Exam 12: Implications of Information Technology for the Audit Process

Even in a less sophisticated IT environment,automated controls can often be relied on.

Which of the following statements related to application controls is correct?

Processing controls are a category of application controls.

In IT systems,if general controls are effective,it increases the auditor's ability to rely on application controls to reduce control risk.

Match eight of the terms (a-n)with the definitions provided below (1-8): a.Application controls b.Auditing around the computer c.Auditing through the computer d.Error listing e.General controls f.Generalized audit software g.Hardware controls h.Input controls i.Output controls j.Parallel simulation k.Parallel testing l.Pilot testing m.Processing controls n.Test data approach ________ 1.The new and old systems operate simultaneously in all locations. ________ 2.Controls that relate to all parts of the IT system. ________ 3.Involves the use of a computer program written by the auditor that replicates some part of a client's application system. ________ 4.A method of auditing IT systems which uses data created by the auditor to determine whether the client's computer program can correctly process valid and invalid transactions. ________ 5.Controls such as review of data for reasonableness,designed to assure that data generated by the computer is valid,accurate,complete,and distributed only to authorized people. ________ 6.Controls that apply to processing of transactions. ________ 7.A new system is implemented in one part of the organization while other locations continue to rely on the old system. ________ 8.Controls such as proper authorization of documents,check digits,and adequate documentation,designed to assure that the information to be processed by the computer is authorized,complete,and accurate.

Which of the following is not an example of an applications control?

When using the test data approach:

A control that relates to all parts of the IT system is called a(n):

Output controls need to be designed for which of the following data integrity objectives?

Companies with non-complex IT environments often rely on desktops and networked servers to perform accounting system functions.Which of the following is not an audit consideration in such an environment?

The embedded audit module approach requires the auditor to insert an audit module in the client's application system to to identify specific types of transactions.

Rather than maintain an internal IT center,many companies outsource their basic IT functions such as payroll to an:

One of the unique risks of protecting hardware and data is:

Which of the following is not a general control?

The approach to auditing where the auditor does not test automated controls to reduce assessed control risk is called:

Auditors normally link controls and deficiencies in general controls to specific transaction-related audit objectives.

When the client uses a computer but the auditor chooses to use only the non-IT segment of internal control to assess control risk,it is referred to as auditing around the computer.Which one of the following conditions need not be present to audit around the computer?

A ________ is responsible for controlling the use of computer programs,transaction files and other computer records and documentation and releases them to the operators only when authorized.

A ________ total represents the summary total of codes from all records in a batch that do not represent a meaningful total.

An auditor who is testing IT controls in a payroll system would most likely use test data that contain conditions such as: