Chapter 7: Computer-Assisted Audit Tools and Techniques

Question 1

The data collection component of the information system is responsible for _____________________

Answer 1

for bringing data into the system for processing.

Question 2

The data collection component of the information system is responsible for bringing data into the system for processing. _____________ at this stage are designed to ensure that these transactions are valid, accurate, and complete.

Answer 2

Input Controls

Question 3

Classes of Input Controls

Answer 3

• Source document controls
• Data coding controls
• Batch controls
• Validation controls
• Input error correction
• Generalized data input systems

Question 4

two types of transposition errors:

Answer 4

single transposition errors and multiple transposition errors

Question 5

A ______________ is a control digit (or digits) added to the code when it is originally assigned that allows the integrity of the code to be established during subsequent processing

Answer 5

check digit

Question 6

_________ are an effective method of managing high volumes of transaction data through a system.

Answer 6

Batch controls

Question 7

The objective of batch control is _______________________.

Answer 7

to reconcile output produced by the system with the input originally entered into the system.

Question 8

______________ refers to a simple control technique that uses nonfinancial data to keep track of the records in a batch.

Answer 8

Hash total

Question 9

Input _______________ are intended to detect errors in transaction data before the data are processed.

Answer 9

validation controls

Question 10

There are three levels of input validation controls:

Answer 10

1. Field interrogation
2. Record interrogation
3. File interrogation

Question 11

__________________ involves programmed procedures that examine the characteristics of the data in the field.

Answer 11

Field interrogation

Question 12

________________ are used to examine the contents of a field for the presence of blank spaces.

Answer 12

Missing data checks

Question 13

_______________________ checks determine whether the correct form of data is in a field. For example, a customer’s account balance should not contain alphabetic data.

Answer 13

Numeric-alphabetic data checks

Question 14

____________________ are used to verify that certain fields are filled with zeros. Some program languages require that fields used in mathematical operations be initiated with zeros prior to processing

Answer 14

Zero-value checks

Question 15

_________ determine if the value in the field exceeds an authorized limit. For example, assume the firm’s policy is that no employee works more than 44 hours per week. The payroll system validation program can interrogate the hours-worked field in the weekly payroll records for values greater than 44.

Answer 15

Limit checks

Question 16

____________ assign upper and lower limits to acceptable data values

Answer 16

Range checks

Question 17

The purpose of this control is to detect keystroke errors that shift the decimal point one or more places.

Answer 17

Range checks

Question 18

____________ compare actual values in a field against known acceptable values. This control is used to verify such things as transaction codes, state abbreviations, or employee job skill codes. If the value in the field does not match one of the acceptable values, the record is determined to be in error.

Answer 18

Validity checks

Question 19

______________ controls identify keystroke errors in key fields by testing the internal validity of the code

Answer 19

Check digit

Question 20

______________ procedures validate the entire record by examining the interrelationship of its field values.

Answer 20

Record interrogation

Question 21

______________________ determine if a value in one field, which has already passed a limit check and a range check, is reasonable when considered along with other data fields in the record.

Answer 21

Reasonableness checks

Question 22

_________ are tests to see if the sign of a field is correct for the type of record being processed. For example, in a sales order processing system, the dollar amount field must be positive for sales orders but negative for sales return transactions.

Answer 22

Sign checks

Question 23

_____________ are used to determine if a record is out of order. In batch systems that use sequential master files, the transaction files being processed must be sorted in the same order as the primary keys of the corresponding master file.

Answer 23

Sequence checks

Question 24

The purpose of _______________ is to ensure that the correct file is being processed by the system. These controls are particularly important for master files, which contain permanent records of the firm and which, if destroyed or corrupted, are difficult to replace.

Answer 24

file interrogation

Question 25

____________ verify that the file processed is the one the program is actually calling for.

Answer 25

Internal label checks

Question 26

________________ are used to verify that the version of the file being processed is correct. In a grandparent–parent–child approach, many versions of master files and transactions may exist. This control compares the version number of the files being processed with the program’s requirements.

Answer 26

Version checks

Question 27

An __________________ prevents a file from being deleted before it expires. In a GPC system, for example, once an adequate number of backup files is created, the oldest backup file is scratched (erased from the disk or tape) to provide space for new files.

Answer 27

expiration date check

Question 28

The three common error
handling techniques:

Answer 28

(1) correct immediately,
(2) create an error file, and
(3) reject the entire batch.

Question 29

To achieve a high degree of control and standardization over input validation procedures, some organizations employ a __________________________.

Answer 29

generalized data input system (GDIS)

Question 30

The GDIS approach has three advantages:

Answer 30

First, it improves control by having one common system perform all data validation.
Second, GDIS ensures that each AIS application applies a consistent standard for data validation.
Third, GDIS improves systems development efficiency.

Question 31

A GDIS has five major components:

Answer 31

1. Generalized validation module
2. Validated data file
3. Error file
4. Error reports
5. Transaction log

Question 32

The _________________________ performs standard validation routines that are common to many different applications. These routines are customized to an individual application’s needs through parameters that specify the program’s specific requirements.

Answer 32

generalized validation module (GVM)

Question 33

The input data that are validated by the GVM are stored on a
_________________. This is a temporary holding file through which validated transactions flow to their respective applications. The file is analogous to a tank of water whose level is constantly changing, as it is filled from the top by the GVM and emptied from the bottom by applications.

Answer 33

validated data file

Question 34

The ___________ in the GDIS plays the same role as a traditional error file. Error records detected during validation are stored in the file, corrected, and then resubmitted to the GVM.

Answer 34

error file

Question 35

Standardized _____________ are distributed to users to facilitate error
correction

Answer 35

error reports

Question 36

The ___________________ is a permanent record of all validated transactions. From an accounting records point of view, it is equivalent to the journal and is an important element in the audit trail.

Answer 36

transaction log

Question 37

Processing controls are divided into three categories:

Answer 37

run-to-run controls,
operator intervention controls,
and Audit Trail Controls.

Question 38

______________________ use batch figures to monitor the batch as it moves from one programmed procedure (run) to another. These controls ensure that each run in the system processes the batch correctly and completely.

Answer 38

Run-to-run controls

Question 39

The ______________ control compares the sequence of each record in the batch with the previous record to ensure that proper sorting took place.

Answer 39

sequence check

Question 40

Systems sometimes require _________________________ to initiate certain actions, such as entering control totals for a batch of records, providing parameter values for logical operations, and activating a program from a different point when reentering semi-processed
error records.

Answer 40

operator intervention

Question 41

Systems that limit operator intervention through ___________________ are thus less prone to processing errors.

Answer 41

operator intervention controls

Question 42

________________ ensure that system output is not lost, misdirected, or corrupted and that privacy is not violated.

Answer 42

Output controls

Question 43

Applications waiting to print output occupy computer memory and block other applications from entering the processing stream. To ease this burden, applications are often designed to direct their output to a magnetic disk file rather than to the printer directly. This is called _______________

Answer 43

output spooling

Question 44

When the printer becomes available, the print run program produces hard copy output from the output file. ________________ are often complex systems that require operator intervention.

Answer 44

Print Programs

Question 45

Print program controls are designed to deal with two types of exposures presented by this environment:

Answer 45

(1) the production of unauthorized copies of output and
(2) employee browsing of sensitive data.

Question 46

When output reports are removed from the printer, they go to the _____________ stage to have their pages separated and collated.

Answer 46

bursting

Question 47

In some organizations, the ____________________ is responsible for verifying the accuracy of computer output before it is distributed to the user.

Answer 47

data control group

Question 48

The primary risks associated with ______________ include reports being lost, stolen, or misdirected in transit to the user.

Answer 48

report distribution

Question 49

Auditors testing with the _______________ do not rely on a detailed knowledge of the application’s internal logic.

Answer 49

black-box approach

Question 50

The advantage of the __________________ is that the application need not be removed from service and tested directly. This approach is feasible for testing applications that are relatively simple.

Answer 50

black-box approach

Question 51

The _________________ relies on an in-depth understanding of the internal logic of the application being tested. This approach includes several techniques for testing application logic directly. These techniques use small numbers of specially created test transactions to verify specific aspects of an application’s logic and controls.

Answer 51

white-box approach

Question 52

________________ verify that an individual, a programmed procedure, or a message (such as an EDI transmission) attempting to access a system

Answer 52

Authenticity tests

Question 53

________________, which ensure that the system processes only data values that conform to specified tolerances. Examples include range tests, field tests, and limit tests.

Answer 53

Accuracy tests

Question 54

________________ identify missing data within a single record and entire records missing from a batch. The types of tests performed are field tests, record sequence tests, hash totals, and control totals.

Answer 54

Completeness tests

Question 55

_________________ determine that an application processes each record only once.

Answer 55

Redundancy tests

Question 56

_____________ ensure that the application prevents authorized users from unauthorized access to data. Access controls include passwords, authority tables, userdefined procedures, data encryption, and inference controls.

Answer 56

Access tests

Question 57

______________ ensure that the application creates an adequate audit trail. This includes evidence that the application records all transactions in a transaction log, posts data values to the appropriate accounts, produces complete transaction listings, and generates error files and reports for all exceptions.

Answer 57

Audit trail tests

Question 58

__________________ verify the correctness of rounding procedures. Rounding errors occur in accounting information when the level of precision used in the calculation is greater than that used in the reporting.

Answer 58

Rounding error tests,

Question 59

____________________ tend to affect a large number of victims, but the harm to each is immaterial. This type of fraud takes its name from the analogy of slicing a large salami (the fraud objective) into many thin pieces

Answer 59

Salami frauds

Question 60

The _____________________ is used to establish application integrity by processing specially prepared sets of input data through production applications that are under review.

Answer 60

test data method

Question 61

When the set of test data in use is
comprehensive, the technique is called the _______________________. These
tests are conducted with a set of test transactions containing all possible transaction types. These are processed through repeated iterations during systems development testing until consistent and valid results are obtained.

Answer 61

base case system evaluation (BCSE).

Question 62

A type of test data technique called ___________ performs an electronic walkthrough of the application’s internal logic.

Answer 62

tracing

Question 63

Advantages of Test Data Techniques

Answer 63

First, they employ through the computer testing, thus providing the auditor with explicit evidence concerning application functions.
Second, if properly planned, test data runs can be employed with only minimal disruption to the organization’s operations.
Third, they require only minimal computer expertise on the part of auditors.

Question 64

Disadvantages of Test Data Techniques

Answer 64

1. Auditors must rely on computer services personnel to obtain a copy of the application for test purposes.
2. They provide a static picture of
   application integrity at a single point in time. They do not provide a convenient means of gathering evidence about ongoing application functionality.
3. test data techniques have relatively high cost of implementation, which results in audit inefficiency

Question 65

The __________________approach is an automated technique that enables the auditor to test an application’s logic and controls during its normal operation.

Answer 65

integrated test facility (ITF)

Question 66

Advantages of (integrated test facility) ITF

Answer 66

First, ITF supports ongoing monitoring of controls as required by SAS 78.
Second, applications with ITF can
be economically tested without disrupting the user’s operations and without the intervention of computer services personnel.

Question 67

_______________ requires the auditor to write a program that simulates key features or processes of the application under review.

Answer 67

Parallel simulation

Question 68

Under source document controls, the organization must implement control procedures over source documents to account for each document. These are:

Answer 68

1. Use Pre-numbered Source Documents
2. Use Source Documents in Sequence
3. Periodically Audit Source Documents