A6-3 Flashcards Preview

AUD BECKER MCQ > A6-3 > Flashcards

Flashcards in A6-3 Deck (27)
1

Janus Company, a client of Peterman, CPA, has recently automated its accounting system. While Peterman has been the auditor of Janus for several years, this will be the first audit encompassing the new system. Which of the following is most likely a result of this change?

I.

Peterman will need to take courses to develop an appropriate level of IT skill.

II.

Peterman will need to revise his audit objectives from prior years to reflect the new situation.

III.

Peterman will need to revise his audit program from prior years to reflect the new situation.

a.

Both I and II.

b.

III only.

c.

I, II, and III.

d.

Both II and III.

Choice "b" is correct. The audit program will likely need to be revised to reflect the risks and capitalize on the strengths inherent in an automated system. For example, there will likely be a greater risk of unauthorized access, while there may also be greater opportunities for data analysis and review.

Audit objectives are the same in a computerized environment as they are in a manual environment.

If specialized IT skills are needed, the auditor is less likely to take IT courses than he or she is to seek the assistance of an IT professional.

Choices "d", "a", and "c" are incorrect, based on the above explanation.

2

Which of the following is the primary reason that many auditors hesitate to use embedded audit modules?

a.

Auditors are required to be involved in the system design of the application to be monitored.

b.

Auditors are required to monitor embedded audit modules continuously to obtain valid results.

c.

Embedded audit modules cannot be protected from computer viruses.

d.

Embedded audit modules can easily be modified through management tampering.

Choice "a" is correct. Embedded audit modules are sections of the application program code that collect transaction data for the auditor. Embedded audit modules are usually built into the application program when the program is developed. This would require that the auditors be involved in the system design of the application to be monitored.

Choice "c" is incorrect. Embedded audit modules can be protected from computer viruses the same way any other application program would be protected.

Choice "b" is incorrect. Auditors are not required to monitor embedded audit modules continuously to obtain valid results.

Choice "d" is incorrect. As long as there are appropriate controls in place, embedded audit modules cannot easily be modified through management tampering.

3

An auditor who wishes to capture an entity's data as transactions are processed and continuously test the entity's computerized information system most likely would use which of the following techniques?

a.

Embedded audit module.

b.

Test data generator.

c.

Integrated data check.

d.

Snapshot application.

Choice "a" is correct. Embedded audit modules are sections of an application program code that collect transaction data for the auditor. Such modules allow the auditor to capture specific data as transactions are being processed.

Choices "d", "c", and "b" are incorrect, based on the above explanation.

4

Which of the following strategies would a CPA most likely consider in auditing an entity that processes most of its financial data only in electronic form, such as a paperless system?

a.

Continuous monitoring and analysis of transaction processing with an embedded audit module.

b.

Extensive testing of firewall boundaries that restrict the recording of outside network traffic.

c.

Increased reliance on internal control activities that emphasize the segregation of duties.

d.

Verification of encrypted digital certificates used to monitor the authorization of transactions.

Choice "a" is correct. In a paperless system, the CPA would most likely need to continuously monitor and analyze transaction processing to ensure that controls were operating effectively throughout the period under audit. An embedded audit module is one way to achieve this goal.

Choice "c" is incorrect. While segregation of duties is an important control, there would be no reason to increase reliance on such controls in a paperless system.

Choice "d" is incorrect. Verification of encrypted digital certificates used to monitor the authorization of transactions would be used in all computerized systems.

Choice "b" is incorrect. Testing of firewall boundaries that restrict the recording of outside network traffic by itself does not ensure the completeness and accuracy of the financial data.

5

When an auditor tests a computerized accounting system, which of the following is true of the test data approach?

a.

Several transactions of each type must be tested.

b.

Test data are processed by the client's computer programs under the auditor's control.

c.

The program tested is different from the program used throughout the year by the client.

d.

Test data must consist of all possible valid and invalid conditions.

Choice "b" is correct. Test data consists of "dummy" data run through the client's computer system. The data should be processed under the auditor's control.

Choice "a" is incorrect. Only transactions that the auditor wishes to test must be used.

Choice "d" is incorrect. While the auditor will frequently use many valid and invalid conditions, it is not feasible to test every possible valid and invalid condition using a test data approach.

Choice "c" is incorrect. The objective of the test data approach is to test programs that the client uses to process data. Using different programs defeats the primary purpose of the test.

6

Which of the following statements most likely represents a disadvantage for an entity that keeps microcomputer-prepared data files rather than manually prepared files?

a.

Attention is focused on the accuracy of the programming process rather than errors in individual transactions.

b.

Random error associated with processing similar transactions in different ways is usually greater.

c.

It is usually more difficult to compare recorded accountability with physical count of assets.

d.

It is usually easier for unauthorized persons to access and alter the files

Choice "d" is correct. It is easier to access and alter microcomputer data files than manually prepared data files. Microcomputer access security is difficult to maintain because of the increased number of data entry points and the potential ability to defeat access controls. 

Choice "a" is incorrect. Once the programs are written, the focus will still be on the accuracy of the transactions. 

Choice "b" is incorrect. One of the benefits of an automated system over a manual system is the removal of random errors from the process. (Instead, systematic errors are more common.)

Choice "c" is incorrect. There is no significant difference between comparing physical counts with accounting records kept either manually or on an automated system.

7

An auditor most likely would introduce test data into a computerized payroll system to test internal controls related to the:

a.

Early cashing of payroll checks by employees.

b.

Existence of unclaimed payroll checks held by supervisors.

c.

Proper approval of overtime by supervisors.

d.

Discovery of invalid employee I.D. numbers.

Choice "d" is correct. Test data allows the auditor to determine whether adequate controls exist over data processing. Test data consists of fictitious entries or inputs that are processed through the client's computer system under the control of the auditor. The client's computerized payroll system should have adequate controls to prevent input of invalid employee I.D. numbers.

Choice "b" is incorrect. This control does not involve the client's computer system and therefore cannot be tested using test data.

Choice "a" is incorrect. This control does not involve the client's computer system and therefore cannot be tested using test data.

Choice "c" is incorrect. This control does not involve the client's computer system and therefore cannot be tested using test data.

8

Using computers in auditing may affect the methods used to review the work of staff assistants because:

a.

Audit documentation may not contain readily observable details of calculations.

b.

More supervision would be neccessary.

c.

Documenting the supervisory review may require assistance of consulting services personnel.

d.

Supervisory personnel may not have an understanding of the capabilities and limitations of computers.

Choice "a" is correct. When using computers in an auditing task, audit documentation may not contain readily observable details of calculations (e.g., present value calculations). In order to review assistants' work, a supervisor may have to examine the formulas used on the computer rather than simply examining the audit documentation. 

Choice "b" is incorrect. Use of a computer may result in a decrease, rather than increase, in supervisory time because it is quicker to review the accuracy of such things as footings, ratio calculations, and cross references.

Choice "c" is incorrect. Consulting service personnel should not be necessary to document the supervisory review. 

Choice "d" is incorrect. The familiarity of supervisory personnel with the capabilities and limitations of computers would not have an effect on the review process.

9

Which of the following statements is not true of the test data approach to testing an accounting system?

a.

The test data need consist of only those valid and invalid conditions that interest the auditor.

b.

Only one transaction of each type need be tested.

c.

The test data must consist of all possible valid and invalid conditions.

d.

Test data are processed by the client's computer programs under the auditor's control.

Choice "c" is correct. While the auditor will frequently use many valid and invalid conditions, it is not feasible to test every possible valid and invalid condition using a test data approach.

Choice "d" is incorrect. Test data consists of a set of fictitious entries or inputs that are processed through the client's computer system under the control of the auditor.

Choice "a" is incorrect. The auditor need only include valid and invalid conditions that interest the auditor.

Choice "b" is incorrect. Only one transaction of each type need be tested, as the system should process similar transactions in a consistent manner.

10

An auditor would least likely use computer software to:

a.

Assess EDP control risk.

b.

Access client data files.

c.

Construct parallel simulations.

d.

Prepare spreadsheets.

Choice "a" is correct. The assessment of control risk is based on auditor judgment. A computer cannot replace professional auditor judgment in assessing control risk.

Choice "c" is incorrect. Computer software would be used when constructing parallel simulations. Parallel simulation involves taking the client's data and reprocessing it using the auditor's equipment and software.

Choice "b" is incorrect. The auditor would use generalized audit software or retrieval package software to access client data files.

Choice "d" is incorrect. The auditor would most likely use some sort of software to prepare spreadsheets.

11

A client that recently installed a new accounts payable system assigned employees a user identification code (UIC) and a separate password. Each UIC is a person's name, and the individual's password is the same as the UIC. Users are not required to change their passwords at initial log-in nor do passwords ever expire. Which of the following statements does not reflect a limitation of the client's computer-access control?

a.

Employees can easily guess fellow employees' passwords.

b.

Employees are not required to change passwords.

c.

Employees are not required to take regular vacations.

d.

Employees can circumvent procedures to segregate duties.

Choice "c" is correct. The requirement that employees take regular vacations is a good internal control, but it is unrelated to computer-access controls.

Choice "a" is incorrect. Using employee's names as their passwords is an ineffective computer-access control, because passwords are easily guessed.

Choice "b" is incorrect. It would be acceptable to assign employee names as passwords, as long as the employees were required to change their passwords at initial log-in as well as periodically in the future. The fact that this requirement is not in place is a limitation of the client's computer-access controls.

Choice "d" is incorrect. If password controls are used to segregate the duties of individual employees, using employee names as passwords allows an employee to circumvent this segregation by logging in with another employee's password.

12

When conducting field work for a physical inventory, an auditor cannot perform which of the following steps using a generalized audit software package?

a.

Recalculating balances in inventory reports.

b.

Observing inventory.

c.

Selecting sample items of inventory.

d.

Analyzing data resulting from inventory.

Choice "b" is correct. A generalized audit software package (GASP) is used to perform tests directly on a client's system. Since observing inventory involves personal observations made by the auditor, and is unrelated to the client's system, a GASP would not be useful in this regard.

Choice "c" is incorrect. Generalized audit software packages (GASPs) are used to perform tests directly on a client's system. Tasks typically performed by GASPs include selecting items that meet specified criteria.

Choice "d" is incorrect. Generalized audit software packages (GASPs) are used to perform tests directly on a client's system. Tasks typically performed by GASPs include performing statistical analysis of data.

Choice "a" is incorrect. Generalized audit software packages (GASPs) are used to perform tests directly on a client's system. Tasks typically performed by GASPs include recalculating amounts and totals.

13

When an auditor tests the internal controls of a computerized accounting system, which of the following is true of the test data approach?

a.

Test data are coded to a dummy subsidiary so they can be extracted from the system under actual operating conditions.

b.

Test data are processed with the client's computer and the results are compared with the auditor's predetermined results.

c.

Test data programs need not be tailor-made by the auditor for each client's computer applications.

d.

Test data programs usually consist of all possible valid and invalid conditions regarding compliance with internal controls.

Choice "b" is correct. The test data approach refers to a technique in which the client's application program is used to process a set of test data, the results of which are already known by the auditor. If the client's program is operating effectively, it should generate the same results determined by the auditor.

Choice "a" is incorrect. An integrated test facility (not a test data approach) utilizes dummy accounts. For example, using an integrated test facility (ITF) approach, test data is initially commingled with live data, but coding to a dummy account allows later extraction from the system under actual operating conditions.

Choice "c" is incorrect. Test data programs should be tailor-made by the auditor for each client's computer applications, to ensure that the data is in an appropriate form for that client's system, and that it includes the types of invalid conditions in which the auditor is interested.

Choice "d" is incorrect. Test data contains the types of valid and invalid conditions in which the auditor is interested (it is not necessary to test all combinations of valid and invalid conditions).

14

Which of the following characteristics distinguishes computer processing from manual processing?

a.

The potential for systematic error is ordinarily greater in manual processing than in computerized processing.

b.

Computer processing virtually eliminates the occurrence of computational error normally associated with manual processing.

c.

Errors or irregularities in computer processing will be detected soon after their occurrences.

d.

Most computer systems are designed so that transaction trails useful for audit purposes do not exist.

Choice "b" is correct. Computer processing virtually eliminates the occurrence of (random) computational errors normally associated with manual processing. This is a major benefit of computer processing over manual processing.

Choice "c" is incorrect. Depending on human involvement and review, errors or irregularities in computer processing may not be detected quickly.

Choice "a" is incorrect. The potential for systematic errors (e.g., incorrect programming, incorrect data entry) is greater in a computerized system due to reduced human involvement in processing.

Choice "d" is incorrect. Only poorly designed computerized systems provide no audit trail capabilities.

Choice "b" is correct. Computer processing virtually eliminates the occurrence of (random) computational errors normally associated with manual processing. This is a major benefit of computer processing over manual processing.

Choice "c" is incorrect. Depending on human involvement and review, errors or irregularities in computer processing may not be detected quickly.

Choice "a" is incorrect. The potential for systematic errors (e.g., incorrect programming, incorrect data entry) is greater in a computerized system due to reduced human involvement in processing.

Choice "d" is incorrect. Only poorly designed computerized systems provide no audit trail capabilities.

15

The two requirements crucial to achieving audit efficiency and effectiveness with a computer are selecting:

a.

Client data that can be accessed by the auditor's computer and audit procedures that are generally applicable to several clients in a specific industry.

b.

The appropriate software to perform the selected audit tasks and client data that can be accessed by the auditor's computer.

c.

The appropriate audit tasks for computer applications and the appropriate software to perform the selected audit tasks.

d.

Audit procedures that are generally applicable to several clients in a specific industry and the appropriate audit tasks for computer applications.

Choice "c" is correct. In computer audit applications, efficient and effective system usage requires:

Identification of the appropriate audit tasks and

Appropriate software to perform the selected audit tasks.

Choice "b" is incorrect. Although computer access to client data is desirable (i.e. an excel sheet vs. a hardcopy), it is not required.

Choice "a" is incorrect. Although computer access to client data is desirable, it is not required. Also, computer audit applications need not be applicable to several clients to be efficient and effective.

Choice "d" is incorrect. Computer audit applications need not be applicable to several clients to be efficient and effective.

16

An auditor who is testing IT controls in a payroll system would most likely use test data that contain conditions such as:

a.

Payroll checks with unauthorized signatures.

b.

Deductions not authorized by employees.

c.

Overtime not approved by supervisors.

d.

Time tickets with invalid job numbers.


Explanation

Choice "d" is correct. Test data often contains invalid information (such as invalid job numbers) that is used to test EDP controls.

Choices "b", "c", and "a" are incorrect. While approvals and authorizations should all be tested, they are not IT controls and would not be tested through use of test data.

17

Which of the following statements most likely represents a disadvantage for an entity that keeps microcomputer-prepared data files rather than manually prepared files?

a.

Random error associated with processing similar transactions in different ways is usually greater.

b.

Transactions are usually authorized before they are executed and recorded.

c.

It is usually more difficult to detect transposition errors.

d.

It is usually easier for unauthorized persons to access and alter the files.

Choice "d" is correct. Microcomputer systems are sometimes characterized by weak file and data security, and are usually accessible by many office personnel. (Manual systems, in contrast, generally restrict one user from accessing other users' files.) Thus, it is usually easier (increased risk) for unauthorized persons to access and alter computer system files, especially microcomputer system files.

Choice "c" is incorrect. No difference exists between manual and computer-based systems for detecting transposition errors.

Choice "b" is incorrect. Transactions should always be authorized before they are executed and recorded, in both manual and computer-based systems.

Choice "a" is incorrect. Because computer-based processing imposes strict rules on input and processing, generally there are fewer random processing errors

18

In a computerized payroll system environment, an auditor would be least likely to use test data to test controls related to:

a.

Missing employee numbers.

b.

Time tickets with invalid job numbers.

c.

Proper approval of overtime by supervisors.

d.

Agreement of hours per clock cards with hours on time tickets.

Choice "c" is correct. Proper approval of overtime by supervisors is least likely to be used by the auditor in a "test data" test of controls because it is information generally notrecorded in the computer.

Choices "a", "b", and "d" are incorrect. Test data is data (with a predetermined result) that is run through the client's computer system. The auditor creates one transaction of each type of valid and invalid conditions in which the auditor is interested and runs them through the client's processing system. The following are recorded in the computer and are likely candidates for "test data" tests of controls.

a.

Missing employee numbers.

b.

Time tickets with invalid job numbers.

d.

Agreement of hours per clock card with hours on time tickets.

19

Processing data through the use of simulated files provides an auditor with information about the operating effectiveness of controls. One of the techniques involved in this approach makes use of:

a.

Program code checking.

b.

Controlled reprocessing.

c.

Input validation.

d.

An integrated test facility.

Choice "d" is correct. An integrated test facility runs test transactions through the "live" system and posts to simulated (dummy) files to provide an auditor with information about the operating effectiveness of controls.

Choice "b" is incorrect. Controlled reprocessing of transactions is a less common term used for parallel processing where the auditor writes a program to "reprocess" some or all of the client's live data. It does not involve the use of simulated files.

Choice "c" is incorrect. Input validation is a general description of any test that ensures that the input was accurate. It does not involve the use of simulated files.

Choice "a" is incorrect. Program code checking is the review of the client's program source code by a qualified auditor/IT specialist. It does not involve the use of simulated files.

20

Which of the following computer-assisted auditing techniques processes client input data on a controlled program under the auditor's control to test controls in the computer system?

a.

Integrated test facility.

b.

Parallel simulation.

c.

Test data.

d.

Review of program logic.

Choice "b" is correct. Parallel simulation is a technique in which the auditor reprocesses the client's data using the auditor's own software. The auditor then compares his or her results to those obtained by the client.

Choice "c" is incorrect. The test data approach uses the auditor's input data on the client's system, off-line.

Choice "d" is incorrect. Reviewing program logic is not a computer-assisted audit technique.

Choice "a" is incorrect. An integrated test facility uses the auditor's input data on the client's system, on-line.

21

A primary advantage of using generalized audit software packages to audit the financial statements of a client that uses an EDP system is that the auditor may:

a.

Consider increasing the use of substantive tests of transactions in place of analytical procedures.

b.

Reduce the level of required tests of controls to a relatively small amount.

c.

Substantiate the accuracy of data through self-checking digits and hash totals.

d.

Access information stored on computer files while having a limited understanding of the client's hardware and software features.

Choice "d" is correct. One of the primary benefits of using generalized audit software is the ability to access client data stored in computer files without having a detailed understanding of the client's hardware and software features.

Choice "a" is incorrect. The use of generalized audit software would not affect the auditor's decision with respect to using substantive tests of transactions in place of analytical procedures. 

Choice "c" is incorrect. Generalized audit software is used to extract and analyze data. Self-checking digits and hash totals are controls embedded in client software applications to ensure accuracy. They are not a part of generalized audit software.

Choice "b" is incorrect. The use of generalized audit software does not reduce the need to perform tests of controls if reliance on controls is planned.

22

Which of the following computer-assisted auditing techniques allows fictitious and real transactions to be processed together without client operating personnel being aware of the testing process?

a.

Input controls matrix.

b.

Integrated test facility.

c.

Parallel simulation.

d.

Data entry monitor.

Choice "b" is correct. An integrated test facility uses test data commingled with actual data to test transactions. 

Choice "a" is incorrect. An input controls matrix is an input control.

Choice "c" is incorrect. Parallel simulation involves writing a computer program that duplicates the logic of a client's program, using identical data as input, and comparing output.

Choice "d" is incorrect. A data entry monitor is an input control.

23

When companies use information technology (IT) extensively, evidence may be available only in electronic form. What is an auditor's best course of action in such situations?

a.

Use generalized audit software to extract evidence from client databases.

b.

Use audit software to perform analytical procedures.

c.

Perform limited tests of controls over electronic data.

d.

Assess the control risk as high.

Choice "a" is correct. When companies use information technology (IT) extensively and evidence is available only in electronic form, generalized audit software packages generate the programs necessary to interrogate the files and extract and analyze the data.

Choice "d" is incorrect. The use of information technology does not automatically imply that control risk is high. The auditor would need to evaluate the client's controls to make this determination.

Choice "b" is incorrect. Although audit software might be used to perform analytical procedures, the data would first need to be extracted from the client's system. A generalized audit software package is the best way to do this.

Choice "c" is incorrect. If information technology is used extensively, the auditor would likely perform more than limited tests of controls over electronic data.

24

Which of the following is a computer-assisted audit technique that permits an auditor to insert the auditor's version of a client's program to process data and compare the output with the client's output?

a.

Frame relay protocol.

b.

Test data module.

c.

Remote node router.

d.

Parallel simulation.

Choice "d" is correct. This is the definition of parallel simulation. The client's input data is processed through both the auditor's version of the client's program and the client's program and the output is compared.

Choice "b" is incorrect. Test data is data that the auditor develops to test programmed controls. For example, if the client has a programmed control that requires a supervisory approval (a supervisor password) for transactions over $500, the auditor would then create test data to determine if the system would accept a transaction over $500 without a required supervisor password approval.

Choice "a" is incorrect. Frame relay protocol refers to the physical and logical link layers of digital communication channels using packet switching methodology.

Choice "c" is incorrect. A remote node router is not a CAAT; it is a device used to connect physical devices such as terminals and printers not connected to the main network.

25

Which of the following outcomes is a likely benefit of information technology used for internal control?

a.

Recording of unauthorized transactions.

b.

Enhanced timeliness of information.

c.

Processing of unusual or nonrecurring transactions.

d.

Potential loss of data.

Choice "b" is correct. One of information technology's potential benefits is the enhanced timeliness of information.

Choice "c" is incorrect. Manual controls are more appropriate for the processing of unusual or nonrecurring transactions.

Choice "d" is incorrect. The potential loss of data is a risk of information technology, not a benefit of information technology.

Choice "a" is incorrect. The recording of unauthorized transactions is a risk of information technology, not a benefit.

26

Which of the following is an engagement attribute for an audit of an entity that processes most of its financial data in electronic form without any paper documentation?

a.

Increased emphasis on the completeness assertion.

b.

Performance of audit tests on a continuous basis.

c.

Discrete phases of planning, interim, and year-end fieldwork.

d.

Increased effort to search for evidence of management fraud.

Choice "b" is correct. Continuous performance of audit tests is required when financial data is processed electronically, without provision of paper documentation, to ensure that controls are operating effectively throughout the period under audit.

Choice "c" is incorrect. Discrete phases of planning, interim, and year-end fieldwork are not effective when there is no audit trail, because no evidence is then available to support the operation of the controls or the accuracy of the financial records for periods when the auditor was not present to conduct tests.

Choice "d" is incorrect. Consideration of the risk of management fraud is required in all audits, regardless of the method used to process financial data or the adequacy of the paper documentation provided. 

Choice "a" is incorrect. The completeness assertion must be tested in all audit engagements, regardless of the method used to process financial data or the adequacy of the paper documentation provided.

27

In parallel simulation, actual client data are reprocessed using an auditor software program. An advantage of using parallel simulation, instead of performing tests of controls without a computer, is that:

a.

The size of the sample can be greatly expanded at relatively little additional cost.

b.

The test includes all types of transaction errors and exceptions that may be encountered.

c.

The client's computer personnel do not know when the data are being tested.

d.

There is no risk of creating potentially material errors in the client's data.

Choice "a" is correct. Use of computer assisted audit techniques typically allows a greater number of items to be tested at relatively little additional cost. For example, once the auditor has created the software program, it takes little effort to reprocess additional transactions. Manual tests, on the other hand, must be applied separately to each individual transaction, making it more costly to increase sample size.

Choice "b" is incorrect. Reprocessing of actual client data may not include all types of transaction errors and exceptions. Only errors or exceptions in the actual data would be included.

Choice "c" is incorrect. The client's computer personnel likely would be providing the actual client data, and so would have some knowledge of when the data was being tested.

Choice "d" is incorrect. Neither manual testing nor parallel processing includes a risk of corrupting the client's data, since neither one of them affects the client's live data or files.