Exam 8: Consideration of Internal Control in an Information Technology Environment

Smith Corporation has numerous customers. Customer files are kept on disk storage. Each account in the customer file contains name, address, credit limit, and account balance. The auditor wishes to test these files to determine whether credit limits are being exceeded. The best procedure for the auditor to follow would be to:

Which of the following is an example of general computer control?

In their consideration of a client's IT controls, the auditors will encounter general controls and application controls. Which of the following is an application control?

Auditors usually begin their consideration of IT systems with tests of application controls.

Most advanced computer systems do not have audit trails.

Various characteristics of IT systems can present special audit risks. Explain each of the following characteristics of an IT system and the special audit risks that they present. a. Database system. b. Distributive data processing. c. End user computing.

The purpose of using generalized computer programs is to test and analyze a client's computer:

The capability for computers to communicate with physically remote terminals is an important feature in the design of modern business information systems. Which of the following risks associated with the use of telecommunications systems is minimized through the use of a password control system?

General controls over IT systems are typically tested using:

Distributive data processing eliminates the need for data security.

Internal control is ineffective when computer department personnel:

The operating system is an example of system software.

The completeness of computer generated sales figures can be tested by comparing the number of items listed on the daily sales report with the number of items billed on the actual invoices. This process uses:

Internal file labels are designed to prevent errors by programmers.

In a client/server environment, the "client" is most likely to be the:

Which of the following computer related employees should not be allowed access to program listings of application programs?

Generalized audit software may be used for substantive tests or for tests of controls.

When designing the physical layout of a data processing center, which of the following would be least likely to be a necessary control that is considered?

Which of the following is likely to be of least importance to an auditor in considering the internal control in a company with computer processing?

An example of an access control is a: