Deck 20: Auditing and Information Technology

A)Completeness and Accuracy.
B)Occurrence and Rights and Obligations.
C)Accuracy and Occurrence.
D)Completeness and Occurrence.

A)Create checkpoints at periodic intervals after data processing to test for unauthorized use of the system.
B)Examine the transaction log to discover whether any transactions were lost or entered twice due to a system malfunction.
C)Enter invalid identification numbers or passwords to ascertain whether the system rejects them.
D)Vouch a random sample of processed transactions to assure proper authorization.

A)Control totals.
B)Balancing input to output.
C)File backup and retention.
D)Transaction logs.

A)Grandfather-father-son file retention.
B)Input and output validation routines.
C)Systems documentation.
D)Check digit verification.

A)Hardware controls are built into the computer by the computer manufacturer.
B)Backup files are stored in a location separate from original copies.
C)Personnel who are independent of data input perform parallel simulations.
D)System flowcharts provide accurate descriptions of computer operations.

A)Ensure that appropriate files are used in computerized processing.
B)Ensure restricted access to the computing environment.
C)Ensure that files are appropriately secured and protected from loss.
D)Ensure that files can be reconstructed from earlier versions of information used in processing.

A)The duties of application programming,computer operation,and control of data files should be separated.
B)Computer operators should maintain control of all software programs.
C)Specific passwords should be required to access online files.
D)Computer programmers should be periodically rotated across different applications.

A)Programmer.
B)Systems analyst.
C)Computer operator.
D)Data conversion operator.

A)Access client data files.
B)Prepare spreadsheets.
C)Assess control risk related to computerized processing systems.
D)Construct and perform parallel simulations.

A)Providing for the separation of duties between data input and error listing operations.
B)Using a systems development life cycle for authorization,user involvement,and testing of program modifications.
C)Preparing batch totals to provide assurance that file updates are made for the entire group of transactions.
D)Performing a validity check of an identification number before a user can obtain access to the computer files.

A)Existence of unclaimed payroll checks held by supervisors.
B)Early cashing of payroll checks by employees.
C)Discovery of invalid employee identification numbers.
D)Proper approval of overtime by supervisors.

A)Employee collusion possibilities are increased because portable computing devices from one vendor can process the programs of a system from different vendors.
B)Computer operators may be able to remove hardware and software components and modify them at an off-site location.
C)Programming errors result in all similar transactions being processed incorrectly because those transactions are processed under the same conditions.
D)Certain transactions may be automatically initiated by the computerized processing system and management's authorization of these transactions may be implicit in its acceptance of the system design.

A)Can be performed using only actual transactions because testing simulated transactions does not provide relevant evidence.
B)Can be performed using actual transactions or simulated transactions.
C)Is impractical because many procedures within the computerized processing system leave no visible evidence of having been performed.
D)Is inadvisable because it may distort the evidence in real-time systems.

A)Periodic management review of computer utilization reports and systems documentation.
B)Separation of duties for computer programming and computer operations.
C)Participation of user department personnel in designing and approving new systems.
D)Physical security of computer facilities in limiting access to computer equipment.

A)Check digits.
B)Valid sign tests.
C)Sequence tests.
D)Limit and reasonableness tests.

A)The objective of the audit examination focuses on detection of fraud and theft through the computer.
B)The type of substantive procedures performed by the audit team change because of the use of computerized processing.
C)The effectiveness of computer controls implemented by the client over its computerized processing may need to be evaluated by audit teams.
D)Different independence standards are introduced for audit teams when clients utilize computerized processing.

A)Parity check.
B)Personal identification code.
C)Self diagnosis test.
D)Echo check.

A)The audit team's test data are consistent with the client's normal transactions.
B)Controls operate as described in responses to internal control questionnaire items and program flowcharts.
C)Every possible error is prevented or detected by the client's computer controls.
D)All possible combinations of valid data are correctly processed.

A)Several transactions of each type must be tested.
B)Test data are processed by the client's computer programs under the audit team's control.
C)Test data must consist of all possible valid and invalid combinations.
D)The computer program used to process test data is different from the program used throughout the year by the client.

A)Batch totals.
B)Hash totals.
C)Missing data tests.
D)Sequence tests.

A)The test data are created for a separate entity and are run simultaneously with the client's actual data.
B)Only one of each type of error transaction needs to be included in the test data.
C)The manual results of processing the test data are compared to the results of processing these data through the client's computerized processing system.
D)Audit teams consider potential errors and conditions of interest in generating the test data.

A)Using passwords requiring access to those programs and files.
B)Periodically reviewing and confirming access rights for the organization's users.
C)Monitoring actual user activity through a program log and comparing that activity to authorized levels.
D)Ensuring that access to programs and files is removed for recently-terminated employees.

A)Access to programs and data.
B)Computer operations.
C)Data file controls.
D)Program change controls.

A)Computer controls.
B)Environment controls.
C)Automated application controls.
D)General controls.

A)Batch totals.
B)Hash totals.
C)Check digits.
D)Record counts.

A)These standards enable the organization to understand the programming logic underlying recently-developed programs.
B)These standards ensure that the program controls and documentation included in recently-developed programs is adequate.
C)The absence of these standards would constitute a material weakness in internal control.
D)These standards ensure the appropriate separation of duties of computer personnel.

A)The types of transactions that are processed through the system.
B)The specific control procedures that have been implemented by the client to prevent or detect misstatements that could occur based on the audit team's analysis.
C)The programs and files that are accessed by the system in processing transactions.
D)The type of output that is created as a result of processing transactions through the system.

A)Ensuring that all software acquisition and program development efforts are consistent with the organization's needs and objectives.
B)Testing and validating new programs and developing proper implementation plans.
C)Requiring that all programming efforts take place under the control of the requesting user department.
D)Ensuring that data are converted completely and accurately for use in the new systems.

A)Detective controls.
B)Input controls.
C)Processing controls.
D)Program change controls.

A)The organization's use of the systems development life cycle when implementing or modifying computerized processing systems.
B)The organization's use of check digits to ensure accurate input of transaction data.
C)Periodic and preventative maintenance performed on the computer and related equipment.
D)The existence of appropriate separation of duties within the computer department.