Show
100% found this document useful (9 votes) 39K views 15 pages Original TitleAt-030507_auditing in a CIS Environment Copyright© Attribution Non-Commercial (BY-NC) Available FormatsPDF, TXT or read online from Scribd Share this documentDid you find this document useful?100% found this document useful (9 votes) 39K views15 pages At-030507 - Auditing in A CIS EnvironmentOriginal Title:At-030507_auditing in a CIS Environment Jump to Page You are on page 1of 15 You're Reading a Free Preview Reward Your CuriosityEverything you want to read. Anytime. Anywhere. Any device. No Commitment. Cancel anytime. Multiple-Choice Questions1.easy IT has several significant effects on an organization. Which of the following would not be important from an auditing perspective? d a. Organizational changes. b. The visibility of information. c. The potential for material misstatement. d. None of the above; i., they are all important. 2.easy The audit procedure which is least useful in gathering evidence on significant computer processes is: b a. documentation. b. observation. c. test decks. d. generalized audit software.
4.easy One significant risk related to an automated environment is that auditors may ____ information provided by an information system. b a. not place enough reliance on b. place too much reliance on c. reveal d. not understand
6.easy Which of the following is not an enhancement to internal control that will occur as a consequence of increased reliance on IT? d a. Computer controls replace manual controls. b. Higher quality information is available. c. Computer-based controls provide opportunities to enhance separation of duties. d. Manual controls replace automated controls.
d. Input controls.
10.easy a When the client uses a computer but the auditor chooses to use only the non-IT segment of internal control to assess control risk, it is referred to as auditing around the computer. Which one of the following conditions need not be present to audit around the computer? a. Computer programs must be available in English. b. The source documents must be available in a non-machine language. c. The documents must be filed in a manner that makes it possible to locate them. d. The output must be listed in sufficient detail to enable the auditor to trace individual transactions.
a. Application controls relate to various aspects of the IT function including software acquisition and the processing of transactions. b. Application controls relate to various aspects of the IT function including physical security and the processing of transactions in various cycles. c. Application controls relate to all aspects of the IT function. d. Application controls relate to the processing of individual transactions.
14.easy Predesigned formats, such as those used for audit documentation, can be created and saved using electronic spreadsheets and word processors. These are called: b a. desktop publishing. b. templates. c. macros. d. work files. 15.easy ______ involves implementing a new system in one part of the organization, while other locations continue to use the current system. c a. Parallel testing b. Online testing c. Pilot testing d. Control testing
27.medium Auditors should evaluate the ________ before evaluating application controls because of the potential for pervasive effects. d a. input controls b. control environment c. processing controls d. general controls 28. A control that relates to all parts of the IT system is called a(n): medium a. general control. a b. systems control. c. universal control. d. applications control.
31.medium Which of the following is least likely to be used in obtaining an understanding of client general controls? c a. Examination of system documentation b. Inquiry of client personnel (e., key users) c. Observation of transaction processing d. Reviews of questionnaires completed by client IT personnel
Controls which are designed to assure that the information processed by the computer is authorized, complete, and accurate are called: a a. input controls. b. processing controls. c. output controls. d. general controls.
b b. there are time delays in processing transactions in a batch system. c. errors in some transactions cause rejection of other transactions in the batch. d. random errors are more likely in a batch system than in an online system.
53.medium c Which of the following computer-assisted auditing techniques allows fictitious and real transactions to be processed together without client operating personnel being aware of the testing process? a. Parallel simulation. b. Generalized audit software programming. c. Integrated test facility. d. Test data approach.
56.medium If a control total were to be computed on each of the following data items, which would best be identified as a hash total for a payroll IT application? b a. Gross wages earned. b. Employee numbers. c. Total hours worked. d. Total debit amounts and total credit amounts.
58.medium Rather than maintain an internal IT center, many companies use ________ to perform many basic functions such as payroll. b a. external general service providers b. external application service providers c. internal control service providers d. internal auditors 59.medium d A company uses the account code 669 for maintenance expense. However, one of the company clerks often codes maintenance expense as 996. The highest account code in the system is 750. What internal control in the company’s computer program would detect this error? a. Pre-data input check. b. Valid-character test. c. Sequence check. d. Valid-code test.
61.challenging d It is common in IT systems to have certain types of transactions initiated automatically by the computer. Which of the following activities would not be an appropriate candidate for automatic computer initialization? a. In a bank, periodic calculation of interest on customer accounts. b. In a manufacturing facility ordering inventory at preset order levels. c. In a hospital, the ordering of oxygen when pre-specified levels are achieved. d. In an investment brokerage firm, the sale of pharmaceutical stocks when the Dow-Jones Industrial Average falls below a certain level. 62.challenging Application controls vary across the IT system. To gain an understanding of internal control for a private company, the auditor must evaluate the application controls for every: d a. every audit area. b. every material audit area. c. every audit area in which the client uses the computer. d. every audit area where the auditor plans to reduce assessed control risk. 63.challenging Many clients have outsourced the IT functions. The difficulty the independent auditor faces when a computer service center is used is to: c a. gain the permission of the service center to review their work. b. find compatible programs that will analyze the service center’s programs. c. determine the adequacy of the service center’s internal controls. d. try to abide by the Code of Professional Conduct to maintain the security and confidentiality of client’s data. 64.challenging An auditor who is testing IT controls in a payroll system would most likely use test data that contain conditions such as: a a. time tickets with invalid job numbers. b. overtime not approved by supervisors. c. deductions not authorized by employees. d. payroll checks with unauthorized signatures.
In comparing (1) the adequacy of the hardware controls in the system with (2) the organization’s methods of handling the errors that the computer identifies, the independent auditor is: c a. unconcerned with both (1) and (2). b. equally concerned with (1) and (2). c. less concerned with (1) than with (2). d. more concerned with (1) than with (2). 72medium Identify the three categories of application controls, and give one example of each. Answer: Application controls fall into three categories: Input controls. Key verification and check digits are examples of input controls. Processing controls. One example is a reasonableness test for the unit selling price of a sale. Output controls. One example is post-processing review of sales transactions by the sales department. 73.medium Discuss what is meant by the term “auditing around the computer.” Answer: “Auditing around the computer” occurs when the auditor considers only the non-IT controls when assessing control risk. Under this approach, the auditor obtains an understanding of internal control and performs tests of controls, substantive tests of transactions, and account balance verification procedures in the same manner as in manual systems. However, there is no attempt to test, or rely on, the client’s IT controls. 74.medium Discuss the circumstances that must exist for the auditor to “audit around the computer.” Answer: To “audit around the computer,” the following conditions must exist: The source documents must be available in a form readable by a human. The documents must be maintained in a manner that makes it possible to locate them for auditing purposes. The output must be listed in sufficient detail to enable the auditor to trace individual transactions from the source documents to the output and vice versa. If any of these conditions does not exist, the auditor will have to rely on computer-oriented controls. 75.medium Describe three computer auditing techniques available to the auditor. Answer: Computer auditing techniques available to the auditor are: Test data approach. Using this approach, the auditor develops different types of transactions that are processed under his or her own control using the client’s computer programs on the client’s IT equipment. Parallel simulation. Using parallel simulation, the auditor writes a computer program that replicates some part of the client’s application system. The client’s data is then processed using the auditor’s computer program. The auditor then compares the output generated by his or her program with that generated by the client’s program to test the correctness of the client’s program. Generalized audit software may be used. Embedded audit module. Using this approach, the auditor inserts an audit module in the client’s application system to capture transactions with characteristics that are of interest to the auditor. 76.medium What are the two software testing strategies that companies typically use? Which strategy is more expensive? Answer: Companies may use pilot testing and parallel testing to test new software. Pilot testing involves operating the new software at a limited number of facilities, while continuing to operate the old software at all other locations. Parallel testing involves operating the new and old software simultaneously. Parallel testing is more expensive than pilot testing. 77.medium Discuss the advantages and benefits of using generalized audit software. Answer: Advantages and benefits of using generalized audit software include: they are developed in such a manner that most of the audit staff can be trained to use the program even if they have little formal IT education. a single program can be applied to a wide range of tasks without having to incur the cost or inconvenience of developing individualized programs. generalize audit software can perform tests much faster and in more detail than using traditional manual procedures. 78.medium Why do businesses use networks? Describe a local area network and a wide area network. Answer: Networks are used to link equipment such as microcomputers, midrange computers, mainframes, work stations, servers, and printers. A local area network links equipment within a single or small cluster of buildings and is used only within a company. A wide area network links equipment in larger geographic regions, including global operations. 79.medium Discuss the four areas of responsibility under the IT function that should be segregated in large companies. Answer: The responsibilities for IT management, systems development, operations, and data control should be separated: IT Management. Oversight of the IT function should be segregated from the systems development, operations, and data control functions. Oversight of IT should be the responsibility of the Chief Information Officer or IT manager. Systems development. Systems analysts are responsible for the overall design of each application system. Programmers develop, test, and document applications software. Programmers and analysts should not have access to input data or computer operations. Operations. Computer operators are responsible for the day-to-day operations of the computer. Data control. Data control personnel independently verify the quality of input and the reasonableness of output. j 3. Involves the use of a computer program written by the auditor that replicates some part of a client’s application system. n 4. A method of auditing IT systems which uses data created by the auditor to determine whether the client’s computer program can correctly process valid and invalid transactions. i 5. Controls such as review of data for reasonableness, designed to assure that data generated by the computer is valid, accurate, complete, and distributed only to authorized people. a 6. Controls that apply to processing of transactions. l 7. A new system is implemented in one part of the organization while other locations continue to rely on the old system. h 8. Controls such as proper authorization of documents, check digits, and adequate documentation, designed to assure that the information to be processed by the computer is authorized, complete, and accurate. 83.easy b Inherent risk is often reduced in complex IT systems relative to less complex IT systems. a. True b. False 84.easy a Parallel testing is used when old and new systems are operated simultaneously in all locations. a. True b. False 85.easy a Firewalls can protect company data and software programs. a. True b. False 86.easy a Programmers should not have access to transaction data. a. True b. False
One potential disadvantage of IT systems is the reduction or elimination of source documents, which reduces the visibility of the audit trail. a. True b. False 88.easy a LANs link equipment within a single or small cluster of buildings and are used only for intracompany purposes. a. True b. False 89.medium a In IT systems, if general controls are effective, it increases the auditor’s ability to rely on application controls to reduce control risk. a. True b. False 90.medium a Parallel testing is more expensive than pilot testing. a. True b. False 91.medium b The effectiveness of manual controls depends solely on the competence of the personnel performing the controls. a. True b. False 92.medium b The test data approach requires the auditor to insert an audit module in the client’s application system to test transaction data specifically identified by the auditor as unusual. a. True b. False
General controls in smaller companies are usually less effective than in more complex IT environments. a. True b. False
Knowledge of both general and application controls is not particularly crucial for auditors of public companies. a. True b. False 107.medium b “Auditing around the computer” is most appropriate when the client has not maintained detailed output or source documents in a form readable by humans. a. True b. False 108.medium b When auditing a client whose information is processed by an outside service provider, it is not acceptable for the auditor to rely on the audit report of another independent auditor who has previously tested the internal controls of the service provider, rather than testing the service provider’s controls himself or herself. a. True b. False 109.medium a When a client uses microcomputers for the accounting functions, the auditor should normally rely only on non-IT controls or take a substantive approach to the audit. a. True b. False Which of the following is not a risk in an IT system?C ) integrative testing . D ) parallel testing . Answer: d. Parallel testing .
What is CIS computerized information system?Computer Information Science (CIS) is a quickly-growing field which covers a wide range of topics, including those traditionally covered in Information Technology (IT) and Computer Science (CS).
What are the effects of CIS in audit?Under CIS environment, the auditing cannot be carried effectively using traditional / conventional and manual techniques of auditing. The auditing through the computer requires the use of various audit software packages and some computer assisted audit techniques.
What is the importance of CIS application controls?They are built into the systems programs, and their objectives are : Ensure proper authorization, approval, testing, implementation & documentation for all systems. Ensure errors are detected within application programs. Ensure data files are protected from unauthorized use or modification.
|