Accounting information systems 14th edition romney test bank 1

Page 1

Accounting Information Systems 14th Edition Romney

Full download at:

Test bank: https://testbankpack.com/p/test-bank-foraccounting-information-systems-14th-edition-romneysteinbart-0134474023-9780134474021/

Solution Manual: https://testbankpack.com/p/solutionmanual-for-accounting-information-systems-14th-editionromney-steinbart-0134474023-9780134474021/

Accounting Information Systems, 14e (Romney/Steinbart)

Chapter 11 Auditing Computer-Based Information Systems

1 Describe the nature, scope and objective of audit work, and identify the major steps in the audit process.

1) Auditing involves the

A) collection, review, and documentation of audit evidence.

B) planning and verification of economic events.

C) collection of audit evidence and approval of economic events.

D) testing, documentation, and certification of audit evidence.

Answer: A

Concept: The nature of auditing

Objective: Learning Objective 1

Difficulty: Easy

AACSB: Analytical Thinking

1 Copyright © 2018 Pearson Education, Inc.

2) What is not a typical responsibility of an internal auditor?

A) Helping management to improve organizational effectiveness.

B) Assisting in the design and implementation of an AIS.

C) Preparation of the company's financial statements.

D) Implementing and monitoring of internal controls.

Answer: C

Concept: The nature of auditing

Objective: Learning Objective 1

Difficulty: Moderate

AACSB: Analytical Thinking

3) What is not a typical responsibility of an external auditor?

A) Helping management to improve organizational effectiveness.

B) Assisting in the design and implementation of an AIS.

C) Preparation of the company's financial statements.

D) All of the above.

Answer: D

Concept: The nature of auditing

Objective: Learning Objective 1

Difficulty: Moderate

AACSB: Analytical Thinking

2 Copyright © 2018 Pearson Education, Inc.

4) Which type of work listed below is not typical of internal auditors?

A) Operational and management audits.

B) Information system audits.

C) Financial statement audit.

D) Financial audit of accounting records.

Answer: C

Concept: The nature of auditing

Objective: Learning Objective 1

Difficulty: Easy

AACSB: Analytical Thinking

5) The ________ audit examines the reliability and integrity of accounting records.

A) financial

B) informational

C) information systems

D) operational

Answer: A

Concept: The nature of auditing

Objective: Learning Objective 1

Difficulty: Easy

AACSB: Analytical Thinking

6) The ________ audit reviews the general and application controls of an AIS to assess its compliance with internal control policies and procedures and its effectiveness in safeguarding assets.

A) financial

B) information systems

C) management

D) internal control

Answer: B

Concept: The nature of auditing

Objective: Learning Objective 1

Difficulty: Easy

AACSB: Analytical Thinking

7) A(n) ________ audit is concerned with the economical and efficient use of resources and the accomplishment of established goals and objectives.

A) operational or management

B) financial

C) information systems

D) internal control

Answer: A

Concept: The nature of auditing

Objective: Learning Objective 1

Difficulty: Moderate

AACSB: Analytical Thinking

3 Copyright © 2018 Pearson Education, Inc.

8) The ________ audit is concerned with the economical and efficient use of resources and the accomplishment of established goals and objectives.

A) financial

B) informational

C) information systems

D) operational

Answer: D

Concept: The nature of auditing

Objective: Learning Objective 1

Difficulty: Easy

AACSB: Analytical Thinking

9) The purpose of ________ is to determine why, how, when, and who will perform the audit.

A) audit planning

B) the collection of audit evidence

C) the communication of audit results

D) the evaluation of audit evidence

Answer: A

Concept: The nature of auditing

Objective: Learning Objective 1

Difficulty: Easy

AACSB: Analytical Thinking

10) Organizing the audit team and the physical examination of assets are components of which two separate audit stages?

A) Planning; evaluating audit evidence.

B) Planning; collecting audit evidence.

C) Collecting audit evidence; communicating audit results.

D) Communicating audit results; evaluating audit evidence.

Answer: B

Concept: The nature of auditing

Objective: Learning Objective 1

Difficulty: Moderate

AACSB: Analytical Thinking

11) Consideration of risk factors and materiality is most associated with which audit stage?

A) Collection of audit evidence.

B) Communication of audit results.

C) Audit planning.

D) Evaluation of audit evidence.

Answer: C

Concept: The nature of auditing

Objective: Learning Objective 1

Difficulty: Easy

AACSB: Analytical Thinking

4 Copyright © 2018 Pearson Education, Inc.

12) A system that employs various types of advanced technology has more ________ risk than traditional batch processing.

A) control

B) detection

C) inherent

D) investing

Answer: C

Concept: The nature of auditing

Objective: Learning Objective 1

Difficulty: Easy

AACSB: Analytical Thinking

13) An organization that has an antiquated accounting information system has more ________ risk than an organization that has a more advanced system.

A) control

B) detection

C) inherent

D) investing

Answer: A

Concept: The nature of auditing

Objective: Learning Objective 1

Difficulty: Easy

AACSB: Analytical Thinking

14) Control risk is defined as the

A) susceptibility to material risk in the absence of controls.

B) risk that a material misstatement will get through the internal control structure and into the financial statements.

C) risk that auditors and their audit procedures will not detect a material error or misstatement.

D) risk auditors will not be given the appropriate documents and records by management who wants to control audit activities and procedures.

Answer: B

Concept: The nature of auditing

Objective: Learning Objective 1

Difficulty: Easy

AACSB: Analytical Thinking

5 Copyright © 2018 Pearson Education, Inc.

15) The possibility that a material error will occur even though auditors are following audit procedures and using good judgment is referred to as

A) control risk.

B) detection risk.

C) inherent risk.

D) investigating risk.

Answer: B

Concept: The nature of auditing

Objective: Learning Objective 1

Difficulty: Easy

AACSB: Analytical Thinking

16) Auditors have the ability to change inherent risk.

Answer: FALSE

Concept: The nature of auditing

Objective: Learning Objective 1

Difficulty: Moderate

AACSB: Reflective Thinking

17) Auditors have the ability to change control risk.

Answer: FALSE

Concept: The nature of auditing

Objective: Learning Objective 1

Difficulty: Moderate

AACSB: Reflective Thinking

18) Auditors have the ability to change detection risk.

Answer: TRUE

Concept: The nature of auditing

Objective: Learning Objective 1

Difficulty: Moderate

AACSB: Reflective Thinking

19) The ________ stage of the auditing process involves (among other things) the auditors observing the operating activities and having discussions with employees.

A) audit planning

B) collection of audit evidence

C) communication of audit results

D) evaluation of audit evidence

Answer: B

Concept: The fraud triangle

Objective: Learning Objective 1

Difficulty: Easy

AACSB: Analytical Thinking

6 Copyright © 2018 Pearson Education, Inc.

20) Verifying the accuracy of certain information, often through communication with third parties, is known as

A) reperformance.

B) confirmation.

C) substantiation.

D) documentation.

Answer: B

Concept: The nature of auditing

Objective: Learning Objective 1

Difficulty: Moderate

AACSB: Analytical Thinking

21) The evidence collection method that examines all supporting documents to determine the validity of a transaction is called

A) review of documentation.

B) vouching.

C) physical examination.

D) analytical review.

Answer: B

Concept: The nature of auditing

Objective: Learning Objective 1

Difficulty: Moderate

AACSB: Analytical Thinking

22) The evidence collection method that considers the relationships and trends among information to detect items that should be investigated further is called

A) review of the documentation.

B) vouching.

C) physical examination.

D) analytical review.

Answer: D

Concept: The nature of auditing

Objective: Learning Objective 1

Difficulty: Moderate

AACSB: Analytical Thinking

23) An auditor searching for a shipping document to ensure that the sales number recorded in the sales journal was properly supported. This is an example of

A) review of the documentation.

B) vouching.

C) confirmation.

D) analytical review.

Answer: B

Concept: The nature of auditing

Objective: Learning Objective 1

Difficulty: Moderate

AACSB: Reflective Thinking

7 Copyright © 2018 Pearson Education, Inc.

24) An auditor calculates the current ratio of the company to determine its ability to pay off its current financial obligation. This is an example of

A) review of the documentation.

B) vouching.

C) confirmation.

D) analytical review.

Answer: D

Concept: The nature of auditing

Objective: Learning Objective 1

Difficulty: Moderate

AACSB: Reflective Thinking

25) Auditors often use reperformance to test a company's internal control.

Answer: TRUE

Concept: The nature of auditing

Objective: Learning Objective 1

Difficulty: Moderate

AACSB: Reflective Thinking

26) Assessing the quality of internal controls, the reliability of information, and operating performance are all part of

A) audit planning.

B) collection of audit evidence.

C) communication of audit results.

D) evaluation of audit evidence.

Answer: D

Concept: The nature of auditing

Objective: Learning Objective 1

Difficulty: Easy

AACSB: Analytical Thinking

27) The auditor's objective is to seek ________ that no material error exists in the information audited.

A) absolute reliability

B) reasonable objectivity

C) reasonable evidence

D) reasonable assurance

Answer: D

Concept: The nature of auditing

Objective: Learning Objective 1

Difficulty: Moderate

AACSB: Analytical Thinking

8 Copyright © 2018 Pearson Education, Inc.

28) Which of the choices below best describes a risk-based audit approach?

A) A four-step approach to internal control evaluation.

B) A three-step approach to internal control evaluation.

C) A four-step approach to financial statement review and recommendations.

D) A three-step approach to financial statement review and recommendations.

Answer: A

Concept: The nature of auditing

Objective: Learning Objective 1

Difficulty: Easy

AACSB: Analytical Thinking

29) The first step in a risk-based audit approach is to

A) evaluate the control procedures.

B) determine the threats facing the AIS.

C) identify the control procedures that should be in place.

D) evaluate weaknesses to determine their effect on the audit procedures.

Answer: B

Concept: The nature of auditing

Objective: Learning Objective 1

Difficulty: Easy

AACSB: Analytical Thinking

30) ________ can determine whether the necessary control procedures are in place.

A) A systems review

B) A systems overhaul

C) Tests of controls

D) Both B and C

Answer: A

Concept: The nature of auditing

Objective: Learning Objective 1

Difficulty: Challenging

AACSB: Analytical Thinking

31) When a control deficiency is identified, the auditor should inquire about

A) tests of controls.

B) compensating controls.

C) the feasibility of a systems review.

D) materiality and inherent risk factors.

Answer: B

Concept: The nature of auditing

Objective: Learning Objective 1

Difficulty: Moderate

AACSB: Analytical Thinking

9 Copyright © 2018 Pearson Education, Inc.

32) The ________ to auditing provides auditors with a clear understanding of possible errors and irregularities and the related risks and exposures.

A) risk-based approach

B) risk-adjusted approach

C) financial audit approach

D) information systems approach

Answer: A

Concept: The nature of auditing

Objective: Learning Objective 1

Difficulty: Easy

AACSB: Analytical Thinking

33) Increasing the effectiveness of internal controls would have the greatest effect on

A) reducing inherent risk.

B) reducing control risk.

C) reducing detection risk.

D) reducing audit risk.

Answer: B

Concept: The fraud triangle

Objective: Learning Objective 1

Difficulty: Challenging

AACSB: Analytical Thinking

34) Expanding a firm's operations to include a manufacturing facility overseas will

A) reduce inherent risk.

B) reduce control risk.

C) increase inherent risk.

D) increase control risk.

Answer: C

Concept: The nature of auditing

Objective: Learning Objective 1

Difficulty: Easy

AACSB: Analytical Thinking

35) Increasing the effectiveness of auditing software will

A) reduce detection risk.

B) reduce control risk.

C) increase detection risk.

D) increase control risk.

Answer: A

Concept: The nature of auditing

Objective: Learning Objective 1

Difficulty: Moderate

AACSB: Analytical Thinking

10 Copyright © 2018 Pearson Education, Inc.

36) There is a direct relationship between inherent risk and detection risk.

Answer: FALSE

Concept: The nature of auditing

Objective: Learning Objective 1

Difficulty: Challenging

AACSB: Reflective Thinking

37) There is an inverse relationship between control risk and detection risk.

Answer: TRUE

Concept: The nature of auditing

Objective: Learning Objective 1

Difficulty: Challenging

AACSB: Reflective Thinking

38) An auditor examines all documents related to the acquisition, repair history, and disposal of a firm's delivery van. This is an example of collecting audit evidence by

A) confirmation.

B) reperformance.

C) vouching.

D) analytical review.

Answer: C

Concept: The nature of auditing

Objective: Learning Objective 1

Difficulty: Moderate

AACSB: Analytical Thinking

39) An auditor manually calculates accumulated depreciation on a delivery van and compares her calculation with the accounting records. The auditor is performing

A) vouching.

B) confirmation.

C) reperformance.

D) analytical review.

Answer: C

Concept: The nature of auditing

Objective: Learning Objective 1

Difficulty: Easy

AACSB: Analytical Thinking

11 Copyright © 2018 Pearson Education, Inc.

40) An auditor finds that employee absentee rates are significantly higher on Mondays and Fridays than on other work days. This is an example collecting audit evidence by

A) confirmation.

B) reperformance.

C) vouching.

D) analytical review.

Answer: D

Concept: The nature of auditing

Objective: Learning Objective 1

Difficulty: Moderate

AACSB: Analytical Thinking

41) Which of the following is not one of the types of internal audits?

A) A review of the corporate organizational structure and reporting hierarchies.

B) An examination of procedures for reporting and disposing of hazardous waste.

C) A review of source documents and general ledger accounts to determine integrity of recorded transactions.

D) A comparison of estimates and analysis made before purchase of a major capital asset to actual numbers and results achieved.

Answer: A

Concept: The nature of auditing

Objective: Learning Objective 1

Difficulty: Moderate

AACSB: Reflective Thinking

42) Explain the differences between each type of audit risk.

Answer: Inherent risk is the threat faced just by conducting business in a chosen way. For example, a business with multiple locations in several foreign countries faces more threats than a business with a single location. Control risk is the threat that a company has inadequate, nonexistent or unenforced policies and procedures to prevent errors and fraud from getting into the system and being reflected in the financial statements. Detection risk is the threat that errors or fraud get into the system and audit procedures do not identify the errors or fraud.

Concept: The nature of auditing

Objective: Learning Objective 1

Difficulty: Moderate

AACSB: Analytical Thinking

43) How and to whom does an auditor communicate the audit results?

Answer: The auditor prepares a written report summarizing the findings and recommendations, with references to supporting evidence in working papers. The report is presented to management, the audit committee, the board of directors, and other appropriate parties. The auditor then follows up later to determine if recommendations were implemented.

Concept: The nature of auditing

Objective: Learning Objective 1

Difficulty: Easy

AACSB: Analytical Thinking

12 Copyright © 2018 Pearson Education, Inc.

44) How is a financial audit different from an information systems audit?

Answer: Financial audits examine the reliability and integrity of accounting records in terms of financial and operating information. An information systems (IS) audit reviews the general and application controls of an AIS to assess its compliance with internal control policies and procedures and its effectiveness in safeguarding assets. Although the AIS may generate accounting records and financial information, it is important that the AIS itself be audited to verify compliance with internal controls and procedures.

Concept: The nature of auditing

Objective: Learning Objective 1

Difficulty: Moderate

AACSB: Analytical Thinking

45) Why do all audits follow a sequence of events that can be divided into four stages, and what are the four stages?

Answer: The auditor's function generally remains the same no matter what type of audit is being conducted. The process of auditing can be broken down into the four stages of planning, collecting evidence, evaluating evidence, and communicating audit results. These stages form a working template for any type of financial, information systems, or operational or management audits.

Concept: The nature of auditing

Objective: Learning Objective 1

Difficulty: Easy

AACSB: Analytical Thinking

46) Name and describe the different types of audits.

Answer: The financial audit this audit examines the reliability and integrity of accounting records (both financial and operating information).

The information systems audit this audit reviews the general and application controls of an AIS and assesses its compliance with internal control policies and procedures and effectiveness in safeguarding assets.

The operational or management audit this audit conducts an evaluation of the efficient and effective use of resources, as well as an evaluation of the accomplishment of established goals and objectives.

Concept: The nature of auditing

Objective: Learning Objective 1

Difficulty: Moderate

AACSB: Analytical Thinking

13 Copyright © 2018 Pearson Education, Inc.

47) Describe the risk-based audit approach.

Answer: The risk-based audit approach has four steps that evaluate internal controls. This approach provides a logical framework for conducting an audit of the internal control structure of a system. The first step is to determine the threats facing the AIS. Threats here can be defined as errors and irregularities in the AIS. Once the threat risk has been established, the auditor should identify the control procedures that should be in place to minimize each threat. The control procedures identified should either be able to prevent or detect errors and irregularities within the AIS. The next step is to evaluate the control procedures. This step includes a systems review of documentation and also interviewing the appropriate personnel to determine whether the needed procedures are in place within the system. The auditor can then use tests of controls to determine if the procedures are being satisfactorily followed. The fourth step is to evaluate weaknesses found in the AIS. Weaknesses here means errors and irregularities not covered by the AIS control procedures. When such deficiencies are identified, the auditor should see if there are compensating controls that may counterbalance the deficiency. A deficiency in one area may be neutralized given control strengths in other areas. The ultimate goal of the risk-based approach is to provide the auditor with a clear understanding of errors and irregularities that may be in the system along with the related risks and exposures. Once an understanding has been obtained, the auditor may provide recommendations to management as to how the AIS control system can be improved.

Concept: The nature of auditing

Objective: Learning Objective 1

Difficulty: Challenging

AACSB: Analytical Thinking

48) Describe how audit evidence can be collected.

Answer: Since the audit effort revolves around the identification, collection, and evaluation of evidence, most audit effort is spent in the collection process. To identify, collect, and evaluate evidence, several methods have been developed to assist in the effort. These methods include: 1) the observation of the activities being audited; 2) a review of documentation to gain a better understanding of the AIS; 3) discussions with employees about their jobs and how procedures are carried out; 4) the creation and administration of questionnaires to gather data about the system; examination of tangible assets; 6) confirmation of the accuracy of certain information; of selected calculations; 8) vouching for the validity of a transaction by examination of all supporting documentation; and, 9) analytical review of relationships and trends among information to detect items that should be further investigated. It is important to remember that only a sample of evidence is collected for audit purposes, as it is not feasible to perform audit procedures on the entire set of activities, records, assets, or documents that are under the review process in an audit.

Concept: The nature of auditing

Objective: Learning Objective 1

Difficulty: Moderate

AACSB: Analytical Thinking

14 Copyright © 2018 Pearson Education, Inc.

49) Describe the concept of materiality and provide an example.

Answer: Materiality is the amount of an error, fraud, or omission that would affect the decision of a prudent user of financial information. Determining materiality, what is and is not important in an audit, is a matter of professional judgment. Materiality is more important to external audits, where the emphasis is fairness of financial statement, than to internal audits, where the focus is on adherence to management policies. Students' answers may vary depending on their examples.

Concept: The nature of auditing

Objective: Learning Objective 1

Difficulty: Moderate

AACSB: Analytical Thinking

2 Identify the six objectives of an information system audit, and describe how the risk-based audit approach can be used to accomplish these objectives.

1) What is the purpose of an information systems audit?

A) To determine the inherent risk factors found in the system.

B) To review and evaluate the internal controls that protect the system.

C) To examine the reliability and integrity of accounting records.

D) To examine whether resources have been used in an economical and efficient manner in keeping with organization goals and objectives.

Answer: B

Concept: Information systems audit

Objective: Learning Objective 2

Difficulty: Moderate

AACSB: Analytical Thinking

2) The information systems audit objective that pertains to source data being processed into some form of output is known as

A) overall security.

B) program development.

C) program modifications.

D) processing.

Answer: D

Concept: Information systems audit

Objective: Learning Objective 2

Difficulty: Easy

AACSB: Analytical Thinking

15 Copyright © 2018 Pearson Education, Inc.

3) The information systems audit objective that pertains to protect computer equipment, programs, communications, and data from unauthorized access, modification, or destruction is known as

A) overall security.

B) program development.

C) program modifications.

D) processing.

Answer: A

Concept: Information systems audit

Objective: Learning Objective 2

Difficulty: Easy

AACSB: Analytical Thinking

4) The information systems audit objective that pertains to having management's authorization and approval is known as

A) overall security.

B) program development.

C) program modifications.

D) processing.

Answer: C

Concept: Information systems audit

Objective: Learning Objective 2

Difficulty: Easy

AACSB: Analytical Thinking

5) Which of the following is not one of the six objectives of an information systems audit?

A) Security provisions exist to protect data from unauthorized access, modification, or destruction.

B) Obtaining evidence to provide reasonable assurance the financial statements are not materially misstated

C) Programs have been developed and acquired in accordance with management's authorization.

D) Program modifications have received management's authorization and approval.

Answer: B

Concept: Information systems audit

Objective: Learning Objective 2

Difficulty: Moderate

AACSB: Analytical Thinking

16 Copyright © 2018 Pearson Education, Inc.

6) Which of the following is not an information systems audit test of controls?

A) Observe computer-site access procedures.

B) Investigate how unauthorized access attempts are handled.

C) Review logical access policies and procedures.

D) Examine the results of disaster recovery plan simulations.

Answer: C

Concept: Information security concepts

Objective: Learning Objective 2

Difficulty: Moderate

AACSB: Analytical Thinking

7) Which of the following is an information systems audit review procedure?

A) Verify the extent and effectiveness of encryption.

B) Inspect computer sites.

C) Test assignment procedures for user IDs.

D) Observe the preparation of backup files.

Answer: B

Concept: Information systems audit

Objective: Learning Objective 2

Difficulty: Moderate

AACSB: Analytical Thinking

8) Which of the following is not a control procedure for preventing inadvertent programming errors?

A) Review software license agreements.

B) Test new programs, including user acceptance testing.

C) Purchase hardware only from management approved vendors.

D) Require management approval of programming specifications.

Answer: C

Concept: Information systems audit

Objective: Learning Objective 2

Difficulty: Moderate

AACSB: Analytical Thinking

9) You are the head of the IT department at Panther Designs, Inc. A systems review reveals that your firm has poor control procedures for preventing inadvertent programming errors. However, you are not concerned because you feel Panther Designs has strong compensating controls. What control likely exists to give you this confidence?

A) The internal audit department processes test data at Panther Designs.

B) Panther Designs pays its employees well, decreasing the likelihood of errors.

C) Panther Designs only hires competent programmers, decreasing the likelihood of errors.

D) All of Panther Design's IT applications are less than 2 years old.

Answer: A

Concept: Information systems audit

Objective: Learning Objective 2

Difficulty: Moderate

AACSB: Reflective Thinking

17 Copyright © 2018 Pearson Education, Inc.

10) You are an internal auditor for Ron Burgandy Suits. The CEO has asked you to perform an audit of the program modifications process. Identify one procedure you might use to test controls surrounding the program modification process.

A) Review logical access control policies.

B) Discuss modification policies with management, users, and systems personnel.

C) Verify logical access controls are in effect for program changes.

D) Separate development, test, and production versions of programs.

Answer: C

Concept: Information systems audit

Objective: Learning Objective 2

Difficulty: Moderate

AACSB: Reflective Thinking

11) What is a test data generator?

A) It is an application that records how well systems personnel have performed on company competency examinations.

B) It is an application that prepares data that can be used for auditing the effectiveness of computer processing.

C) It is an application that records which professional examinations systems personnel have obtained.

D) It is a backup generator application that can be used to generate data if the original storage device fails.

Answer: B

Concept: Information systems audit

Objective: Learning Objective 2

Difficulty: Moderate

AACSB: Analytical Thinking

12) Embedded audit molecules can be used to continually monitor the system and collect audit evidence.

Answer: TRUE

Concept: The nature of auditing

Objective: Learning Objective 2

Difficulty: Easy

AACSB: Analytical Thinking

18 Copyright © 2018 Pearson Education, Inc.

13) Describe the difference between concurrent audit techniques and embedded audit modules. Answer: Auditors use concurrent audit techniques to continually monitor the system and collect audit evidence while live data are processed during regular operating hours. Concurrent audit techniques use embedded audit modules, which are program code segments that perform audit functions, report test results, and store the evidence collected for auditor review. Concurrent audit techniques are time-consuming and difficult to use but are less so if incorporated when programs are developed.

Concept: Information systems audit

Objective: Learning Objective 2

Difficulty: Moderate

AACSB: Analytical Thinking

14) Describe the five commonly used concurrent audit techniques. Answer: (1) Integrated test facility - Inserting a dummy entity in a company's system; processing test transactions to update them will not affect actual records. (2) Snapshot technique - Marking transactions with a special code, recording them and their master file records before and after processing, and storing the data to later verify that all processing steps were properly executed. (3) System control audit review file (SCARF) - Using embedded audit modules to continuously monitor transactions, collect data on transactions with special audit significance, and store the data to later identify and investigate questionable transactions. (4) Audit hooksAudit routines that notify auditors of questionable transactions, often as they occur. (5) Continuous and intermittent simulation (CIS) - Embedding an audit module in a DBMS that uses specified criteria to examine all transactions that update the database.

Concept: Information systems audit

Objective: Learning Objective 2

Difficulty: Moderate

AACSB: Analytical Thinking

15) Using embedded audit modules to continuously monitor transactions, collect data on transactions with special audit significance, and store the data to later identify and investigate questionable transactions is an example of

A) integrated test facility.

B) snapshot technique.

C) system control audit review file.

D) audit hooks.

Answer: C

Concept: Information systems audit

Objective: Learning Objective 2

Difficulty: Difficult

AACSB: Analytical Thinking

19 Copyright © 2018 Pearson Education, Inc.

16) Audit routines that notify auditors of questionable transactions, often as they occur is an example of

A) integrated test facility.

B) snapshot technique.

C) system control audit review file.

D) audit hooks.

Answer: D

Concept: Information systems audit

Objective: Learning Objective 2

Difficulty: Easy

AACSB: Analytical Thinking

17) Inserting a dummy entity in a company's system; processing test transactions to update that will not affect actual records is an example of

A) integrated test facility.

B) snapshot technique.

C) system control audit review file.

D) audit hooks.

Answer: A

Concept: Information systems audit

Objective: Learning Objective 2

Difficulty: Easy

AACSB: Analytical Thinking

18) Marking transactions with a special code, recording them and their master file records before and after processing, and storing the data to later verify that all processing steps were properly executed is an example of

A) integrated test facility.

B) snapshot technique.

C) system control audit review file.

D) audit hooks.

Answer: B

Concept: Information systems audit

Objective: Learning Objective 2

Difficulty: Easy

AACSB: Analytical Thinking

20 Copyright © 2018 Pearson Education, Inc.

19) Software that interprets a program's source code and generates a flowchart of the program's logic is called

A) automated flowcharting programs.

B) automated decision table programs.

C) mapping programs.

D) tracing program.

Answer: A

Concept: Information systems audit

Objective: Learning Objective 2

Difficulty: Easy

AACSB: Analytical Thinking

20) Software that identifies unexecuted program code is called

A) automated flowcharting programs.

B) automated decision table programs.

C) mapping programs.

D) tracing program.

Answer: C

Concept: Information systems audit

Objective: Learning Objective 2

Difficulty: Easy

AACSB: Analytical Thinking

3 Describe computer audit software, and explain how it is used in the audit of an AIS.

1) Identify the activity below that the external auditor should not be involved.

A) Examining system access logs.

B) Developing the information system.

C) Examining logical access policies and procedures.

D) Making recommendations to management for improvement of existing internal controls.

Answer: B

Concept: Auditing software

Objective: Learning Objective 3

Difficulty: Moderate

AACSB: Analytical Thinking

2) What role should an auditor play in system development?

A) an independent reviewer only

B) a developer of internal controls

C) an advisor and developer of internal control specifications

D) A and B above

Answer: A

Concept: Auditing software

Objective: Learning Objective 3

Difficulty: Moderate

AACSB: Analytical Thinking

21 Copyright © 2018 Pearson Education, Inc.

3) Which statement below is incorrect regarding program modifications?

A) Only material program changes should be thoroughly tested and documented.

B) During the change process, the developmental version of the program must be kept separate from the production version.

C) After the modified program has received final approval, the change is implemented by replacing the developmental version with the production version.

D) When a program change is submitted for approval, a list of all required updates should be compiled and then approved by management and program users.

Answer: A

Concept: Auditing software

Objective: Learning Objective 3

Difficulty: Easy

AACSB: Analytical Thinking

4) How could auditors determine if unauthorized program changes have been made?

A) By interviewing and making inquiries of the programming staff.

B) By examining the systems design and programming documentation.

C) By using a source code comparison program.

D) By interviewing and making inquiries of recently terminated programming staff.

Answer: C

Concept: Auditing software

Objective: Learning Objective 3

Difficulty: Moderate

AACSB: Analytical Thinking

5) Which auditing technique will not assist in determining if unauthorized programming changes have been made?

A) The use of a source code comparison program.

B) The use of the reprocessing technique to compare program output.

C) By interviewing and making inquiries of the programming staff.

D) The use of parallel simulation to compare program output.

Answer: C

Concept: Auditing software

Objective: Learning Objective 3

Difficulty: Easy

AACSB: Analytical Thinking

6) Strong ________ controls can partially compensate for inadequate ________ controls.

A) development; processing

B) processing; development

C) operational; internal

D) internal; operational

Answer: B

Concept: Auditing software

Objective: Learning Objective 3

Difficulty: Moderate

AACSB: Analytical Thinking

22 Copyright © 2018 Pearson Education, Inc.

7) The ________ procedure for auditing computer process controls uses a hypothetical series of valid and invalid transactions.

A) concurrent audit techniques

B) test data processing

C) integrated test facility

D) dual process

Answer: B

Concept: Auditing software

Objective: Learning Objective 3

Difficulty: Moderate

AACSB: Analytical Thinking

8) The auditor uses ________ to continuously monitor the system and collect audit evidence while live data are processed.

A) test data processing

B) parallel simulation

C) concurrent audit techniques

D) analysis of program logic

Answer: C

Concept: Auditing software

Objective: Learning Objective 3

Difficulty: Moderate

AACSB: Analytical Thinking

9) Auditors have several techniques available to them to test computer-processing controls. An audit technique that immediately alerts auditors of suspicious transactions is known as

A) a SCARF.

B) reperformance.

C) the snapshot technique.

D) an audit hook.

Answer: D

Concept: Auditing software

Objective: Learning Objective 3

Difficulty: Moderate

AACSB: Analytical Thinking

23 Copyright © 2018 Pearson Education, Inc.

10) A type of software that auditors can use to analyze program logic and detect unexecuted program code is

A) an audit log.

B) a mapping program.

C) a scanning routine.

D) program tracing.

Answer: B

Concept: Auditing software

Objective: Learning Objective 3

Difficulty: Moderate

AACSB: Analytical Thinking

11) ________ is one tool used to document source data controls.

A) An input control matrix

B) A flowchart generator program

C) A program algorithm matrix

D) A mapping program

Answer: A

Concept: Auditing software

Objective: Learning Objective 3

Difficulty: Moderate

AACSB: Analytical Thinking

12) The use of a secure file library and restrictions on physical access to data files are control procedures used together to prevent

A) an employee or outsider obtaining data about an important client.

B) a data entry clerk from introducing data entry errors into the system.

C) a computer operator from losing or corrupting files or data during transaction processing.

D) programmers making unauthorized modifications to programs.

Answer: A

Concept: Auditing software

Objective: Learning Objective 3

Difficulty: Challenging

AACSB: Reflective Thinking

13) An auditor creates a fictitious customer in the system and then creates several fictitious sales to the customer. The records are then tracked as they are processed by the system. The auditor is using

A) an integrated test facility.

B) the snapshot technique.

C) a system control audit review file.

D) continuous and intermittent simulation.

Answer: A

Concept: Auditing software

Objective: Learning Objective 3

Difficulty: Moderate

AACSB: Analytical Thinking

24 Copyright © 2018 Pearson Education, Inc.

14) An auditor sets an embedded audit module to flag all credit transactions in excess of $5,000. The flag causes the system state to be recorded before and after each transaction is processed. The auditor is using

A) audit hooks.

B) an integrated test facility.

C) the snapshot technique.

D) a system control audit review file.

Answer: C

Concept: Auditing software

Objective: Learning Objective 3

Difficulty: Moderate

AACSB: Analytical Thinking

15) An auditor sets an embedded audit module to record all credit transactions in excess of $5,000 and stores the data in an audit log. The auditor is using

A) audit hooks.

B) the snapshot technique.

C) a system control audit review file.

D) continuous and intermittent simulation.

Answer: C

Concept: Auditing software

Objective: Learning Objective 3

Difficulty: Moderate

AACSB: Analytical Thinking

16) An auditor sets an embedded audit module to flag questionable online transactions, display information about the transaction on the auditor's computer, and send a text message to the auditor's cell phone. The auditor is using

A) the snapshot technique.

B) a system control audit review file.

C) audit hooks.

D) continuous and intermittent simulation.

Answer: C

Concept: Auditing software

Objective: Learning Objective 3

Difficulty: Moderate

AACSB: Analytical Thinking

25 Copyright © 2018 Pearson Education, Inc.

17) An auditor sets an embedded audit module to selectively monitor transactions. Selected transactions are then reprocessed independently, and the results are compared with those obtained by the normal system processing. The auditor is using

A) an integrated test facility.

B) the snapshot technique.

C) a system control audit review file.

D) continuous and intermittent simulation.

Answer: D

Concept: Auditing software

Objective: Learning Objective 3

Difficulty: Moderate

AACSB: Analytical Thinking

18) When programmers are working with program code, they often employ utilities that are also used in auditing. For example, as program code evolves, it is often the case that blocks of code are superseded by other blocks of code. Blocks of code that are not executed by the program can be identified by

A) embedded audit modules.

B) scanning routines.

C) mapping programs.

D) automated flow charting programs.

Answer: C

Concept: Auditing software

Objective: Learning Objective 3

Difficulty: Moderate

AACSB: Analytical Thinking

19) When programmers are working with program code, they often employ utilities that are also used in auditing. For example, as program code evolves, it is often the case that variables defined during the early part of development become irrelevant. The occurrences of variables that are not used by the program can be found using

A) program tracing.

B) scanning routines.

C) mapping programs.

D) embedded audit modules.

Answer: B

Concept: Auditing software

Objective: Learning Objective 3

Difficulty: Moderate

AACSB: Analytical Thinking

26 Copyright © 2018 Pearson Education, Inc.

20) Explain why the auditor's role in program development and acquisition should be limited.

Answer: The auditor's role in any organization systems development should be limited only to an independent review of systems development activities. The key to the auditor's role is independence; the only way auditors can maintain the objectivity necessary for performing an independent evaluation function is by avoiding any and all involvement in the development of the system itself. If auditor independence is impaired, the audit itself may be of little value and its results could easily be called into question. The auditors could be basically reviewing their own work.

Concept: Auditing software

Objective: Learning Objective 3

Difficulty: Moderate

AACSB: Analytical Thinking

21) Audit tests and procedures traditionally have been performed on a sample basis. Do options exist for auditors to test significantly more (or all) transactions?

Answer: Computer assisted audit techniques (CAATS) allow auditors to automate and simplify the audit process. Large amounts of data can be examined by software, created from auditorsupplied specifications. Two popular CAATS packages are Audit Control Language (ACL) and Interactive Data Extraction and Analysis (IDEA). Auditors can also use concurrent audit techniques to identify and collect information about certain types of transactions in real-time. Examples of concurrent audit techniques are embedded audit modules, integrated test facility, system control audit review file (SCARF), snapshot technique, audit hooks and continuous and intermittent simulation (CIS).

Concept: Auditing software

Objective: Learning Objective 3

Difficulty: Moderate

AACSB: Analytical Thinking

22) When doing an information systems audit, auditors must review and evaluate the program development process. What errors or fraud could occur during the program development process?

Answer: There can be unintentional errors due to misunderstood systems specifications, incomplete specifications, or poor programming. Developers could insert unauthorized code instructions into the program for fraudulent purposes.

Concept: Auditing software

Objective: Learning Objective 3

Difficulty: Moderate

AACSB: Analytical Thinking

27 Copyright © 2018 Pearson Education, Inc.

23) Briefly describe tests that can be used to detect unauthorized program modifications.

Answer: Review procedures for requesting, approving, programming, and testing changes. Review or observe specific testing and implementation procedures. Compare source code from the approved and tested program with the program code currently in use. Randomly and without notice, use the source code from the approved and tested program to reprocess transactions, and compare the results with the operational system results. Write new code designed to replicate the approved and tested code and use parallel simulation to reprocess transactions, and compare the results with the operational system results.

Concept: Auditing software

Objective: Learning Objective 3

Difficulty: Challenging

AACSB: Analytical Thinking

24) Define and give examples of embedded audit modules.

Answer: Embedded audit modules are segments of program code that perform audit functions, report test results and store collected evidence for later review. An Integrated Test Facility (ITF) processes fictitious records through the operational system in real-time. The snapshot technique records master file records immediately before and immediately after processing specifically selected transactions. A System Control Audit Review File (SCARF) continuously monitors transactions and collects transaction data that meet, or fall outside, predetermined criteria. Audit Hooks immediately notify auditors of suspicious transactions being processed, or submitted for processing. Continuous and Intermittent Simulation (CIS) identifies specific transactions with audit significance and processes the transactions parallel to the operational system. If discrepancies result, the CIS can store the evidence for later review or can prevent transaction processing.

Concept: Auditing software

Objective: Learning Objective 3

Difficulty: Challenging

AACSB: Reflective Thinking

25) a) What is test data processing? b) How is it done? c) What are the sources that an auditor can use to generate test data?

Answer: a) Test data processing is a technique used to examine the integrity of the computer processing controls. b) Test data processing involves the creation of a series of hypothetical valid and invalid transactions and the introduction of those transactions into the system. The invalid data may include records with missing data, fields containing unreasonably large amounts, invalid account numbers, etc. If the program controls are working, then all invalid transactions should be rejected. Valid transactions should all be properly processed. c) The various ways test data can be generated are: A listing of actual transactions. The initial transactions used by the programmer to test the system. A test data generator program that generates data using program specifications.

Concept: Auditing software

Objective: Learning Objective 3

Difficulty: Challenging

AACSB: Reflective Thinking

28 Copyright © 2018 Pearson Education, Inc.

26) Describe the disadvantages of test data processing.

Answer: The auditor must spend considerable time developing an understanding of the system and preparing an adequate set of test transactions. Care must be taken to ensure that test data does not affect the company's files and databases. The auditor can reverse the effects of the test transactions or process the transactions in a separate run using a copy of the file or database. However, a separate run removes some of the authenticity obtained from processing test data with regular transactions. Also, since the reversal procedures may reveal the existence and nature of the auditor's test to key personnel, it can be less effective than a concealed test.

Concept: Auditing software

Objective: Learning Objective 3

Difficulty: Moderate

AACSB: Analytical Thinking

27) An audit software program that generates programs that perform certain audit functions, based on auditor specifications, is referred to as a(n)

A) input controls matrix.

B) CAATS.

C) embedded audit module.

D) mapping program.

Answer: B

Concept: Auditing software

Objective: Learning Objective 3

Difficulty: Moderate

AACSB: Analytical Thinking

28) An auditor might use ________ to convert data from several sources into a single common format.

A) Windows Media Converter

B) concurrent audit technique

C) computer assisted audit techniques software

D) Adobe Professional

Answer: C

Concept: Auditing software

Objective: Learning Objective 3

Difficulty: Easy

AACSB: Analytical Thinking

29) An auditor might use ________ to examining large data files.

A) Excel

B) Access

C) IDEA

D) SQL

Answer: C

Concept: Auditing software

Objective: Learning Objective 3

Difficulty: Easy

AACSB: Analytical Thinking

29 Copyright © 2018 Pearson Education, Inc.

30) What is the primary purpose of computer audit software?

A) To eliminate auditor judgment errors.

B) To assist the auditor in retrieving and reviewing information.

C) To help auditors detect unauthorized modifications to system program code.

D) To help auditors recheck all mathematical calculations, cross-foot, reprocess financial statements and compare to originals.

Answer: B

Concept: Auditing software

Objective: Learning Objective 3

Difficulty: Easy

AACSB: Analytical Thinking

31) How has the U.S. government deployed computer-assisted audit techniques to reduce the budget?

A) To identify fraudulent Medicare claims.

B) To identify fraudulent defense spending.

C) To identify fraudulent tax returns.

D) All of the above.

Answer: A

Concept: Auditing software

Objective: Learning Objective 3

Difficulty: Challenging

AACSB: Analytical Thinking

32) One of the advantages of CAATS software is that it can replace the auditor's judgment in specific areas of an audit.

Answer: FALSE

Concept: Auditing software

Objective: Learning Objective 3

Difficulty: Easy

AACSB: Analytical Thinking

33) Identify the company below that CAATS would likely provide the most value.

A) A local car dealership.

B) A local floral shop.

C) A large grocery store that uses an ERP system.

D) A medium-sized restaurant chain with restaurants in many cities.

Answer: D

Concept: Auditing software

Objective: Learning Objective 3

Difficulty: Moderate

AACSB: Reflective Thinking

30 Copyright © 2018 Pearson Education, Inc.

34) Which of the following is not one way CAATS could be used?

A) To merge files.

B) To test files for specific risks.

C) To process electronic transactions.

D) To query data files to retrieve records meeting specified criteria.

Answer: C

Concept: Auditing software

Objective: Learning Objective 3

Difficulty: Moderate

AACSB: Analytical Thinking

35) What type of data does CAATS use to produce an auditing program?

A) Archived data.

B) Backup data.

C) Live data.

D) A copy of live data.

Answer: D

Concept: Auditing software

Objective: Learning Objective 3

Difficulty: Moderate

AACSB: Analytical Thinking

36) Describe some of the important uses of CAATs.

Answer: Here are some of the important uses of CAATs: Querying data files to retrieve records meeting specified criteria; Creating, updating, comparing, downloading, and merging files; Summarizing, sorting, and filtering data; Accessing data in different formats and converting the data into a common format; Examining records for quality, completeness, consistency, and correctness; Stratifying records, selecting and analyzing statistical samples; Testing for specific risks and identifying how to control for that risk; Performing calculations, statistical analyses, and other mathematical operations; Performing analytical tests, such as ratio and trend analysis, looking for unexpected or unexplained data patterns that may indicate fraud; Identifying financial leakage, policy noncompliance, and data processing errors; Reconciling physical counts to computed amounts, testing clerical accuracy of extensions and balances, testing for duplicate items; Formatting and printing reports and documents; Creating electronic work papers.

Concept: Auditing software

Objective: Learning Objective 3

Difficulty: Moderate

AACSB: Analytical Thinking

31 Copyright © 2018 Pearson Education, Inc.

4 Describe the nature and scope of an operational audit.

1) The scope of a(n) ________ audit encompasses all aspects of systems management.

A) operational

B) information systems

C) financial

D) internal control

Answer: A

Concept: Operational audits of an AIS

Objective: Learning Objective 4

Difficulty: Moderate

AACSB: Analytical Thinking

2) Evaluating effectiveness, efficiency, and goal achievement are objectives of ________ audits.

A) financial

B) operational

C) information systems

D) all of the above

Answer: B

Concept: Operational audits of an AIS

Objective: Learning Objective 4

Difficulty: Easy

AACSB: Analytical Thinking

3) In the ________ stage of an operational audit, the auditor measures the actual system against an ideal standard.

A) evidence collection

B) evidence evaluation

C) testing

D) internal control

Answer: B

Concept: Preserving confidentiality

Objective: Learning Objective 4

Difficulty: Easy

AACSB: Analytical Thinking

4) The evidence collection stage of an operational audit includes all the following activities except

A) reviewing operational policies.

B) establishing audit objectives.

C) testing the accuracy of operating information.

D) testing controls.

Answer: B

Concept: Operational audits of an AIS

Objective: Learning Objective 4

Difficulty: Easy

AACSB: Analytical Thinking

32 Copyright © 2018 Pearson Education, Inc.

5) During the evidence evaluation stage of an operational audit, the auditor measures the system against generally accepted accounting principles (GAAP).

Answer: FALSE

Concept: Operational audits of an AIS

Objective: Learning Objective 4

Difficulty: Easy

AACSB: Analytical Thinking

6) As the head of the internal audit department for Orange Computing, you want to hire a person to serve as one of Orange's operational auditors. Identify the candidate below that is likely to be the most qualified person for the job.

A) Jane, a CPA who has 10 years of audit experience

B) Kasheena, an MBA who has 10 years of management experience

C) Joe, a CISA who has 10 years of IT audit experience

D) Vahlia, a CPA who has 7 years of audit experience and 3 years of management experience

Answer: D

Concept: Operational audits of an AIS

Objective: Learning Objective 4

Difficulty: Challenging

AACSB: Analytical Thinking

7) Who generally receives the findings and conclusions of an operational audit?

A) The board of directors.

B) Management.

C) The external auditor.

D) The IRS.

Answer: B

Concept: Operational audits of an AIS

Objective: Learning Objective 4

Difficulty: Moderate

AACSB: Analytical Thinking

8) Andile Uzoma is the CEO of Chibuzo Incorporated. The board of directors has recently demanded that they receive independent assurance regarding the financial statements, which are generated using an accounting information system. Which type of audit would best suit the demands of the board of directors?

A) Financial audit.

B) Information system audit.

C) Operational audit.

D) Sustainability audit.

Answer: A

Concept: Operational audits of an AIS

Objective: Learning Objective 4

Difficulty: Moderate

AACSB: Analytical Thinking

33 Copyright © 2018 Pearson Education, Inc.

9) Andile Uzoma is the CEO of Chibuzo Incorporated. The board of directors has recently demanded that they receive more assurance that internal controls surrounding the company's information system are effective. Which type of audit would best suit the demands of the board of directors?

A) Financial audit.

B) Information system audit.

C) Operational audit.

D) Sustainability audit.

Answer: B

Concept: Operational audits of an AIS

Objective: Learning Objective 4

Difficulty: Moderate

AACSB: Analytical Thinking

10) Andile Uzoma is the CEO of Chibuzo Incorporated. The board of directors has recently demanded that they receive more assurance that Chibuzo Incorporated is operating in an efficient, effective manner. Which type of audit would best suit the demands of the board of directors?

A) Financial audit.

B) Information system audit.

C) Operational audit.

D) Sustainability audit.

Answer: C

Concept: Operational audits of an AIS

Objective: Learning Objective 4

Difficulty: Moderate

AACSB: Analytical Thinking

11) With regards to an accounting information system, a financial audit is most concerned with

A) the system's output.

B) the system's input.

C) the system's processing.

D) the system's storage.

Answer: A

Concept: Operational audits of an AIS

Objective: Learning Objective 4

Difficulty: Challenging

AACSB: Analytical Thinking

34 Copyright © 2018 Pearson Education, Inc.

Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.