Question 1

Which of the following is the first step in the risk-based audit approach?

Accepted Answer

A)  Identify the control procedures that should be in place. 
B)  Evaluate the control procedures. 
C)  Determine the threats facing the AIS. 
D)  Evaluate weaknesses to determine their effect on the audit procedures. 
A)  Identify the control procedures that should be in place. 
B)  Evaluate the control procedures. 
C)  Determine the threats facing the AIS. 
D)  Evaluate weaknesses to determine their effect on the audit procedures.

Question 2

An auditor examines all documents related to the acquisition,repair history,and disposal of a firm's delivery van.This is an example of collecting audit evidence by

Accepted Answer

A)  confirmation. 
B)  reperformance. 
C)  vouching. 
D)  analytical review. 
A)  confirmation. 
B)  reperformance. 
C)  vouching. 
D)  analytical review.

Question 3

The ________ procedure for auditing computer process controls uses a hypothetical series of valid and invalid transactions.

Accepted Answer

A)  concurrent audit techniques 
B)  test data processing 
C)  integrated test facility 
D)  dual process 
A)  concurrent audit techniques 
B)  test data processing 
C)  integrated test facility 
D)  dual process

Question 4

Describe the disadvantages of test data processing.

Accepted Answer

The auditor must spend considerable time

Question 5

The ________ audit reviews the general and application controls of an AIS to assess its compliance with internal control policies and procedures and its effectiveness in safeguarding assets.

Accepted Answer

A)  financial 
B)  information systems 
C)  management 
D)  internal control 
A)  financial 
B)  information systems 
C)  management 
D)  internal control

Question 6

In the ________ stage of an operational audit,the auditor measures the actual system against an ideal standard.

Accepted Answer

A)  evidence collection 
B)  evidence evaluation 
C)  testing 
D)  internal control 
A)  evidence collection 
B)  evidence evaluation 
C)  testing 
D)  internal control

Question 7

Explain the differences between each type of audit risk.

Accepted Answer

Inherent risk is the threat faced just b

Question 8

Define and give examples of embedded audit modules.

Accepted Answer

Embedded audit modules are segments of p

Question 9

The risk-based audit approach is

Accepted Answer

A)  a four-step approach to internal control evaluation. 
B)  a four-step approach to financial statement review and recommendations. 
C)  a three-step approach to internal control evaluation. 
D)  a three-step approach to financial statement review and recommendations. 
A)  a four-step approach to internal control evaluation. 
B)  a four-step approach to financial statement review and recommendations. 
C)  a three-step approach to internal control evaluation. 
D)  a three-step approach to financial statement review and recommendations.

Question 10

Strong ________ controls can partially compensate for inadequate ________ controls.

Accepted Answer

A)  development; processing 
B)  processing; development 
C)  operational; internal 
D)  internal; operational 
A)  development; processing 
B)  processing; development 
C)  operational; internal 
D)  internal; operational

Question 11

A system that employs various types of advanced technology has more ________ risk than traditional batch processing.

Accepted Answer

A)  control 
B)  detection 
C)  inherent 
D)  investing 
A)  control 
B)  detection 
C)  inherent 
D)  investing

Question 12

The information systems audit objective that pertains to source data being processed into some form of output is known as

Accepted Answer

A)  overall security. 
B)  program development. 
C)  program modifications. 
D)  processing. 
A)  overall security. 
B)  program development. 
C)  program modifications. 
D)  processing.

Question 13

The possibility that a material error will occur even though auditors are following audit procedures and using good judgment is referred to as

Accepted Answer

A)  control risk. 
B)  detection risk. 
C)  inherent risk. 
D)  investigating risk. 
A)  control risk. 
B)  detection risk. 
C)  inherent risk. 
D)  investigating risk.

Question 14

A type of software that auditors can use to analyze program logic and detect unexecuted program code is

Accepted Answer

A)  a mapping program. 
B)  an audit log. 
C)  a scanning routine. 
D)  program tracing. 
A)  a mapping program. 
B)  an audit log. 
C)  a scanning routine. 
D)  program tracing.

Question 15

An auditor might use which of the following to convert data from several sources into a single common format?

Accepted Answer

A)  computer assisted audit techniques software 
B)  Windows Media Converter 
C)  concurrent audit technique 
D)  Adobe Professional 
A)  computer assisted audit techniques software 
B)  Windows Media Converter 
C)  concurrent audit technique 
D)  Adobe Professional

Question 16

An auditor must be willing to accept some degree of risk that the audit conclusion is incorrect.Accordingly,the auditor's objective is to seek ________ that no material error exists in the information audited.

Accepted Answer

A)  absolute reliability 
B)  reasonable evidence 
C)  reasonable assurance 
D)  reasonable objectivity 
A)  absolute reliability 
B)  reasonable evidence 
C)  reasonable assurance 
D)  reasonable objectivity

Question 17

What is not a typical responsibility of an internal auditor?

Accepted Answer

A)  helping management to improve organizational effectiveness 
B)  assisting in the design and implementation of an AIS 
C)  preparation of the company's financial statements 
D)  implementing and monitoring of internal controls 
A)  helping management to improve organizational effectiveness 
B)  assisting in the design and implementation of an AIS 
C)  preparation of the company's financial statements 
D)  implementing and monitoring of internal controls

Question 18

According to the risk-based auditing approach,when a control deficiency is identified,the auditor should inquire about

Accepted Answer

A)  tests of controls. 
B)  the feasibility of a systems review. 
C)  materiality and inherent risk factors. 
D)  compensating controls. 
A)  tests of controls. 
B)  the feasibility of a systems review. 
C)  materiality and inherent risk factors. 
D)  compensating controls.

Question 19

How is a financial audit different from an information systems audit?

Accepted Answer

Financial audits examine the reliability

Question 20

The auditor's role in systems development should be as

Accepted Answer

A)  an advisor and developer of internal control specifications. 
B)  a developer of internal controls. 
C)  an independent reviewer only. 
D)  A and B above 
A)  an advisor and developer of internal control specifications. 
B)  a developer of internal controls. 
C)  an independent reviewer only. 
D)  A and B above

Exam 11: Auditing Computer-Based Information Systems

Which of the following is the first step in the risk-based audit approach?

An auditor examines all documents related to the acquisition,repair history,and disposal of a firm's delivery van.This is an example of collecting audit evidence by

The ________ procedure for auditing computer process controls uses a hypothetical series of valid and invalid transactions.

Describe the disadvantages of test data processing.

The ________ audit reviews the general and application controls of an AIS to assess its compliance with internal control policies and procedures and its effectiveness in safeguarding assets.

In the ________ stage of an operational audit,the auditor measures the actual system against an ideal standard.

Explain the differences between each type of audit risk.

Define and give examples of embedded audit modules.

The risk-based audit approach is

Strong ________ controls can partially compensate for inadequate ________ controls.

A system that employs various types of advanced technology has more ________ risk than traditional batch processing.

The information systems audit objective that pertains to source data being processed into some form of output is known as

The possibility that a material error will occur even though auditors are following audit procedures and using good judgment is referred to as

A type of software that auditors can use to analyze program logic and detect unexecuted program code is

An auditor might use which of the following to convert data from several sources into a single common format?

An auditor must be willing to accept some degree of risk that the audit conclusion is incorrect.Accordingly,the auditor's objective is to seek ________ that no material error exists in the information audited.

What is not a typical responsibility of an internal auditor?

According to the risk-based auditing approach,when a control deficiency is identified,the auditor should inquire about

How is a financial audit different from an information systems audit?

The auditor's role in systems development should be as

Accounting Information Systems: an Overview

Overview of Transaction Processing and Erp Systems

Systems Documentation Techniques

Relational Databases

Computer Fraud

Computer Fraud and Abuse Techniques

Control and Accounting Information Systems

Information Systems Controls for System Reliability Part 1: Information Security

Information Systems Controls for Systems Reliability Part 2: Confidentiality and Privacy

Information Systems Controls for Systems Reliability Part 3: Processing Integrity and Availability

The Revenue Cycle: Sales to Cash Collections

The Expenditure Cycle: Purchasing to Cash Disbursements

The Production Cycle

The Human Resources Management and Payroll Cycle

General Ledger and Reporting System

The Rea Data Model

Implementing an Rea Model in a Relational Database

Special Topics in Rea Modeling

Introduction to Systems Development Systems Analysis

Ais Development Strategies

Systems Design, implementation, and Operation

Filters

Strong controls can partially compensate for inadequate controls.