Deck 17: IT Controls : Systems Development Program Changes and Application Controls

A) compiled programs are very susceptible to unauthorized modification
B) the source program library stores application programs in source code form
C) modifications are made to programs in machine code language
D) the source program library management system increases operating efficiency

A) using passwords to limit access to application programs
B) assigning a test name to all programs undergoing maintenance
C) combining access to the development and maintenance test libraries
D) assigning version numbers to programs to record program modifications

A) 1234567
B) 12345
C) 124356
D) 123454

A) involves individual modules only, not the full system
B) requires creation of meaningful test data
C) need not be repeated once the system is implemented
D) is primarily concerned with usability

A) Database Management System
B) Recovery Operations Function
C) Source Program Library Management System
D) Computer Services Function

A) sequence check
B) zero value check
C) spooling check
D) range check

A) total payroll checks-$12,315
B) total number of employees-10
C) sum of the social security numbers-12,555,437,251
D) none of the above

A) documentation updates
B) testing
C) formal authorization
D) internal audit approval

A) hash total.
B) record count.
C) batch total.
D) check digit

A) transactions are not omitted
B) transactions are not added
C) transactions are free from clerical errors
D) an audit trail is created

A) check digits should be used for all data codes
B) check digits are always placed at the end of a data code
C) check digits do not affect processing efficiency
D) check digits are designed to detect transcription and transposition errors

A) consists of records that are stored sequentially in an audit file
B) traces transactions from their source to their final disposition
C) is a function of the quality and integrity of the application programs
D) may take the form of pointers, indexes, and embedded keys

A) reconciling program version numbers
B) program testing
C) user involvement
D) internal audit participation

A) contains a transaction code
B) records the record count
C) contains a hash total
D) control figures in the record may be adjusted during processing
E) All the above are true

A) missing data check
B) numeric/alphabetic check
C) range check
D) validity check

A) the test transactions
B) error reports
C) updated master files
D) output reports

A) to ensure that all data input is validated
B) to ensure that only transactions of a similar type are being processed
C) to ensure the records are in sequence and are not missing
D) to ensure that no transaction is omitted

A) missing data check
B) check digit
C) reasonableness check
D) validity check

A) immediate correction
B) rejection of batch
C) creation of error file
D) all are examples of input error correction techniques

A) numeric/alphabetic data checks
B) limit check
C) range check
D) reasonableness check

A) reasonableness check
B) validity check.
C) spooling check
D) missing data check

A) protect applications from unauthorized changes
B) ensure applications are free from error
C) protect production libraries from unauthorized access
D) ensure incompatible functions have been identified and segregated

A) a cost-benefit analysis was conducted
B) the detailed design was an appropriate solution to the user's problem
C) tests were conducted at the individual module and total system levels prior to implementation
D) problems detected during the conversion period were corrected in the maintenance phase

A) check digits
B) Limit check.
C) spooling check
D) missing data check

A) determining the fair value of inventory
B) ensuring that passwords are valid
C) verifying that all pay rates are within a specified range
D) reconciling control totals

A) only successful transactions are recorded on a transaction log
B) unsuccessful transactions are recorded in an error file
C) a transaction log is a temporary file
D) a hardcopy transaction listing is provided to users

A) black box tests of program controls
B) white box tests of program controls
C) substantive testing
D) intuitive testing

A) the test data technique requires extensive computer expertise on the part of the auditor
B) the auditor cannot be sure that the application being tested is a copy of the current application used by computer services personnel
C) the auditor cannot be sure that the application being tested is the same application used throughout the entire year
D) preparation of the test data is time-consuming

A) auditors need minimal computer expertise to use this method
B) this method causes minimal disruption to the firm's operations
C) the test data is easily compiled
D) the auditor obtains explicit evidence concerning application functions

A) numeric/alphabetic data check
B) sign check
C) limit check
D) missing data check

A) the application need not be removed from service and tested directly
B) auditors do not rely on a detailed knowledge of the application's internal logic
C) the auditor reconciles previously produced output results with production input transactions
D) this approach is used for complex transactions that receive input from many sources

A) gaining access to the output file and changing critical data values
B) using a remote printer and incurring operating inefficiencies
C) making a copy of the output file and using the copy to produce illegal output reports
D) printing an extra hardcopy of the output file

A) An audit objective for systems maintenance is to detect unauthorized access to application databases.
B) An audit objective for systems maintenance is to ensure that applications are free from errors.
C) An audit objective for systems maintenance is to verify that user requests for maintenance reconcile to program version numbers.
D) An audit objective for systems maintenance is to ensure that the production libraries are protected from unauthorized access.

A) transaction logs
B) Transaction Listings.
C) data encryption
D) log of automatic transactions

A) header label check
B) expiration date check
C) version check
D) validity check

A) can be turned on and off by the auditor.
B) reduce operating efficiency.
C) may lose their viability in an environment where programs are modified frequently.
D) identify transactions to be analyzed using white box tests.

A) Reasonableness check
B) Run-to-run check
C) Spooling check
D) Batch check
E) None are input controls

A) Range check
B) Limit check
C) Spooling check
D) Validity check
E) They are all input controls

A) recalculate data fields
B) compare files and identify differences
C) stratify statistical samples
D) analyze results and form opinions

A) production reports are affected by ITF transactions
B) ITF databases contain "dummy" records integrated with legitimate records
C) ITF permits ongoing application auditing
D) ITF does not disrupt operations or require the intervention of computer services personnel