Explore all topics
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
search
ai logoChat with AI
Servicesarrow
Discoverarrow

Topics

Explore all topics
Discover more topics

Deck 12: The Impact of Information Technology on the Audit Process

Full screen (f)
exit full mode
Question
Which of the following is not a risk in an IT system?

A)Need for IT experienced staff
B)Separation of IT duties from accounting functions
C)Improved audit trail
D)Hardware and data vulnerability
Use Space or
up arrow
down arrow
to flip the card.
Question
Discuss how the integration of IT into accounting systems enhances internal control.
Question
Which of the following describes the process of implementing a new system in one part of the organization, while other locations continue to use the current system?

A)Parallel testing
B)Online testing
C)Pilot testing
D)Control testing
Question
One of the unique risks of protecting hardware and data is:

A)lack of traditional authorization.
B)the decreased risk of loss or destruction of data files if data is stored in a centralized location.
C)the ease at which the IT system can be installed and maintained.
D)the unauthorized access to the IT system resulting in improper changes in software programs and master files.
Question
Since IT systems can often initiate transactions automatically, proper authorization depends on software procedures and accurate master files used to make the authorization decision.
Question
What are three specific risks to IT systems?
Question
A ________ is responsible for controlling the use of computer programs, transaction files and other computer records and documentation and releases them to the operators only when authorized.

A)software engineer
B)chief computer operator
C)librarian
D)data control operator
Question
________ is not a risk specific to the IT environments.

A)Reliance on the functioning capabilities of hardware and software
B)Increased human involvement
C)Loss of data due to insufficient backup
D)Unauthorized access
Question
Control risk may be reduced for a company with a complex IT system when compared to a company that relies primarily on manual controls.
Question
Which of the following statements related to application controls is correct?

A)Application controls relate to various aspects of the IT function including software acquisition and the processing of transactions.
B)Application controls relate to various aspects of the IT function including physical security and the processing of transactions in various cycles.
C)Application controls relate to all aspects of the IT function.
D)Application controls relate to the processing of individual transactions.
Question
Computers process information consistently for all transactions.This creates a risk that:

A)auditors will not be able to access data quickly.
B)auditors will not be able to determine if data is processed consistently.
C)erroneous processing can result in the accumulation of a great number of misstatements in a short period of time.
D)all of the above.
Question
One potential disadvantage of IT systems is the reduction or elimination of source documents, which reduces the visibility of the audit trail.
Question
Old and new systems operating simultaneously in all locations is a test approach known as:

A)pilot testing.
B)horizontal testing.
C)integrative testing.
D)parallel testing.
Question
Typical controls developed for manual systems which are still important in IT systems include:

A)management's authorization of transactions.
B)competent personnel.
C)adequate preparation of input source documents.
D)all of the above.
Question
Misstatements in the financial statement may not be detected with the increased use of IT due to: I.the loss of a visible audit trail.
II)reduced human involvement.

A)I only
B)II only
C)both I and II
D)neither I or II
Question
General controls include all of the following except:

A)systems development.
B)online security.
C)processing controls.
D)hardware controls.
Question
The continued integration of IT in accounting systems can impact a company by:

A)increasing the costs of handling a large amount of data.
B)increasing the number of manual controls needed.
C)giving management higher-quality information more quickly than a manual system, thus helping management in their decision making process.
D)decreasing the segregation of duties.
Question
Security controls should require that users enter a(n)________ before being allowed access to software and other related data files.

A)echo check
B)parity check
C)self-diagnosis test
D)authorized password
Question
Which of the following is a component of general controls?

A)Processing controls
B)Output controls
C)Back-up and contingency planning
D)Input controls
Question
Which of the following is not a benefit of using IT-based controls?

A)Ability to process large volumes of transactions
B)Ability to replace manual controls with computer-based controls
C)Reduction in misstatements due to consistent processing of transactions
D)Reduction in internal control evaluation in setting control risk
Question
A ________ total represents the summary total of codes from all records in a batch that do not represent a meaningful total.

A)record
B)hash
C)output
D)financial
Question
Controls which are designed to assure that the information processed by the computer is authorized, complete, and accurate are called:

A)input controls.
B)processing controls.
C)output controls.
D)general controls.
Question
When purchasing software or developing in-house software:

A)cost should be the only factor.
B)extensive testing of the software is generally not required.
C)a team of both IT and non-IT personnel should be involved in the decision process.
D)the librarian and the IT manager should be the only ones involved in the decision process.
Question
Which of the following tests determines that every field in a record has been completed?

A)Validation
B)Sequence
C)Completeness
D)Programming
Question
Programmers should be allowed access to:

A)user controls.
B)general controls.
C)systems controls.
D)applications controls.
Question
Which of the following is not a general control?

A)Separation of IT duties
B)Systems development
C)Processing controls
D)Hardware controls
Question
Output controls need to be designed for which of the following data integrity objectives?

A)Detecting errors after the processing is completed
B)Preventing errors before the processing is completed
C)Detecting errors in the general ledger adjustment process
D)Preventing errors in separation of duties for IT personnel
Question
A control that relates to all parts of the IT system is called a(n):

A)general control.
B)systems control.
C)universal control.
D)applications control.
Question
Which of the following is not a general control?

A)Computer performed validation tests of input accuracy.
B)Equipment failure causes error messages on monitor.
C)There is a separation of duties between programmer and operators.
D)There are adequate program run instructions for operating the computer.
Question
Controls which are built in by the manufacturer to detect equipment failure are called:

A)input controls.
B)data integrity controls.
C)hardware controls.
D)manufacturer's controls.
Question
Which of the following is not an application control?

A)Preprocessing authorization of sales transactions
B)Reasonableness test for unit selling price of sale
C)Post-processing review of sales transactions by the sales department
D)Logging in to the company's information systems via a password
Question
An example of a physical control is:

A)a hash total.
B)a parallel test.
C)the matching of employee fingerprints to a database before access to the system is allowed.
D)the use of backup generators to prevent data loss during power outages.
Question
In an IT system, automated equipment controls or hardware controls are designed to:

A)correct errors in the computer programs.
B)monitor and detect errors in source documents.
C)detect and control errors arising from the use of equipment.
D)arrange data in a logical sequential manner for processing purposes.
Question
An internal control deficiency occurs when computer personnel:

A)participate in computer software acquisition decisions.
B)design flowcharts and narratives for computerized systems.
C)originate changes in customer master files.
D)provide physical security over program files.
Question
Which of the following is not an example of an applications control?

A)Back-up of data is made to a remote site for data security.
B)There is a preprocessing authorization of the sales transactions.
C)There are reasonableness tests for the unit selling price of a sale.
D)After processing, all sales transactions are reviewed by the sales department.
Question
Controls that are designed for each software application and are intended to help a company satisfy the transaction-related audit objectives are:

A)user controls.
B)general controls.
C)audit controls.
D)application controls.
Question
Which of the following best explains the relationship between general controls and application controls?

A)Application controls are effective even if general controls are extremely weak.
B)Application controls are likely to be effective only when general controls are effective.
C)General controls have no impact on application controls.
D)None of the above.
Question
Which of the following controls prevent and detect errors while transaction data are processed?

A)Software
B)Application
C)Processing
D)Transaction
Question
If a control total were to be computed on each of the following data items, which would best be identified as a hash total for a payroll IT application?

A)Gross wages earned
B)Employee numbers
C)Total hours worked
D)Total debit amounts and total credit amounts
Question
Controls specific to IT include all of the following except for:

A)adequately designed input screens.
B)pull-down menu lists.
C)validation tests of input accuracy.
D)separation of duties.
Question
Output controls focus on preventing errors during processing.
Question
A large portion of errors in IT systems result from data entry errors.
Question
What are the two software testing strategies that companies typically use?
Which strategy is more expensive?
Question
Processing controls include the following tests:
Validation
Sequence
Data Reasonableness
Completeness
Describe what each control is designed to do:
Question
Parallel testing is used when old and new systems are operated simultaneously in all locations.
Question
Parallel testing is more expensive than pilot testing.
Question
IT controls are classified as either input controls or output controls.
Question
Identify the three categories of application controls, and give one example of each.
Question
In IT systems, if general controls are effective, it increases the auditor's ability to rely on application controls to reduce control risk.
Question
Define control for general controls and application controls.Also list the categories of controls included under general controls and application controls.
Question
In comparing (1)the adequacy of the hardware controls in the system with (2)the organization's methods of handling the errors that the computer identifies, the independent auditor is:

A)unconcerned with both (1)and (2).
B)equally concerned with (1)and (2).
C)less concerned with (1)than with (2).
D)more concerned with (1)than with (2).
Question
Programmers should only be allowed to work with test copies of programs and data.
Question
One category of general controls is physical and online access controls.Describe the control and give at two examples of implementation of the control.
Question
The most important output control is:

A)distribution control, which assures that only authorized personnel receive the reports generated by the system.
B)review of data for reasonableness by someone who knows what the output should look like.
C)control totals, which are used to verify that the computer's results are correct.
D)logic tests, which verify that no mistakes were made in processing.
Question
The effectiveness of automated controls depends solely on the competence of the personnel performing the controls.
Question
Knowledge of both general and application controls is crucial for auditors in understanding how accounting information is recorded and reported.
Question
Processing controls are a category of application controls.
Question
Controls that relate to a specific use of the IT system, such as the processing of sales or cash receipts, are called application controls.
Question
Identify the six categories of general controls and give one example of each.
Question
Discuss the four areas of responsibility under the IT function that should be segregated in large companies.
Question
Which of the following is a correct statement regarding general controls?

A)Auditors should evaluate the effectiveness of application controls before evaluating general controls.
B)General controls have a pervasive effect on the effectiveness of application controls.
C)Ineffective general controls have no impact on the potential for material misstatements across all system applications.
D)General controls have no impact on audit testing.
Question
Which of the following statements is correct?

A)Auditors should evaluate application controls before evaluating general controls.
B)Auditors should evaluate application controls and general controls simultaneously.
C)Auditors should evaluate general controls before evaluating application controls.
D)None of these statements is correct.
Question
The auditor's objective in determining whether the client's automated controls can correctly handle valid and invalid transactions as they arise is accomplished through the:

A)test data approach.
B)generalized audit software approach.
C)microcomputer-aided auditing approach.
D)generally accepted auditing standards.
Question
General controls in smaller companies are usually less effective than in more complex IT environments.
Question
Auditors:

A)link controls and deficiencies in general controls to specific transaction-related audit objectives.
B)can use a control risk matrix to help identify both manual and automated application controls and control deficiencies for each related audit objective.
C)can rely on IT-based application controls for all cycles if general controls are ineffective.
D)can use the IT staff to determine how much reliance they can place on general controls.
Question
"Auditing around the computer" is acceptable only if the auditor has access to the client's data in a machine-readable language.
Question
Auditors should evaluate which of the following before evaluating application controls because of the potential for pervasive effects?

A)Input controls
B)Control environment
C)Processing controls
D)General controls
Question
When a client uses desktops and networked servers for the accounting functions, there is a risk of computer viruses.
Question
Even in a less sophisticated IT environment, automated controls can often be relied on.
Question
Auditors usually obtain information about general and application controls through:

A)interviews with IT personnel.
B)examination of systems documentation.
C)reading program change requests.
D)all of the above methods.
Question
When the client uses a computer but the auditor chooses to use only the non-IT segment of internal control to assess control risk, it is referred to as auditing around the computer.Which one of the following conditions need not be present to audit around the computer?

A)Application controls need to be integrated with general controls.
B)The source documents must be available in a non-machine language.
C)The documents must be filed in a manner that makes it possible to locate them.
D)The output must be listed in sufficient detail to enable the auditor to trace individual transactions.
Question
The approach to auditing where the auditor does not test automated controls to reduce assessed control risk is called:

A)the single-stage audit.
B)the test deck approach.
C)auditing around the computer.
D)generalized audit software (GAS).
Question
Auditors often use their own software to test the client's IT controls.
Question
Auditors normally link controls and deficiencies in general controls to specific transaction-related audit objectives.
Question
It is important for the auditor to understand both the general controls and the application controls a company has implemented.Which of the following statements is true about these controls?

A)Auditors do not link IT controls to audit objectives.
B)After identifying specific IT-based application controls that can be used to reduce control risk, auditors can reduce substantive testing.
C)General controls affect audit objectives in only one cycle.
D)The impact of general controls and application controls on audits does not vary depending on the level of complexity in the IT environment.
Question
When the client changes the computer software:

A)no additional testing is needed by the auditor.
B)and application controls are effective, the auditor can easily identify when software changes are made.
C)and general controls are effective, the auditor can easily identify when software changes are made.
D)application and general controls can no longer by relied upon by the auditor.
Question
Companies with non-complex IT environments often rely on desktops and networked servers to perform accounting system functions.Which of the following is not an audit consideration in such an environment?

A)Limited reliance on automated controls
B)Unauthorized access to master files
C)Vulnerability to viruses and other risks
D)Excess reliance on automated controls
Question
Auditors typically obtain information about general and application controls through all of the following ways except for:

A)interviews with IT personnel.
B)reviews of detailed questionnaires completed by IT staff.
C)examination of system documentation such as flowcharts.
D)filings submitted to the PCAOB or SEC.
Question
"Auditing around the computer" is most appropriate when the client has not maintained detailed output or source documents in a form readable by humans.
Question
Which of the following is least likely to be used in obtaining an understanding of client general controls?

A)Examination of system documentation
B)Inquiry of key users
C)Walk through of a sales transaction
D)Reviews of questionnaires completed by client IT personnel
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/106
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 12: The Impact of Information Technology on the Audit Process
1
Which of the following is not a risk in an IT system?

A)Need for IT experienced staff
B)Separation of IT duties from accounting functions
C)Improved audit trail
D)Hardware and data vulnerability
C
2
Discuss how the integration of IT into accounting systems enhances internal control.
Enhancements to internal control resulting from the integration of IT into accounting systems include:
•Computer controls replace manual controls.Replacing manual procedures with programmed controls that apply checks and balances to each processed transaction and that process information consistently can reduce human error that is likely to occur in traditional manual environments.
•Higher quality information is available.IT systems typically provide management with more and higher quality information faster than most manual systems.
3
Which of the following describes the process of implementing a new system in one part of the organization, while other locations continue to use the current system?

A)Parallel testing
B)Online testing
C)Pilot testing
D)Control testing
C
4
One of the unique risks of protecting hardware and data is:

A)lack of traditional authorization.
B)the decreased risk of loss or destruction of data files if data is stored in a centralized location.
C)the ease at which the IT system can be installed and maintained.
D)the unauthorized access to the IT system resulting in improper changes in software programs and master files.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
5
Since IT systems can often initiate transactions automatically, proper authorization depends on software procedures and accurate master files used to make the authorization decision.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
6
What are three specific risks to IT systems?
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
7
A ________ is responsible for controlling the use of computer programs, transaction files and other computer records and documentation and releases them to the operators only when authorized.

A)software engineer
B)chief computer operator
C)librarian
D)data control operator
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
8
________ is not a risk specific to the IT environments.

A)Reliance on the functioning capabilities of hardware and software
B)Increased human involvement
C)Loss of data due to insufficient backup
D)Unauthorized access
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
9
Control risk may be reduced for a company with a complex IT system when compared to a company that relies primarily on manual controls.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
10
Which of the following statements related to application controls is correct?

A)Application controls relate to various aspects of the IT function including software acquisition and the processing of transactions.
B)Application controls relate to various aspects of the IT function including physical security and the processing of transactions in various cycles.
C)Application controls relate to all aspects of the IT function.
D)Application controls relate to the processing of individual transactions.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
11
Computers process information consistently for all transactions.This creates a risk that:

A)auditors will not be able to access data quickly.
B)auditors will not be able to determine if data is processed consistently.
C)erroneous processing can result in the accumulation of a great number of misstatements in a short period of time.
D)all of the above.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
12
One potential disadvantage of IT systems is the reduction or elimination of source documents, which reduces the visibility of the audit trail.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
13
Old and new systems operating simultaneously in all locations is a test approach known as:

A)pilot testing.
B)horizontal testing.
C)integrative testing.
D)parallel testing.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
14
Typical controls developed for manual systems which are still important in IT systems include:

A)management's authorization of transactions.
B)competent personnel.
C)adequate preparation of input source documents.
D)all of the above.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
15
Misstatements in the financial statement may not be detected with the increased use of IT due to: I.the loss of a visible audit trail.
II)reduced human involvement.

A)I only
B)II only
C)both I and II
D)neither I or II
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
16
General controls include all of the following except:

A)systems development.
B)online security.
C)processing controls.
D)hardware controls.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
17
The continued integration of IT in accounting systems can impact a company by:

A)increasing the costs of handling a large amount of data.
B)increasing the number of manual controls needed.
C)giving management higher-quality information more quickly than a manual system, thus helping management in their decision making process.
D)decreasing the segregation of duties.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
18
Security controls should require that users enter a(n)________ before being allowed access to software and other related data files.

A)echo check
B)parity check
C)self-diagnosis test
D)authorized password
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
19
Which of the following is a component of general controls?

A)Processing controls
B)Output controls
C)Back-up and contingency planning
D)Input controls
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
20
Which of the following is not a benefit of using IT-based controls?

A)Ability to process large volumes of transactions
B)Ability to replace manual controls with computer-based controls
C)Reduction in misstatements due to consistent processing of transactions
D)Reduction in internal control evaluation in setting control risk
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
21
A ________ total represents the summary total of codes from all records in a batch that do not represent a meaningful total.

A)record
B)hash
C)output
D)financial
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
22
Controls which are designed to assure that the information processed by the computer is authorized, complete, and accurate are called:

A)input controls.
B)processing controls.
C)output controls.
D)general controls.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
23
When purchasing software or developing in-house software:

A)cost should be the only factor.
B)extensive testing of the software is generally not required.
C)a team of both IT and non-IT personnel should be involved in the decision process.
D)the librarian and the IT manager should be the only ones involved in the decision process.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
24
Which of the following tests determines that every field in a record has been completed?

A)Validation
B)Sequence
C)Completeness
D)Programming
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
25
Programmers should be allowed access to:

A)user controls.
B)general controls.
C)systems controls.
D)applications controls.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
26
Which of the following is not a general control?

A)Separation of IT duties
B)Systems development
C)Processing controls
D)Hardware controls
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
27
Output controls need to be designed for which of the following data integrity objectives?

A)Detecting errors after the processing is completed
B)Preventing errors before the processing is completed
C)Detecting errors in the general ledger adjustment process
D)Preventing errors in separation of duties for IT personnel
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
28
A control that relates to all parts of the IT system is called a(n):

A)general control.
B)systems control.
C)universal control.
D)applications control.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
29
Which of the following is not a general control?

A)Computer performed validation tests of input accuracy.
B)Equipment failure causes error messages on monitor.
C)There is a separation of duties between programmer and operators.
D)There are adequate program run instructions for operating the computer.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
30
Controls which are built in by the manufacturer to detect equipment failure are called:

A)input controls.
B)data integrity controls.
C)hardware controls.
D)manufacturer's controls.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
31
Which of the following is not an application control?

A)Preprocessing authorization of sales transactions
B)Reasonableness test for unit selling price of sale
C)Post-processing review of sales transactions by the sales department
D)Logging in to the company's information systems via a password
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
32
An example of a physical control is:

A)a hash total.
B)a parallel test.
C)the matching of employee fingerprints to a database before access to the system is allowed.
D)the use of backup generators to prevent data loss during power outages.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
33
In an IT system, automated equipment controls or hardware controls are designed to:

A)correct errors in the computer programs.
B)monitor and detect errors in source documents.
C)detect and control errors arising from the use of equipment.
D)arrange data in a logical sequential manner for processing purposes.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
34
An internal control deficiency occurs when computer personnel:

A)participate in computer software acquisition decisions.
B)design flowcharts and narratives for computerized systems.
C)originate changes in customer master files.
D)provide physical security over program files.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
35
Which of the following is not an example of an applications control?

A)Back-up of data is made to a remote site for data security.
B)There is a preprocessing authorization of the sales transactions.
C)There are reasonableness tests for the unit selling price of a sale.
D)After processing, all sales transactions are reviewed by the sales department.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
36
Controls that are designed for each software application and are intended to help a company satisfy the transaction-related audit objectives are:

A)user controls.
B)general controls.
C)audit controls.
D)application controls.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
37
Which of the following best explains the relationship between general controls and application controls?

A)Application controls are effective even if general controls are extremely weak.
B)Application controls are likely to be effective only when general controls are effective.
C)General controls have no impact on application controls.
D)None of the above.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
38
Which of the following controls prevent and detect errors while transaction data are processed?

A)Software
B)Application
C)Processing
D)Transaction
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
39
If a control total were to be computed on each of the following data items, which would best be identified as a hash total for a payroll IT application?

A)Gross wages earned
B)Employee numbers
C)Total hours worked
D)Total debit amounts and total credit amounts
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
40
Controls specific to IT include all of the following except for:

A)adequately designed input screens.
B)pull-down menu lists.
C)validation tests of input accuracy.
D)separation of duties.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
41
Output controls focus on preventing errors during processing.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
42
A large portion of errors in IT systems result from data entry errors.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
43
What are the two software testing strategies that companies typically use?
Which strategy is more expensive?
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
44
Processing controls include the following tests:
Validation
Sequence
Data Reasonableness
Completeness
Describe what each control is designed to do:
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
45
Parallel testing is used when old and new systems are operated simultaneously in all locations.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
46
Parallel testing is more expensive than pilot testing.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
47
IT controls are classified as either input controls or output controls.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
48
Identify the three categories of application controls, and give one example of each.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
49
In IT systems, if general controls are effective, it increases the auditor's ability to rely on application controls to reduce control risk.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
50
Define control for general controls and application controls.Also list the categories of controls included under general controls and application controls.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
51
In comparing (1)the adequacy of the hardware controls in the system with (2)the organization's methods of handling the errors that the computer identifies, the independent auditor is:

A)unconcerned with both (1)and (2).
B)equally concerned with (1)and (2).
C)less concerned with (1)than with (2).
D)more concerned with (1)than with (2).
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
52
Programmers should only be allowed to work with test copies of programs and data.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
53
One category of general controls is physical and online access controls.Describe the control and give at two examples of implementation of the control.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
54
The most important output control is:

A)distribution control, which assures that only authorized personnel receive the reports generated by the system.
B)review of data for reasonableness by someone who knows what the output should look like.
C)control totals, which are used to verify that the computer's results are correct.
D)logic tests, which verify that no mistakes were made in processing.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
55
The effectiveness of automated controls depends solely on the competence of the personnel performing the controls.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
56
Knowledge of both general and application controls is crucial for auditors in understanding how accounting information is recorded and reported.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
57
Processing controls are a category of application controls.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
58
Controls that relate to a specific use of the IT system, such as the processing of sales or cash receipts, are called application controls.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
59
Identify the six categories of general controls and give one example of each.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
60
Discuss the four areas of responsibility under the IT function that should be segregated in large companies.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
61
Which of the following is a correct statement regarding general controls?

A)Auditors should evaluate the effectiveness of application controls before evaluating general controls.
B)General controls have a pervasive effect on the effectiveness of application controls.
C)Ineffective general controls have no impact on the potential for material misstatements across all system applications.
D)General controls have no impact on audit testing.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
62
Which of the following statements is correct?

A)Auditors should evaluate application controls before evaluating general controls.
B)Auditors should evaluate application controls and general controls simultaneously.
C)Auditors should evaluate general controls before evaluating application controls.
D)None of these statements is correct.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
63
The auditor's objective in determining whether the client's automated controls can correctly handle valid and invalid transactions as they arise is accomplished through the:

A)test data approach.
B)generalized audit software approach.
C)microcomputer-aided auditing approach.
D)generally accepted auditing standards.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
64
General controls in smaller companies are usually less effective than in more complex IT environments.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
65
Auditors:

A)link controls and deficiencies in general controls to specific transaction-related audit objectives.
B)can use a control risk matrix to help identify both manual and automated application controls and control deficiencies for each related audit objective.
C)can rely on IT-based application controls for all cycles if general controls are ineffective.
D)can use the IT staff to determine how much reliance they can place on general controls.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
66
"Auditing around the computer" is acceptable only if the auditor has access to the client's data in a machine-readable language.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
67
Auditors should evaluate which of the following before evaluating application controls because of the potential for pervasive effects?

A)Input controls
B)Control environment
C)Processing controls
D)General controls
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
68
When a client uses desktops and networked servers for the accounting functions, there is a risk of computer viruses.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
69
Even in a less sophisticated IT environment, automated controls can often be relied on.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
70
Auditors usually obtain information about general and application controls through:

A)interviews with IT personnel.
B)examination of systems documentation.
C)reading program change requests.
D)all of the above methods.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
71
When the client uses a computer but the auditor chooses to use only the non-IT segment of internal control to assess control risk, it is referred to as auditing around the computer.Which one of the following conditions need not be present to audit around the computer?

A)Application controls need to be integrated with general controls.
B)The source documents must be available in a non-machine language.
C)The documents must be filed in a manner that makes it possible to locate them.
D)The output must be listed in sufficient detail to enable the auditor to trace individual transactions.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
72
The approach to auditing where the auditor does not test automated controls to reduce assessed control risk is called:

A)the single-stage audit.
B)the test deck approach.
C)auditing around the computer.
D)generalized audit software (GAS).
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
73
Auditors often use their own software to test the client's IT controls.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
74
Auditors normally link controls and deficiencies in general controls to specific transaction-related audit objectives.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
75
It is important for the auditor to understand both the general controls and the application controls a company has implemented.Which of the following statements is true about these controls?

A)Auditors do not link IT controls to audit objectives.
B)After identifying specific IT-based application controls that can be used to reduce control risk, auditors can reduce substantive testing.
C)General controls affect audit objectives in only one cycle.
D)The impact of general controls and application controls on audits does not vary depending on the level of complexity in the IT environment.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
76
When the client changes the computer software:

A)no additional testing is needed by the auditor.
B)and application controls are effective, the auditor can easily identify when software changes are made.
C)and general controls are effective, the auditor can easily identify when software changes are made.
D)application and general controls can no longer by relied upon by the auditor.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
77
Companies with non-complex IT environments often rely on desktops and networked servers to perform accounting system functions.Which of the following is not an audit consideration in such an environment?

A)Limited reliance on automated controls
B)Unauthorized access to master files
C)Vulnerability to viruses and other risks
D)Excess reliance on automated controls
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
78
Auditors typically obtain information about general and application controls through all of the following ways except for:

A)interviews with IT personnel.
B)reviews of detailed questionnaires completed by IT staff.
C)examination of system documentation such as flowcharts.
D)filings submitted to the PCAOB or SEC.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
79
"Auditing around the computer" is most appropriate when the client has not maintained detailed output or source documents in a form readable by humans.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
80
Which of the following is least likely to be used in obtaining an understanding of client general controls?

A)Examination of system documentation
B)Inquiry of key users
C)Walk through of a sales transaction
D)Reviews of questionnaires completed by client IT personnel
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Examlex
Examlex
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App

Scan to downloadDownload the App
qr-code

Copyright © 2025 Examlex LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree