audit trail which can be easily followed.
D) Computers leave a thorough audit trail which can be easily followed.
Which of the following is not a function of generalized audit software? A) To aid in the random selection of transactions for substantive testing B) To run in parallel with the client's application software and compare the output C) To test the mathematical accuracy by footing and cross-foot items in the accounting system D) To keep an independent log of access to the computer application software
D) To keep an independent log of access to the computer application
Since the computer can do many jobs simultaneously, segregation is not as defined as it is in a manual system. How can a computer system be modified to compensate for the lack of segregation of duties? A) The computer system should be under the direction of the internal audit department. B) The computer system should be accessible to various competent parties so they can check on each others' work. C) Strong controls should be built into both the computer software and hardware to limit access and manipulation. D) Many companies run complete parallel manual and automated accounting systems for a cross check on input and output.
C) Strong controls should be built into both the computer software and hardware to limit access and manipulation.
Which of the following would not be an appropriate procedure for testing the general control activities of an information system? A) Inquiries of client personnel. B) Inspecting computer logs. C) Testing for the serial sequence of source documents. D) Examination of the organizational chart to determine the segregation of duties.
C) Testing for the serial sequence of source documents.
When would an auditor typically not perform additional tests of a computer systems controls? A) When the assessed level of control risk is at a minimum. B) When computer controls appear to be strong and risk is at a minimum. C) When controls appear to be weak. D) When inherent risk is at a maximum.
C) When controls appear to be weak