Chapter 8 SB

Ace your homework & exams now with Quizwiz!

The use of information technology ______. Multiple select question. - generally reduces the paper trail - makes it easier to alter data - affects the fundamental manner of transactions - reduces the number of controls to be tested

- generally reduces the paper trail - makes it easier to alter data - affects the fundamental manner of transactions

A service organization's Type ______ report provides information on the suitability of the design of controls. Multiple choice question. 2 1

1

A service organization's Type ______ report provides information on the operating effectiveness of controls. Multiple choice question. 1 2

2

True or false: An advantage of controlled programs is that the auditor may test the client's program by using test data only.

False

True or false: Generally accepted auditing standards prohibit the use of IT specialists to act as consultants for the auditors during a financial statement audit.

False

The process of verifying the identify of a person accessing a system or data is referred to as____

authentication

Application control activities may be classified as ______ activities. Multiple select question. programmed control automatically generated manual follow-up

programmed control manual follow-up

As part of organizational controls, at least ______ information systems employees should be present whenever the IT facility is in use. Multiple choice question. two four three

two

To reduce data redundancy and inconsistent data it is best to ______. Multiple choice question. use transaction files to store data use master files to store data maintain a database system

maintain a database system

Cyber criminals may gain access to an organization's system and destroy the data using ______. Multiple choice question. malware ransomware virusware

malware

Cyber criminals may gain access to an organization's system and destroy the data using _____or, demand money for releasing the system using____

malware ransomware

General control activities include all of the following except ______. Multiple choice question. IT operations and controls access to programs development of new programs manual checks of computer output

manual checks of computer output

An application control activity that analyzes outputs generated in the form of exception reports is called a ______ activity. Multiple choice question. programmed control manual follow-up processing control

manual follow-up

When an audit client has an IT-based system, the auditor CPA firm ______ assist with understanding internal control or designing effective audit tests. Multiple choice question. may rely on outside consultants to must use their own firm's IT specialists to

may rely on outside consultants to

The two major types of software are the ______system and _____software.

operating application

A manual that contains the instructions for processing a program is called a(n) ____ manual.

operations

The computer operators should have access to ______. Multiple choice question. systems manuals only both program documentation and operations manuals operations manuals only program documentation only

operations manuals only

User control activities appraise the reliability of ______ from the information systems department by extensive review and testing. Multiple choice question. both input and output output input

output

To protect IT equipment against sabotage, fire and water damage, appropriate ____ controls are necessary.

physical

Requiring user involvement in the purchase, development, and testing of programs before they are implemented is an example of a(n)____ ____ control.

system development

Auditors document their understanding of IT-based system controls by using ______. Multiple select question. systems flowcharts internal control questionnaires written narrative video recording of controls

systems flowcharts internal control questionnaires written narrative

In the audit of an IT system, an approach comparable to tracing sample transactions from inception to final disposition is the use of ______. Multiple choice question. controlled programs tagging and tracing generalized audit software programs test data

test data

The role of internal auditors in an IT environment include ______. Multiple select question. testing controls to ensure they are operating properly maintaining day-to-day maintenance of the controls participation in the design of the IT-based system

testing controls to ensure they are operating properly participation in the design of the IT-based system

In a computerized system ______. Multiple choice question. the programming function should control data entry controls are in place that make segregation of duties unnecessary the computer operator should not have detailed knowledge of the programs

the computer operator should not have detailed knowledge of the programs

General control activities include activities to control ______. Multiple select question. the development of new programs output of programs and data changes to existing programs access to programs and data

the development of new programs changes to existing programs access to programs and data

Select all that apply In an IT-based system ______. Multiple select question. - the importance of internal control is diminished due to the integration of functions - segregation of duties is no longer an issue - work normally divided among many employees may be performed electronically - controls and written into the computer program

- work normally divided among many employees may be performed electronically - controls and written into the computer program

Which of the following is NOT an organizational control that should be in place in the information systems department? Multiple choice question. All programming functions should be separated to prevent collusion. Adequate fidelity bonds should be obtained for all IT employees. Mandatory vacations should be required. Operator assignments should be rotated.

All programming functions should be separated to prevent collusion.

Identify which responsibilities fall in the application systems roles. Multiple select question. Application programming Data entry Telecommunications Systems analysis

Application programming Systems analysis

Identify which responsibilities fall in the operations roles. Multiple select question. Systems analysis Telecommunications Computer operations Data control

Computer operations Data control

True or false: User control activities are more efficient than application control activities.

False

Auditors consider IT control most in which of the following stages of the audit? Multiple choice question. Forming an opinion and issuing the audit report Planning the audit including the audit strategy Obtaining an understanding of the client

Obtaining an understanding of the client

What is the difference between a control total and a hash total? Multiple choice question. The hash total has meaning but the control total does not. There is no difference - these are two terms for the same thing. The control total has meaning but the hash total does not.

The control total has meaning but the hash total does not.

True or false: Preventive and detective controls often work together. True false question. True False

True+

Unauthorized access to a computer or private network is prevented with the use of ______. Multiple choice question. a firewall biometric identifiers programmed control activities encryption

a firewall

A log that consists of suggestions for changes in programs is called a(n) _____ _____ log.

change request

A log that consists of suggestions for changes in programs is called a ______ log. Multiple choice question. change request data interchange database

change request

When auditors are unsure of the software's operation, testing using ______ is useful. Multiple choice question. user control activities computer-assisted audit techniques decentralized processing

computer-assisted audit techniques

Data redundancy and inconsistent data can be reduced by maintaining a(n) ______ system.

database

The role of internal auditors in an IT environment include all of the following tasks except ______. Multiple choice question. day-to-day maintenance of the controls participation in the design of the IT-based system testing the controls to ensure they are operating properly

day-to-day maintenance of the controls

Most manual follow-up activities consist of review and analysis of outputs that have been generated in the form of ______ reports. Multiple choice question. control total processing control item count exception

exception

Hardware, software, or a combination of both can be used to implement a(n)____ to prevent unauthorized access to a computer or private network

firewall

A type of control activity that applies to a number of IT applications is called a(n) ______ control activity. Multiple choice question. application user general

general

Computer ______ is composed of physical elements, primarily a central processing unit (CPU). Multiple choice question. software commerce hardware

hardware

The computer and peripheral equipment for input, output, and storage of data is called_____

hardware

To test the effectiveness of general controls for development of new programs and systems, the auditors may ______. Multiple select question. interview personnel that developed the program inspect the documentation of the tests performed before the program was implemented examine input controls by accounting for the serial sequence of source documents

interview personnel that developed the program inspect the documentation of the tests performed before the program was implemented

To develop new systems many firms use a multiphased, structured method called the systems development ____ ______approach

life cycle

Specialized hardware and software that allow different IT devices to connect with each other to share data, software, and other hardware resources is called a(n)

network

Analysis of exception reports may be especially effective for testing application control activities when ______ is used. Multiple choice question. off-the-shelf software with no modifications off-the-shelf software with user modifications custom software programmed by client information technology staff

off-the-shelf software with no modifications

A(n) ______ system coordinates and controls hardware components. Multiple choice question. processing application operating

operating

Segregation of duties is an example of a(n)______ control designed to stop errors, inaccuracy, or fraud before it occurs, whereas _______ controls are intended to uncover the existence of issues that have already occurred

preventative detective

Application control activities may be classified as _____ control activities and ____ follow-up activities.

programmed manual

To test general controls over program changes the auditors may ______. Multiple choice question. inspect exception reports generated by the system and review the way in which exceptions were handled review input controls by testing the serial sequence of source documents in selected batches review documentation of changes to the log of manager approvals

review documentation of changes to the log of manager approvals

An accuracy check that uses redundant information, such as the last two digits being a mathematical combination of the others is called a ______. Multiple choice question. self-checking number validity test limit field test

self-checking number

Computer-based fraud is commonly performed by the person that ______. Multiple choice question. prepares and verifies input data for processing maintains and enhances IT networks and network connections set up the system and controls the modifications

set up the system and controls the modifications

Computer-based fraud is commonly performed by the person that ______. Multiple choice question. prepares and verifies input data for processing set up the system and controls the modifications maintains and enhances IT networks and network connections

set up the system and controls the modifications

A significant risk in the use of decentralized computer is the possibility of ______, which can cause loss of data and programs. Multiple choice question. management fraud software viruses unauthorized use

software viruses

When a client's IT-based system is relatively simple and produces hard-copy documents and records, the auditor can audit around the computer and use more ___ procedures to reduce _____ risk to an acceptable level.

substantive detection

In the audit of an IT system, an approach comparable to tracing sample transactions from inception to final disposition is the use of___ data

test

An information technology control activity that is performed to test the accuracy and completeness of IT reports is called a(n)_____ control activity.

user

A comparison of data against a master file or table for accuracy is called a ______ test. Multiple choice question. validity limit self-checking number

validity

A comparison of data against a master file or table for accuracy is called a ______ test. Multiple choice question. validity self-checking number limit

validity

A program that has the ability to attach itself to a legitimate program and modify other programs and systems is called a software____

virus

In a computerized system ______. Multiple choice question. the computer operator should not have detailed knowledge of the programs controls are in place that make segregation of duties unnecessary the programming function should control data entry

Answer Mode Multiple Choice QuestionYour Answer correct In a computerized system ______. Multiple choice question. the computer operator should not have detailed knowledge of the programs controls are in place that make segregation of duties unnecessary the programming function should control data entry Reason: These should be separate. Correct Answer the computer operator should not have detailed knowledge of the programs

Internet transactions are secured through public-key encryption and ______ that verify the identities of individuals or servers. Multiple choice question. Certificate Authorities Firewall Networks Biometric Identifiers

Certificate Authorities

Identify substantive procedures that can be performed with audit software. Multiple select question. Confirm all client data is accurate providing proof that the financial statements present fairly in all respects Examine the client's records for quality, completeness, and valid conditions Select random audit samples Rearrange data and perform analyses

Examine the client's records for quality, completeness, and valid conditions Select random audit samples Rearrange data and perform analyses

True or false: The electronic processing of information has obscured, and in some cases, eliminated the audit trail.

False

True or false: The electronic processing of information has obscured, and in some cases, eliminated the audit trail. True false question. True False

False

True or false: The integration of functions in an IT-based system diminishes the importance of internal controls. True false question. True False

False

Which of the following is NOT a common authentication technique used today? Multiple choice question. Biometric identifiers Smart cards User names and passwords Firewalls

Firewalls

When performing a financial statement audit, the auditors' consideration of IT controls relate most directly to which of the following steps? Multiple select question. Obtain an understanding of the client Assess the risks of material misstatement Complete the audit Perform further audit procedures Plan the audit including an overall audit strategy

Obtain an understanding of the client Assess the risks of material misstatement Perform further audit procedures

Identify the ways that auditors may access and analyze client records. Multiple select question. Use the auditors' generalized audit software on the client's IT-based system Download the client's data to be analyzed on the auditors' computer Obtain a copy of the client's records that may be analyzed on the auditors' computer Use the client's generalized audit software on the client's IT-based system

Use the auditors' generalized audit software on the client's IT-based system Download the client's data to be analyzed on the auditors' computer Obtain a copy of the client's records that may be analyzed on the auditors' computer

Specialized hardware and software that allow different IT devices to connect with each other to share data, software, and other hardware resources is called ______. Multiple choice question. a database cloud computing a network an operating system

a network

Data processed and transmitted by the system in arrays of bits to prevent unauthorized access to information when it is being transmitted is called ______. Multiple choice question. a parity check echo check data encryption

a parity check

Auditing around the computer is ______. Multiple choice question. acceptable when the system is relatively simple never acceptable acceptable when auditors lack understanding of the IT processing activities always acceptable

acceptable when the system is relatively simple

Due to the increasing volume of digital information and the Internet, organizations should consider using information security standards such as ISO 27002 in evaluating their systems for proper _____ _____.

access security

Due to the increasing volume of digital information and the Internet, organizations should consider using information security standards such as ISO 27002 in evaluating their systems for proper ______. Multiple choice question. physical control access security infrastructure controls systems development and maintenance

access security

Generalized audit software ______. Multiple select question. results in reduced sample sizes of transactions to be tested allows auditors to conduct independent processing of live data performs many specific audit functions

allows auditors to conduct independent processing of live data performs many specific audit functions

A primary approach to assess ___ control activities is to test the manual follow-up activities by inspecting the exception reports generated by the system and review the way in which the exceptions were handled.

application

An advantage to the use of ____ programs is that the auditor may test the client's program with both live and test data.

controlled

There is an increased risk of use by unauthorized personnel; therefore, the computers should be programed to require the user to enter an authorization code to gain access to application menus in a(n) ____ processing system.

decentralized

One of the most common techniques to protect the privacy and integrity of digital information and ensure private secure communication is the use of ____

encryption

To test the reliability of the client's programs and perform many specific auditing functions, many CPA firms use ____ audit software.

generalized

A programmed control activity that sums one field of information for all items in a batch but has no intrinsic meaning is called a(n)___ ____

hash total

A method often used by internal auditors to test and monitor controls in computer applications is a(n) ____ ____facility.

integrated test

A set of dummy records and files included in an IT system enabling test data to be processed simultaneously with live input is called ______. Multiple choice question. program analysis techniques integrated test facility controlled programs

integrated test facility

Appropriate physical controls for IT equipment include ______. Multiple select question. limited access a fire-suppression system numerous windows in the facility proper personnel screening

limited access a fire-suppression system proper personnel screening

For a system with simple internal control, a(n) ______ might be adequate to document the system. Multiple choice question. internal control questionnaire system flowchart written narrative

written narrative

For a system with simple internal control, a(n) ______ might be adequate to document the system. Multiple choice question. internal control questionnaire written narrative system flowchart

written narrative


Related study sets

Conditionals - sentence transformations

View Set

MS Lesson 2: Thermoregulation - Evolve

View Set

Fundamentals of Nursing Care-Practice Test

View Set

Types of Insurance Vocabulary List

View Set

AP G&P (2) - Structures, powers, and functions of Congress: advanced

View Set