Unlock document.
This document is partially blurred.
Unlock all pages and 1 million more documents.
Get Access
3) Which statement below is incorrect regarding program modifications?
A) Only material program changes should be thoroughly tested and documented.
B) During the change process, the developmental version of the program must be kept separate
from the production version.
C) After the modified program has received final approval, the change is implemented by
replacing the developmental version with the production version.
D) When a program change is submitted for approval, a list of all required updates should be
compiled and then approved by management and program users.
4) How could auditors determine if unauthorized program changes have been made?
A) by interviewing and making inquiries of the programming staff
B) by examining the systems design and programming documentation
C) by using a source code comparison program
D) by interviewing and making inquiries of recently terminated programming staff
5) Which auditing technique will not assist in determining if unauthorized programming changes
have been made?
A) use of a source code comparison program
B) use of the reprocessing technique to compare program output
C) interviewing and making inquiries of the programming staff
D) use of parallel simulation to compare program output
6) Strong ________ controls can partially compensate for inadequate ________ controls.
A) development; processing
B) processing; development
C) operational; internal
D) internal; operational
7) The ________ procedure for auditing computer process controls uses a hypothetical series of
valid and invalid transactions.
A) concurrent audit techniques
B) test data processing
C) integrated test facility
D) dual process
8) The auditor uses ________ to continuously monitor the system and collect audit evidence
while live data are processed.
A) test data processing
B) parallel simulation
C) concurrent audit techniques
D) analysis of program logic
9) Auditors have several techniques available to them to test computer-processing controls. An
audit technique that immediately alerts auditors of suspicious transactions is known as
A) a SCARF.
B) reperformance.
C) the snapshot technique.
D) an audit hook.
10) A type of software that auditors can use to analyze program logic and detect unexecuted
program code is
A) an audit log.
B) a mapping program.
C) a scanning routine.
D) program tracing.
11) ________ is one tool used to document source data controls.
A) An input control matrix
B) A flowchart generator program
C) A program algorithm matrix
D) A mapping program
12) The use of a secure file library and restrictions on physical access to data files are control
procedures used together to prevent
A) an employee or outsider obtaining data about an important client.
B) a data entry clerk from introducing data entry errors into the system.
C) a computer operator from losing or corrupting files or data during transaction processing.
D) programmers making unauthorized modifications to programs.
13) An auditor creates a fictitious customer in the system and then creates several fictitious sales
to the customer. The records are then tracked as they are processed by the system. The auditor is
using
A) an integrated test facility.
B) the snapshot technique.
C) a system control audit review file.
D) continuous and intermittent simulation.
14) An auditor sets an embedded audit module to flag all credit transactions in excess of $3,000.
The flag causes the system state to be recorded before and after each transaction is processed.
The auditor is using
A) audit hooks.
B) an integrated test facility.
C) the snapshot technique.
D) a system control audit review file.
15) An auditor sets an embedded audit module to record all credit transactions in excess of
$4,000 and stores the data in an audit log. The auditor is using
A) audit hooks.
B) the snapshot technique.
C) a system control audit review file.
D) continuous and intermittent simulation.
16) An auditor sets an embedded audit module to flag questionable online transactions, display
information about the transaction on the auditor's computer, and send a text message to the
auditor's cell phone. The auditor is using
A) the snapshot technique.
B) a system control audit review file.
C) audit hooks.
D) continuous and intermittent simulation.
17) An auditor sets an embedded audit module to selectively monitor transactions. Selected
transactions are then reprocessed independently, and the results are compared with those
obtained by the normal system processing. The auditor is using
A) an integrated test facility.
B) the snapshot technique.
C) a system control audit review file.
D) continuous and intermittent simulation.
18) When programmers are working with program code, they often employ utilities that are also
used in auditing. For example, as program code evolves, it is often the case that blocks of code
are superseded by other blocks of code. Blocks of code that are not executed by the program can
be identified by
A) embedded audit modules.
B) scanning routines.
C) mapping programs.
D) automated flow charting programs.
19) When programmers are working with program code, they often employ utilities that are also
used in auditing. For example, as program code evolves, it is often the case that variables defined
during the early part of development become irrelevant. The occurrences of variables that are not
used by the program can be found using
A) program tracing.
B) scanning routines.
C) mapping programs.
D) embedded audit modules.
20) Explain why the auditor's role in program development and acquisition should be limited.
21) Audit tests and procedures traditionally have been performed on a sample basis. Do options
exist for auditors to test significantly more (or all) transactions?
22) When doing an information systems audit, auditors must review and evaluate the program
development process. What errors or fraud could occur during the program development
process?
23) Briefly describe tests that can be used to detect unauthorized program modifications.
24) Define and give examples of embedded audit modules.
25) a) What is test data processing? b) How is it done? c) What are the sources that an auditor
can use to generate test data?
26) Describe the disadvantages of test data processing.
1) An audit software program that generates programs that perform certain audit functions, based
on auditor specifications, is referred to as a(n)
A) input controls matrix.
B) CAATS.
C) embedded audit module.
D) mapping program.
2) An auditor might use ________ to convert data from several sources into a single common
format.
A) Windows Media Converter
B) concurrent audit technique
C) computer assisted audit techniques software
D) Adobe Professional
3) What is the primary purpose of computer audit software?
A) eliminate auditor judgment errors
B) assist the auditor in retrieving and reviewing information
C) detect unauthorized modifications to system program code
D) recheck all mathematical calculations, cross-foot, reprocess financial statements and compare
to originals
4) How has the U.S. government deployed computer-assisted audit techniques to reduce the
budget?
A) to identify fraudulent Medicare claims
B) to perform random audits of government spending
C) to replace human auditors with computerized auditors
D) to develop a more balanced government budget
5) True or False: One of the advantages of CAATS software is that it can replace the auditor's
judgment in specific areas of an audit.
6) Identify the company below that CAATS would likely provide the most value.
A) a local car dealership
B) a mom and pop grocery store
C) a large lumber mill that uses an ERP system
D) a medium-sized shoe retailer with outlets in many cities
7) Which of the following is not one way CAATS could be used?
A) to merge files
B) to test files for specific risks
C) to process electronic transactions
D) to query data files to retrieve records meeting specified criteria
8) What type of data does CAATS use to produce an auditing program?
A) archived data
B) backup data
C) live data
D) a copy of live data
1) The scope of a(n) ________ audit encompasses all aspects of systems management.
A) operational
B) information systems
C) financial
D) internal control
2) Evaluating effectiveness, efficiency, and goal achievement are objectives of ________ audits.
A) financial
B) operational
C) information systems
D) all of the above
3) In the ________ stage of an operational audit, the auditor measures the actual system against
an ideal standard.
A) evidence collection
B) evidence evaluation
C) testing
D) internal control
4) The evidence collection stage of an operational audit includes all the following activities
except
A) reviewing operational policies.
B) establishing audit objectives.
C) testing the accuracy of operating information.
D) testing controls.
5) True or False: During the evidence evaluation stage of an operational audit, the auditor
measures the system against generally accepted accounting principles (GAAP).
6) You are the head of the internal audit department for Apple Computer. You want to hire a
person to serve as one of Apple's operational auditors. Identify the candidate below that is likely
to be the most qualified person for the job.
A) Jane, a CPA who has 10 years of audit experience
B) Kasheena, an MBA who has 10 years of management experience
C) Joe, a CISA who has 10 years of IT audit experience
D) Vahlia, a CPA who has 7 years of audit experience and 3 years of management experience
7) Who generally receives the findings and conclusions of an operational audit?
A) the board of directors
B) management
C) the external auditor
D) the IRS
8) Andile Uzoma is the CEO of Chibuzo Incorporated. The board of directors has recently
demanded that they receive independent assurance regarding the financial statements, which are
generated using an accounting information system. Which type of audit would best suit the
demands of the board of directors?
A) financial audit
B) information system audit
C) operational audit
D) sustainability audit
9) Andile Uzoma is the CEO of Chibuzo Incorporated. The board of directors has recently
demanded that they receive more assurance that internal controls surrounding the company's
information system are effective. Which type of audit would best suit the demands of the board
of directors?
A) financial audit
B) information system audit
C) operational audit
D) sustainability audit
10) Andile Uzoma is the CEO of Chibuzo Incorporated. The board of directors has recently
demanded that they receive more assurance that Chibuzo Incorporated is operating in an
efficient, effective manner. Which type of audit would best suit the demands of the board of
directors?
A) financial audit
B) information system audit
C) operational audit
D) sustainability audit
11) With regards to an accounting information system, a financial audit is most concerned with
A) the system's output.
B) the system's input.
C) the system's processing.
D) the system's storage.
