Explore all topics
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
search
ai logoChat with AI
Servicesarrow
Discoverarrow

Topics

Explore all topics
Discover more topics

Deck 12: The Impact of Information Technology on the Audit Process

Full screen (f)
exit full mode
Question
Which of the following is a component of general controls?

A) processing controls
B) output controls
C) back-up and contingency planning
D) input controls
Use Space or
up arrow
down arrow
to flip the card.
Question
Discuss how the integration of IT into accounting systems enhances internal control.
Question
When IT programs or files can be accessed from terminals, users should be required to enter a(n):

A) echo check.
B) parity check.
C) self-diagnosis test.
D) authorized password.
Question
IT has several significant effects on an organization. Which of the following would not be important from an auditing perspective?

A) organizational changes
B) the visibility of information
C) the potential for material misstatement
D) None of the above; i.e., they are all important.
Question
Which of the following is not an enhancement to internal control that will occur as a consequence of increased reliance on IT?

A) computer controls replace manual controls
B) higher quality information is available
C) computer-based controls provide opportunities to improve separation of duties
D) manual controls replace automated controls
Question
What are three specific risks to IT systems?
Question
Which of the following is not a risk in an IT system?

A) need for IT experienced staff
B) separation of IT duties from accounting functions
C) improved audit trail
D) hardware and data vulnerability
Question
Old and new systems operating simultaneously in all locations is a test approach known as:

A) pilot testing.
B) horizontal testing.
C) integrative testing.
D) parallel testing.
Question
One potential disadvantage of IT systems is the reduction or elimination of source documents, which reduces the visibility of the audit trail.
Question
An important characteristic of IT is uniformity of processing. Therefore, a risk exists that:

A) auditors will not be able to access data quickly.
B) auditors will not be able to determine if data is processed consistently.
C) erroneous processing can result in the accumulation of a great number of misstatements in a short period of time.
D) all of the above.
Question
Control risk may be reduced for a company with a complex IT system when compared to a company that relies primarily on manual controls.
Question
Typical controls developed for manual systems which are still important in IT systems include:

A) management's authorization of transactions.
B) competent personnel.
C) adequate preparation of input source documents.
D) all of the above.
Question
To determine that user ID and password controls are functioning, an auditor would most likely:

A) test the system by attempting to sign on using invalid user identifications and passwords.
B) write a computer program that simulates the logic of the client's access control software.
C) extract a random sample of processed transactions and ensure that the transactions were appropriately authorized.
D) examine statements signed by employees stating that they have not divulged their user identifications and passwords to any other person.
Question
Which of the following is a significant risk to the auditor regarding an audit in a highly automated information environment?

A) does not place enough reliance on the processed information
B) places too much reliance on the processed information
C) processed information may not reveal the sources of the information
D) does not understand the processed information produced by the automated environment
Question
Which of the following statements related to application controls is correct?

A) Application controls relate to various aspects of the IT function including software acquisition and the processing of transactions.
B) Application controls relate to various aspects of the IT function including physical security and the processing of transactions in various cycles.
C) Application controls relate to all aspects of the IT function.
D) Application controls relate to the processing of individual transactions.
Question
General controls include all of the following except:

A) systems development.
B) online security.
C) processing controls.
D) hardware controls.
Question
Which of the following is not a benefit of using IT-based controls?

A) ability to process large volumes of transactions
B) ability to replace manual controls with computer-based controls
C) reduction in misstatements due to consistent processing of transactions
D) reduction in internal control evaluation in setting control risk
Question
Which of the following may present itself as the biggest risk to centralizing information responsibilities that were traditionally separate?

A) IT personnel with access to software and master files may misappropriate assets
B) IT personnel with access to software and master files may lack the accounting skills necessary to provide useful information to management
C) IT personnel with access to software and master files may not understand the linkages between general and application controls
D) IT personnel with access to software and master files may not be able to convert the company's operational policies to an IT environment
Question
Which of the following describes the process of implementing a new system in one part of the organization, while other locations continue to use the current system.

A) parallel testing
B) online testing
C) pilot testing
D) control testing
Question
Which of the following is not a risk specific to IT environments?

A) reliance on the functioning capabilities of hardware and software
B) increased human involvement
C) loss of data due to insufficient backup
D) unauthorized access
Question
Which of the following is not an example of an applications control?

A) Back-up of data to a remote site for data security.
B) There is a preprocessing authorization of the sales transactions.
C) There are reasonableness tests for the unit selling price of a sale.
D) After processing, all sales transactions are reviewed by the sales department.
Question
Controls which are designed to assure that the information processed by the computer is authorized, complete, and accurate are called:

A) input controls.
B) processing controls.
C) output controls.
D) general controls.
Question
Programmers should be allowed access to:

A) user controls.
B) general controls.
C) systems controls.
D) applications controls.
Question
Which of the following statements is correct?

A) Auditors should evaluate application controls before evaluating general controls.
B) Auditors should evaluate application controls and general controls simultaneously.
C) Auditors should evaluate general controls before evaluating application controls.
D) None of these statements is correct.
Question
Controls which are built in by the manufacturer to detect equipment failure are called:

A) input controls.
B) data integrity controls.
C) hardware controls.
D) manufacturer's controls.
Question
Which of the following best describes the test data approach?

A) auditors process their own test data using the client's computer system and application program
B) auditors process their own test data using their own computers that simulate the client's computer system
C) auditors use auditor-controlled software to do the same operations that the client's software does, using the same data files
D) auditors use client-controlled software to do the same operations that the client's software does, using auditor created data files
Question
An internal control deficiency occurs when computer personnel:

A) participate in computer software acquisition decisions.
B) design flowcharts and narratives for computerized systems.
C) originate changes in customer master files.
D) provide physical security over program files.
Question
Controls which apply to a specific element of the system are called:

A) user controls.
B) general controls.
C) systems controls.
D) applications controls.
Question
Which of the following controls prevent and detect errors while transaction data are processed?

A) Software
B) Application
C) Processing
D) Transaction
Question
A control that relates to all parts of the IT system is called a(n):

A) general control.
B) systems control.
C) universal control.
D) applications control.
Question
Auditors should evaluate which of the following before evaluating application controls because of the potential for pervasive effects.

A) input controls
B) control environment
C) processing controls
D) general controls
Question
In an IT-intensive environment, most processing controls are:

A) input controls.
B) operator controls.
C) programmed controls.
D) documentation controls.
Question
Which of the following is not a characteristic associated with converting from a manual to an IT system?

A) It usually centralizes data.
B) It permits higher quality and more consistent controls over operations.
C) It may eliminate the control provided by division of duties of independent persons who perform related functions and compare results.
D) It may take the recordkeeping function and the document preparation function away from those who have custody of assets and put those functions into the IT center.
Question
Which of the following is least likely to be used in obtaining an understanding of client general controls?

A) examination of system documentation
B) inquiry of client personnel (e.g., key users)
C) walk through of a sales transaction
D) reviews of questionnaires completed by client IT personnel
Question
Output controls are not designed to assure that data generated by the computer are:

A) accurate.
B) distributed only to authorized people.
C) complete.
D) used appropriately by management.
Question
Output controls need to be designed for which of the following data integrity objectives?

A) detecting errors after the processing is completed
B) preventing errors before the processing is completed
C) detecting errors in the general ledger adjustment process
D) preventing errors in separation of duties for IT personnel
Question
Auditors usually obtain information about general and application controls through:

A) interviews with IT personnel.
B) examination of systems documentation.
C) reading program change requests.
D) all of the above methods.
Question
General controls have which of the following effects on the operating effectiveness of application controls?

A) nominal
B) pervasive
C) mitigating
D) worsening
Question
Which of the following tests determines that every field in a record has been completed?

A) Validation
B) Sequence
C) Completeness
D) Programming
Question
Which of the following is not a general control?

A) computer performed validation tests of input accuracy
B) equipment failure causes error messages on monitor
C) separation of duties between programmer and operators
D) adequate program run instructions for operating the computer
Question
Discuss the four areas of responsibility under the IT function that should be segregated in large companies.
Question
Processing controls include the following tests:
Validation
Sequence
Data Reasonableness
Completeness
Describe what each control is designed to do:
Question
One category of general controls is physical and online security. Describe the control and give at least three examples of implementation of the control.
Question
Which of the following computer-assisted auditing techniques inserts an audit module in the client's application system to identify specific types of transactions?

A) parallel simulation testing
B) test data approach
C) embedded audit module
D) generalized audit software testing
Question
In IT systems, if general controls are effective, it increases the auditor's ability to rely on application controls to reduce control risk.
Question
In an IT system, automated equipment controls or hardware controls are designed to:

A) correct errors in the computer programs.
B) monitor and detect errors in source documents.
C) detect and control errors arising from the use of equipment.
D) arrange data in a logical sequential manner for processing purposes.
Question
Parallel testing is used when old and new systems are operated simultaneously in all locations.
Question
Programmers should design the formatting for transactions data.
Question
Parallel testing is more expensive than pilot testing.
Question
If a control total were to be computed on each of the following data items, which would best be identified as a hash total for a payroll IT application?

A) gross wages earned
B) employee numbers
C) total hours worked
D) total debit amounts and total credit amounts
Question
Application controls vary across the IT system. To gain an understanding of internal control for a private company, the auditor must evaluate the application controls for every:

A) audit area.
B) material audit area.
C) audit area in which the client uses the computer.
D) audit area where the auditor plans to reduce assessed control risk.
Question
When auditing a client that uses batch processing the problem with error detection is that:

A) transaction trails in a batch system are available only for a limited period of time.
B) there are time delays in processing transactions in a batch system.
C) errors in some transactions cause rejection of other transactions in the batch.
D) random errors are more likely in a batch system than in an online system.
Question
Identify the three categories of application controls, and give one example of each.
Question
Which of the following is not a general control?

A) sSeparation of IT duties
B) systems development.
C) processing controls
D) hardware controls
Question
Which of the following is not an application control?

A) preprocessing authorization of sales transactions
B) reasonableness test for unit selling price of sale
C) post-processing review of sales transactions by the sales department
D) logging in to the company's information systems via a password
Question
The most important output control is:

A) distribution control, which assures that only authorized personnel receive the reports generated by the system.
B) review of data for reasonableness by someone who knows what the output should look like.
C) control totals, which are used to verify that the computer's results are correct.
D) logic tests, which verify that no mistakes were made in processing.
Question
In comparing (1) the adequacy of the hardware controls in the system with (2) the organization's methods of handling the errors that the computer identifies, the independent auditor is:

A) unconcerned with both (1) and (2).
B) equally concerned with (1) and (2).
C) less concerned with (1) than with (2).
D) more concerned with (1) than with (2).
Question
Identify the six categories of general controls and give one example of each.
Question
What are the two software testing strategies that companies typically use? Which strategy is more expensive?
Question
Briefly define general controls and application controls.
Question
IT controls are classified as either input controls or output controls.
Question
Controls that relate to a specific use of the IT system, such as the processing of sales or cash receipts, are called application controls.
Question
Knowledge of both general and application controls is crucial for auditors in understanding how accounting information is recorded and reported.
Question
When the client uses a computer but the auditor chooses to use only the non-IT segment of internal control to assess control risk, it is referred to as auditing around the computer. Which one of the following conditions need not be present to audit around the computer?

A) Application controls need to be integrated with general controls.
B) The source documents must be available in a non-machine language.
C) The documents must be filed in a manner that makes it possible to locate them.
D) The output must be listed in sufficient detail to enable the auditor to trace individual transactions.
Question
Which of the following audit procedures used to obtain an understanding of the client's general controls would the auditor use to identify program changes in application software?

A) interviews with IT personnel
B) examination of system documentation
C) reviews of detailed questionnaires completed by the IT staff
D) review of the client's IT architecture
Question
"Auditing around the computer" is acceptable only if the auditor has access to the client's data in a machine-readable language.
Question
An auditor's flowchart of the client's IT system is a graphical representation that depicts the auditor's:

A) program for tests of controls.
B) understanding of the system of how the IT system functions.
C) understanding of the types of errors that are probable given the present system.
D) documentation of the study and evaluation of the system.
Question
The audit procedure which is least useful in gathering evidence on significant computer processes is:

A) documentation.
B) observation.
C) test decks.
D) generalized audit software.
Question
"Auditing around the computer" is most appropriate when the client has not maintained detailed output or source documents in a form readable by humans.
Question
The effectiveness of automated controls depends solely on the competence of the personnel performing the controls.
Question
Programmers should do all but which of the following?

A) Test programs for proper performance.
B) Evaluate representational faithfulness of transaction data input.
C) Develop flowcharts for new applications.
D) Programmers should perform each of the above.
Question
The process of assessing control risk considering only non IT controls is known as?

A) the single-stage audit.
B) the test deck approach.
C) auditing around the computer.
D) generalized audit software (GAS).
Question
Auditors normally link controls and deficiencies in general controls to specific transaction-related audit objectives.
Question
Output controls focus on preventing errors during processing.
Question
Logic tests and completeness tests are examples of application controls.
Question
When the auditor decides to "audit around the computer" to obtain an understanding of the client's internal controls related to the IT system.
Question
Tests of controls are normally performed only if the auditor believes the client's internal control may be effective.
Question
Processing controls is a category of application controls.
Question
General controls in smaller companies are usually less effective than in more complex IT environments.
Question
Companies with non-complex IT environments often rely on desktops and networked servers to perform accounting system functions. Which of the following is not an audit consideration in such an environment?

A) limited reliance on automated controls
B) unauthorized access to master files
C) vulnerability to viruses and other risks
D) excess reliance on automated controls
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/106
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 12: The Impact of Information Technology on the Audit Process
1
Which of the following is a component of general controls?

A) processing controls
B) output controls
C) back-up and contingency planning
D) input controls
C
2
Discuss how the integration of IT into accounting systems enhances internal control.
Enhancements to internal control resulting from the integration of IT into accounting systems include:
• Computer controls replace manual controls. Replacing manual procedures with programmed controls that apply checks and balances to each processed transaction and that process information consistently can reduce human error that is likely to occur in traditional manual environments.
• Higher quality information is available. IT systems typically provide management with more and higher quality information faster than most manual systems.
3
When IT programs or files can be accessed from terminals, users should be required to enter a(n):

A) echo check.
B) parity check.
C) self-diagnosis test.
D) authorized password.
D
4
IT has several significant effects on an organization. Which of the following would not be important from an auditing perspective?

A) organizational changes
B) the visibility of information
C) the potential for material misstatement
D) None of the above; i.e., they are all important.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
5
Which of the following is not an enhancement to internal control that will occur as a consequence of increased reliance on IT?

A) computer controls replace manual controls
B) higher quality information is available
C) computer-based controls provide opportunities to improve separation of duties
D) manual controls replace automated controls
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
6
What are three specific risks to IT systems?
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
7
Which of the following is not a risk in an IT system?

A) need for IT experienced staff
B) separation of IT duties from accounting functions
C) improved audit trail
D) hardware and data vulnerability
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
8
Old and new systems operating simultaneously in all locations is a test approach known as:

A) pilot testing.
B) horizontal testing.
C) integrative testing.
D) parallel testing.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
9
One potential disadvantage of IT systems is the reduction or elimination of source documents, which reduces the visibility of the audit trail.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
10
An important characteristic of IT is uniformity of processing. Therefore, a risk exists that:

A) auditors will not be able to access data quickly.
B) auditors will not be able to determine if data is processed consistently.
C) erroneous processing can result in the accumulation of a great number of misstatements in a short period of time.
D) all of the above.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
11
Control risk may be reduced for a company with a complex IT system when compared to a company that relies primarily on manual controls.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
12
Typical controls developed for manual systems which are still important in IT systems include:

A) management's authorization of transactions.
B) competent personnel.
C) adequate preparation of input source documents.
D) all of the above.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
13
To determine that user ID and password controls are functioning, an auditor would most likely:

A) test the system by attempting to sign on using invalid user identifications and passwords.
B) write a computer program that simulates the logic of the client's access control software.
C) extract a random sample of processed transactions and ensure that the transactions were appropriately authorized.
D) examine statements signed by employees stating that they have not divulged their user identifications and passwords to any other person.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
14
Which of the following is a significant risk to the auditor regarding an audit in a highly automated information environment?

A) does not place enough reliance on the processed information
B) places too much reliance on the processed information
C) processed information may not reveal the sources of the information
D) does not understand the processed information produced by the automated environment
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
15
Which of the following statements related to application controls is correct?

A) Application controls relate to various aspects of the IT function including software acquisition and the processing of transactions.
B) Application controls relate to various aspects of the IT function including physical security and the processing of transactions in various cycles.
C) Application controls relate to all aspects of the IT function.
D) Application controls relate to the processing of individual transactions.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
16
General controls include all of the following except:

A) systems development.
B) online security.
C) processing controls.
D) hardware controls.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
17
Which of the following is not a benefit of using IT-based controls?

A) ability to process large volumes of transactions
B) ability to replace manual controls with computer-based controls
C) reduction in misstatements due to consistent processing of transactions
D) reduction in internal control evaluation in setting control risk
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
18
Which of the following may present itself as the biggest risk to centralizing information responsibilities that were traditionally separate?

A) IT personnel with access to software and master files may misappropriate assets
B) IT personnel with access to software and master files may lack the accounting skills necessary to provide useful information to management
C) IT personnel with access to software and master files may not understand the linkages between general and application controls
D) IT personnel with access to software and master files may not be able to convert the company's operational policies to an IT environment
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
19
Which of the following describes the process of implementing a new system in one part of the organization, while other locations continue to use the current system.

A) parallel testing
B) online testing
C) pilot testing
D) control testing
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
20
Which of the following is not a risk specific to IT environments?

A) reliance on the functioning capabilities of hardware and software
B) increased human involvement
C) loss of data due to insufficient backup
D) unauthorized access
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
21
Which of the following is not an example of an applications control?

A) Back-up of data to a remote site for data security.
B) There is a preprocessing authorization of the sales transactions.
C) There are reasonableness tests for the unit selling price of a sale.
D) After processing, all sales transactions are reviewed by the sales department.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
22
Controls which are designed to assure that the information processed by the computer is authorized, complete, and accurate are called:

A) input controls.
B) processing controls.
C) output controls.
D) general controls.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
23
Programmers should be allowed access to:

A) user controls.
B) general controls.
C) systems controls.
D) applications controls.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
24
Which of the following statements is correct?

A) Auditors should evaluate application controls before evaluating general controls.
B) Auditors should evaluate application controls and general controls simultaneously.
C) Auditors should evaluate general controls before evaluating application controls.
D) None of these statements is correct.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
25
Controls which are built in by the manufacturer to detect equipment failure are called:

A) input controls.
B) data integrity controls.
C) hardware controls.
D) manufacturer's controls.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
26
Which of the following best describes the test data approach?

A) auditors process their own test data using the client's computer system and application program
B) auditors process their own test data using their own computers that simulate the client's computer system
C) auditors use auditor-controlled software to do the same operations that the client's software does, using the same data files
D) auditors use client-controlled software to do the same operations that the client's software does, using auditor created data files
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
27
An internal control deficiency occurs when computer personnel:

A) participate in computer software acquisition decisions.
B) design flowcharts and narratives for computerized systems.
C) originate changes in customer master files.
D) provide physical security over program files.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
28
Controls which apply to a specific element of the system are called:

A) user controls.
B) general controls.
C) systems controls.
D) applications controls.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
29
Which of the following controls prevent and detect errors while transaction data are processed?

A) Software
B) Application
C) Processing
D) Transaction
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
30
A control that relates to all parts of the IT system is called a(n):

A) general control.
B) systems control.
C) universal control.
D) applications control.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
31
Auditors should evaluate which of the following before evaluating application controls because of the potential for pervasive effects.

A) input controls
B) control environment
C) processing controls
D) general controls
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
32
In an IT-intensive environment, most processing controls are:

A) input controls.
B) operator controls.
C) programmed controls.
D) documentation controls.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
33
Which of the following is not a characteristic associated with converting from a manual to an IT system?

A) It usually centralizes data.
B) It permits higher quality and more consistent controls over operations.
C) It may eliminate the control provided by division of duties of independent persons who perform related functions and compare results.
D) It may take the recordkeeping function and the document preparation function away from those who have custody of assets and put those functions into the IT center.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
34
Which of the following is least likely to be used in obtaining an understanding of client general controls?

A) examination of system documentation
B) inquiry of client personnel (e.g., key users)
C) walk through of a sales transaction
D) reviews of questionnaires completed by client IT personnel
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
35
Output controls are not designed to assure that data generated by the computer are:

A) accurate.
B) distributed only to authorized people.
C) complete.
D) used appropriately by management.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
36
Output controls need to be designed for which of the following data integrity objectives?

A) detecting errors after the processing is completed
B) preventing errors before the processing is completed
C) detecting errors in the general ledger adjustment process
D) preventing errors in separation of duties for IT personnel
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
37
Auditors usually obtain information about general and application controls through:

A) interviews with IT personnel.
B) examination of systems documentation.
C) reading program change requests.
D) all of the above methods.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
38
General controls have which of the following effects on the operating effectiveness of application controls?

A) nominal
B) pervasive
C) mitigating
D) worsening
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
39
Which of the following tests determines that every field in a record has been completed?

A) Validation
B) Sequence
C) Completeness
D) Programming
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
40
Which of the following is not a general control?

A) computer performed validation tests of input accuracy
B) equipment failure causes error messages on monitor
C) separation of duties between programmer and operators
D) adequate program run instructions for operating the computer
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
41
Discuss the four areas of responsibility under the IT function that should be segregated in large companies.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
42
Processing controls include the following tests:
Validation
Sequence
Data Reasonableness
Completeness
Describe what each control is designed to do:
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
43
One category of general controls is physical and online security. Describe the control and give at least three examples of implementation of the control.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
44
Which of the following computer-assisted auditing techniques inserts an audit module in the client's application system to identify specific types of transactions?

A) parallel simulation testing
B) test data approach
C) embedded audit module
D) generalized audit software testing
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
45
In IT systems, if general controls are effective, it increases the auditor's ability to rely on application controls to reduce control risk.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
46
In an IT system, automated equipment controls or hardware controls are designed to:

A) correct errors in the computer programs.
B) monitor and detect errors in source documents.
C) detect and control errors arising from the use of equipment.
D) arrange data in a logical sequential manner for processing purposes.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
47
Parallel testing is used when old and new systems are operated simultaneously in all locations.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
48
Programmers should design the formatting for transactions data.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
49
Parallel testing is more expensive than pilot testing.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
50
If a control total were to be computed on each of the following data items, which would best be identified as a hash total for a payroll IT application?

A) gross wages earned
B) employee numbers
C) total hours worked
D) total debit amounts and total credit amounts
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
51
Application controls vary across the IT system. To gain an understanding of internal control for a private company, the auditor must evaluate the application controls for every:

A) audit area.
B) material audit area.
C) audit area in which the client uses the computer.
D) audit area where the auditor plans to reduce assessed control risk.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
52
When auditing a client that uses batch processing the problem with error detection is that:

A) transaction trails in a batch system are available only for a limited period of time.
B) there are time delays in processing transactions in a batch system.
C) errors in some transactions cause rejection of other transactions in the batch.
D) random errors are more likely in a batch system than in an online system.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
53
Identify the three categories of application controls, and give one example of each.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
54
Which of the following is not a general control?

A) sSeparation of IT duties
B) systems development.
C) processing controls
D) hardware controls
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
55
Which of the following is not an application control?

A) preprocessing authorization of sales transactions
B) reasonableness test for unit selling price of sale
C) post-processing review of sales transactions by the sales department
D) logging in to the company's information systems via a password
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
56
The most important output control is:

A) distribution control, which assures that only authorized personnel receive the reports generated by the system.
B) review of data for reasonableness by someone who knows what the output should look like.
C) control totals, which are used to verify that the computer's results are correct.
D) logic tests, which verify that no mistakes were made in processing.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
57
In comparing (1) the adequacy of the hardware controls in the system with (2) the organization's methods of handling the errors that the computer identifies, the independent auditor is:

A) unconcerned with both (1) and (2).
B) equally concerned with (1) and (2).
C) less concerned with (1) than with (2).
D) more concerned with (1) than with (2).
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
58
Identify the six categories of general controls and give one example of each.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
59
What are the two software testing strategies that companies typically use? Which strategy is more expensive?
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
60
Briefly define general controls and application controls.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
61
IT controls are classified as either input controls or output controls.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
62
Controls that relate to a specific use of the IT system, such as the processing of sales or cash receipts, are called application controls.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
63
Knowledge of both general and application controls is crucial for auditors in understanding how accounting information is recorded and reported.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
64
When the client uses a computer but the auditor chooses to use only the non-IT segment of internal control to assess control risk, it is referred to as auditing around the computer. Which one of the following conditions need not be present to audit around the computer?

A) Application controls need to be integrated with general controls.
B) The source documents must be available in a non-machine language.
C) The documents must be filed in a manner that makes it possible to locate them.
D) The output must be listed in sufficient detail to enable the auditor to trace individual transactions.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
65
Which of the following audit procedures used to obtain an understanding of the client's general controls would the auditor use to identify program changes in application software?

A) interviews with IT personnel
B) examination of system documentation
C) reviews of detailed questionnaires completed by the IT staff
D) review of the client's IT architecture
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
66
"Auditing around the computer" is acceptable only if the auditor has access to the client's data in a machine-readable language.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
67
An auditor's flowchart of the client's IT system is a graphical representation that depicts the auditor's:

A) program for tests of controls.
B) understanding of the system of how the IT system functions.
C) understanding of the types of errors that are probable given the present system.
D) documentation of the study and evaluation of the system.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
68
The audit procedure which is least useful in gathering evidence on significant computer processes is:

A) documentation.
B) observation.
C) test decks.
D) generalized audit software.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
69
"Auditing around the computer" is most appropriate when the client has not maintained detailed output or source documents in a form readable by humans.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
70
The effectiveness of automated controls depends solely on the competence of the personnel performing the controls.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
71
Programmers should do all but which of the following?

A) Test programs for proper performance.
B) Evaluate representational faithfulness of transaction data input.
C) Develop flowcharts for new applications.
D) Programmers should perform each of the above.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
72
The process of assessing control risk considering only non IT controls is known as?

A) the single-stage audit.
B) the test deck approach.
C) auditing around the computer.
D) generalized audit software (GAS).
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
73
Auditors normally link controls and deficiencies in general controls to specific transaction-related audit objectives.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
74
Output controls focus on preventing errors during processing.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
75
Logic tests and completeness tests are examples of application controls.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
76
When the auditor decides to "audit around the computer" to obtain an understanding of the client's internal controls related to the IT system.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
77
Tests of controls are normally performed only if the auditor believes the client's internal control may be effective.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
78
Processing controls is a category of application controls.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
79
General controls in smaller companies are usually less effective than in more complex IT environments.
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
80
Companies with non-complex IT environments often rely on desktops and networked servers to perform accounting system functions. Which of the following is not an audit consideration in such an environment?

A) limited reliance on automated controls
B) unauthorized access to master files
C) vulnerability to viruses and other risks
D) excess reliance on automated controls
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 106 flashcards in this deck.
Examlex
Examlex
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App

Scan to downloadDownload the App
qr-code

Copyright © 2025 Examlex LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree