Question 1

Discuss the four areas of responsibility under the IT function that should be segregated in large companies.

Accepted Answer

The responsibilities for IT management,

Question 2

Encryption techniques protect the security of electronic communication during transmission.

Accepted Answer

A) True 
 B)False

Question 3

A control which relates to all parts of the IT system is called:

Accepted Answer

A)  a systems control. 
B)  an applications control. 
C)  a universal control. 
D)  a general control. 
A)  a systems control. 
B)  an applications control. 
C)  a universal control. 
D)  a general control.

Question 4

Which of the following is NOT a general control?

Accepted Answer

A)  Processing controls 
B)  Procedures for documenting, reviewing and approving systems and payments 
C)  Hardware controls 
D)  The plan of organisation and operation of IT activity 
A)  Processing controls 
B)  Procedures for documenting, reviewing and approving systems and payments 
C)  Hardware controls 
D)  The plan of organisation and operation of IT activity

Question 5

Application controls vary with each application in the IT system. In attempting to review and gain an understanding of the internal control system, the auditor must evaluate the application controls for:

Accepted Answer

A)  every audit area. 
B)  every material audit area. 
C)  every audit area in which the client uses the computer. 
D)  every audit area where the auditor plans to reduce assessed control risk. 
A)  every audit area. 
B)  every material audit area. 
C)  every audit area in which the client uses the computer. 
D)  every audit area where the auditor plans to reduce assessed control risk.

Question 6

The use of 'encryption' techniques protect the security of electronic communication during the:

Accepted Answer

A)  recording process. 
B)  transmission process. 
C)  data backup process. 
D)  data output process. 
A)  recording process. 
B)  transmission process. 
C)  data backup process. 
D)  data output process.

Question 7

Should the auditor feel, after obtaining an understanding of IT internal control, that control risk cannot be reduced, he or she will:

Accepted Answer

A)  issue an adverse opinion. 
B)  increase the sample size for tests of controls. 
C)  issue a disclaimer. 
D)  expand the substantive testing portion of the audit. 
A)  issue an adverse opinion. 
B)  increase the sample size for tests of controls. 
C)  issue a disclaimer. 
D)  expand the substantive testing portion of the audit.

Question 8

Which of the following is NOT an application control?

Accepted Answer

A)  Reasonableness test for unit selling price of sale 
B)  Preprocessing authorisation of sales transactions 
C)  Separation of duties between computer programmer and operators 
D)  Post- processing review of sales transactions by the sales department 
A)  Reasonableness test for unit selling price of sale 
B)  Preprocessing authorisation of sales transactions 
C)  Separation of duties between computer programmer and operators 
D)  Post- processing review of sales transactions by the sales department

Question 9

Control risk is often affected by a complex IT system even if it enhances internal controls.

Accepted Answer

A) True 
 B)False

Question 10

The objective of understanding internal control and assessing control risk in an IT system is:

Accepted Answer

A)  to gain an understanding of the computer hardware and software. 
B)  to evaluate management's efficiency in designing and using the IT system. 
C)  to determine if the audit firm must have an IT auditor on the team. 
D)  to aid in determining the audit evidence that should be accumulated. 
A)  to gain an understanding of the computer hardware and software. 
B)  to evaluate management's efficiency in designing and using the IT system. 
C)  to determine if the audit firm must have an IT auditor on the team. 
D)  to aid in determining the audit evidence that should be accumulated.

Question 11

Parallel testing involves:

Accepted Answer

A)  requiring the user to re- input critical fields to verify accuracy of input. 
B)  operating the old and the new system simultaneously. 
C)  implementing a new system in one part of the organisation while other locations continue to rely on the old system. 
D)  processing test data against a copy of the client's application program. 
A)  requiring the user to re- input critical fields to verify accuracy of input. 
B)  operating the old and the new system simultaneously. 
C)  implementing a new system in one part of the organisation while other locations continue to rely on the old system. 
D)  processing test data against a copy of the client's application program.

Question 12

When auditing a computerised system, an auditor may use the test data approach as an audit tool. This technique:

Accepted Answer

A)  involves introducing simulated transactions into the client's actual application program(s). 
B)  should not involve the actual application programs the client uses throughout the year, since use of the actual programs would contaminate the client's accounting data. 
C)  is more applicable to independent audits than internal audits. 
D)  is a commonly used audit technique for auditing around the computer. 
A)  involves introducing simulated transactions into the client's actual application program(s). 
B)  should not involve the actual application programs the client uses throughout the year, since use of the actual programs would contaminate the client's accounting data. 
C)  is more applicable to independent audits than internal audits. 
D)  is a commonly used audit technique for auditing around the computer.

Question 13

There are three concerns or difficulties that must be overcome before the test data approach can be used by the auditor. Discuss each of these concerns.

Accepted Answer

Three concerns to be addressed before th

Question 14

Which of the following is NOT a general control?

Accepted Answer

A)  Post processing reviews 
B)  Preparation of backup plans 
C)  Access to hardware is restricted 
D)  Equipment error causes error messages to appear on the computer monitor 
A)  Post processing reviews 
B)  Preparation of backup plans 
C)  Access to hardware is restricted 
D)  Equipment error causes error messages to appear on the computer monitor

Question 15

Oversight of the IT function to ensure that all activities are carried out consistently with the IT strategic plan is the responsibility of the:

Accepted Answer

A)  librarian. 
B)  chief information officer. 
C)  data control group. 
D)  computer operators. 
A)  librarian. 
B)  chief information officer. 
C)  data control group. 
D)  computer operators.

Question 16

One potential disadvantage of IT systems is the increased risk of destruction of entire data files.

Accepted Answer

A) True 
 B)False

Question 17

Assume you are using generalised audit software (GAS) during your audit of accounts receivable. Discuss four kinds of tests or audit procedures you can perform with the GAS if the client's data are in machine- readable form.

Accepted Answer

Examples of the types of tests that can

Question 18

Pre- designed formats for audit working papers and letters can be created and saved using both electronic spreadsheets and word processors. These are called:

Accepted Answer

A)  audit software. 
B)  macros. 
C)  templates. 
D)  desktop publishing. 
A)  audit software. 
B)  macros. 
C)  templates. 
D)  desktop publishing.

Question 19

One common use of generalised audit software is to help the auditor identify weaknesses in the client's IT control procedures.

Accepted Answer

A) True 
 B)False

Question 20

When the client uses a computer but the auditor chooses to use only the non- IT segment of internal control to assess control risk, it is referred to as auditing around the computer. Which one of the following conditions need NOT be present in order to audit around the computer?

Accepted Answer

A)  Computer programs must be available in English. 
B)  User controls include comparison of computer- produced records with source documents. 
C)  The accounting software can display or print ledger balances and transaction details that allow the auditor to trace individual transactions through the accounting records. 
D)  The source documents are available in a readable form and can be traced easily through the accounting system to output. 
A)  Computer programs must be available in English. 
B)  User controls include comparison of computer- produced records with source documents. 
C)  The accounting software can display or print ledger balances and transaction details that allow the auditor to trace individual transactions through the accounting records. 
D)  The source documents are available in a readable form and can be traced easily through the accounting system to output.

Discuss the four areas of responsibility under the IT function that should be segregated in large companies.

Encryption techniques protect the security of electronic communication during transmission.

A control which relates to all parts of the IT system is called:

Which of the following is NOT a general control?

Application controls vary with each application in the IT system. In attempting to review and gain an understanding of the internal control system, the auditor must evaluate the application controls for:

The use of 'encryption' techniques protect the security of electronic communication during the:

Should the auditor feel, after obtaining an understanding of IT internal control, that control risk cannot be reduced, he or she will:

Which of the following is NOT an application control?

Control risk is often affected by a complex IT system even if it enhances internal controls.

The objective of understanding internal control and assessing control risk in an IT system is:

Parallel testing involves:

When auditing a computerised system, an auditor may use the test data approach as an audit tool. This technique:

There are three concerns or difficulties that must be overcome before the test data approach can be used by the auditor. Discuss each of these concerns.

Which of the following is NOT a general control?

Oversight of the IT function to ensure that all activities are carried out consistently with the IT strategic plan is the responsibility of the:

One potential disadvantage of IT systems is the increased risk of destruction of entire data files.

Assume you are using generalised audit software (GAS) during your audit of accounts receivable. Discuss four kinds of tests or audit procedures you can perform with the GAS if the client's data are in machine- readable form.

Pre- designed formats for audit working papers and letters can be created and saved using both electronic spreadsheets and word processors. These are called:

One common use of generalised audit software is to help the auditor identify weaknesses in the client's IT control procedures.

When the client uses a computer but the auditor chooses to use only the non- IT segment of internal control to assess control risk, it is referred to as auditing around the computer. Which one of the following conditions need NOT be present in order to audit around the computer?

Demand for Audit and Assurance Services

Auditors Legal Environment

Audit Quality and Ethics

Audit Responsibilities and Objectives

Audit Evidence

Audit Planning and Documentation

Materiality and Risk

Internal Control and Control Risk

Fraud Auditing

Overall Audit Plan and Audit Program

Audit of the Sales and Collection Cycle: Tests of Controls and Substantive Tests of Transactions

Completing Tests in the Sales and Collection Cycle: Accounts Receivable

Audit Sampling

Audit of Transaction Cycles and Financial Statement Balances I

Audit of Transaction Cycles and Financial Statement Balances II

Completing the Audit

Audit Reporting

Other Auditing and Assurance Engagements

Filters

Exam 10: The Impact of Information Technology on the Audit Process

Discuss the four areas of responsibility under the IT function that should be segregated in large companies.

Encryption techniques protect the security of electronic communication during transmission.

A control which relates to all parts of the IT system is called:

Which of the following is NOT a general control?

Application controls vary with each application in the IT system. In attempting to review and gain an understanding of the internal control system, the auditor must evaluate the application controls for:

The use of 'encryption' techniques protect the security of electronic communication during the:

Should the auditor feel, after obtaining an understanding of IT internal control, that control risk cannot be reduced, he or she will:

Which of the following is NOT an application control?

Control risk is often affected by a complex IT system even if it enhances internal controls.

The objective of understanding internal control and assessing control risk in an IT system is:

Parallel testing involves:

When auditing a computerised system, an auditor may use the test data approach as an audit tool. This technique:

There are three concerns or difficulties that must be overcome before the test data approach can be used by the auditor. Discuss each of these concerns.

Which of the following is NOT a general control?

Oversight of the IT function to ensure that all activities are carried out consistently with the IT strategic plan is the responsibility of the:

One potential disadvantage of IT systems is the increased risk of destruction of entire data files.

Assume you are using generalised audit software (GAS) during your audit of accounts receivable. Discuss four kinds of tests or audit procedures you can perform with the GAS if the client's data are in machine- readable form.

Pre- designed formats for audit working papers and letters can be created and saved using both electronic spreadsheets and word processors. These are called:

One common use of generalised audit software is to help the auditor identify weaknesses in the client's IT control procedures.

When the client uses a computer but the auditor chooses to use only the non- IT segment of internal control to assess control risk, it is referred to as auditing around the computer. Which one of the following conditions need NOT be present in order to audit around the computer?

Demand for Audit and Assurance Services

Auditors Legal Environment

Audit Quality and Ethics

Audit Responsibilities and Objectives

Audit Evidence

Audit Planning and Documentation

Materiality and Risk

Internal Control and Control Risk

Fraud Auditing

Overall Audit Plan and Audit Program

Audit of the Sales and Collection Cycle: Tests of Controls and Substantive Tests of Transactions

Completing Tests in the Sales and Collection Cycle: Accounts Receivable

Audit Sampling

Audit of Transaction Cycles and Financial Statement Balances I

Audit of Transaction Cycles and Financial Statement Balances II

Completing the Audit

Audit Reporting

Other Auditing and Assurance Engagements

Filters