Question 1

Which of the following is not a general control?

Accepted Answer

A)  computer performed validation tests of input accuracy 
B)  equipment failure causes error messages on monitor 
C)  separation of duties between programmer and operators 
D)  adequate program run instructions for operating the computer 
A)  computer performed validation tests of input accuracy 
B)  equipment failure causes error messages on monitor 
C)  separation of duties between programmer and operators 
D)  adequate program run instructions for operating the computer

Question 2

Which of the following describes the process of implementing a new system in one part of the organization, while other locations continue to use the current system.

Accepted Answer

A)  parallel testing 
B)  online testing 
C)  pilot testing 
D)  control testing 
A)  parallel testing 
B)  online testing 
C)  pilot testing 
D)  control testing

Question 3

An auditor who is testing IT controls in a payroll system would most likely use test data that contain conditions such as:

Accepted Answer

A)  time tickets with invalid job numbers. 
B)  overtime not approved by supervisors. 
C)  deductions not authorized by employees. 
D)  payroll checks with unauthorized signatures. 
A)  time tickets with invalid job numbers. 
B)  overtime not approved by supervisors. 
C)  deductions not authorized by employees. 
D)  payroll checks with unauthorized signatures.

Question 4

General controls may include firewalls which are used to protect:

Accepted Answer

A)  erroneous internal handling of data. 
B)  against insufficient documentation of transactions. 
C)  illogical programming commands. 
D)  unauthorized use of system resources. 
A)  erroneous internal handling of data. 
B)  against insufficient documentation of transactions. 
C)  illogical programming commands. 
D)  unauthorized use of system resources.

Question 5

In an IT system, automated equipment controls or hardware controls are designed to:

Accepted Answer

A)  correct errors in the computer programs. 
B)  monitor and detect errors in source documents. 
C)  detect and control errors arising from the use of equipment. 
D)  arrange data in a logical sequential manner for processing purposes. 
A)  correct errors in the computer programs. 
B)  monitor and detect errors in source documents. 
C)  detect and control errors arising from the use of equipment. 
D)  arrange data in a logical sequential manner for processing purposes.

Question 6

Discuss the four areas of responsibility under the IT function that should be segregated in large companies.

Accepted Answer

The responsibilities for IT management,

Question 7

Output controls are not designed to assure that data generated by the computer are:

Accepted Answer

A)  accurate. 
B)  distributed only to authorized people. 
C)  complete. 
D)  used appropriately by management. 
A)  accurate. 
B)  distributed only to authorized people. 
C)  complete. 
D)  used appropriately by management.

Question 8

When a client uses desktops and networked servers for the accounting functions, the auditor should normally rely only on non-IT controls or may take a substantive approach to the audit.

Accepted Answer

A) True 
 B)False

Question 9

Which of the following may present itself as the biggest risk to centralizing information responsibilities that were traditionally separate?

Accepted Answer

A)  IT personnel with access to software and master files may misappropriate assets 
B)  IT personnel with access to software and master files may lack the accounting skills necessary to provide useful information to management 
C)  IT personnel with access to software and master files may not understand the linkages between general and application controls 
D)  IT personnel with access to software and master files may not be able to convert the company's operational policies to an IT environment 
A)  IT personnel with access to software and master files may misappropriate assets 
B)  IT personnel with access to software and master files may lack the accounting skills necessary to provide useful information to management 
C)  IT personnel with access to software and master files may not understand the linkages between general and application controls 
D)  IT personnel with access to software and master files may not be able to convert the company's operational policies to an IT environment

Question 10

Logic tests and completeness tests are examples of application controls.

Accepted Answer

A) True 
 B)False

Question 11

Typical controls developed for manual systems which are still important in IT systems include:

Accepted Answer

A)  management's authorization of transactions. 
B)  competent personnel. 
C)  adequate preparation of input source documents. 
D)  all of the above. 
A)  management's authorization of transactions. 
B)  competent personnel. 
C)  adequate preparation of input source documents. 
D)  all of the above.

Question 12

The process of assessing control risk considering only non IT controls is known as?

Accepted Answer

A)  the single-stage audit. 
B)  the test deck approach. 
C)  auditing around the computer. 
D)  generalized audit software (GAS). 
A)  the single-stage audit. 
B)  the test deck approach. 
C)  auditing around the computer. 
D)  generalized audit software (GAS).

Question 13

Controls which apply to a specific element of the system are called:

Accepted Answer

A)  user controls. 
B)  general controls. 
C)  systems controls. 
D)  applications controls. 
A)  user controls. 
B)  general controls. 
C)  systems controls. 
D)  applications controls.

Question 14

An internal control deficiency occurs when computer personnel:

Accepted Answer

A)  participate in computer software acquisition decisions. 
B)  design flowcharts and narratives for computerized systems. 
C)  originate changes in customer master files. 
D)  provide physical security over program files. 
A)  participate in computer software acquisition decisions. 
B)  design flowcharts and narratives for computerized systems. 
C)  originate changes in customer master files. 
D)  provide physical security over program files.

Question 15

Which of the following is not a risk specific to IT environments?

Accepted Answer

A)  reliance on the functioning capabilities of hardware and software 
B)  increased human involvement 
C)  loss of data due to insufficient backup 
D)  unauthorized access 
A)  reliance on the functioning capabilities of hardware and software 
B)  increased human involvement 
C)  loss of data due to insufficient backup 
D)  unauthorized access

Question 16

Rather than maintain an internal IT center, many companies outsource their basic IT functions such as payroll to an:

Accepted Answer

A)  external general service provider. 
B)  external application service provider. 
C)  internal control service provider. 
D)  internal auditor. 
A)  external general service provider. 
B)  external application service provider. 
C)  internal control service provider. 
D)  internal auditor.

Question 17

Companies with non-complex IT environments often rely on desktops and networked servers to perform accounting system functions. Which of the following is not an audit consideration in such an environment?

Accepted Answer

A)  limited reliance on automated controls 
B)  unauthorized access to master files 
C)  vulnerability to viruses and other risks 
D)  excess reliance on automated controls 
A)  limited reliance on automated controls 
B)  unauthorized access to master files 
C)  vulnerability to viruses and other risks 
D)  excess reliance on automated controls

Question 18

When the auditor decides to "audit around the computer" to obtain an understanding of the client's internal controls related to the IT system.

Accepted Answer

A) True 
 B)False

Question 19

In comparing (1) the adequacy of the hardware controls in the system with (2) the organization's methods of handling the errors that the computer identifies, the independent auditor is:

Accepted Answer

A)  unconcerned with both (1) and (2). 
B)  equally concerned with (1) and (2). 
C)  less concerned with (1) than with (2). 
D)  more concerned with (1) than with (2). 
A)  unconcerned with both (1) and (2). 
B)  equally concerned with (1) and (2). 
C)  less concerned with (1) than with (2). 
D)  more concerned with (1) than with (2).

Question 20

Which of the following is not a general control?

Accepted Answer

A)  sSeparation of IT duties 
B)  systems development. 
C)  processing controls 
D)  hardware controls 
A)  sSeparation of IT duties 
B)  systems development. 
C)  processing controls 
D)  hardware controls

Exam 12: The Impact of Information Technology on the Audit Process

Which of the following is not a general control?

Which of the following describes the process of implementing a new system in one part of the organization, while other locations continue to use the current system.

An auditor who is testing IT controls in a payroll system would most likely use test data that contain conditions such as:

General controls may include firewalls which are used to protect:

In an IT system, automated equipment controls or hardware controls are designed to:

Discuss the four areas of responsibility under the IT function that should be segregated in large companies.

Output controls are not designed to assure that data generated by the computer are:

When a client uses desktops and networked servers for the accounting functions, the auditor should normally rely only on non-IT controls or may take a substantive approach to the audit.

Which of the following may present itself as the biggest risk to centralizing information responsibilities that were traditionally separate?

Logic tests and completeness tests are examples of application controls.

Typical controls developed for manual systems which are still important in IT systems include:

The process of assessing control risk considering only non IT controls is known as?

Controls which apply to a specific element of the system are called:

An internal control deficiency occurs when computer personnel:

Which of the following is not a risk specific to IT environments?

Rather than maintain an internal IT center, many companies outsource their basic IT functions such as payroll to an:

Companies with non-complex IT environments often rely on desktops and networked servers to perform accounting system functions. Which of the following is not an audit consideration in such an environment?

When the auditor decides to "audit around the computer" to obtain an understanding of the client's internal controls related to the IT system.

In comparing (1) the adequacy of the hardware controls in the system with (2) the organization's methods of handling the errors that the computer identifies, the independent auditor is:

Which of the following is not a general control?

The Demand for Audit and Other Assurance Services

The CPA Profession

Audit Reports

Professional Ethics

Legal Liability

The CPA Profession

Audit Evidence

Audit Planning and Analytical Procedures

Materiality and Risk

Section 404 Audits of Internal Control and Control Risk

Fraud Auditing

Overall Audit Plan and Audit Program

Audit of the Sales and Collection Cycle: Tests of Controls and Substantive Tests of Transactions

Audit Sampling for Tests of Controls and Substantive Tests of Transactions

Completing the Tests in the Sales and Collection Cycle: Accounts Receivable

Audit Sampling for Tests of Details and Balances

Audit of the Acquisition and Payment Cycle: Tests of Controls and Substantive Tests of Transactions, and Accounts Payable

Completing the Tests in the Acquisition and Payment Cycle: Verification of Selected Accounts

Audit of the Payroll and Personnel Cycle

Audit of the Inventory and Warehousing Cycle

Audit of the Capital Acquisition and Repayment Cycle

Audit of Cash Balances

Completing the Audit

Other Assurance Services

Internal and Governmental Financial Auditing and Operational Auditing

Filters