"the safest place to be is within the

will of god."
thursday, november 4, 2010

Internal Control and Computer Based Information Systems (CBIS)

Internal Control and Computer Based Information Systems

(CBIS)

MULTIPLE CHOICE:

1. In the weekly computer run to prepare payroll checks, a check

was printed for an employee who had been terminated the previous
week. Which of the following controls, if properly utilized, would
have been most effective in preventing the error or ensuring its
prompt detection?

a. A control total for hours worked, prepared from time cards

collected by the timekeeping department. b. Requiring the
treasurer's office to account for the number of the pre-numbered
checks issued to the CBIS department for the processing of the
payroll. c. Use of a check digit for employee numbers. d. Use of a
header label for the payroll input sheet.

ANSWER: A

2. An auditor is preparing test data for use in the audit of a

computer based accounts receivable application. Which of the
following items would be appropriate to include as an item in the
test data?

a. A transaction record which contains an incorrect master file

control total. b. A master file record which contains an invalid
customer identification number. c. A master file record which
contains an incorrect master file control total. d. A transaction
record which contains an invalid customer identification number.

ANSWER: D

3. Unauthorized alteration of on-line records can be prevented by

employing:

a. Key verification. b. Computer sequence checks. c. Computer

matching. d. Data base access controls.

ANSWER: D

4. In auditing through a computer, the test data method is used by

auditors to test the

a. Accuracy of input data. b. Validity of the output. c. Procedures

contained within the program. d. Normalcy of distribution of test
data.

ANSWER: C

5. In the preliminary survey the auditor learns that a department

has several microcomputers. Which of the following is usually true
and should be considered in planning the audit?

a. Microcomputers, though small, are capable of processing financial

information, and physical security is a control concern. b.
Microcomputers are limited to applications such as worksheet
generation and do not present a significant audit risk. c.
Microcomputers are generally under the control of the data
processing department and use the same control features. d.
Microcomputers are too small to contain any built-in control
features. Therefore, other controls must be relied upon.
ANSWER: A

6. The primary reason for internal auditing's involvement in the

development of new computer-based sysstems is to:

a. Plan post-implementation reviews. b. Promote adequate controls.

c. Train auditors in CBIS techniques.

d. Reduce overall audit effort.

ANSWER: B

7. Which of the following is an advantage of generalized computer

audit packages?

a. They are all written in one identical computer language.

b. They can be used for audits of clients that use differing CBIS
equipment and file formats. c. They have reduced the need for the
auditor to study input controls for CBIS related procedures. d. Their
use can be substituted for a relatively large part of the required
control testing.

ANSWER: B

8. Processing simulated file data provides the auditor with

information about the reliability of controls from evidence that
exists in simulated files. One of the techniques involved in this
approach makes use of

a. Controlled reprocessing. b. Program code checking. c. Printout

reviews. d. Integrated test facility.

ANSWER: D
9. Which of the following statements most likely represents a
disadvantage for an entity that keeps microcomputer-prepared data
files rather than manually prepared files?

a. It is usually more difficult to detect transposition errors. b.

Transactions are usually authorized before they are executed and
recorded. c. It is usually easier for unauthorized persons to access
and alter the files. d. Random error associated with processing
similar transactions in different ways is usually greater.

ANSWER: C

10. The possibility of losing a large amount of information stored in

computer files most likely would be reduced by the use of

a. Back-up files

b. Check digits

c. Completeness tests

d. Conversion verification.

ANSWER: A

11. An integrated test facility (ITF) would be appropriate when the

auditor needs to

a. Trace a complex logic path through an application system.

b. Verify processing accuracy concurrently with processing.

c. Monitor transactions in an application system continuously. d.

Verify load module integrity for production programs.

ANSWER: B
12. Where computer processing is used in significant accounting
applications, internal accounting control procedures may be defined
by classifying control procedures into two types: general and

a. Administrative. b. Specific. c. Application. d. Authorization.

ANSWER: C

13. The increased presence of the microcomputer in the workplace

has resulted in an increasing number of persons having access to
the computer. A control that is often used to prevent unauthorized
access to sensitive programs is:

a. Backup copies of the diskettes. b. Passwords for each of the

users. c. Disaster-recovery procedures. d. Record counts of the
number of input transactions in a batch being processed.

ANSWER: B

14. Checklists, systems development methodology, and staff hiring

are examples of what type of controls?

a. Detective. b. Preventive. c. Subjective. d. Corrective.

ANSWER: B

15. When an on-line, real-time (OLRT) computer-based processing

system is in use, internal control can be strengthened by

a. Providing for the separation of duties between keypunching and

error listing operations. b. Attaching plastic file protection rings to
reels of magnetic tape before new data can be entered on the file.
c. Making a validity check of an identification number before a user
can obtain access to the computer files. d. Preparing batch totals to
provide assurance that file updates are made for the entire input.
ANSWER: C

16. When auditing "around" the computer, the independent auditor

focuses solely upon the source documents and

a. Test data. b. CBIS processing. c. Control techniques. d. CBIS

output.

ANSWER: D

17. One of the features that distinguishes computer processing from

manual processing is

a. Computer processing virtually eliminates the occurrence of

computational error normally associated with manual processing. b.
Errors or fraud in computer processing will be detected soon after
their occurrences. c. The potential for systematic error is ordinarily
greater in manual processing than in computerized processing.

d. Most computer systems are designed so that transaction trails

useful for audit purposes do not exist.

ANSWER: A

18. Given the increasing use of microcomputers as a means for

accessing data bases, along with on-line real-time processing,
companies face a serious challenge relating to data security.
Which of the following is not an appropriate means for meeting
this challenge?

a. Institute a policy of strict identification and password

controls housed in the computer software that permit
only specified individuals to access the computer files and
perform a given function.

b. Limit terminals to perform only certain transactions.

 c. Program software to produce a log of transactions showing
date, time, type of transaction, and operator.

d. Prohibit the networking of microcomputers and do not

permit users to access centralized data bases.

ANSWER: D

19. What type of computer-based system is characterized by data

that are assembled from more than one location and records
that are updated immediately?

a. Microcomputer system. b. Minicomputer system. c. Batch

processing system. d. Online real-time system.

ANSWER: D

20. Company A has recently converted its manual payroll to a

computer-based system. Under the old system, employees
who had resigned or been terminated were occasionally kept
on the payroll and their checks were claimed and cashed by
other employees, in collusion with shop foremen. The
controller is concerned that this practice not be allowed to
continue under the new system. The best control for
preventing this form of "payroll padding" would be to

a. Conduct exit interviews with all employees leaving the

company, regardless of reason.

b. Require foremen to obtain a signed receipt from each

employee claiming a payroll check.

c. Require the human resources department to authorize all

hires and terminations, and to forward a current
computerized list of active employee numbers to payroll
 prior to processing. Program the computer to reject
inactive employee numbers.

d. Install time clocks for use by all hourly employees.

ANSWER: C

21. Compared to a manual system, a CBIS generally

1. Reduces segregation of duties. 2. Increases segregation of

duties. 3. Decreases manual inspection of processing results. 4.
Increases manual inspection of processing results.

a. 1 and 3. b. 1 and 4 c. 2 and 3 d. 2 and 4.

ANSWER: A

22. One of the major problems in a CBIS is that incompatible

functions may be performed by the same individual. One
compensating control for this is the use of

a. Echo checks. b. A self-checking digit system. c. Computer

generated hash totals. d. A computer log.

ANSWER: D

23. Which of the following processing controls would be most

effective in assisting a store manager to ascertain whether the
payroll transaction data were processed in their entirety?

a. Payroll file header record. b. Transaction identification codes. c.

Processing control totals. d. Programmed exception reporting.

ANSWER: C

24. An organizational control over CBIS operations is

a. Run-to-run balancing of control totals. b. Check digit verification
of unique identifiers. c. Separation of operating and programming
functions. d. Maintenance of output distribution logs.

ANSWER: C

25. Which of the following methods of testing application controls

utilizes a generalized audit software package prepared by the
auditors?

a. Parallel simulation. b. Integrated testing facility approach. c. Test

data approach. d. Exception report tests.

ANSWER: A

26. An unauthorized employee took computer printouts from output

bins accessible to all employees. A control which would have
prevented this occurrence is

a. A storage/retention control. b. A spooler file control. c. An output

review control. d. A report distribution control.

ANSWER: D

27. Which of the following is a disadvantage of the integrated test

facility approach?

a. In establishing fictitious entities, the auditor may be

compromising audit independence.

b. Removing the fictitious transactions from the system is

somewhat difficult and, if not done carefully, may
contaminate the client's files.

c. ITF is simply an automated version of auditing "around" the

computer.
 d. The auditor may not always have a current copy of the
authorized version of the client's program.

ANSWER: B

28. Totals of amounts in computer-record data fields which are not

usually added for other purposes but are used only for data
processing control purposes are called

a. Record totals. b. Hash totals. c. Processing data totals. d. Field

totals.

ANSWER: B

29. A hash total of employee numbers is part of the input to a

payroll master file update program. The program compares the
hash total to the total computed for transactions applied to the
master file. The purpose of this procedure is to:

a. Verify that employee numbers are valid. b. Verify that only

authorized employees are paid. c. Detect errors in payroll
calculations. d. Detect the omission of transaction processing.

ANSWER: D

30. Matthews Corp. has changed from a system of recording time

worked on clock cards to a computerized payroll system in
which employees record time in and out with magnetic cards.
The CBIS automatically updates all payroll records. Because of
this change

a. A generalized computer audit program must be used. b. Part of

the audit trail is altered. c. The potential for payroll related fraud is
diminished. d. Transactions must be processed in batches.

ANSWER: B
31. Generalized audit software is of primary interest to the auditor
in terms of its capability to

a. Access information stored on computer files. b. Select a sample

of items for testing. c. Evaluate sample test results. d. Test the
accuracy of the client's calculations.

ANSWER: A

32. An accounts payable program posted a payable to a vendor not

included in the on-line vendor master file. A control which would
prevent this error is a

a. Validity check. b. Range check. c. Reasonableness test. d. Parity

check.

ANSWER: A

33. In a computerized sales processing system, which of the

following controls is most effective in preventing sales invoice
pricing errors?

a. Sales invoices are reviewed by the product managers before

being mailed to customers.

b. Current sales prices are stored in the computer, and, as

stock numbers are entered from sales orders, the
computer automatically prices the orders.

c. Sales prices, as well as product numbers, are entered as

sales orders are entered at remote terminal locations.

d. Sales prices are reviewed and updated on a quarterly basis.

ANSWER: B
34. Which of the following is likely to be of least importance to an
auditor in reviewing the internal control in a company with a CBIS?

a. The segregation of duties within the data processing center.

b. The control over source documents. c. The documentation

maintained for accounting applications.

d. The cost/benefit ratio of data processing operations.

ANSWER: D

35. For the accounting system of Acme Company, the amounts of

cash disbursements entered into an CBIS terminal are transmitted
to the computer that immediately transmits the amounts back to
the terminal for display on the terminal screen. This display enables
the operator to

a. Establish the validity of the account number. b. Verify the amount

was entered accurately. c. Verify the authorization of the
disbursement. d. Prevent the overpayment of the account.

ANSWER: B

36. Which of the following audit techniques most likely would

provide an auditor with the most assurance about the effectiveness
of the operation of an internal control procedure?

a. Inquiry of client personnel. b. Recomputation of account balance

amounts. c. Observation of client personnel. d. Confirmation with
outside parties.

ANSWER: C
37. Adequate technical training and proficiency as an auditor
encompasses an ability to understand a CBIS sufficiently to identify
and evaluate

a. The processing and imparting of information. b. Essential

accounting control features. c. All accounting control features. d.
The degree to which programming conforms with application of
generally accepted accounting principles.

ANSWER: B

38. Which of the following is not a major reason why an accounting

audit trail should be maintained for a computer system?

a. Query answering. b. Deterrent to fraud.

c. Monitoring purposes. d. Analytical review.

ANSWER: D

39. Adequate control over access to data processing is required to

a. Prevent improper use or manipulation of data files and programs.

b. Ensure that only console operators have access to program
documentation. c. Minimize the need for backup data files. d.
Ensure that hardware controls are operating effectively and as
designed by the computer manufacturer.

ANSWER: A

40. When testing a computerized accounting system, which of the

following is not true of the test data approach?

a. The test data need consist of only those valid and invalid
conditions in which the auditor is interested. b. Only one transaction
of each type need be tested. c. Test data are processed by the
client's computer programs under the auditor's control. d. The test
data must consist of all possible valid and invalid conditions.

ANSWER: D

41. In studying a client's internal controls, an auditor must be able

to distinguish between prevention controls and detection controls.
Of the following data processing controls, which is the best
detection control?

a. Use of data encryption techniques. b. Review of machine

utilization logs. c. Policy requiring password security. d. Backup and
recovery procedure.

ANSWER: B

42. Which of the following procedures is an example of auditing

"around" the computer?

a. The auditor traces adding machine tapes of sales order

batch totals to a computer printout of the sales

journal.

b. The auditor develops a set of hypothetical sales

transactions and, using the client's computer program,

enters the transactions into the system and observes

the processing flow.

c. The auditor enters hypothetical transactions into the

client's processing system during client processing of

live" data.

d. The auditor observes client personnel as they process the

biweekly payroll. The auditor is primarily concerned with computer
rejection of data that fails to meet reasonableness limits.

ANSWER: A

43. Auditing by testing the input and output of a computer-based

system instead of the computer program itself will

a. Not detect program errors which do not show up in the output

sampled. b. Detect all program errors, regardless of the nature of
the output. c. Provide the auditor with the same type of evidence. d.
Not provide the auditor with confidence in the results of the auditing
procedures.

ANSWER: A

44. Which of the following is an acknowledged risk of using test data

when auditing CBIS records?

a. The test data may not include all possible types of transactions.
b. The computer may not process a simulated transaction in the
same way it would an identical actual transaction. c. The method
cannot be used with simulated master records.

d. Test data may be useful in verifying the correctness of account

balances, but not in determining the presence of processing
controls.

ANSWER: A

45. When the auditor encounters sophisticated computer-based

systems, he or she may need to modify the audit approach. Of
 the following conditions, which one is not a valid reason for
modifying the audit approach?

a. More advanced computer systems produce less

documentation, thus reducing the visibility of the

audit trail.

b. In complex comuter-based systems, computer verification

of data at the point of input replaces the manual
verification found in less sophisticated data processing
systems.

c. Integrated data processing has replaced the more traditional

separation of duties that existed in manual and batch
processing systems.

d. Real-time processing of transactions has enabled the auditor

to concentrate less on the completeness assertion.

ANSWER: D

46. If a control total were to be computed on each of the following

data items, which would best be identified as a hash total for a
payroll CBIS application?

a. Net pay. b. Department numbers. c. Hours worked. d. Total

debits and total credits.

ANSWER: B

47. In a distributed data base (DDB) environment, control tests for

access control administration can be designed which focus on
a. Reconciliation of batch control totals. b. Examination of logged
activity. c. Prohibition of random access. d. Analysis of system
generated core dumps.

ANSWER: B

48. A control to verify that the dollar amounts for all debits and
credits for incoming transactions are posted to a receivables master
file is the:

a. Generation number check. b. Master reference check. c. Hash

total. d. Control total.

ANSWER: D

49. The program flowcharting symbol representing a decision is a

a. Triangle. b. Circle. c. Rectangle. d. Diamond.

ANSWER: D

50. An update program for bank account balances calculates check

digits for account numbers. This is an example of

a. An input control. b. A file management control. c. Access control.

d. An output control.

ANSWER: A

51. CBIS controls are frequently classified as togeneral controls

and application controls. Which of the following is an example
of an application control?

a. Programmers may access the computer only for testing and

"debugging" programs.
 b. All program changes must be fully documented and
approved by the information systems manager and the
user department authorizing the change.

c. A separate data control group is responsible for distributing

output, and also compares input and output on a test
basis.

d. In processing sales orders, the computer compares

customer and product numbers with internally stored
lists.

ANSWER: D

52. After a preliminary phase of the review of a client's CBIS

controls, an auditor may decide not to perform further tests related
to the control procedures within the CBIS portion of the client's
internal control system. Which of the following would not be a valid
reason for choosing to omit further testing?

a. The auditor wishes to further reduce assessed risk. b. The

controls duplicate operative controls existing elsewhere in the
system. c. There appear to be major weaknesses that would
preclude reliance on the stated procedures. d. The time and dollar
costs of testing exceed the time and dollar savings in substantive
testing if the controls are tested for compliance.

ANSWER: A

53. For good internal control over computer program changes, a

policy should be established requiring that

a. The programmer designing the change adequately test the

revised program. b. All program changes be supervised by the
CBIS control group. c. Superseded portions of programs be
 deleted from the program run manual to avoid confusion. d. All
proposed changes be approved in writing by a responsible
individual.

ANSWER: D

54. Which of the following is not a technique for testing data

processing controls?

a. The auditor develops a set of payroll test data that contain

numerous errors. The auditor plans to enter these
transactions into the client's system and observe whether
the computer detects and properly responds to the error
conditions.

b. The auditor utilizes the computer to randomly select

customer accounts for confirmation.

c. The auditor creates a set of fictitious customer

accounts and introduces hypothetical sales

transactions, as well as sales returns and allowances,

simultaneously with the client's live data processing.

d. At the auditor's request, the client has modified its payroll

processing program so as to separately record any
weekly payroll entry consisting of 60 hours or more.
These separately recorded ("marked") entries are locked
into the system and are available only to the auditor.

ANSWER: B

55. Which of the following would lessen internal control in a CBIS?

a. The computer librarian maintains custody of computer program
instructions and detailed listings. b. Computer operators have
access to operator instructions and detailed program listings. c. The
control group is solely responsible for the distribution of all
computer output.

d. Computer programmers write and debug programs which

perform routines designed by the systems analyst.

ANSWER: B

56. Access control in an on-line CBIS can best be provided in most

circumstances by

a. An adequate librarianship function controlling access to files. b. A

label affixed to the outside of a file medium holder that identifies
the contents. c. Batch processing of all input through a centralized,
well-guarded facility. d. User and terminal identification controls,
such as passwords.

ANSWER: D

57. While entering data into a cash receipts transaction file, an

employee transposed two numbers in a customer code. Which of the
following controls could prevent input of this type of error?

a. Sequence check. b. Record check. c. Self-checking digit. d. Field-

size check.

ANSWER: C

58. What is the computer process called when data processing is

performed concurrently with a particular activity and the results are
available soon enough to influence the particular course of action
being taken or the decision being made?
a. Batch processing. b. Real time processing. c. Integrated data
processing. d. Random access processing.

ANSWER: B

59. Reconciling processing control totals is an example of

a. An input control. b. An output control. c. A processing control. d.

A file management control.

ANSWER: B

60. A disadvantage of auditing around the computer is that it

a. Permits no assessment of actual processing. b. Requires highly

skilled auditors. c. Demands intensive use of machine resources. d.
Interacts actively with auditee applications.

ANSWER: A

61. The completeness of computer-generated sales figures can be

tested by comparing the number of items listed on the daily sales
report with the number of items billed on the actual invoices. This
process uses

a. Check digits. b. Control totals. c. Validity tests. d. Process tracing

data.

ANSWER: B

62. Which of the following controls would be most efficient in

reducing common data input errors?

a. Keystroke verification. b. A set of well-designed edit checks. c.

Balancing and reconciliation. d. Batch totals.

ANSWER: B
63. On-line real-time systems and electronic data interchange
systems have the advantages of providing more timely
information and reducing the quantity of documents associated
with less automated systems. The advantages, however, may
create some problems for the auditor. Which of the following
characteristics of these systems does not create an audit
problem?

a. The lack of traditional documentation of transactions creates

a need for greater attention to programmed controls at
the point of transaction input.

b. Hard copy may not be retained by the client for long periods
of time, thereby necessitating more frequent visits by the
auditor.

c. Control testing may be more difficult given the increased

vulnerability of the client's files to destruction during the
testing process.

d. Consistent on-line processing of recurring data increases the

incidence of errors.

ANSWER: D

64. Creating simulated transactions that are processed through a

system to generate results that are compared with predetermined
results, is an auditing procedure referred to as

a. Desk checking. b. Use of test data. c. Completing

outstanding jobs. d. Parallel simulation.

ANSWER: B

65. To obtain evidential matter about control risk, an auditor

ordinarily selects tests from a variety of techniques, including
a. Analysis. b. Confirmations. c. Reprocessing. d. Comparison.

ANSWER: C

66. A major exposure associated with the rapidly expanding use of

microcomputers is the absence of:

a. Adequate size of main memory and disk storage. b. Compatible

operating systems. c. Formalized procedures for purchase
justification. d. Physical, data file, and program security.

ANSWER: D

67. To ensure that goods received are the same as those shown on
the purchase invoice, a computerized system should:

a. Match selected fields of the purchase invoice to goods received.

b. Maintain control totals of inventory value. c. Calculate batch
totals for each input. d. Use check digits in account numbers.

ANSWER: A

68. Errors in data processed in a batch computer system may not

be detected immediately because

a. Transaction trails in a batch system are available

only for a limited period of time. b. There are time delays

in processing transactions in a batch system.

c. Errors in some transactions cause rejection of other transactions

in the batch.

d. Random errors are more likely in a batch system than in an on-

line system.

ANSWER: B
69. Which of the following is a computer test made to ascertain
whether a given characteristic belongs to the group?

a. Parity check. b. Validity check. c. Echo check. d. Limit check.

ANSWER: B

COMPLETION:

70. Although computerized data processing does not affect audit

objectives, the auditor may need to modify the audit

, given complex CBIS applications.

ANSWER: APPROACH

71. In a batch processing system transactions are processed in

groups, whereas in a real-time system transactions are
entered as they and are processed as they are

ANSWER: OCCUR, ENTERED

72. Although powerful in terms of , real- time systems are

more than batch processing systems.

ANSWER: INFORMATION CAPABILITY, COMPLEX

73. A distinguishing feature of integrated data base systems is that

many files are updated as transactions are processed.

ANSWER: SIMULTANEOUSLY

74. systems, by eliminating the need to reenter data into the

accounting system, reduce the incidence of processing errors;
but, by reducing transaction documentation, these systems
 also require greater attention to proper controls over the of
transactions.

ANSWER: ELECTRONIC DATA INTERCHANGE, INPUT

75. Input controls, processing controls, and output controls are

categories of controls.

ANSWER: APPLICATION

76. Some entities require completing a prior to transaction input, in

order to ensure consistency and completeness of recurring
inputs.

ANSWER: TRANSACTION LOG

77. are manual control procedures applied by organizational units

whose data are processed by data processing.

ANSWER: USER CONTROLS

78. In on-line real-time systems the most effective means for

assuring limited access to data bases is by the use of properly
controlled .

ANSWER: PASSWORDS

79. Programmed controls for testing the validity of customer

numbers, product numbers, employee numbers, and vendor
numbers, as well as tests for reasonableness, are collectively
referred to as controls.

ANSWER: INPUT EDITING

80. In a ____________ __________ system, users own their own

 data, whereas in _________ ______ systems, users share a
single operating system housed in a central location.

ANSWER: FLAT FILE, MULTI-USER

MATCHING:

81. Indicate by letter whether each of the listed auditing procedures

is a general control test, an application control test, or a substantive
audit test.

G = General control test

A = Application control test

S = Substantive audit test

____1. The auditor utilizes the services of the firm’s computer

audit specialist assist in testing controls over the electronic

processing of customer remittances.

____2. In testing the sales processing set of controls, the

auditor has designed a set of transactions that include

unauthorized sales prices, invalid customer numbers, and

lack of credit authorization.

____3. The auditor interviews the client’s information systems

manager to clear exceptions detected when the auditor

reviewed data processing job descriptions for

incompatible functions.
____4. The auditor confirmed a sample of customer accounts

receivable to evaluate the correctness of year-end balances in

customer accounts.

____5. Using generalized audit software, the auditor reprocessed

a sample of the client’s weekly payroll and compared

the resulting output with the client’s payroll summary for the same
period.

____6. The auditor attempted to access the client’s computerized

data files using the passwords of terminated employees.

____7. By examining vendors’ invoices supporting debits to the

account “Machinery and Equipment,” the auditor was able

to gain satisfaction as to the account balance at year end.

____8. The auditor examined authorizations and studied

documentation relating to CBIS modifications made

by the client during the year under audit.

____9. The auditor examined and tested the client’s anti virus

software for effectiveness.

____10. The auditor examined printouts from network monitoring

software and observed data input for proper functioning

of protocol controls and data encryption.

SOLUTION:

1. A

2. A

3. G

4. S

5. A

6. G

7. S

8. G

9. G

10. G

PROBLEM/ESSAY:

82. For each of the following independentsituations, identify the

control weakness that permitted the error or fraud, and

indicate how the weakness should be corrected.

A. In a computerized sales processing system, numerous

pricing errors appeared on customer invoices.

B. Joshua Ness, a computer programmer for a bank, set up

a demand deposit account in his name. He then wrote a

program subroutine that automatically transferred funds from
accounts that had shown no activity for at least three months to the
newly-established account.

C. In a computerized payroll system, foremen, in collusion

with employees, were able to inflate pay rates. In

addition, terminated employees were retained on the

payroll and the fraudulent checks were endorsed by

a foreman or employee and deposited in his or her

personal account.

D. After implementing a newly-designed EDI system with

its vendors, Hilo Enterprises discovered numerous

errors in type, pricing, and quantity of goods received versus goods

ordered.

SOLUTION:

A. Computer did not verify selling prices. A master list

of current sales prices should be housed in the computer and

updated as prices change. The computer

should then be programmed to price the invoices.

B. Ness was able to access data files for the purpose of establishing
an unauthorized account. Programmers should not have access to
data files except for testing

and debugging programs. Moreover, formal authorization

of new accounts should be a part of the internal

control system.

C. The foremen were able to alter pay rates and retain

terminated employees on the payroll. To correct this weakness, all

new hires and terminations, as well as pay rate changes, should
require authorization of the human resources department. A current
master list of employee numbers and pay rates should then be
housed in the computer, and the computer programmed to perform

validity tests of rates and numbers as payrolls are

processed.

D. Controls were not designed to prevent vendor errors.

Protocol controls should be installed to detect and log

errors; and the EDI hardware should include an echo

check that returns messages from the vendor’s computer to Hilo’s

computer to verify correctness of orders received by the vendor.
posted by padelacrz at 9:37 pm 

1 comment:

dennis said...

Thank You!!

Human Resource Management 

Best HR Solution

Attendance Software

HR Payroll Processing 
 Leave management Software

HR and Payroll Software

December 12, 2019 at 9:44 PM

Post a Comment

Newer PostOlder PostHome

Subscribe to: Post Comments (Atom)

blog archive

 ▼  2010 (15)

o ▼  November (15)

 AUDITING THEORY QUIZZER

 Other Assurance Services

 Audit Reports

 Substantive Audit Testing: Expenditure Cycle

 Substantive Audit Testing: Revenue Cycle

 Statistical Sampling for Substantive Testing

 Statistical Sampling for Testing Control Procedure...

 Internal Control and Computer Based Information Sy...

 Audit Planning (Reviewer in Auditing Theory)

 Internal Control: Concepts (Reviewer in Auditing ...

 Audit Risk and Materiality (Reviewer in Auditing T...

 Audit Evidence and Audit Programs (Reviewer in Aud...

 Maintaining Professional Responsibility: Regulati...

 Defining Professional Responsibility: Quality Stan...

 Auditing, Attestation, and Assurance (Reviewer in ...

about me

padelacrz
View my complete profile