Deck 10: The Impact of Information Technology on the Audit Process

A) 2 and 3
B) 1 and 3
C) 1 and 2
D) 3 and 4

A) Testing online passwords
B) Testing input data to final reports
C) Testing authorisation of transactions
D) Testing data access controls

A) allows quick retrieval of data, but it needs to update files continually.
B) reduces data redundancy.
C) allows quick retrieval of data but at a cost of inefficient use of file space.
D) stores data on different files for different purposes, but always knows where they are and how to retrieve them.

A) a systems control.
B) an applications control.
C) a universal control.
D) a general control.

A) Test data approach
B) Generalised audit software programming
C) Integrated test facility
D) Parallel simulation

A) the cost of the study and tests of controls will exceed the savings from reduced substantive procedures.
B) the auditor plans to rely on the controls and reduce substantive testing.
C) a qualified opinion will be issued.
D) All of the above are true.

A) Storing copies of critical software off premises
B) Identifying alternative hardware that can be used to process company data
C) Regular changing of access codes
D) Backing up critical data files

A) substantiation record.
B) initialisation procedure.
C) outsourcing code.
D) audit trail.

A) tests data used to test specific controls.
B) analyses the client data.
C) inserts an audit module into the client's application system.
D) uses software to define the content of data records.

A) he or she is satisfied that a special report on internal controls issued by the service centre's independent auditor can be relied on to the extent desired.
B) the service centre is a partially owned subsidiary of the client company, whose financial statements are examined by another audit firm.
C) the service centre processes data exclusively for the audit client and its subsidiaries.
D) the service centre controls have already been reviewed by the internal audit team of the client.

A) in trying to abide by the joint Code of Professional Conduct to maintain the security and confidentiality of the client's data.
B) in determining the adequacy of the service centre's internal controls.
C) finding compatible programs that will analyse the service centre's programs.
D) gaining the permission of the service centre to review its work.

A) processing controls.
B) general controls.
C) output controls.
D) input controls.

A) Decentralised servers often increase control risk.
B) Many environments lack standardised procedures.
C) Responsibility for purchasing equipment usually resides with a centralised IT function.
D) Network- related software often lacks the security features typically available in traditionally centralised systems.

A) separate computer service bureau.
B) control gateway.
C) single telephone line.
D) single computer monitor.

A) MYOB
B) ACL
C) Visual Basic
D) None of the above

A) computers reduce the human error that is likely to occur in traditional manual environments.
B) computers process information consistently.
C) computers handle tremendous volumes of complex business transactions effectively.
D) all of the above

A) test data.
B) generalised audit software.
C) tracing.
D) observation.

A) every audit area.
B) every material audit area.
C) every audit area in which the client uses the computer.
D) every audit area where the auditor plans to reduce assessed control risk.

A) is a method of verifying the client's data which is recorded in a machine language.
B) is used when client's software is not compatible with the auditor's.
C) is often used even when client's data are not computerised.
D) can be used for all three of the above.

A) Processing controls
B) Segregation of IT duties
C) Hardware controls
D) Backup

A) applications controls first.
B) sales- cycle controls first.
C) general controls before applications controls.
D) hardware controls first.

A) Verify extensions and footings.
B) Analyse exception responses returned with confirmations received from customers.
C) Compare data on separate files.
D) Re- sequence data and perform analyses.

A) design documentation for computerised systems.
B) request physical security be provided for program files.
C) have access to actual programs used to produce accounting information.
D) participate in computer software acquisition decisions.

A) Post processing reviews
B) Preparation of backup plans
C) Access to hardware is restricted
D) Equipment error causes error messages to appear on the computer monitor

A) Totalling the client's accounts receivable balances
B) Random sampling of all other receivables
C) Inquiry of management policy on aged debtors
D) Comparing creditor statements with accounts payable files

A) uses computer programs to perform audit tasks in special circumstances.
B) uses the client's computer as an audit tool.
C) only considers the non- IT controls in assessing control risk.
D) all of the above

A) Risk of system obsolescence
B) Risk of system crash
C) Risk of theft of information and data
D) All of the above

A) to gain an understanding of the computer hardware and software.
B) to evaluate management's efficiency in designing and using the IT system.
C) to determine if the audit firm must have an IT auditor on the team.
D) to aid in determining the audit evidence that should be accumulated.

A) Computer programs must be available in English.
B) User controls include comparison of computer- produced records with source documents.
C) The accounting software can display or print ledger balances and transaction details that allow the auditor to trace individual transactions through the accounting records.
D) The source documents are available in a readable form and can be traced easily through the accounting system to output.

A) issue an adverse opinion.
B) increase the sample size for tests of controls.
C) issue a disclaimer.
D) expand the substantive testing portion of the audit.

A) Only one copy of backup files is stored in an off- premises location.
B) Computer operators are closely supervised by programmers.
C) Programmers do not have the authorisation to operate equipment.
D) Computer operators do not have access to the complete run manual.

A) financial
B) technical
C) systems
D) all of the above

A) IT and non- IT personnel.
B) internal auditors.
C) key users of the software.
D) all of the above

A) 120 days.
B) 60 days.
C) 30 days.
D) 90 days.

A) Use of unreliable information because of processing errors produced by the technology
B) The inability to retrieve important information because of IT systems failure
C) The potential for material misstatement
D) None of the above, i.e., they are all important.

A) IT management separate from operations.
B) IT management separate from data control.
C) IT management separate from systems development.
D) All of the above

A) requiring the user to re- input critical fields to verify accuracy of input.
B) operating the old and the new system simultaneously.
C) implementing a new system in one part of the organisation while other locations continue to rely on the old system.
D) processing test data against a copy of the client's application program.

A) Review of accounts receivable balances for amounts over the credit limit
B) Observing cash receipts processes
C) Recalculating employees' net pay calculations
D) Preparing general ledger trial balances

A) involves introducing simulated transactions into the client's actual application program(s).
B) should not involve the actual application programs the client uses throughout the year, since use of the actual programs would contaminate the client's accounting data.
C) is more applicable to independent audits than internal audits.
D) is a commonly used audit technique for auditing around the computer.

A) input controls.
B) manufacturer's controls.
C) hardware controls.
D) fail- safe controls.

A) the microcomputer- aided auditing approach.
B) the generalised audit software approach.
C) the test data approach.
D) called auditing around the computer.

A) auditing through the computer is usually the most cost- effective audit approach.
B) the auditor will need to rely more on application controls and increase testing of these.
C) this tends to have a pervasive effect on the application control environment.
D) all of the above

A) distribution control, which assures that only authorised personnel receive the reports generated by the system.
B) review of the data for reasonableness by someone who knows what the output should look like.
C) control totals, which are used to verify that the computer's results are correct.
D) logic tests, which verify that no mistakes were made in processing.

A) Reasonableness test for unit selling price of sale
B) Preprocessing authorisation of sales transactions
C) Separation of duties between computer programmer and operators
D) Post- processing review of sales transactions by the sales department

A) on a surprise basis.
B) after the conclusion of the audit.
C) by inputting adjustment transactions.
D) by the internal audit group.

A) software.
B) hardware.
C) backup data files.
D) all of the above

A) Computer controls replace manual controls.
B) Higher quality information is available.
C) Computer controls are cheaper.
D) Both A and B above

A) detect errors after the completion of processing.
B) confirm that data has been processed in the correct order.
C) check the accuracy of processing.
D) prevent errors before final reports are completed.

A) audit software.
B) macros.
C) templates.
D) desktop publishing.

A) allow the auditor to select records for further testing.
B) may be applied regardless of the level of assessed control risk in an application.
C) are useful primarily for substantive procedures.
D) none of the above

A) Design the most useful format and contents of the auditor's GAS reports.
B) Develop a logical approach to extract and manipulate data obtained from the client's records.
C) Identify and describe the client's data files and the information to which access is desired.
D) All of the above

A) recording process.
B) transmission process.
C) data backup process.
D) data output process.

A) An equipment failure causes an error message on the monitor.
B) After processing, all sales transactions are reviewed by the sales department.
C) There are reasonableness tests for the unit selling price of a sale.
D) Resonableness tests reviewing hours worked by employees

A) Processing controls
B) Procedures for documenting, reviewing and approving systems and payments
C) Hardware controls
D) The plan of organisation and operation of IT activity

A) user controls.
B) systems controls.
C) general controls.
D) applications controls.

A) Department numbers
B) Net pay
C) Total debits and total credits
D) Hours worked

A) librarian.
B) chief information officer.
C) data control group.
D) computer operators.

A) Input controls
B) Output controls
C) Processing controls
D) Hardware controls

A) tests of controls.
B) any type of audit testing.
C) tests of balances.
D) analytical review tests.

A) time tickets with invalid job numbers.
B) deductions not authorised by employees.
C) overtime not approved by supervisors.
D) payroll cheques with unauthorised signatures.

A) Selecting a sample of accounts to be confirmed and printing confirmation requests
B) Comparing data on separate files
C) Resolving differences reported by customers on confirmation requests
D) Examining records for quality, completeness, consistency and correctness

A) relevant
B) dubious
C) substantive
D) correct