Unlock document.
This document is partially blurred.
Unlock all pages and 1 million more documents.
Get Access
Arens/Elder/Beasley
Chapter 12
Multiple-Choice Questions
1.
easy
IT has several significant effects on an organization. Which of the following would not be
important from an auditing perspective?
d
a. Organizational changes.
b. The visibility of information.
c. The potential for material misstatement.
d. None of the above; i.e., they are all important.
2.
easy
The audit procedure which is least useful in gathering evidence on significant computer
processes is:
b
a. documentation.
b. observation.
c. test decks.
d. generalized audit software.
3.
Which of the following is not a benefit of using IT-based controls?
easy
a. Ability to process large volumes of transactions.
d
b. Ability to replace manual controls with computer-based controls.
c. Reduction in misstatements due to consistent processing of transactions.
d. Over-reliance on computer-generated reports.
4.
easy
One significant risk related to an automated environment is that auditors may ____ information
provided by an information system.
b
a. not place enough reliance on
b. place too much reliance on
c. reveal
d. not understand
5.
Which of the following is not a risk specific to IT environments?
easy
a. Reliance on the functioning capabilities of hardware and software.
b
b. Increased human involvement.
c. Loss of data due to insufficient backup.
d. Reduced segregation of duties.
6.
easy
Which of the following is not an enhancement to internal control that will occur as a
consequence of increased reliance on IT?
d
a. Computer controls replace manual controls.
b. Higher quality information is available.
c. Computer-based controls provide opportunities to enhance separation of duties.
d. Manual controls replace automated controls.
7.
Which of the following is not a risk to IT systems?
easy
a. Need for IT experienced staff
c
b. Separation of IT duties from accounting functions
c. Improved audit trail
d. Hardware and data vulnerability
8.
Which of the following is not a category of an application control?
easy
a. Processing controls.
c
b. Output controls.
c. Hardware controls.
Arens/Elder/Beasley
d. Input controls.
9.
Old and new systems operating simultaneously in all locations is a test approach known as:
easy
a. pilot testing.
d
b. horizontal testing.
c. integrative testing.
d. parallel testing.
10.
easy
a
When the client uses a computer but the auditor chooses to use only the non-IT segment of
internal control to assess control risk, it is referred to as auditing around the computer. Which
one of the following conditions need not be present to audit around the computer?
a. Computer programs must be available in English.
b. The source documents must be available in a non-machine language.
c. The documents must be filed in a manner that makes it possible to locate them.
d. The output must be listed in sufficient detail to enable the auditor to trace individual
transactions.
11.
Which of the following is a category of general controls?
easy
a. Processing controls.
c
b. Output controls.
c. Physical and online security.
d. Input controls.
12.
Which of the following statements related to application controls is correct?
easy
d
a. Application controls relate to various aspects of the IT function including software
acquisition and the processing of transactions.
b. Application controls relate to various aspects of the IT function including physical security
and the processing of transactions in various cycles.
c. Application controls relate to all aspects of the IT function.
d. Application controls relate to the processing of individual transactions.
13.
General controls include all of the following except:
easy
a. systems development.
c
b. online security.
c. processing controls.
d. hardware controls.
14.
easy
Predesigned formats, such as those used for audit documentation, can be created and saved
using electronic spreadsheets and word processors. These are called:
b
a. desktop publishing.
b. templates.
c. macros.
d. work files.
15.
easy
______ involves implementing a new system in one part of the organization, while other
locations continue to use the current system.
c
a. Parallel testing
b. Online testing
c. Pilot testing
d. Control testing
16.
To determine that user ID and password controls are functioning, an auditor would most likely:
easy
a. attempt to sign on to the system using invalid user identifications and passwords.
a
b. write a computer program that simulates the logic of the client’s access control software.
c. extract a random sample of processed transactions and ensure that the transactions were
appropriately authorized.
Arens/Elder/Beasley
d. examine statements signed by employees stating that they have not divulged their user
identifications and passwords to any other person.
17.
easy
When IT programs or files can be accessed from terminals, users should be required to enter
a(n):
d
a. echo check.
b. parity check.
c. self-diagnosis test.
d. authorized password.
18.
An auditor’s flowchart of a client’s system is a graphical representation that depicts the
auditor’s:
easy
a. program for tests of controls.
b
b. understanding of the system.
c. understanding of the types of errors that are probable given the present system.
d. documentation of the study and evaluation of the system.
19.
Which of the following is not a characteristic of an online processing system?
medium
a. Output of the data files is available on request.
d
b. Master files are updated at the time the entry is made.
c. Display terminals are used for both input and output purposes.
d. Programming is not allowed online and must be done separately.
20.
Typical controls developed for manual systems which are still important in IT systems include:
medium
a. proper authorization of transactions.
d
b. competent and honest personnel.
c. careful and complete preparation of source documents.
d. all of the above.
21.
______ controls prevent and detect errors while transaction data are processed.
medium
a. Software
c
b. Application
c. Processing
d. Transaction
22.
A database management system:
medium
a. physically stores each element of data only once.
a
b. stores data on different files for different purposes, but always knows where they are and
how to retrieve them.
c. allows quick retrieval of data but at a cost of inefficient use of file space.
d. allows quick retrieval of data, but it needs to update files continually.
23.
Which of the following is not associated with converting from a manual to an IT system?
medium
a. It usually centralizes data.
d
b. It permits higher quality and more consistent controls over operations.
c. It may eliminate the control provided by division of duties of independent persons who
perform related functions and compare results.
d. It may take the recordkeeping function and the document preparation function away from
those who have custody of assets and put those functions into the IT center.
24.
Which of the following statements about general controls is not correct?
medium
a. Disaster recovery plans should identify alternative hardware to process company data.
d
b. Successful IT development efforts require the involvement of IT and non-IT personnel.
c. The chief information officer should report to senior management and the board.
d. Programmers should have access to computer operations to aid users in resolving
problems.
Arens/Elder/Beasley
25.
Which of the following statements is correct?
medium
a. Auditors should evaluate application controls before evaluating general controls.
c
b. Auditors should evaluate application controls and general controls simultaneously.
c. Auditors should evaluate general controls before evaluating application controls.
d. None of these statements is correct.
26.
An important characteristic of IT is uniformity of processing. Therefore, a risk exists that:
medium
a. auditors will not be able to access data quickly.
c
b. auditors will not be able to determine if data is processed consistently.
c. erroneous processing can result in the accumulation of a great number of misstatements in
a short period of time.
d. all of the above.
27.
medium
Auditors should evaluate the ________ before evaluating application controls because of the
potential for pervasive effects.
d
a. input controls
b. control environment
c. processing controls
d. general controls
28.
A control that relates to all parts of the IT system is called a(n):
medium
a. general control.
a
b. systems control.
c. universal control.
d. applications control.
29.
Controls which apply to a specific element of the system are called:
medium
a. user controls.
d
b. general controls.
c. systems controls.
d. applications controls.
30.
Which of the following is not an example of an applications control?
medium
a. An equipment failure causes system downtime.
a
b. There is a preprocessing authorization of the sales transactions.
c. There are reasonableness tests for the unit selling price of a sale.
d. After processing, all sales transactions are reviewed by the sales department.
31.
medium
Which of the following is least likely to be used in obtaining an understanding of client general
controls?
c
a. Examination of system documentation
b. Inquiry of client personnel (e.g., key users)
c. Observation of transaction processing
d. Reviews of questionnaires completed by client IT personnel
32.
Which of the following is not a general control?
medium
a. Reasonableness test for unit selling price of a sale.
a
b. Equipment failure causes error messages on monitor.
c. Separation of duties between programmer and operators.
d. Adequate program run instructions for operating the computer.
33.
Controls which are built in by the manufacturer to detect equipment failure are called:
medium
a. input controls.
c
b. fail-safe controls.
c. hardware controls.
d. manufacturer’s controls.
34.
Auditors usually evaluate the effectiveness of:
medium
a. hardware controls before general controls.
c
b. sales-cycle controls before application controls.
c. general controls before applications controls.
d. applications controls before the control environment.
35.
medium
Controls which are designed to assure that the information processed by the computer is
authorized, complete, and accurate are called:
a
a. input controls.
b. processing controls.
c. output controls.
d. general controls.
36.
Programmers should be allowed access to:
medium
a. user controls.
d
b. general controls.
c. systems controls.
d. applications controls.
37.
Programmers should do all but which of the following?
medium
a. Test programs for proper performance.
b
b. Evaluate legitimacy of transaction data input.
c. Develop flowcharts for new applications.
d. Programmers should perform each of the above.
38.
______ tests determines that every field in a record has been completed.
medium
a. Validation
