Scribd
Upload
87 views3 pages

Chpater 9 ANS

This multiple choice document contains questions about controls and techniques for auditing computer systems and applications. Some key points addressed include controls over program changes, testing procedures, audit objectives for systems maintenance, and different approaches and techniques for auditing applications like black box testing, test data, and integrated test facilities.

Uploaded by

Camille Bonagua
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
87 views3 pages

Chpater 9 ANS

This multiple choice document contains questions about controls and techniques for auditing computer systems and applications. Some key points addressed include controls over program changes, testing procedures, audit objectives for systems maintenance, and different approaches and techniques for auditing applications like black box testing, test data, and integrated test facilities.

Uploaded by

Camille Bonagua
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

MULTIPLE CHOICE

1. Which of the following statements is NOT true?


a. All systems should be properly authorized to ensure their economic justification and
feasibility.
b. Users need not be actively involved in the systems development process.
c. All program modules must be thoroughly tested before they are implemented.
d. The task of creating meaningful test data is time-consuming.
2. Which control is not associated with new systems development activities?
a. reconciling program version numbers
b. program testing
c. user involvement
d. internal audit participation
3. Routine maintenance activities require all of the following controls except
a. documentation updates
b. testing
c. formal authorization
d. internal audit approval
4. Which statement is correct?
a. compiled programs are very susceptible to unauthorized modification
b. the source program library stores application programs in source code form
c. modifications are made to programs in machine code language
d. the source program library management system increases operating efficiency
5. Which control is not a part of the source program library management system?
a. using passwords to limit access to application programs
b. assigning a test name to all programs undergoing maintenance
c. combining access to the development and maintenance test libraries
d. assigning version numbers to programs to record program modifications
6. Which control ensures that production files cannot be accessed without specific permission?
a. Database Management System
b. Recovery Operations Function
c. Source Program Library Management System
d. Computer Services Function
7. Program testing
a. involves individual modules only, not the full system
b. requires creation of meaningful test data
c. need not be repeated once the system is implemented
d. is primarily concerned with usability
8. To meet the governance-related expectations of management under SOX, an organization’s internal audit
department needs to be
a. independent
b. objective
c. technically qualified
d. All of the above are true.
9. Which test of controls will provide evidence that the system as originally implemented was free from
material errors and free from fraud? Review of the documentation indicates that
a. a cost-benefit analysis was conducted
b. the detailed design was an appropriate solution to the user's problem
c. tests were conducted at the individual module and total system levels prior to
implementation
d. problems detected during the conversion period were corrected in the maintenance phase

10. Which statement is not true?


a. An audit objective for systems maintenance is to detect unauthorized access to application
databases.
b. An audit objective for systems maintenance is to ensure that applications are free from
errors.
c. An audit objective for systems maintenance is to verify that user requests for maintenance
reconcile to program version numbers.
d. An audit objective for systems maintenance is to ensure that the production libraries are
protected from unauthorized access.
11. When the auditor reconciles the program version numbers, which audit objective is being tested?
a. protect applications from unauthorized changes
b. ensure applications are free from error
c. protect production libraries from unauthorized access
d. ensure incompatible functions have been identified and segregated
12. When auditors do not rely on a detailed knowledge of the application's internal logic, they are performing
a. black box tests of program controls
b. white box tests of program controls
c. substantive testing
d. intuitive testing
13. All of the following concepts are associated with the black box approach to auditing computer
applications except
a. the application need not be removed from service and tested directly
b. auditors do not rely on a detailed knowledge of the application's internal logic
c. the auditor reconciles previously produced output results with production input
transactions
d. this approach is used for complex transactions that receive input from many sources
14. Which test is not an example of a white box test?
a. determining the fair value of inventory
b. ensuring that passwords are valid
c. verifying that all pay rates are within a specified range
d. reconciling control totals

15. When analyzing the results of the test data method, the auditor would spend the least amount of time
reviewing
a. the test transactions
b. error reports
c. updated master files
d. output reports
16. All of the following are advantages of the test data technique except
a. auditors need minimal computer expertise to use this method
b. this method causes minimal disruption to the firm's operations
c. the test data is easily compiled
d. the auditor obtains explicit evidence concerning application functions
17. All of the following are disadvantages of the test data technique except
a. the test data technique requires extensive computer expertise on the part of the auditor
b. the auditor cannot be sure that the application being tested is a copy of the current
application used by computer services personnel
c. the auditor cannot be sure that the application being tested is the same application used
throughout the entire year
d. preparation of the test data is time-consuming
18. All of the following statements are true about the integrated test facility (ITF) except
a. production reports are affected by ITF transactions
b. ITF databases contain "dummy" records integrated with legitimate records
c. ITF permits ongoing application auditing
d. ITF does not disrupt operations or require the intervention of computer services personnel
19. Which statement is not true? Embedded audit modules
a. can be turned on and off by the auditor.
b. reduce operating efficiency.
c. may lose their viability in an environment where programs are modified frequently.
d. identify transactions to be analyzed using white box tests.
20. Generalized audit software packages perform all of the following tasks except
a. recalculate data fields
b. compare files and identify differences
c. stratify statistical samples
d. analyze results and form opinions

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy