Question 1

Data encryption is an example of data communication control.

Accepted Answer

A) True 
 B)False  True

Question 2

Smith Corporation has numerous customers.Customer files are kept on disk storage.Each account in the customer file contains name,address,credit limit,and account balance.The auditor wishes to test these files to determine whether credit limits are being exceeded.The best procedure for the auditor to follow would be to:

Accepted Answer

A) Use generalized audit software to develop test data that would cause some account balance to exceed the credit limit and determine if the system properly detects such situations. 
B) Use generalized audit software to compare credit limits with account balances and print out the details of any account with a balance exceeding its credit limit. 
C) Require a printout of all account balances so they can be manually checked against the credit limits. 
D) Request a printout of a sample of account balances so they can be individually checked against the credit limits. 
A) Use generalized audit software to develop test data that would cause some account balance to exceed the credit limit and determine if the system properly detects such situations. 
B) Use generalized audit software to compare credit limits with account balances and print out the details of any account with a balance exceeding its credit limit. 
C) Require a printout of all account balances so they can be manually checked against the credit limits. 
D) Request a printout of a sample of account balances so they can be individually checked against the credit limits. B

Question 3

Which of the following is not programmed as a processing control?

Accepted Answer

A) Private lines. 
B) Validity tests. 
C) Self-checking numbers. 
D) Limit tests. 
A) Private lines. 
B) Validity tests. 
C) Self-checking numbers. 
D) Limit tests. A

Question 4

Which of the following testing techniques minimizes the possibility that the auditors will contaminate a client's financial records?

Accepted Answer

A) Test data. 
B) Integrated test facilities. 
C) Controlled programs. 
D) Tagging and tracing transactions. 
A) Test data. 
B) Integrated test facilities. 
C) Controlled programs. 
D) Tagging and tracing transactions.

Question 5

Most advanced computer systems do not have audit trails.

Accepted Answer

A) True 
 B)False

Question 6

Auditors usually begin their consideration of IT systems with tests of application controls.

Accepted Answer

A) True 
 B)False

Question 7

An audit client outsources portions of its IT system to a cloud service provider.Which type of report would a report on management's description of the service organizations system and operating effectiveness of controls?

Accepted Answer

A) Change request report. 
B) Type 1 report. 
C) Type 2 report. 
D) OE report. 
A) Change request report. 
B) Type 1 report. 
C) Type 2 report. 
D) OE report.

Question 8

Which of the following components may not use a network as part of the information systems architecture?

Accepted Answer

A) The operating system. 
B) Printers. 
C) Off-the-shelf accounting software. 
D) Enterprise resource planning (ERP)systems. 
A) The operating system. 
B) Printers. 
C) Off-the-shelf accounting software. 
D) Enterprise resource planning (ERP)systems.

Question 9

Which of the following terms best describes a payroll system?

Accepted Answer

A) Database management system (DBMS). 
B) Transaction processing system (TPS). 
C) Decision support system (DSS). 
D) Enterprise resource planning (ERP)system. 
A) Database management system (DBMS). 
B) Transaction processing system (TPS). 
C) Decision support system (DSS). 
D) Enterprise resource planning (ERP)system.

Question 10

Which of the following is leastlikely to be a general control over computer activities?

Accepted Answer

A) Procedures for developing new programs and systems. 
B) Requirements for system documentation. 
C) A change request log. 
D) A validity test. 
A) Procedures for developing new programs and systems. 
B) Requirements for system documentation. 
C) A change request log. 
D) A validity test.

Question 11

State whether each of the following statements is correct or incorrect.
 $\begin{array}{|l|l|l|}
\hline  \text { A. } & \begin{array}{ll}
\text { Specialists with specialized skills in IT processing are } &\
\text { seldom used on audits since each audit team member is }& \
\text { expected to have the necessary skills. }&
\end{array} \
\hline \text { B. } & \begin{array}{l}
\text { The nature of the IT-based system may affect the specific } \
\text { procedures employed by the auditors in testing the controls. }
\end{array} \
\hline  \text { C. } & \begin{array}{l}
\text { Computer assisted audit techniques, while help ful for tests } \
\text { of controls, are seldom help ful for substantive procedures. }
 \end{array} \
\hline \text { D. } & \begin{array}{l}
\text { DEA and ACL are examples of computer assisted audit } \
\text { techniques. }\
\end{array}\\hline 
\end{array}$

Accepted Answer

\[\begin{array} { | l | l | c | } 
\hlin

Question 12

A fast-growing service company is developing its information technology internally.What is the first step in the company's systems development life cycle?

Accepted Answer

A) Analysis. 
B) Implementation. 
C) Testing. 
D) Design. 
A) Analysis. 
B) Implementation. 
C) Testing. 
D) Design.

Question 13

Software that is designed to disable or damage computer systems or data is referred to as:

Accepted Answer

A) Improper programming intelligence. 
B) Cloud. 
C) Malware. 
D) Malfeasance. 
A) Improper programming intelligence. 
B) Cloud. 
C) Malware. 
D) Malfeasance.

Question 14

Which of the following would not generally be considered a program control?

Accepted Answer

A) Limit tests. 
B) Segregation of duties controls. 
C) Allowed character tests. 
D) Missing data tests. 
A) Limit tests. 
B) Segregation of duties controls. 
C) Allowed character tests. 
D) Missing data tests.

Question 15

A computer input control is designed to ensure that

Accepted Answer

A) Machine processing is accurate. 
B) Only authorized personnel have access to the computer area. 
C) Data received for processing are properly authorized and converted to machine-readable form. 
D) Computer processing has been performed as intended for the particular application. 
A) Machine processing is accurate. 
B) Only authorized personnel have access to the computer area. 
C) Data received for processing are properly authorized and converted to machine-readable form. 
D) Computer processing has been performed as intended for the particular application.

Question 16

Which of the following testing techniques is more commonly used by internal auditors than by independent auditors?

Accepted Answer

A) Integrated test facilities. 
B) Test data. 
C) Controlled programs. 
D) Tagging and tracing transactions. 
A) Integrated test facilities. 
B) Test data. 
C) Controlled programs. 
D) Tagging and tracing transactions.

Question 17

A system in which each department member is responsible for the development and execution of the computer application that he or she uses is referred to as:

Accepted Answer

A) Stand-alone computing. 
B) End user computing. 
C) Distributed computing. 
D) Decentralized computing. 
A) Stand-alone computing. 
B) End user computing. 
C) Distributed computing. 
D) Decentralized computing.

Question 18

Which of the following procedures would an entity most likely include in its disaster recovery plan?

Accepted Answer

A) Convert all data from external formats to an internal company format. 
B) Maintain a program to prevent illegal activity. 
C) Develop an auxiliary power supply to provide uninterrupted electricity. 
D) Store duplicate copies of files in a location away from the computer center. 
A) Convert all data from external formats to an internal company format. 
B) Maintain a program to prevent illegal activity. 
C) Develop an auxiliary power supply to provide uninterrupted electricity. 
D) Store duplicate copies of files in a location away from the computer center.

Question 19

Which of the following personnel is responsible for the proper functioning of the security features built into the operating system?

Accepted Answer

A) The systems programmer. 
B) The application programmer. 
C) The computer operator. 
D) The telecommunications specialist. 
A) The systems programmer. 
B) The application programmer. 
C) The computer operator. 
D) The telecommunications specialist.

Question 20

When erroneous data are detected by computer program controls,such data may be excluded from processing and printed on an exception report.The exception report should most probably be reviewed and followed up on by the:

Accepted Answer

A) Supervisor of computer operations. 
B) Systems analyst. 
C) Data control group. 
D) Computer programmer. 
A) Supervisor of computer operations. 
B) Systems analyst. 
C) Data control group. 
D) Computer programmer.

Data encryption is an example of data communication control.

Which of the following is not programmed as a processing control?

Which of the following testing techniques minimizes the possibility that the auditors will contaminate a client's financial records?

Most advanced computer systems do not have audit trails.

Auditors usually begin their consideration of IT systems with tests of application controls.

An audit client outsources portions of its IT system to a cloud service provider.Which type of report would a report on management's description of the service organizations system and operating effectiveness of controls?

Which of the following components may not use a network as part of the information systems architecture?

Which of the following terms best describes a payroll system?

Which of the following is leastlikely to be a general control over computer activities?

A fast-growing service company is developing its information technology internally.What is the first step in the company's systems development life cycle?

Software that is designed to disable or damage computer systems or data is referred to as:

Which of the following would not generally be considered a program control?

A computer input control is designed to ensure that

Which of the following testing techniques is more commonly used by internal auditors than by independent auditors?

A system in which each department member is responsible for the development and execution of the computer application that he or she uses is referred to as:

Which of the following procedures would an entity most likely include in its disaster recovery plan?

Which of the following personnel is responsible for the proper functioning of the security features built into the operating system?

When erroneous data are detected by computer program controls,such data may be excluded from processing and printed on an exception report.The exception report should most probably be reviewed and followed up on by the:

The Role of the Public Accountant in the American Economy

Professional Standards

Professional Ethics

Legal Liability of Cpas

Audit Evidence and Documentation

Audit Planning, understanding the Client, assessing Risks, and Responding

Internal Control

Audit Sampling

Cash and Financial Investments

Accounts Receivable, notes Receivable, and Revenue

Inventories and Cost of Goods Sold

Property,plant,and Equipment: Depreciation and Depletion

Accounts Payable and Other Liabilities

Debt and Equity Capital

Auditing Operations and Completing the Audit

Auditors Reports

Integrated Audits of Public Companies

Additional Assurance Services: Historical Financial Information

Additional Assurance Services: Other Information

Internal, operational, and Compliance Auditing

Filters

Exam 8: Consideration of Internal Control in an Information Technology Environment

Data encryption is an example of data communication control.

Which of the following is not programmed as a processing control?

Which of the following testing techniques minimizes the possibility that the auditors will contaminate a client's financial records?

Most advanced computer systems do not have audit trails.

Auditors usually begin their consideration of IT systems with tests of application controls.

An audit client outsources portions of its IT system to a cloud service provider.Which type of report would a report on management's description of the service organizations system and operating effectiveness of controls?

Which of the following components may not use a network as part of the information systems architecture?

Which of the following terms best describes a payroll system?

Which of the following is leastlikely to be a general control over computer activities?

A fast-growing service company is developing its information technology internally.What is the first step in the company's systems development life cycle?

Software that is designed to disable or damage computer systems or data is referred to as:

Which of the following would not generally be considered a program control?

A computer input control is designed to ensure that

Which of the following testing techniques is more commonly used by internal auditors than by independent auditors?

A system in which each department member is responsible for the development and execution of the computer application that he or she uses is referred to as:

Which of the following procedures would an entity most likely include in its disaster recovery plan?

Which of the following personnel is responsible for the proper functioning of the security features built into the operating system?

When erroneous data are detected by computer program controls,such data may be excluded from processing and printed on an exception report.The exception report should most probably be reviewed and followed up on by the:

The Role of the Public Accountant in the American Economy

Professional Standards

Professional Ethics

Legal Liability of Cpas

Audit Evidence and Documentation

Audit Planning, understanding the Client, assessing Risks, and Responding

Internal Control

Audit Sampling

Cash and Financial Investments

Accounts Receivable, notes Receivable, and Revenue

Inventories and Cost of Goods Sold

Property,plant,and Equipment: Depreciation and Depletion

Accounts Payable and Other Liabilities

Debt and Equity Capital

Auditing Operations and Completing the Audit

Auditors Reports

Integrated Audits of Public Companies

Additional Assurance Services: Historical Financial Information

Additional Assurance Services: Other Information

Internal, operational, and Compliance Auditing

Filters