Question 1

Distinguish between errors and irregularities. Which do you think concern the auditors the most?

Accepted Answer

Errors are unintentional mistakes; while

Question 2

Distinguish between inherent risk and control risk. How do internal controls and detection risk fit in?

Accepted Answer

Inherent risk is associated with the uni

Question 3

Which of the following is not true?

Accepted Answer

A)  Large-scale IT outsourcing involves transferring specific assets to a vendor 
B)  Specific assets, while valuable to the client, are of little value to the vendor 
C)  Once an organization outsources its specific assets, it may not be able to return to its pre-outsource state. 
D)  Specific assets are of value to vendors because, once acquired, vendors can achieve economies of scale by employing them with other clients 
A)  Large-scale IT outsourcing involves transferring specific assets to a vendor 
B)  Specific assets, while valuable to the client, are of little value to the vendor 
C)  Once an organization outsources its specific assets, it may not be able to return to its pre-outsource state. 
D)  Specific assets are of value to vendors because, once acquired, vendors can achieve economies of scale by employing them with other clients

Question 4

Transaction cost economics (TCE) theory suggests that firms should outsource specific non-core IT assets.

Accepted Answer

A) True 
 B)False

Question 5

Some systems professionals have unrestricted access to the organization's programs and data.

Accepted Answer

A) True 
 B)False

Question 6

Tests of controls determine whether the database contents fairly reflect the organization's transactions.

Accepted Answer

A) True 
 B)False

Question 7

Define general controls.

Accepted Answer

General controls apply to all systems. T

Question 8

Control risk is

Accepted Answer

A)  the probability that the auditor will render an unqualified opinion on financial statements that are materially misstated 
B)  associated with the unique characteristics of the business or industry of the client 
C)  the likelihood that the control structure is flawed because controls are either absent or inadequate to prevent or detect errors in the accounts 
D)  the risk that auditors are willing to take that errors not detected or prevented by the control structure will also not be detected by the auditor 
A)  the probability that the auditor will render an unqualified opinion on financial statements that are materially misstated 
B)  associated with the unique characteristics of the business or industry of the client 
C)  the likelihood that the control structure is flawed because controls are either absent or inadequate to prevent or detect errors in the accounts 
D)  the risk that auditors are willing to take that errors not detected or prevented by the control structure will also not be detected by the auditor

Question 9

Substantive tests include

Accepted Answer

A)  examining the safety deposit box for stock certificates 
B)  reviewing systems documentation 
C)  completing questionnaires 
D)  observation 
A)  examining the safety deposit box for stock certificates 
B)  reviewing systems documentation 
C)  completing questionnaires 
D)  observation

Question 10

An advantage of a recovery operations center is that

Accepted Answer

A)  this is an inexpensive solution 
B)  the initial recovery period is very quick 
C)  the company has sole control over the administration of the center 
D)  none of the above are advantages of the recovery operations center 
A)  this is an inexpensive solution 
B)  the initial recovery period is very quick 
C)  the company has sole control over the administration of the center 
D)  none of the above are advantages of the recovery operations center

Question 11

Define fault tolerance.

Accepted Answer

Fault tolerance is the ability of the sy

Question 12

Some companies separate systems analysis from programming/program maintenance. All of the following are control weaknesses that may occur with this organizational structure except

Accepted Answer

A)  systems documentation is inadequate because of pressures to begin coding a new program before documenting the current program 
B)  illegal lines of code are hidden among legitimate code and a fraud is covered up for a long period of time 
C)  a new systems analyst has difficulty in understanding the logic of the program 
D)  inadequate systems documentation is prepared because this provides a sense of job security to the programmer 
A)  systems documentation is inadequate because of pressures to begin coding a new program before documenting the current program 
B)  illegal lines of code are hidden among legitimate code and a fraud is covered up for a long period of time 
C)  a new systems analyst has difficulty in understanding the logic of the program 
D)  inadequate systems documentation is prepared because this provides a sense of job security to the programmer

Question 13

The distributed data processing approach carries some control implications of which accountants should be aware. Discuss two.

Accepted Answer

Incompatibility of hardware and software

Question 14

Which statement is not true?

Accepted Answer

A)  Auditors must maintain independence. 
B)  IT auditors attest to the integrity of the computer system. 
C)  IT auditing is independent of the general financial audit. 
D)  IT auditing can be performed by both external and internal auditors. 
A)  Auditors must maintain independence. 
B)  IT auditors attest to the integrity of the computer system. 
C)  IT auditing is independent of the general financial audit. 
D)  IT auditing can be performed by both external and internal auditors.

Question 15

Which is the most critical segregation of duties in the centralized computer services function?

Accepted Answer

A)  systems development from data processing 
B)  data operations from data librarian 
C)  data preparation from data control 
D)  data control from data librarian 
A)  systems development from data processing 
B)  data operations from data librarian 
C)  data preparation from data control 
D)  data control from data librarian

Question 16

Explain vendor exploitation.

Accepted Answer

Once the client firm has divested itself

Question 17

In a computer-based information system, which of the following duties needs to be separated?

Accepted Answer

A)  program coding from program operations 
B)  program operations from program maintenance 
C)  program maintenance from program coding 
D)  all of the above duties should be separated 
A)  program coding from program operations 
B)  program operations from program maintenance 
C)  program maintenance from program coding 
D)  all of the above duties should be separated

Question 18

Computer fraud is easiest at the data collection stage. Why?

Accepted Answer

Computer fraud is easiest at the data co

Question 19

Describe how a Corporate Computer Services Function can overcome some of the problems associated with distributed data processing.

Accepted Answer

The Corporate Computer Services Function

Question 20

All of the following tests of controls will provide evidence about the adequacy of the disaster recovery plan except

Accepted Answer

A)  inspection of the second site backup 
B)  analysis of the fire detection system at the primary site 
C)  review of the critical applications list 
D)  composition of the disaster recovery team 
A)  inspection of the second site backup 
B)  analysis of the fire detection system at the primary site 
C)  review of the critical applications list 
D)  composition of the disaster recovery team

Distinguish between errors and irregularities. Which do you think concern the auditors the most?

Distinguish between inherent risk and control risk. How do internal controls and detection risk fit in?

Which of the following is not true?

Transaction cost economics (TCE) theory suggests that firms should outsource specific non-core IT assets.

Some systems professionals have unrestricted access to the organization's programs and data.

Tests of controls determine whether the database contents fairly reflect the organization's transactions.

Define general controls.

Control risk is

Substantive tests include

An advantage of a recovery operations center is that

Define fault tolerance.

Some companies separate systems analysis from programming/program maintenance. All of the following are control weaknesses that may occur with this organizational structure except

The distributed data processing approach carries some control implications of which accountants should be aware. Discuss two.

Which statement is not true?

Which is the most critical segregation of duties in the centralized computer services function?

Explain vendor exploitation.

In a computer-based information system, which of the following duties needs to be separated?

Computer fraud is easiest at the data collection stage. Why?

Describe how a Corporate Computer Services Function can overcome some of the problems associated with distributed data processing.

All of the following tests of controls will provide evidence about the adequacy of the disaster recovery plan except

The Information System: an Accountants Perspective

Introduction to Transaction Processing

Ethics, Fraud, and Internal Control

The Revenue Cycle

The Expenditure Cycle Part I: Purchases and Cash Disbursements Procedures

The Expenditure Cycle Part II: Payroll Processing and Fixed Asset Procedures

The Conversion Cycle

Financial Reporting, and Management Reporting Systems

Database Management Systems

The Rea Approach to Business Process Modeling

Enterprise Resource Planning Systems

Electronic Commerce Systems

Managing the Systems Development Life Cycle

Construct, Deliver, and Maintain Systems Projects

IT Controls Part II: Security and Access

IT Controls Part III: Systems Development, Program Changes, and Application Controls

Filters

Exam 15: IT Controls Part I: Sarbanes-Oxley and It Governance

Distinguish between errors and irregularities. Which do you think concern the auditors the most?

Distinguish between inherent risk and control risk. How do internal controls and detection risk fit in?

Which of the following is not true?

Transaction cost economics (TCE) theory suggests that firms should outsource specific non-core IT assets.

Some systems professionals have unrestricted access to the organization's programs and data.

Tests of controls determine whether the database contents fairly reflect the organization's transactions.

Define general controls.

Control risk is

Substantive tests include

An advantage of a recovery operations center is that

Define fault tolerance.

Some companies separate systems analysis from programming/program maintenance. All of the following are control weaknesses that may occur with this organizational structure except

The distributed data processing approach carries some control implications of which accountants should be aware. Discuss two.

Which statement is not true?

Which is the most critical segregation of duties in the centralized computer services function?

Explain vendor exploitation.

In a computer-based information system, which of the following duties needs to be separated?

Computer fraud is easiest at the data collection stage. Why?

Describe how a Corporate Computer Services Function can overcome some of the problems associated with distributed data processing.

All of the following tests of controls will provide evidence about the adequacy of the disaster recovery plan except

The Information System: an Accountants Perspective

Introduction to Transaction Processing

Ethics, Fraud, and Internal Control

The Revenue Cycle

The Expenditure Cycle Part I: Purchases and Cash Disbursements Procedures

The Expenditure Cycle Part II: Payroll Processing and Fixed Asset Procedures

The Conversion Cycle

Financial Reporting, and Management Reporting Systems

Database Management Systems

The Rea Approach to Business Process Modeling

Enterprise Resource Planning Systems

Electronic Commerce Systems

Managing the Systems Development Life Cycle

Construct, Deliver, and Maintain Systems Projects

IT Controls Part II: Security and Access

IT Controls Part III: Systems Development, Program Changes, and Application Controls

Filters