Deck 12: Information Technology Auditing

A)Requirements to use an IT auditor to evaluate controls
B)Regulations governing executive reporting and conduct
C)Rules about financial statement reporting
D)Audit committee/corporate governance requirements

A)The emphasis which is placed on testing data processing exceptions
B)Use of live data
C)The minimal disturbance of a company's records
D)both b and c

A)The file information is not human readable
B)The volume of transaction records and master file records is usually much larger in computerized systems than in manual systems
C)An audit trail does not exist in a computerized AIS
D)Computerized systems often use remote real-time data processing, thus complicating the tracing of transaction records to their sources

A)Is a component of IT auditing
B)Has one objective - to ensure that IT is used strategically to fulfill an organization's mission
C)Is intended to ensure both the strategic use of IT and control over IT resources
D)Is primarily intended to deter IT fraud

A)To verify the accuracy of a firm's financial statements
B)To punish employees for inefficient performance
C)To meet the requirements of the accounting profession
D)To ascertain employee adherence to organizational policies and procedures

A)A degree in information systems or technology
B)A degree which combines the study of accounting with the study of information systems
C)No college degree, but work experience in information systems
D)An accounting degree

A)An internal audit is never performed by external auditors
B)The primary goals of an internal audit and an external audit are somewhat different
C)Both internal and external audits are similar in their insistence upon objectivity in the performance of the audit evaluation
D)Both the internal audit and the external audit rely heavily upon the audit trail of transactions in an accounting system

A)Use test data
B)Verify that the output from the computerized processing was correct for the input data used to generate it
C)Never use a surprise audit because of the amount of time and work involved
D)Prepare a profile of a computer file and check the processed data with the profile thus obtained

A)Confirmation sampling
B)Test data
C)Tests of program authorization
D)Embedded audit modules

A)Are never used in compliance testing
B)May be used for substantive and compliance testing
C)Are used primarily when auditing around the computer
D)Are good tools for auditors who are lacking in technical computer skills

A)Documentation of all program changes on proper change-request forms
B)Proper costing of all program change requests
C)A review of each program change request by an internal auditor
D)Matches between program documentation and the production version of a computer program

A)It requires the construction of a high volume of test data
B)It introduces artificial transactions into the transaction stream
C)It produces overkill in the audit function
D)It is not broad enough to cover the entire spectrum of activities involved in the AIS

A)Does not include checking to see that all program changes are properly documented
B)Does not include a check of librarian functions
C)Does not include checking to see that program change requests are properly costed
D)Includes a cross-check of program changes against in-use programs

A)Uses the computer to process transaction data under normal processing conditions
B)Uses the computer as a tool to assist in various other auditing tasks
C)Relies heavily upon test data to evaluate the presence or absence of specific computer controls
D)Must also use an integrated test facility

A)A decentralized approach to IT acquisition
B)Using IT strategically to carry out the objectives of an organization
C)Ensuring effective management of an organization's IT resources
D)Control over IT-related risks

A)They provide for continuous auditing of application processing
B)The auditor does not have to be involved in the development of these programs
C)Once implemented, the system can capture information that is useful to the auditor on an ongoing basis
D)With this approach, the application program incorporates subroutines for audit purposes

A)Enron's CEO, Jeffrey Skilling, claimed he did not know about the company's financial shenanigans because he was not involved in their accounting
B)Public perception was that auditors were having conflicts of interest with respect to the auditing and consulting services they provided
C)The CICA has long been thought to be ineffective
D)Congress wanted to restore investor confidence in the wake of a rash of corporate scandals

A)Test only the computer programs of an AIS
B)Test only the manual operations of an AIS
C)Test both the programs and the manual operations of an AIS in an operational setting
D)Test the computer programs, the manual operations, and the auditing procedures of a company using a computerized AIS

A)Test data, integrated test facilities, and parallel simulation
B)Test data, edit checks, and integrated test facilities
C)Test data, program change control, and parallel simulation
D)Program change control, edit checks, and parallel simulation

A)Incentives or pressures
B)Greed
C)Opportunity
D)Rationalization

A)Exception reporting technique
B)Transaction tagging technique
C)Snapshot technique
D)Parallel simulation technique

A)Use of embedded audit modules
B)Testing of outputs to verify processing
C)Computer program testing
D)Validation of computer programs

A)People skills are more important than technical skills
B)An example of people skills would be the ability to work as a team
C)In the case of protecting against computer viruses, technical skills matter more than people skills
D)Many internal controls evaluated by auditors concern human behavior

A)A minimum password length of six digits
B)Restriction of passwords to alphanumeric characters only
C)Required use of words that can be found in a dictionary
D)A requirement for a minimum interval such as one day)before a password may be changed

A)Internal auditing outsourcing services
B)Expert services related to the audit
C)Actuarial services
D)Implementation of a financial information system

A)Allows auditors to evaluate transactions in an operational setting
B)Can test every exception transaction as opposed to test data which includes only a limited set of such transactions
C)Works best at evaluating input controls
D)Has no disadvantages

A)Auditing through-the-computer
B)Auditing around-the-computer
C)Auditing of manual accounting systems
D)Non-auditing procedures performed by a firm's accounting subsystem employees

A)Sequential access program systems
B)Positive confirmation audit systems
C)Embedded audit modules
D)Generalized audit software packages

A)An example of an integrated test facility
B)A generalized audit software program
C)A tool used for continuous auditing
D)A tool used by auditors to retrieve and manipulate data

A)Test data
B)Integrated test facility
C)Evaluation of program change control
D)Parallel simulation

A)Focusing most of the audit effort near the year-end
B)Alerting auditors to potential problems when the problems occur
C)Protecting the privacy of the auditors
D)Facilitating parallel simulation

A)Maintainability
B)Availability
C)Online privacy
D)Processing integrity

A)Weak access controls prevent unauthorized use of systems
B)Access controls allow auditors to employ continuous auditing techniques
C)Access controls make test data more effective
D)Weak access controls can allow users to bypass many other controls

A)Failure to remove fake transactions from the client's system
B)High costs of building the facility
C)Discovery of many control weaknesses
D)none of the above