Which of the following computer documentation would an auditor most likely utilize in obtaining an understanding?

Which of the following computer documentations would an auditor most likely utilize in obtaining an understanding of internal control? a. systems flowcharts b. record counts c. program listings d. record layouts

One of the major problems in an IT system is that incompatible functions may be performed by the same individual. One compensating control for this is the use of a. echo checks b. a self-checking digit system c. computer-generated hash totals d. a computer log

Which of the following is a general control that would most likely assist an entity whose systems analyst left the entity in the middle of a major project? a. grandfather-father-son record retention b. input and output validation routines c. systems documentation d. check digit verification

a retail entity uses EDI in executing & recording its purchase transactions. the entity's auditor recognizes that documentation of transactions will be retained for only a short period of time. To compensate for this limitation, the auditor would a. increase sampling of EDI transactions to be selected for cutoff tests b. perform tests several times during the year, rather than only at year end c. plan to make a 100% count of the entity's inventory at or near the year end d. decrease the assessed level of control risk for the existence or occurrence assertion

b. perform tests several times during the year, rather than only at year end

which of the following is an engagement attribute for an audit of an entity that processes most of it's financial data in electronic form without any paper documentation? a. discrete phases of planning, interim, and year end field work b. increased effort to search for evidence of management fraud c. performance of audit tests on a continuous basis d. increased emphasis on the completeness assertion

c. performance of audit tests on a continuous basis

an auditor anticipates assessing control risk at a low level in a computerized environment. Under these circumstances, on which of the following procedures would the auditor initially focus a. programmed control procedures b. application control procedures c. output control procedures d. general control procedures

d. general control procedures

an entity uses the internet to execute & record its purchase transactions. the auditor recognizes the documentation of details of transactions will be retained for only a short time. to compensate for this limitation, the auditor most likely would a. compare a sample of paid vendors invoices to the receiving records at year end b. plan for a large measure of tolerable misstatement in substantive tests c. perform tests several times during the year, rather than only at year end d. increase the sample of transactions to be selected for cutoff tests.

c. perform tests several times during the year, rather than only at year end

which of the following is an example of how specific IC in a database environment may differ from controls in a nondatabase environment? a. controls should exist to ensure that users have access to and can update only the data elements that they have been authorized to access b. controls over data sharing by diverse users within an entity should be the same for every year c. employee who manages computer hardware should also develop & debug the computer program d. controls can provide assurance that all processed transactions are authorized but cannot verify that all authorized transactions are processed.

a. controls should exist to ensure that users have access to and can update only the data elements that they have been authorized to access

Misstatements in a batch computer system caused by incorrect programs or data may not be detected immediately because a. errors in some transactions may cause rejection of other transactions in the batch b. the identification of errors in input data typically is not part of the program c. there are time delays in processing transactions in a batch system d. the processing transactions in a batch system is not uniform

c. there are time delays in processing transactions in a batch system

which of the following most likely represents a significant deficiency in internal control? a. systems programmer designs systems for computerized applications & maintains output controls b. systems analyst reviews applications of data processing and maintains systems documentation c. control clerk establishes control over data received by the IT department and reconciles control totals after processing d. AP clerk prepares data for computer processing and enters the data into the computer

a. systems programmer designs systems for computerized applications & maintains output controls

When evaluating IC of an entity that processes sales transaction on the internet, an auditor would be most concerned about the a. lack of sales invoice documents as an audit trail b. potential for computer disruption in recording sales c. inability to establish an integrated test facility d. frequency of archiving and data retention

b. potential for computer disruption in recording sales

Which of the following statements is correct concerning IC in an EDI system? a. preventive controls generally are more important than detective controls in EDI systems b. control objectives for EDI systems generally are different from the objectives for the other information systems c. IC in EDI systems rarely permit control risk to be assessed at below the maximum d. IC related to the segregation of duties generally are the most important controls in EDI systems

a. preventive controls generally are more important than detective controls in EDI systems

which of the following would most likely be a weakness in IC of a client that utilizes microcomps rather than a larger computer system a. employee collusion possibilities are increased bc microcomputers from one vendor can process the programs of a system from a different vendor b. microcomputer operators may remove hardware and software components & modify them at home c. programming errors result in all similar transactions being processed incorrectly when they are processed under the same conditions d. certain transactions may be automatically initiated by the microcomputers & management's authorization of these transactions may be implicit in its acceptance of the system design

b. the microcomputer operators may be able to remove hardware and software components & modify them at home

which of the following statements most likely represents a disadvantage for an entity that keeps microcomputer-prepared data files rather than manually prepared files a. attention is focused on the accuracy of the programming process rather than errors in individual transactions b. it is usually easier for unauthorized persons to access and alter the files c. random error associated with processing similar transactions in different ways is usually greater d. it is usually more difficult to compare recorded accountability with physical count of assets

b. it is usually easier for unauthorized persons to access and alter the files

which of the following characteristics distinguishes computer processing from manual processing? a. computer processing virtually eliminates the occurrence of computational error normally associated with manual processing b. the potential for systematic error is ordinarily greater in manual processing than in computerized processing c. errors or fraud in computer processing will be detected soon after their occurrence d. most computer systems are designed so that transaction trails useful for audit purposes do not exist

a. computer processing virtually eliminates the occurrence of computational error normally associated with manual processing

which of the following control procedures most likely could prevent IT personnel from modifying programs to bypass programmed controls a. periodic management review of computer utilization reports and systems documentation b. segregation of duties within IT for computer programming and computer operations c. participation of user department personnel in designing and approving new systems d. physical security of IT facilities in limiting access to IT equipment

b. segregation of duties within IT for computer programming and computer operations

When an accounting application is processed by computer, an auditor can't verify the reliable operation of programmed control procedures by a. constructing a processing system for accounting apps & processing actual data from throughout the period through both the client/ auditor's programs b. manually comparing detail transactions files used by an edit program to the program's generated error listings to determine that errors were properly identified by the edit program c. manually reperforming as of a point in time, the processing of input data and comparing the simulated results to the actual results d. periodically submitting auditor-prepd test data to the same computer process and evaluating results

c. manually reperforming as of a point in time, the processing of input data and comparing the simulated results to the actual results

Which of the following outcomes is a likely benefit of information technology used for internal control? a. processing of unusual or nonrecurring transactions b. enhanced timeliness of information c. potential loss of data d. recording of unauthorized transactions

b. enhanced timeliness of information

In which of the following circumstances would an auditor expect to find that an entity implement automated controls to reduce risks of misstatement a. when errors are difficult to predict b. when misstatements are difficult to define c. when large,unusual, or nonrecurring transactions require judgment d. when transactions are high volume and recurring

d. when transactions are high volume and recurring

In an environment that is highly automated, an auditor determines that it is not possible to reduce detection risk solely by substantive tests of transactions. under these circumstances, the auditor most likely would a. perform tests of controls to support a lower level of assessed control risk b. increase the sample size to reduce sampling risk and detection risk c. adjust the materiality level and consider the effect on inherent risk d. apply analytical procedures and consider the effect on control risk

a. perform tests of controls to support a lower level of assessed control risk

which of the following is not a major reason for maintaining an audit trail for a computer system a. deterrent to fraud b. monitoring purposes c. analytical procedures d. query answering

which of the following is an essential element of the audit trail in an EDI system a. disaster recovery plans that ensure proper back-up of files b. encrypted hash totals that authenticate messages c. activity logs that indicate failed transactions d. hardware security modules that store sensitive data

c. activity logs that indicate failed transactions

which of the following activities most likely would detect whether payroll data were altered during processing a. monitor authorized distribution of data control sheets b. use test data to verify the performance of edit routines c. examine source documents for approval by supervisors d. segregate duties between approval of hardware and software specifications

b. use test data to verify the performance of edit routines

Matthews changed from a system of recording time on clock cards to a computerized payroll system in which employees clock in and out w magnetic cards. the EDP system automatically updates payroll records. bc of the change, a. generalized computer audit programs must be used b. part of the audit trail is altered c. transactions must be processed in batches d. the potential for payroll-related fraud is diminished

b. part of the audit trail is altered

an auditor who is testing IT controls in a payroll system would most likely use test data that contain conditions such as a. deductions not authorized by employees b. overtime not approved by supervisors c. payroll checks with unauthorized signatures d. time tickets with invalid job numbers

d. time tickets with invalid job numbers

in a computerized payroll system environment, an auditor would be least likely to use test data to test controls related to a. missing employee numbers b. proper approval of overtime by supervisors c. time tickets with invalid job numbers d. agreement of hours per clock cards with hours on time tickets

b. proper approval of overtime by supervisors

which of the following could be difficult to determine because electronic evidence may not be retrievable after a specific period a. the acceptance level of detection risk b. the timing of control and substantive tests c. whether to adopt substantive or reliance test strategies d. the assessed level of inherent risk

b. the timing of control and substantive tests

an auditor would most likely be concerned with which of the following controls in a distributed data processing system a. hardware controls b. systems documentation c. access controls d. disaster recovery controls

to obtain evidence that on-line access controls are properly functioning, an auditor most likely would a. crate checkpoints at periodic intervals after live data processing to test for unauthorized use of the system b. examine the transactions log to discover whether any transactions were lost or entered twice due to a system malfunction c. enter invalid ID numbers or passwords to ascertain whether the system rejects them d. vouch a random sample of processed transactions to assure proper authorization

c. enter invalid ID numbers or passwords to ascertain whether the system rejects them

client that recently installed a new AP system assigned employees a user ID & password. the ID is the persons name and their password is the same. users are not required to chnge their passwords at initial log in nor do they expire. which of the following statements doesn't reflect a limitation of the client's computer IC a. emp. can easily guess fellow emp passwords b. emp. are not required to change passwords c. emp. can circumvent segregate of duties procedures d. emps. are not required to take regular vacations

d. emps. are not required to take regular vacations

which of the following would an auditor ordinarily consider the greatest risk regarding an entity's use of EDI? a. authorization of EDI transactions b. duplication of EDI transmissions c. improper distribution of EDI transactions d. elimination of paper documents

c. improper distribution of EDI transactions

which of the following controls is a processing control designed to ensure the reliability and accuracy of data processing I. Limit test II. Validity check test