Академический Документы
Профессиональный Документы
Культура Документы
1. One of the features that distinguishes computer processing from manual processing
is
a. Computer processing virtually eliminates the occurrence of computational error
normally associated with manual processing.
b. Errors or fraud in computer processing will be detected soon after their
occurrences.
c. The potential for systematic error is ordinarily greater in manual processing
than in computerized processing.
d. Most computer systems are designed so that transaction trails useful for audit
purposes do not exist.
2. Given the increasing use of microcomputers as a means for accessing data bases,
along with on-line real-time processing, companies face a serious challenge
relating to data security. Which of the following is not an appropriate means
for meeting this challenge?
a. Institute a policy of strict identification and password controls housed in
the computer software that permit only specified individuals to access the
computer files and perform a given function.
b. Limit terminals to perform only certain transactions.
c. Program software to produce a log of transactions showing date, time, type of
transaction, and operator.
d. Prohibit the networking of microcomputers and do not permit users to access
centralized data bases.
7. Noning Corp. has changed from a system of recording time worked on clock cards to
a computerized payroll system in which employees’ record time in and out with
magnetic cards. The CBIS automatically updates all payroll records. Because of
this change
a. A generalized computer audit program must be used.
b. Part of the audit trail is altered.
c. The potential for payroll related fraud is diminished.
d. Transactions must be processed in batches.
8. The auditor attempted to access the client’s computerized data files using the
passwords of terminated employees.
a. General control test
b. Application control test
c. Substantive audit test
d. Security control test
10. An accounts payable program posted a payable to a vendor not included in the on-
line vendor master file. A control which would prevent this error is a
a. Validity check. c. Reasonableness test.
b. Range check. d. Parity check.
13. Input controls, processing controls, and output controls are categories of
a. General Control
b. Security Control
c. Application control
d. IT Control
16. Totals of amounts in computer-record data fields which are not usually added for
other purposes but are used only for data processing control purposes are called
a. Record totals.
b. Hash totals.
c. Processing data totals.
d. Field totals.
17. In auditing through a computer, the test data method is used by auditors to test
the
a. Accuracy of input data.
b. Validity of the output.
c. Procedures contained within the program.
d. Normalcy of distribution of test data.
18. The primary reason for internal auditing's involvement in the development of new
computer-based systems is to:
a. Plan post-implementation reviews.
b. Promote adequate controls.
c. Train auditors in CBIS techniques.
d. Reduce overall audit effort.
20. For the accounting system of Champion Company, the amounts of cash disbursements
entered into an CBIS terminal are transmitted to the computer that immediately
transmits the amounts back to the terminal for display on the terminal screen.
This display enables the operator to
a. Establish the validity of the account number.
b. Verify the amount was entered accurately.
c. Verify the authorization of the disbursement.
d. Prevent the overpayment of the account.
21. Which of the following audit techniques most likely would provide an auditor with
the most assurance about the effectiveness of the operation of an internal
control procedure?
a. Inquiry of client personnel.
b. Recomputation of account balance amounts.
c. Observation of client personnel.
d. Confirmation with outside parties.
23. Which of the following is not a major reason why an accounting audit trail should
be maintained for a computer system?
a. Query answering.
b. Deterrent to fraud.
c. Monitoring purposes.
d. Analytical review.
24. The auditor utilizes the services of the firm’s computer audit specialist assist
in testing controls over the electronic processing of customer remittances.
a. General control test
b. Application control test
c. Substantive audit test
d. Security control test
25. To ensure that goods received are the same as those shown on the purchase
invoice, a computerized system should:
a. Match selected fields of the purchase invoice to goods received.
b. Maintain control totals of inventory value.
c. Calculate batch totals for each input.
d. Use check digits in account numbers.
26. Errors in data processed in a batch computer system may not be detected
immediately because
a. Transaction trails in a batch system are available only for a limited period
of time.
b. There are time delays in processing transactions in a batch system.
c. Errors in some transactions cause rejection of other transactions in the
batch.
d. Random errors are more likely in a batch system than in an on-line system.
27. Which of the following is a computer test made to ascertain whether a given
characteristic belongs to the group?
a. Parity check.
b. Validity check.
c. Echo check.
d. Limit check.
28. These are manual control procedures applied by organizational units whose data
are processed by data processing.
a. User Controls
b. General Controls
c. Application Controls
d. Security Controls
30. When testing a computerized accounting system, which of the following is not true
of the test data approach?
a. The test data need consist of only those valid and invalid conditions in which
the auditor is interested.
b. Only one transaction of each type need be tested.
c. Test data are processed by the client's computer programs under the auditor's
control.
d. The test data must consist of all possible valid and invalid conditions.
34. Auditing by testing the input and output of a computer-based system instead of
the computer program itself will
a. Not detect program errors which do not show up in the output sampled.
b. Detect all program errors, regardless of the nature of the output.
c. Provide the auditor with the same type of evidence.
d. Not provide the auditor with confidence in the results of the auditing
procedures.
35. Which of the following is an acknowledged risk of using test data when auditing
CBIS records?
a. The test data may not include all possible types of transactions.
b. The computer may not process a simulated transaction in the same way it would
an identical actual transaction.
c. The method cannot be used with simulated master records.
d. Test data may be useful in verifying the correctness of account balances, but
not in determining the presence of processing controls.
36. When the auditor encounters sophisticated computer-based systems, he or she may
need to modify the audit approach. Of the following conditions, which one is not
a valid reason for modifying the audit approach?
a. More advanced computer systems produce less documentation, thus reducing the
visibility of the audit trail.
b. In complex computer-based systems, computer verification of data at the point
of input replaces the manual verification found in less sophisticated data
processing systems.
c. Integrated data processing has replaced the more traditional separation of
duties that existed in manual and batch processing systems.
d. Real-time processing of transactions has enabled the auditor to concentrate
less on the completeness assertion.
37. In testing the sales processing set of controls, the auditor has designed a set
of transactions that include unauthorized sales prices, invalid customer numbers,
and lack of credit authorization.
a. General control test
b. Application control test
c. Substantive audit test
d. Security control test
38. If a control total were to be computed on each of the following data items, which
would best be identified as a hash total for a payroll CBIS application?
a. Net pay.
b. Department numbers.
c. Hours worked.
d. Total debits and total credits.
39. In the weekly computer run to prepare payroll checks, a check was printed for an
employee who had been terminated the previous week. Which of the following
controls, if properly utilized, would have been most effective in preventing the
error or ensuring its prompt detection?
a. A control total for hours worked, prepared from time cards collected by the
timekeeping department.
b. Requiring the treasurer's office to account for the number of the pre-numbered
checks issued to the CBIS department for the processing of the payroll.
c. Use of a check digit for employee numbers.
d. Use of a header label for the payroll input sheet.
40. The auditor examined authorizations and studied documentation relating to CBIS
modifications made by the client during the year under audit.
a. General control test
b. Application control test
c. Substantive audit test
d. Security control test
41. An auditor is preparing test data for use in the audit of a computer based
accounts receivable application. Which of the following items would be
appropriate to include as an item in the test data?
a. A transaction record which contains an incorrect master file control total.
b. A master file record which contains an invalid customer identification number.
c. A master file record which contains an incorrect master file control total.
d. A transaction record which contains an invalid customer identification number.
43. A control to verify that the dollar amounts for all debits and credits for
incoming transactions are posted to a receivables master file is the:
a. Generation number check.
b. Master reference check.
c. Hash total.
d. Control total.
45. CBIS controls are frequently classified as to general controls and application
controls. Which of the following is an example of an application control?
a. Programmers may access the computer only for testing and "debugging" programs.
b. All program changes must be fully documented and approved by the information
systems manager and the user department authorizing the change.
c. A separate data control group is responsible for distributing output, and also
compares input and output on a test basis.
d. In processing sales orders, the computer compares customer and product numbers
with internally stored lists.
46. The auditor interviews the client’s information systems manager to clear
exceptions detected when the auditor reviewed data processing job descriptions
for incompatible functions.
a. General control test
b. Application control test
c. Substantive audit test
d. Security control test
47. After a preliminary phase of the review of a client's CBIS controls, an auditor
may decide not to perform further tests related to the control procedures within
the CBIS portion of the client's internal control system. Which of the following
would not be a valid reason for choosing to omit further testing?
a. The auditor wishes to further reduce assessed risk.
b. The controls duplicate operative controls existing elsewhere in the system.
c. There appear to be major weaknesses that would preclude reliance on the stated
procedures.
d. The time and dollar costs of testing exceed the time and dollar savings in
substantive testing if the controls are tested for compliance.
48. For good internal control over computer program changes, a policy should be
established requiring that
a. The programmer designing the change adequately test the revised program.
b. All program changes be supervised by the CBIS control group.
c. Superseded portions of programs be deleted from the program run manual to
avoid confusion.
d. All proposed changes be approved in writing by a responsible individual.
49. Which of the following is not a technique for testing data processing controls?
a. The auditor develops a set of payroll test data that contain numerous errors.
The auditor plans to enter these transactions into the client's system and
observe whether the computer detects and properly responds to the error
conditions.
b. The auditor utilizes the computer to randomly select customer accounts for
confirmation.
c. The auditor creates a set of fictitious customer accounts and introduces
hypothetical sales transactions, as well as sales returns and allowances,
simultaneously with the client's live data processing.
d. At the auditor's request, the client has modified its payroll processing
program so as to separately record any weekly payroll entry consisting of 60
hours or more. These separately recorded ("marked") entries are locked into
the system and are available only to the auditor.
51. Access control in an on-line CBIS can best be provided in most circumstances by
a. An adequate librarianship function controlling access to files.
b. A label affixed to the outside of a file medium holder that identifies the
contents.
c. Batch processing of all input through a centralized, well-guarded facility.
d. User and terminal identification controls, such as passwords.
52. While entering data into a cash receipts transaction file, an employee transposed
two numbers in a customer code. Which of the following controls could prevent
input of this type of error?
a. Sequence check.
b. Record check.
c. Self-checking digit.
d. Field-size check.
53. What is the computer process called when data processing is performed
concurrently with a particular activity and the results are available soon enough
to influence the particular course of action being taken or the decision
being made?
a. Batch processing.
b. Real time processing.
c. Integrated data processing.
d. Random access processing.
56. Creating simulated transactions that are processed through a system to generate
results that are compared with predetermined results, is an auditing procedure
referred to as
a. Desk checking.
b. Use of test data.
c. Completing outstanding jobs.
d. Parallel simulation.
57. To obtain evidential matter about control risk, an auditor ordinarily selects
tests from a variety of techniques, including
a. Analysis.
b. Confirmations.
c. Reprocessing.
d. Comparison.
58. One of the major problems in a CBIS is that incompatible functions may be
performed by the same individual. One compensating control for this is the use of
a. Echo checks.
b. A self-checking digit system.
c. Computer generated hash totals.
d. A computer log.
60. A hash total of employee numbers is part of the input to a payroll master file
update program. The program compares the hash total to the total computed for
transactions applied to the master file. The purpose of this procedure is to:
a. Verify that employee numbers are valid.
b. Verify that only authorized employees are paid.
c. Detect errors in payroll calculations.
d. Detect the omission of transaction processing.
62. The auditor confirmed a sample of customer accounts receivable to evaluate the
correctness of year-end balances in customer accounts.
a. General control test
b. Application control test
c. Substantive audit test
d. Security control test
63. Processing simulated file data provides the auditor with information about the
reliability of controls from evidence that exists in simulated files. One of the
techniques involved in this approach makes use of
a. Controlled reprocessing.
b. Program code checking.
c. Printout reviews.
d. Integrated test facility.
64. Which of the following statements most likely represents a disadvantage for an
entity that keeps microcomputer-prepared data files rather than manually prepared
files?
a. It is usually more difficult to detect transposition errors.
b. Transactions are usually authorized before they are executed and recorded.
c. It is usually easier for unauthorized persons to access and alter the files.
d. Random error associated with processing similar transactions in different ways
is usually greater.
65. The auditor examined printouts from network monitoring software and observed data
input for proper functioning of protocol controls and data encryption.
a. General control test
b. Application control test
c. Substantive audit test
d. Security control test
66. The possibility of losing a large amount of information stored in computer files
most likely would be reduced by the use of
a. Back-up files
b. Check digits
c. Completeness tests
d. Conversion verification.
67. An integrated test facility (ITF) would be appropriate when the auditor needs to
a. Trace a complex logic path through an application system.
b. Verify processing accuracy concurrently with processing.
c. Monitor transactions in an application system continuously.
d. Verify load module integrity for production programs.
69. When auditing "around" the computer, the independent auditor focuses solely upon
the source documents and
a. Test data.
b. CBIS processing.
c. Control techniques.
d. CBIS output.
70. The increased presence of the microcomputer in the workplace has resulted in an
increasing number of persons having access to the computer. A control that is
often used to prevent unauthorized access to sensitive programs is:
a. Backup copies of the diskettes.
b. Passwords for each of the users.
c. Disaster-recovery procedures.
d. Record counts of the number of input transactions in a batch being processed.