Deck 15: Auditing of Accounting Information Systems

A)The internal audit function is not all encompassing.
B)The internal audit function includes the evaluation of controls in business processes.
C)The internal audit function includes the evaluation of controls in information systems and systems development projects.
D)The internal audit function includes the evaluation of controls in systems development projects.

A)Formulate overall risk classifications.
B)Understand business life cycles,business processes,and critical success factors.
C)Identify and classify risks.
D)Assess probability of risk and potential consequences.

A)The most common type of audit is the financial statement audit.
B)The financial statement audit provides an objective opinion on an organisation's financial statements.
C)Financial statement audit provides absolutely guarantee that the financial reports are free of misstatement.
D)Auditing is a systematic process of objectively obtaining and evaluating evidence regarding assertions about economic actions and events to ascertain the degree of correspondence between those assertions and established criteria and communicating those results to interested users.

A)(i)(ii)(iii)
B)(i)(ii)
C)(ii)(iii)
D)(i)(iii)

A)the level of objectivity associated with the internal audit function.
B)the level of technical competence associated with the internal audit function.
C)whether the activities of the internal audit function has been properly planned,reviewed,supervised and documented.
D)All of the options are correct.

A)Give shareholders a guarantee that the financial statements are correct
B)Give stakeholders a guarantee that the financial statements are correct
C)Enhance the degree of confidence of intended users in the financial report
D)None of the options are correct

A)A high level of professional judgement is not required
B)A high level of professional judgement is required
C)A moderate level of professional judgement is preferred
D)A low level of professional judgement is required

A)~ credibility;reliability
B)trustworthiness;accuracy
C)correctness;objectivity
D)None of the options is correct.

A)Competing
B)Substitutive
C)Enhancing
D)Close

A)ASA 610
B)ISO 9000
C)AS/NZS ISO 31000:2009
D)None of the options are correct

A)enable the auditor to express an opinion as to whether the financial report is prepared in accordance with all applicable financial reporting frameworks.
B)enable the auditor to express an opinion as to whether the financial report is prepared in accordance with an applicable financial reporting framework.
C)enable the auditor to express an opinion as to whether the financial report is prepared in accordance with an applicable accounting standard.
D)enable the auditor to express an opinion as to whether the financial report is prepared in accordance with all applicable accounting standards.

A)must not use the work of an internal auditor.
B)can use the work of an internal auditor at whatever way he/she wants.
C)can use the work of an internal auditor subject to guidelines outlined in ASA 610.
D)can use the work of an internal auditor subject to guidelines outlined in IFRS.

A)Compare and analyse risk tolerance and mitigation strategies.
B)Evaluate existing and new controls,costs and effectiveness of monitoring procedures.
C)Define objectives,scope and priorities
D)Assess exposure,report position and recommend insurance (if necessary).

A)Internal auditing can improve an organisation's operations by providing guidance for management decisions.
B)Internal auditing can improve an organisation's operations by providing guidance for more efficient business operations.
C)Internal auditing is a subjective assurance and consulting activity designed to add value and improve an organisation's operations.
D)Internal auditing is undertaken by professionals who evaluate and improve an organisation's risk management,control and governance processes to add value to the organisation.

A)The firm and its personnel comply with AUASB Standards
B)The firm and its personnel comply with relevant ethical requirements.
C)The firm and its personnel comply with applicable legal and regulatory requirements.
D)All of the options are correct.

A)Monitoring internal control.
B)Examining financial and operational information.
C)Test transactions.
D)Implement business processes that are more efficient and effective.

A)organisation size
B)organisation complexity
C)organisation market share
D)industry sector

A)sometimes required
B)deemed appropriate only in extreme circumstances
C)unprofessional conduct
D)All of the options are correct.

A)Evaluate risks.
B)Implement improved management control systems.
C)Implement improved risk control systems.
D)Reviewing the organisation's strategic plans.

A)US companies
B)Companies that are dual listed on a US stock exchange
C)Subsidiaries of US companies
D)All the above

A)A financial audit.
B)An internal audit.
C)An external audit.
D)An information audit.

A)Chief Executive Officer (CEO)
B)Board of directors
C)Audit committee
D)Chief Financial Officer (CFO)

A)An inherent risk
B)A control risk
C)A detection risk
D)An incontrollable risk

A)An external auditor
B)An internal auditor
C)Either an external auditor or an internal auditor
D)An AIS auditor

A)Financial audit
B)Information systems audit
C)IT governance audit
D)Management audit

A)An external auditor
B)An internal auditor
C)Either an external auditor or an internal auditor
D)An AIS auditor

A)Internal and external non-financial reporting.
B)Internal and external audit
C)Oversight of activities to control and report on fraud.
D)None of the options is correct.

A)consist of at least three non-executive directors with an independent chair
B)review the integrity of the company's financial reporting
C)oversee the independence of the external auditors
D)All of the options are correct.

A)AUstralian Auditing Standards Board
B)AUditing and Assurance Standards Board
C)AUstralian Accounting Standards Board
D)AUditing and Accounting Standards Board

A)The Australian and New Zealand approach of the establishment of an audit committee is legislated for mandatory compliance.
B)The US approach of the establishment of an audit committee encourages companies to follow best practice.
C)The existence of an independent audit committee is recognised internationally as an important feature of good corporate governance.
D)All of the options are correct.

A)Treat the computer as a black box and work around it
B)Recognise the special threats inherent in IT and include these in the audit plan
C)Just look at the manual systems and procedures
D)Employ ethical hackers to audit the computer system

A)When the auditors are to form an opinion that the final accounts truly and fairly summarise the underlying transactions,they do not necessarily have to have confidence in the integrity of the AIS.
B)If the auditors are to form an opinion that the final accounts truly and fairly summarise the underlying transactions then they must have confidence in the integrity of the AIS.
C)If the auditors are to express confidence in the integrity of the AIS,then they must form an opinion that the final accounts truly and fairly summarise the underlying transactions.
D)The integrity of the AIS and the auditors' opinion towards the final accounts are irrelevant.

A)An inherent risk
B)A control risk
C)A detection risk
D)An incontrollable risk

A)Inherent risk
B)Control risk
C)Detection risk
D)All of the options are correct.

A)Australian Auditing Standards (ASAs)are legally binding auditing standards.
B)Australian Auditing Standards (ASAs)are issued by the Australian Auditing and Assurance Standards Board.
C)Australian Auditing Standards (ASAs)set out audit requirements for listed companies under the Corporations Act
D)Australian Auditing Standards (ASAs)are legally enforceable legislative instruments.

A)External audit
B)Internal audit
C)Financial audit
D)Attest service

A)improved
B)unchanged
C)compromised
D)The ASIC has not yet arrived at a conclusion.

A)An audit committee is set up to oversee accounting and financial reporting.
B)An audit committee has a mandate to cover a wide range of assurance activities including those not related to financial reporting.
C)An audit committee is responsible for considering the effectiveness of the company's internal control system,including information technology security and control.
D)All ASX listed companies must have an audit committee.

A)(i)(ii)(iii)
B)(i)(ii)
C)(ii)(iii)
D)(i)(iii)

A)Historical test data from systems development.
B)Realistic transactions to test all computational paths generated by the auditors.
C)Realistic transactions based on good accounting practice that test the interface between the work procedures and the AIS.
D)All of the options are correct.

A)Control
B)Inherent
C)Detection
D)Completeness

A)Inherent risk
B)Control risk
C)Detection risk
D)Incontrollable risk

A)calculate test transactions manually
B)create a sample of test transactions
C)start from the simplest calculations and proceed from there
D)All of the options are correct.

A)Is essentially a computerised auditing program that is used to audit a system.
B)Is essentially an auditing product provided by an auditing firm.
C)Is essentially a checklist of all the tests and other procedures that the auditor intends to carry out.
D)None of the options are correct.

A)High
B)Medium
C)Low
D)Negligible

A)An embedded audit software is a simper version of an integrated test facility.
B)A more sophisticated example of embedded audit software is continuous auditing using a systems control and review file.
C)Generalised audit software examines transactions dynamically.
D)Generalised audit software is not very flexible.

A)every possible permutation of valid transactions that could be entered into the system needs to be tested
B)every possible permutation of invalid transactions that could be entered into the system needs to be tested
C)every possible permutation of valid and invalid transactions that could be entered into the system needs to be tested
D)None of the options is correct.

A)Ordinarily high
B)Ordinarily medium
C)Ordinarily low
D)Negligible

A)Ordinarily high
B)Ordinarily medium
C)Ordinarily low
D)Negligible