Terms in this set (86)
Which of the following statements is not true of the test data approach to testing an accounting system?
The test data must consist of all possible valid and invalid conditions.
A client who recently installed a new accounts payable system assigned employees a user identification code (UIC) and a separate password. Each UIC is a person's name, and the individual's password is the same as the UIC. Users are not required to change their passwords at initial log-in nor do passwords ever expire. Which of the following statements does not reflect a limitation of the client's computer-access control?
Employees are not required to take regular vacations.
Some data processing controls relate to all computer processing activities (general controls) and some relate to specific tasks (application controls). General controls include
Controls for documenting and approving programs and changes to programs.
Which of the following audit procedures would an auditor be least likely to perform using a generalized computer audit program?
Investigating inventory balances for possible obsolescence.
A bank implemented an expert system to help account representatives consolidate the bank's relationships with each customer. The expert system will be used to
For control purposes, which of the following should be organizationally separated from the computer operations function?
If High Tech Corporation's disaster recovery plan requires fast recovery with little or no downtime, which of the following backup sites should it choose?
Computer technology makes it possible to perform paperless audits. For example, in an audit of computer-processed customer accounts receivable balances, an auditor might use a personal computer to access the accounts receivable files directly and copy selected customer records into the computer for audit analysis. Which of the following is an advantage of this type of paperless audit of accounts receivable balances?
It allows immediate processing of audit data on a spreadsheet working paper.
Which of the following strategies would a CPA most likely consider in auditing an entity that processes most of its financial data only in electronic form, such as a paperless system?
Continuous monitoring and analysis of transaction processing with an embedded audit module.
Which of the following characteristics distinguishes computer processing from manual processing?
Computer processing virtually eliminates the occurrence of computational error normally associated with manual processing.
Which of the following is an example of a validity check?
The computer flags any transmission for which the control field value did not match that of an existing file record.
An Internet firewall is designed to provide adequate protection against which of the following?
Unauthenticated logins from outside users.
The client's computer exception reporting system helps an auditor to conduct a more efficient audit because it
Highlights abnormal conditions.
To obtain evidence that user identification and password controls are functioning as designed, an auditor should
Examine a sample of password holders and access authority to determine whether they have access authority incompatible with their other responsibilities.
Which of the following statements most likely represents a disadvantage for an entity that keeps digital computer files rather than manually prepared files?
It is usually easier for unauthorized persons to access and alter the files.
A client maintains a large data center where access is limited to authorized employees. How may an auditor best determine the effectiveness of this control activity?
Observe whether the data center is monitored.
Processing data through the use of simulated files provides an auditor with information about the operating effectiveness of controls. One of the techniques involved in this approach makes use of
An integrated test facility.
A small client recently put its cash disbursements system on a server. About which of the following internal control features would an auditor most likely be concerned?
The server is operated by employees who have cash custody responsibilities.
Which of the following is an example of how specific internal controls in a database environment may differ from controls in a nondatabase environment?
Controls should exist to ensure that users have access to and can update only the data elements that they have been authorized to access.
In which of the following circumstances would an auditor expect to find that an entity implemented automated controls to reduce risks of misstatement?
When transactions are high-volume and recurring.
Able Co. uses an online sales order processing system to process its sales transactions. Able's sales data are electronically sorted and subjected to edit checks. A direct output of the edit checks most likely would be a
File of all rejected sales transactions.
The firewall system that limits access to a computer by routing users to replicated Web pages is
A proxy server.
Specialized audit software
May be written in a procedure-oriented language.
Kelly Corporation needs an internal communication network that provides high speed communication among nodes. Which of the following is appropriate for Kelly?
Local area network (LAN).
In auditing an online perpetual inventory system, an auditor selected certain file-updating transactions for detailed testing. The audit technique that will provide a computer trail of all relevant processing steps applied to a specific transaction is described as
Tagging and tracing.
Which of the following is a computer-assisted audit technique that permits an auditor to insert the auditor's version of a client's program to process data and compare the output with the client's output?
Which of the following is an engagement attribute for an audit of an entity that processes most of its financial data in electronic form without any paper documentation?
Performance of audit tests on a continuous basis.
The major purpose of the auditor's study and evaluation of the company's computer processing operations is to
Evaluate the reliability and integrity of financial information.
If a control total were to be computed on each of the following data items, which would best be identified as a hash total for a payroll computer application?
An auditor anticipates relying on the operating effectiveness of controls in a computerized environment. Under these circumstances, on which of the following activities would the auditor initially focus?
When an auditor tests a computerized accounting system, which of the following is true of the test data approach?
Test data are processed by the client's computer programs under the auditor's control.
Which of the following controls is an input control designed to ensure the reliability and accuracy of data processing?
limit test: yes
validity check test: yes
Which of the following types of evidence should an auditor most likely examine to determine whether internal controls are operating as designed?
Client records documenting the use of computer programs.
The use of message encryption software
Increases system processing costs.
Controls within the computer processing activity may leave no visible evidence indicating that they were implemented and were effective. In such instances, the auditor most likely would test these controls by
Reviewing transactions submitted for processing and comparing them with related output.
Which of the following computer-assisted auditing techniques processes client input data on a controlled program under the auditor's control to test controls in the computer system?
In parallel simulation, actual client data are reprocessed using an auditor software program. An advantage of using parallel simulation, instead of performing tests of controls without a computer, is that
The size of the sample can be greatly expanded at relatively little additional cost.
Generalized audit software is useful for
test of controls: yes
substantive procedures: yes
Which of the following is a network security system that is used to control network traffic and to set up a boundary that prevents traffic from one segment from crossing over to another?
An entity has the following invoices in a batch:
invoice number: 201 202 203 204
product: F10 G15 H20 K35
quantity: 150 200 250 300
unit price: $:5 10 25 30
Input controls in batch computer systems are used to determine that no data are lost or added to the batch. Depending on the sophistication of a particular system, control may be accomplished by using record counts, financial totals, or hash totals. A record count establishes the number of source documents and reconciles it to the number of output records. The total number of invoices processed is an example of a record count. In this case, the record count is 4.
Which of the following statements is false about the integrated test facility (ITF) method for testing a computerized accounting system?
ITF reprocesses only actual, not fictitious, transactions.
An auditor using audit software probably would be least interested in which of the following fields in a computerized perpetual inventory file?
Economic order quantity.
A client communicates sensitive data across the Internet. Which of the following controls would be most effective to prevent the use of the information if it were intercepted by an unauthorized party?
The two requirements crucial to achieving audit efficiency and effectiveness with a personal computer are selecting
The appropriate audit tasks for personal computer applications and the appropriate software to perform the selected audit tasks.
Which of the following computer-assisted auditing techniques allows fictitious and real transactions to be processed together without the knowledge of client operating personnel?
Integrated test facility (ITF).
First Federal S&L has an online, real-time system, with terminals installed in all of its branches. This system will not accept a customer's cash withdrawal instruction in excess of $1,000 without the use of a "terminal audit key." After the transaction is authorized by a supervisor, the bank teller then processes the transaction with the audit key. This control can be strengthened by
Online recording of the transaction on an audit override sheet.
JP Industries conducts its business using IT, and the only documentation of transactions is produced through the IT system. The auditor has concluded that it is not possible to obtain sufficient appropriate audit evidence by performing only substantive procedures for a number of financial statement assertions. The auditor's alternative strategy is to
Perform tests of controls.
When an auditor tests the internal controls of a computerized system, which of the following is true of the test data approach?
Test data are processed with the client's computer and the results are compared to the auditor's predetermined results.
An auditor who is testing computer controls in a payroll system will most likely use test data that contain conditions such as
Time tickets with invalid job numbers.
An auditor most likely should test for the presence of unauthorized computer program changes by running a
Source code comparison program.
When companies use information technology (IT) extensively, evidence may be available only in electronic form. What is an auditor's best course of action in such situations?
Use generalized audit software to extract evidence from client databases.
Misstatements in a batch computer system caused by incorrect programs or data may not be detected immediately because
There are time delays in processing transactions in a batch system.
Using personal computers in auditing may affect the methods used to review the work of staff assistants because
Audit documentation may not contain readily observable details of calculations.
In a computerized payroll system environment, an auditor is least likely to use test data to test controls related to
Proper approval of overtime by supervisors.
A primary advantage of using generalized audit software packages to audit the financial statements of a client that uses a computer system is that the auditor may
Access information stored on computer files while having a limited understanding of the client's hardware and software features.
The following flowchart depicts
Which of the following is a computer program that appears to be legitimate but performs some illicit activity when it is run?
An auditor who wishes to capture an entity's data as transactions are processed and continuously test the entity's computerized information system most likely would use which of the following techniques?
Embedded audit module.
A client installed sophisticated controls using the biometric attributes of employees to authenticate user access to the computer system. This technology most likely replaced which of the following controls?
One of the major problems in a computer system is that incompatible functions may be performed by the same individual. One compensating control is the use of
A computer access log.
Which of the following passwords would be most difficult to crack?
Which of the following statements concerning the parallel simulation approach when testing a computerized accounting system is false?
Transactions are reprocessed only by the client's computer programs.
Which of the following is an encryption feature that can be used to authenticate the originator of a document and ensure that the message is intact and has not been tampered with?
An entity has the following invoices in a batch:
invoice number: 201 202 203 204
product: F10 G15 H20 K35
quantity: 150 200 250 300
unit price: $5 10 25 30
Input controls in batch computer systems are used to determine that no data are lost or added to the batch. Depending on the sophistication of a particular system, control may be accomplished by using record counts, financial totals, or hash totals. The hash total is a control total without a defined meaning, such as the total of employee numbers or invoice numbers, that is used to verify the completeness of data. The hash total of the invoice numbers is 810.
An auditor would least likely use computer software to
The online data entry control called preformatting is
The display of a document with blanks for data items to be entered by the terminal operator.
Which of the following outcomes is a likely benefit of information technology used for internal control?
Enhanced timeliness of information.
Which of the following controls most likely could prevent computer personnel from modifying programs to bypass programmed controls?
Separation of duties for computer programming and computer operations.
An auditor obtains a digital file that contains the dollar amounts of all client inventory items by style number. The auditor is aware that the client holds certain inventory styles on consignment for others. The auditor can best ascertain that the client's inventory is not overstated by using a computer program that
Tests for and accumulates all amounts for items with style numbers indicating consigned merchandise.
Which of the following statements is false about the test data approach when testing a computerized accounting system?
Several transactions of each type must be tested.
Which of the following is the most serious password security problem?
Users are assigned passwords when accounts are created, but they do not change them.
A test of a payroll system involved comparing an individual's number of overtime hours a week with an average of weekly overtime during a similar period in a prior year and evaluating the results. This is an example of what type of test?
A customer intended to order 100 units of product Z96014 but incorrectly ordered nonexistent product Z96015. Which of the following controls most likely would detect this error?
Check digit verification.
So that the essential control features of a client's computer system can be identified and evaluated, the auditor of a nonissuer must, at a minimum, have
A sufficient understanding of the entire computer system.
An entity has many employees who access a database with numerous access points. The database contains sensitive information about the customers of the entity. Access controls prevent employees from entry to those areas of the database for which they have no authorization. All salespersons have certain access permission to customer information. Which of the following is a true statement about the nature of the controls and risks?
A salesperson's access to customer information should extend only to what is necessary to perform his or her duties.
Which of the following procedures would an entity most likely include in its computer disaster recovery plan?
Store duplicate copies of critical files in a location away from the computer center.
To obtain evidence that online access controls are properly functioning, an auditor most likely will
Enter invalid identification numbers or passwords to ascertain whether the system rejects them.
When performing procedures for a physical inventory, an auditor cannot perform which of the following steps using a generalized audit software (GAS) package?
An auditor is obtaining an understanding of a client's Internet controls. Which of the following is most likely the least effective control?
The client requires users to share potentially useful downloaded programs from public electronic sources with only authorized employees.
Which of the following procedures would an entity most likely include in its disaster recovery plan?
Store duplicate copies of files in a location away from the computer center.
Tests of controls in an advanced computer system
Can be performed using actual transactions or simulated transactions.
A client is concerned that a power outage or disaster could impair the computer hardware's ability to function as designed. The client desires off-site backup hardware facilities that are fully configured and ready to operate within several hours. The client most likely should consider a
Which of the following statements about the assessment of the risks of material misstatement in a client's computer environment is true?
The auditor's objectives with respect to the assessment of the risks of material misstatement are the same as in a manual system.
Which of the following could be difficult to determine because electronic evidence may not be retrievable after a specific period?
The timing of control and substantive tests.
When an accounting application is processed by computer, an auditor cannot verify the reliable operation of automated controls by
Manually reperforming, as of a moment in time, the processing of input data and comparing the simulated results with the actual results.
For which of the following computer-assisted auditing techniques does the auditor use a controlled program?
YOU MIGHT ALSO LIKE...
Accounting Information Systems
ACCT 411 CH8
Module H HW
OTHER SETS BY THIS CREATOR
Quiz 8: 14.1, 14.2, 14.3
Q6: 9.1, 9.2, 9.3, 9.4