Flashcards in ATEC Deck (39):
To obtain evidence that user identification and password controls are functioning as designed, an auditor would most likely
Examine a sample of assigned passwords and access authority to determine whether password holders have access authority incompatible with their other responsibilities.
Carmel Department Store has an ERP information system and is planning to issue credit cards to creditworthy customers. To strengthen internal control by making it difficult for one to create a valid customer number, the company’s independent auditor has suggested the inclusion of a check digit which should be place
Consistently in any position.
Smith Corporation has numerous customers. A customer file is kept on disk storage. Each customer file contains name, address, credit limit, and account balance. The auditor wishes to test this file to determine whether credit limits are being exceeded. The best procedure for the auditor to follow would be to
Develop a program to compare credit limits with account balances and print out the details of any account with a balance exceeding its credit limit.
Which of the following is not a major reason for maintaining an audit trail for a computer system?
a. Monitoring purposes
b. Analytical procedures.
c. Deterrent to irregularities.
d. Query answering.
An auditor anticipates assessing control risk at a low level in a computerized environment. Under these circumstances, on which of the following controls would the auditor initially focus?
a. General controls.
b. Application controls.
c. Programmed controls.
d. Output controls.
A computer-assisted audit technique that is most likely to be effective in a continuous auditing environment is
Embedded audit modules.
The individual with whom an auditor would be most likely to discuss specific access controls within a client’s relational database management system is the
An auditor may use a “join” command in a database query to combine
Tables or parts of tables.
What is an auditor’s client most likely to use to perform queries requested by the auditor of a relational database?
Data manipulation language.
Which of the following is necessary to audit balances in an on-line EDP system in an environment of destructive updating?
a. An integrated test facility.
b. Periodic dumping on transaction files.
c. A well-documented audit trail.
d. Year-end utilization audit hooks.
A well-documented audit trail.
An auditor may decide not to perform tests of controls related to the computer portion of the client’s controls. Which of the following would not be a valid reason for choosing to omit tests of controls?
a. There appear to be major conditions that would preclude reliance on the stated procedure.
b. The controls appear adequate.
c. The time and dollar costs of testing exceed the time and dollar savings in substantive testing if the tests of controls show the control to be operative.
d. The controls duplicate operative controls existing elsewhere in the systems.
The controls appear adequate.
Which of the following is an advantage of using a value-added network for EDI transactions?
a. Reviewing the run manual.
b. Observing the separation of duties of personnel.
c. Reviewing transactions submitted for processing and comparing them to related output.
d. Making corroborative inquiries.
Reviewing transactions submitted for processing and comparing them to related output.
If a CPA wishes to identify all checks written for an amount over $1,000,000 that are included in a relational database, a likely approach to obtaining the list would be
An independent auditor studies and evaluates a client’s computer system. The auditor’s study includes tests of controls that might include which of the following?
a. Examination of the systems manuals to determine whether the existing procedures are satisfactory.
b. Examination of organization charts to determine whether electronic data processing department responsibilities are properly separated to afford effective control.
c. Examination of the machine room log book to determine whether control information is properly recorded.
d. Examination of system flow charts to determine whether they reflect the current status of the system.
Examination of the machine room log book to determine whether control information is properly recorded.
Which of the following client computer systems generally can be audited without examining or directly testing computer programs of the systems?
a. A system that updates a few essential master files and produces no printed output other than the final balance.
b. A system that affects a number of essential master files and produces a limited output.
c. A system that performs relatively uncomplicated processes and produces detailed output.
d. a system that performs relatively complicated processing and produces very little detailed output.
A system that performs relatively uncomplicated processes and produces detailed output.
A CPA might find information on the structure of relational database tables through which language interface?
a. Data control language.
b. Data query language.
c. Data manipulation language.
d. Data definition language.
Data definition language.
Auditing by testing the input and output of a computer system instead of the computer program itself will
Not detect program errors which do not show up in the output samples.
A primary advantage of using generalized audit packages in the audit of an advanced computer system is that it enables the auditor to
Utilize the speed and accuracy of the computer
Which of the following is an advantage of generalized computer audit packages?
a. They can be used for audits for clients that use differing computer equipment and file formats.
b. They have reduced the need for the auditor to study input controls for computer-related procedures.
c. They are all written in one identical computer language.
d. Their use can be substituted for a relatively large part of the required tests of controls.
They can be used for audits for clients that use differing computer equipment and file formats
A primary advantage of using generalized audit software packages to audit the financial statements of a client that uses a computer system is that the auditor may
Access information stored on computer files while having a limited understanding of the client’s hardware and software features.
In auditing through a computer, the test data method is used by auditors to test the
Procedures contained within the program.
An audit technique which involves actual analysis of the logic of a computer program’s processing routines is referred to as
When testing a computerized accounting system, which of the following is not true of the test data approach?
a. The test data must consist of all possible valid and invalid conditions.
b. Test data are processed by the client's computer programs under the auditor's control.
c. Only one transaction of each type need be tested.
d. The test data need consist on only those valid and invalid conditions in which the auditor is interested.
The test data must consist of all possible valid and invalid conditions.
Which of the following is not a technique to continuously test controls within a computer system?
a. Transaction lagging.
b. Controlled reprocessing.
c. Systems control audit review files.
d. Extended records.
Which of the following is not a problem associated with the use of test data for computer-audit purposes?
a. The program with which the test data are processed may differ from the one used in actual operations.
b. It is difficult to design test data that incorporate all potential variations in transactions.
c. Test data may be comingled with live data causing operation problems for the client.
d. Auditing through the computer is more difficult than auditing around the computer.
Auditing through the computer is more difficult than auditing around the computer.
When an auditor tests a computerized accounting system, which of the following is true of the test data approach?
a) Test data are processed by the client’s computer programs under the auditor’s control.
b) Test data must consist of all possible valid and invalid conditions.
c) The program tested is different from the program used throughout the year by the client.
d) Several transactions of each type must be tested.
Test data are processed by the client’s computer programs under the auditor’s control
In parallel simulation, actual client data are reprocessed using an auditor software program. An advantage of using parallel simulation, instead of performing tests of controls without a computer, is that
The size of the sample can be greatly expanded at relatively little additional cost.
When conducting fieldwork for a physical inventory, an auditor cannot perform which of the following steps using a generalized audit software package?
a) Observing inventory.
b) Selecting sample items of inventory.
c) Analyzing data resulting from inventory.
d) Recalculating balances in inventory reports.
When an auditor tests the internal controls of a computerized accounting system, which of the following is true of the test data approach?
a) Test data programs need not be tailor-made by the auditor for each client’s computer applications.
b) Test data programs usually consist of all possible valid and invalid conditions regarding compliance and internal controls.
c) Test data are coded to a dummy subsidiary so they can be extracted from the system under actual operating conditions.
d) Test data are processed with the client’s computer and the results are compared with the auditor’s predetermined results.
Test data are processed with the client’s computer and the results are compared with the auditor’s predetermined results.
When companies use information technology (IT) extensively, evidence may be available only in electronic form. What is an auditor’s best course of action in such situations?
Use generalized audit software to extract evidence from client databases.
Which of the following could be difficult to determine because electronic evidence may not be retrievable after a specific period?
a) The assessed level of inherent risk.
b) Whether to adopt substantive or reliance test strategies.
c) The timing of control and substantive tests.
d) The acceptance level of detection risk.
The timing of control and substantive tests.
In auditing an entity’s computerized payroll transactions, an auditor would be least likely to use test data to test controls concerning
Control and distribution of unclaimed checks
Which of the following is a computer-assisted audit technique that permits an auditor to use the auditor’s version of a client’s program to process data and compare the output with the client’s output?
a) Remote node router.
b) Test data module.
c) Frame relay protocol.
d) Parallel simulation.
Which of the following outcomes is a likely benefit of information technology used for internal control?
a) Potential loss of data.
b) Enhanced timeliness of information.
c) Recording of unauthorized transactions.
d) Processing of unusual or nonrecurring transactions.
Enhanced timeliness of information.
In which of the following circumstances would an auditor expect to find that an entity implemented automated controls to reduce risks of misstatement?
a) When misstatements are difficult to define.
b) When transactions are high-volume and recurring.
c) When large, unusual, or nonrecurring transactions require judgment.
d) When errors are difficult to predict.
When transactions are high-volume and recurring.
Which of the following is not a major reason for maintaining an audit trail for a computer system?
a) Income tax compliance.
b) Monitoring purposes.
c) Analytical procedures.
d) Query answering.
Computer systems are typically supported by a variety of utility software packages that are important to an auditor because they
May enable unauthorized changes to data files if not properly controlled.
An auditor would most likely be concerned with which of the following controls in a distributed data processing system?
a) Systems documentation controls
b) Disaster recovery controls.
c) Access controls.
d) Controls over software development.