Exam 20: Auditing and Information Technology

When programs or files can be accessed from terminals,users should be required to enter a(n)

Which of the following is not an appropriate statement with regard to computer control activities?

Which of the following computer controls would provide the best evidence that unauthorized users are not accessing specific computer programs and files?

Which of the following is not an example of a general control?

The audit team made a copy of the client's sales and billing program early in the audit.Several times during the audit,the audit team used this copy of the program to process actual client data.The output of the secured program was compared to that of the client's system.This audit technique would be considered

Which of the following is a category of general controls?

As part of assessing the risk of material misstatement,the audit team must assess the control risk in the computerized processing system.Initially,the audit team must identify the overall processing scope of the system(s),which would include each of the following considerations except

An audit team's approach to evaluating computerized processing systems that compares source documents to the computer output is known as auditing

Which of the following input controls would not be effective in identifying the erroneous input of numeric fields in a transaction?

Techniques needed to select specific transactions of audit interest for testing would not include

When audit teams test a computerized processing system,which of the following is true of the test data approach?

In end-user computing environments,the processing control procedures would ordinarily not include

When a real-time computerized processing system is in use,the computer controls can be strengthened by

Which of the following control procedures most likely could prevent computer personnel from modifying programs to bypass computer controls?

Which of the following is an example of a computer operations control?

Which of the following organizational positions would evaluate the existing system and design new computerized processing systems and documentation?

Which of the following would most likely be a weakness in the internal control of a client that utilizes portable computing devices rather than a larger computer system?

Match each of the following categories of general controls (letters A - D)to the description of a computer control (numbers 1 - 8).A category of general controls can be used more than once. A. Program development controls B. Program change controls C. Computer operations controls D. Access to programs and data controls ___ 1. Separating the duties of systems programmers, computer operators, and data librarians. ___ 2. Requiring the use of passwords to access computer programs and files. ___ 3. Using the Systems Development Life Cycle for testing and validation of new programs. ___ 4. Requiring program modifications to be tested and implemented by appropriate personnel. ___ 5. Maintaining backup copies of files at safe, remote locations. ___ 6. Involving users in the design of programs and selection of prepackaged software. ___ 7. Using external labels to identify files and programs. ___ 8. Ensuring that emergency requests are appropriately documented and properly authorized.

At a meeting of the corporate audit committee attended by the general manager of the products division (Smith)and the internal audit manager (Marks),the following dialogue took place between Smith and Jones (chair of the corporate audit committee): Jones: Ms.Marks has suggested that the internal audit department conduct an examination of the computer activities of the products division. Smith: I don't know much about the technicalities of computers,but the division has some of the best computer people in the company. Jones: Do you know whether the internal controls we have implemented are satisfactory? Smith: I suppose they are.No one has complained.What's so important about controls anyway,as long as the system works? I don't even know what type of controls we should have for our system. Jones: Ms.Marks,can you explain the objective of computer controls and provide us with some examples? Required: Address Ms.Marks' response to the following points: a.State the principal objective of achieving control over (1)input,(2)processing,and (3)output. b.Provide examples of (1)input controls,(2)processing controls,and (3)output controls.

Which of the following methods allow fictitious and actual transactions to be processed together without client operating personnel being aware of the testing process?