IF You Want To Purchase A+ Work Then
Click The Link Below , Instant Download
Accounting
Information Systems, 12e (Romney/Steinbart)
Chapter 11 Auditing
Computer-Based Information Systems
1)
Auditing involves the
A)
collection, review, and documentation of audit evidence.
B)
planning and verification of economic events.
C)
collection of audit evidence and approval of economic events.
D)
testing, documentation, and certification of audit evidence.
2)
What is not a typical responsibility of an internal auditor?
A)
helping management to improve organizational effectiveness
B)
assisting in the design and implementation of an AIS
C)
preparation of the company's financial statements
D)
implementing and monitoring of internal controls
3)
Which type of work listed below is not typical of internal auditors?
A)
operational and management audits
B)
information system audits
C)
financial statement audit
D)
financial audit of accounting records
4)
The ________ audit examines the reliability and integrity of accounting
records.
A)
financial
B)
informational
C)
information systems
D)
operational
5)
The ________ audit reviews the general and application controls of an AIS to
assess its compliance with internal control policies and procedures and its
effectiveness in safeguarding assets.
A)
financial
B)
information systems
C)
management
D)
internal control
Page
Ref: 304
6)
One type of audit that is concerned with the economical and efficient use of
resources and the accomplishment of established goals and objectives is known
as a(n) ________ audit.
A)
financial
B)
information systems
C)
internal control
D)
operational or management
Page
Ref: 304
7)
The ________ audit is concerned with the economical and efficient use of
resources and the accomplishment of established goals and objectives.
A)
financial
B)
informational
C)
information systems
D)
operational
Page
Ref: 304
8)
The purpose of ________ is to determine why, how, when, and who will perform
the audit.
A)
audit planning
B)
the collection of audit evidence
C)
the communication of audit results
D)
the evaluation of audit evidence
Page
Ref: 304
9)
Organizing the audit team and the physical examination of assets are components
of which two separate audit stages?
A)
planning; evaluating audit evidence
B)
planning; collecting audit evidence
C)
collecting audit evidence; communicating audit results
D)
communicating audit results; evaluating audit evidence
Page
Ref: 304-305
10)
With which stage in the auditing process are the consideration of risk factors
and materiality most associated?
A)
audit planning
B)
collection of audit evidence
C)
communication of audit results
D)
evaluation of audit evidence
Page
Ref: 304
11)
A system that employs various types of advanced technology has more ________
risk than traditional batch processing.
A)
control
B)
detection
C)
inherent
D)
investing
Page
Ref: 304
12)
Control risk is defined as the
A)
susceptibility to material risk in the absence of controls.
B)
risk that a material misstatement will get through the internal control
structure and into the financial statements.
C)
risk that auditors and their audit procedures will not detect a material error
or misstatement.
D)
risk auditors will not be given the appropriate documents and records by
management who wants to control audit activities and procedures.
Page
Ref: 304
13)
The possibility that a material error will occur even though auditors are
following audit procedures and using good judgment is referred to as
A)
control risk.
B)
detection risk.
C)
inherent risk.
D)
investigating risk.
Page
Ref: 305
14)
The ________ stage of the auditing process involves (among other things) the
auditors observing the operating activities and having discussions with
employees.
A)
audit planning
B)
collection of audit evidence
C)
communication of audit results
D)
evaluation of audit evidence
Page
Ref: 305
15)
Verifying the accuracy of certain information, often through communication with
third parties, is known as
A)
reperformance.
B)
confirmation.
C)
substantiation.
D)
documentation.
Page
Ref: 305
16)
The evidence collection method that examines all supporting documents to
determine the validity of a transaction is called
A)
review of documentation.
B)
vouching.
C)
physical examination.
D)
analytical review.
Page
Ref: 306
17)
The evidence collection method that considers the relationships and trends
among information to detect items that should be investigated further is called
A)
review of the documentation.
B)
vouching.
C)
physical examination.
D)
analytical review.
Page
Ref: 306
18)
Assessing the quality of internal controls, the reliability of information, and
operating performance are all part of which stage of the auditing process?
A)
audit planning
B)
collection of audit evidence
C)
evaluation of audit evidence
D)
communication of audit results
Page
Ref: 306
19)
An auditor must be willing to accept some degree of risk that the audit
conclusion is incorrect. Accordingly, the auditor's objective is to seek
________ that no material error exists in the information audited.
A)
absolute reliability
B)
reasonable evidence
C)
reasonable assurance
D)
reasonable objectivity
Page
Ref: 306
20)
The risk-based audit approach is
A)
a four-step approach to internal control evaluation.
B)
a four-step approach to financial statement review and recommendations.
C)
a three-step approach to internal control evaluation.
D)
a three-step approach to financial statement review and recommendations.
21)
Which of the following is the first step in the risk-based audit approach?
A)
Identify the control procedures that should be in place.
B)
Evaluate the control procedures.
C)
Determine the threats facing the AIS.
D)
Evaluate weaknesses to determine their effect on the audit procedures.
Page
Ref: 306
22)
Determining whether the necessary control procedures are in place is
accomplished by conducting
A)
a systems overhaul.
B)
a systems review.
C)
tests of controls.
D)
both B and C
Page
Ref: 306
23)
According to the risk-based auditing approach, when a control deficiency is
identified, the auditor should inquire about
A)
tests of controls.
B)
the feasibility of a systems review.
C)
materiality and inherent risk factors.
D)
compensating controls.
Page
Ref: 306
24)
The ________ to auditing provides auditors with a clear understanding of
possible errors and irregularities and the related risks and exposures.
A)
risk-based approach
B)
risk-adjusted approach
C)
financial audit approach
D)
information systems approach
25)
What is the purpose of an information systems audit?
A)
To determine the inherent risk factors found in the system
B)
To review and evaluate the internal controls that protect the system
C)
To examine the reliability and integrity of accounting records
D)
To examine whether resources have been used in an economical and efficient
manner in keeping with organization goals and objectives
Page
Ref: 307
26)
The information systems audit objective that pertains to source data being
processed into some form of output is known as
A)
overall security.
B)
program development.
C)
program modifications.
D)
processing.
Page
Ref: 307
27)
To maintain the objectivity necessary for performing an independent evaluation
function, auditors should not be involved in
A)
making recommendations to management for improvement of existing internal
controls.
B)
examining system access logs.
C)
examining logical access policies and procedures.
D)
developing the information system.
Page
Ref: 309
28)
The auditor's role in systems development should be as
A)
an advisor and developer of internal control specifications.
B)
a developer of internal controls.
C)
an independent reviewer only.
D)
A and B above
29)
Regarding program modifications, which statement below is incorrect?
A)
Only material program changes should be thoroughly tested and documented.
B)
When a program change is submitted for approval, a list of all required updates
should be compiled and then approved by management and program users.
C)
During the change process, the developmental version of the program must be
kept separate from the production version.
D)
After the modified program has received final approval, the change is
implemented by replacing the developmental version with the production version.
1
30)
How could auditors determine if unauthorized program changes have been made?
A)
By interviewing and making inquiries of the programming staff
B)
By examining the systems design and programming documentation
C)
By using a source code comparison program
D)
By interviewing and making inquiries of recently terminated programming staff
1
31)
Which auditing technique will not assist in determining if unauthorized
programming changes have been made?
A)
Use of a source code comparison program
B)
Use of the reprocessing technique to compare program output
C)
Interviewing and making inquiries of the programming staff
D)
Use of parallel simulation to compare program output
1
32)
Strong ________ controls can partially compensate for inadequate ________
controls.
A)
development; processing
B)
processing; development
C)
operational; internal
D)
internal; operational
0
33)
The ________ procedure for auditing computer process controls uses a
hypothetical series of valid and invalid transactions.
A)
concurrent audit techniques
B)
test data processing
C)
integrated test facility
D)
dual process
2
34)
The auditor uses ________ to continuously monitor the system and collect audit
evidence while live data are processed.
A)
test data processing
B)
parallel simulation
C)
concurrent audit techniques
D)
analysis of program logic
3
35)
Auditors have several techniques available to them to test computer-processing
controls. An audit technique that immediately alerts auditors of suspicious
transactions is known as
A)
a SCARF.
B)
an audit hook.
C)
an audit sinker.
D)
the snapshot technique.
3
36)
A type of software that auditors can use to analyze program logic and detect
unexecuted program code is
A)
a mapping program.
B)
an audit log.
C)
a scanning routine.
D)
program tracing.
4
37)
One tool used to document the review of source data controls is
A)
a flowchart generator program.
B)
a mapping program.
C)
an input control matrix.
D)
a program algorithm matrix.
4
38)
An audit software program that generates programs that perform certain audit
functions, based on auditor specifications, is referred to as a(n)
A)
input controls matrix.
B)
CAATS.
C)
embedded audit module.
D)
mapping program.
7
39)
The use of a secure file library and restrictions on physical access to data
files are control procedures used together to prevent
A)
an employee or outsider obtaining data about an important client.
B)
a data entry clerk from introducing data entry errors into the system.
C)
a computer operator from losing or corrupting files or data during transaction
processing.
D)
programmers making unauthorized modifications to programs.
6
40)
An auditor might use which of the following to convert data from several
sources into a single common format?
A)
computer assisted audit techniques software
B)
Windows Media Converter
C)
concurrent audit technique
D)
Adobe Professional
7
41)
What is the primary purpose of computer audit software?
A)
eliminate auditor judgment errors
B)
assist the auditor in retrieving and reviewing information
C)
detect unauthorized modifications to system program code
D)
recheck all mathematical calculations, cross-foot, reprocess financial
statements and compare to originals
7
42)
The scope of a(n) ________ audit encompasses all aspects of systems management.
A)
operational
B)
information systems
C)
financial
D)
internal control
8
43)
Evaluating effectiveness, efficiency, and goal achievement are objectives of
________ audits.
A)
financial
B)
operational
C)
information systems
D)
all of the above
8
44)
In the ________ stage of an operational audit, the auditor measures the actual
system against an ideal standard.
A)
evidence collection
B)
evidence evaluation
C)
testing
D)
internal control
8
45) An increase
in the effectiveness of internal controls would have the greatest effect on
A)
reducing control risk.
B)
reducing detection risk.
C)
reducing inherent risk.
D)
reducing audit risk.
Page
Ref: 304
46)
An expansion of a firm's operations to include production in Russia and China
will have the effect of
A)
increasing inherent risk.
B)
reducing inherent risk.
C)
increasing control risk.
D)
reducing control risk.
Page
Ref: 304
47) An increase
in the effectiveness of auditing software will have the effect of
A)
increasing detection risk.
B)
reducing detection risk.
C)
increasing control risk.
D)
reducing control risk.
Page
Ref: 305
48)
An auditor examines all documents related to the acquisition, repair history,
and disposal of a firm's delivery van. This is an example of collecting audit
evidence by
A)
confirmation.
B)
reperformance.
C)
vouching.
D)
analytical review.
Page
Ref: 306
49)
An auditor manually calculates accumulated depreciation on a delivery van and
compares her calculation with accounting records. This is an example collecting
audit evidence by
A)
confirmation.
B)
reperformance.
C)
vouching.
D)
analytical review.
Page
Ref: 305
50) An auditor
finds that employee absentee rates are significantly higher on Mondays and
Fridays than on other work days. This is an example collecting audit evidence
by
A)
confirmation.
B)
reperformance.
C)
vouching.
D)
analytical review.
Page
Ref: 306
51) An auditor
creates a fictitious customer in the system and then creates several fictitious
sales to the customer. The records are then tracked as they are processed by
the system. The auditor is using
A)
an integrated test facility.
B)
the snapshot technique.
C)
a system control audit review file.
D)
continuous and intermittent simulation.
3
52) An auditor sets
an embedded audit module to flag all credit transactions in excess of $1,500.
The flag causes the system state to be recorded before and after each
transaction is processed. The auditor is using
A)
an integrated test facility.
B)
the snapshot technique.
C)
a system control audit review file.
D)
audit hooks.
3
53) An auditor
sets an embedded audit module to record all credit transactions in excess of
$1,500 and store the data in an audit log. The auditor is using
A)
the snapshot technique.
B)
a system control audit review file.
C)
audit hooks.
D)
continuous and intermittent simulation.
3
54) An auditor
sets an embedded audit module to flag questionable online transactions, display
information about the transaction on the auditor's computer, and send a text
message to the auditor's cell phone. The auditor is using
A)
the snapshot technique.
B)
a system control audit review file.
C)
audit hooks.
D)
continuous and intermittent simulation.
3
55) An auditor
sets an embedded audit module to selectively monitor transactions. Selected
transactions are then reprocessed independently, and the results are compared
with those obtained by the normal system processing. The auditor is using
A)
an integrated test facility.
B)
the snapshot technique.
C)
a system control audit review file.
D)
continuous and intermittent simulation.
3
56)
Which of the following is not one of the types of internal audits?
A)
reviewing corporate organizational structure and reporting hierarchies
B)
examining procedures for reporting and disposing of hazardous waste
C)
reviewing source documents and general ledger accounts to determine integrity
of recorded transactions
D)
comparing estimates and analysis made before purchase of a major capital asset
to actual numbers and results achieved
Page
Ref: 304
57) When
programmers are working with program code, they often employ utilities that are
also used in auditing. For example, as program code evolves, it is often the
case that blocks of code are superseded by other blocks of code. Blocks of code
that are not executed by the program can be identified by
A)
embedded audit modules.
B)
scanning routines.
C)
mapping programs.
D)
automated flow charting programs.
4
58) When
programmers are working with program code, they often employ utilities that are
also used in auditing. For example, as program code evolves, it is often the
case that variables defined during the early part of development become
irrelevant. The occurrences of variables that are not used by the program can
be found using
A)
program tracing.
B)
scanning routines.
C)
mapping programs.
D)
embedded audit modules.
4
59)
Explain the differences between each type of audit risk.
60)
Explain why the auditor's role in program development and acquisition should be
limited.
61)
How and to whom does an auditor communicate the audit results?
62)
Audit tests and procedures traditionally have been performed on a sample basis.
Do options exist for auditors to test significantly more (or all) transactions?
63)
When doing an information systems audit, auditors must review and evaluate the
program development process. What errors or fraud could occur during the
program development process?
64)
Briefly describe tests that can be used to detect unauthorized program
modifications.
65)
Define and give examples of embedded audit modules.
66)
How is a financial audit different from an information systems audit?
67)
Why do all audits follow a sequence of events that can be divided into four
stages, and what are the four stages?
68)
Name and describe the different types of audits.
69)
Describe the risk-based audit approach.
71)
Describe the disadvantages of test data processing.
72)
Describe how audit evidence can be collected.
No comments:
Post a Comment