Deck 10: The impact of information technology on the audit process

A) the potential for material misstatement
B) use of unreliable information because of processing errors produced by the technology
C) the inability to retrieve important information because of IT systems failure
D) none of the above (i.e., they are all important)

A) request physical security be provided for program files.
B) design documentation for computerised systems.
C) have access to actual programs used to produce accounting information.
D) participate in computer software acquisition decisions.

A) audit trail.
B) outsourcing code.
C) initialisation procedure.
D) substantiation record.

A) chief information officer.
B) data control group.
C) librarian.
D) computer operators.

A) Computer controls replace manual controls.
B) Higher quality information is available.
C) Computer controls are cheaper.
D) both A and B

A) because computers reduce the human error that is likely to occur in traditional manual environments
B) because computers process information consistently
C) because computers handle tremendous volumes of complex business transactions effectively
D) all of the above

A) Only one copy of backup files is stored in an off-premises location.
B) Computer operators are closely supervised by programmers.
C) Programmers do not have the authorisation to operate equipment.
D) Computer operators do not have access to the complete run manual.

A) computer controls replacing manual ones
B) higher quality information
C) both A and B
D) none of the above

A) department numbers
B) hours worked
C) total debits and total credits
D) net pay

A) checking the accuracy of processing.
B) detecting errors after the completion of processing.
C) confirming that data has been processed in the correct order.
D) preventing errors before final reports are completed.

A) IT management is separate from systems development.
B) IT management is separate from data control.
C) IT management is separate from operations.
D) all of the above

A) processing controls
B) hardware controls
C) output controls
D) input controls

A) technical
B) financial
C) systems
D) all of the above

A) preparation of backup plans
B) restricted access to hardware
C) equipment error causing error messages to appear on the computer monitor
D) post-processing reviews

A) hardware controls.
B) manufacturer's controls.
C) input controls.
D) fail-safe controls.

A) There are reasonableness tests reviewing hours worked by employees.
B) There are reasonableness tests for the unit selling price of a sale.
C) After processing, all sales transactions are reviewed by the sales department.
D) An equipment failure causes an error message on the monitor.

A) post-processing review of sales transactions by the sales department
B) reasonableness test for unit selling price of sale
C) preprocessing authorisation of sales transactions
D) separation of duties between computer programmer and operators

A) processing test data against a copy of the client's application program.
B) operating the old and the new system simultaneously.
C) requiring the user to re-input critical fields to verify accuracy of input.
D) implementing a new system in one part of the organisation while other locations continue to rely on the old system.

A) 2 and 3
B) 3 and 4
C) 1 and 3
D) 1 and 2

A) regular changing of access codes
B) identifying alternative hardware that can be used to process company data
C) backing up critical data files
D) storing copies of critical software off premises

A) sales-cycle controls first.
B) application controls first.
C) general controls before application controls.
D) hardware controls first.

A) a universal control
B) a general control
C) an application control
D) a systems control

A) aid in determining the audit evidence that should be accumulated.
B) evaluate management's efficiency in designing and using the IT system.
C) gain an understanding of the computer hardware and software.
D) determine if the audit firm must have an IT auditor on the team.

A) processing controls
B) output controls
C) input controls
D) general controls

A) backup
B) hardware controls
C) segregation of IT duties
D) processing controls

A) general controls.
B) application controls.
C) systems controls.
D) user controls.

A) considers only the non-IT controls in assessing control risk.
B) uses the client's computer as an audit tool.
C) uses computer programs to perform audit tasks in special circumstances.
D) all of the above

A) key users of the software
B) IT and non-IT personnel
C) internal auditors
D) all of the above

A) software.
B) hardware.
C) backup data files.
D) all of the above

A) The cost of the study and tests of controls will exceed the savings from reduced substantive procedures.
B) A qualified opinion will be issued.
C) The auditor plans to rely on the controls and reduce substantive testing.
D) all of the above

A) expand the substantive testing portion of the audit.
B) issue a disclaimer.
C) issue an adverse opinion.
D) increase the sample size for tests of controls.

A) The source documents are available in a readable form and can be traced easily through the accounting system to output.
B) User controls include comparison of computer-produced records with source documents.
C) Computer programs must be available in English.
D) The accounting software can display or print ledger balances and transaction details that allow the auditor to trace individual transactions through the accounting records.

A) tracing
B) test data
C) observation
D) generalised audit software

A) review of the data for reasonableness by someone who knows what the output should look like
B) control totals, which are used to verify that the computer's results are correct
C) distribution control, which assures that only authorised personnel receive the reports generated by the system
D) logic tests, which verify that no mistakes were made in processing

A) The auditor will need to rely more on application controls and increase testing.
B) This tends to have a pervasive effect on the application control environment.
C) Auditing through the computer is usually the most cost-effective audit approach.
D) all of the above

A) audit area in which the client uses the computer.
B) material audit area.
C) audit area.
D) audit area where the auditor plans to reduce assessed control risk.

A) hardware controls
B) the plan of organisation and operation of IT activity
C) processing controls
D) procedures for documenting, reviewing, and approving systems and payments

A) used when client's software is not compatible with the auditor's.
B) a method of verifying the client's data recorded in a machine language.
C) often used even when client's data are not computerised.
D) all of the above

A) testing authorisation of transactions
B) testing input data to final reports
C) testing online passwords
D) testing data access controls

A) Analyse exception responses returned with confirmations received from customers.
B) Verify extensions and footings.
C) Re-sequence data and perform analyses.
D) Compare data on separate files.

A) Parallel simulation
B) Integrated test facility
C) Generalised audit software programming
D) Test data approach

A) comparing creditor statements with accounts payable files
B) inquiry of management policy on aged debtors
C) random sampling of all other receivables
D) totalling the client's accounts receivable balances

A) comparing data on separate files
B) selecting a sample of accounts to be confirmed and printing confirmation requests
C) resolving differences reported by customers on confirmation requests
D) examining records for quality, completeness, consistency, and correctness

A) Tests data used to test specific controls.
B) Analyses the client data.
C) Uses software to define the content of data records.
D) Inserts an audit module into the client's application system.

A) Develop a logical approach to extract and manipulate data obtained from the client's records.
B) Design the most useful format and contents of the auditor's GAS reports.
C) Identify and describe the client's data files and the information to which access is desired.
D) all of the above

A) review of accounts receivable balances for amounts over the credit limit
B) observing cash receipts processes
C) recalculating employees' net pay calculations
D) preparing general ledger trial balances

A) tests of balances.
B) tests of controls.
C) analytical review tests.
D) any type of audit testing.

A) deductions not authorised by employees.
B) overtime not approved by supervisors.
C) time tickets with invalid job numbers.
D) payroll cheques with unauthorised signatures.

A) the generalised audit software approach.
B) the test data approach.
C) called 'auditing around the computer'.
D) the microcomputer-aided auditing approach.

A) are useful primarily for substantive procedures.
B) allow the auditor to select records for further testing.
C) may be applied regardless of the level of assessed control risk in an application.
D) none of the above

A) ACL
B) MYOB
C) Visual Basic
D) none of the above