CHAPTER 7

AUDITING IN A COMPUTERIZED ENVIRONMENT

Multiple Choice Questions:

1. The characteristics that distinguish computer processing from manual processing include the
following:

(1) Computer processing uniformly subjects like transactions to the same instructions.

(2) Computer systems always ensure that complete transaction trails useful for audit purposes
are preserved for indefinite periods.

(3) Computer processing virtually eliminates the occurrence of clerical errors normally
associated with manual processing.

(4) Control procedures as to segregation of functions may no longer be necessary in computer

environment.

a. All of the above statements are true.

b. Only statements (2) and (4) are true.

c. Only statements (1) and (3) are true.

d. All of the above statements are false.

2. Which of the following statements is not correct?

a. The overall objective and scope of an audit do not change in a CIS environment.

b. When computers or CIS are introduced, the basic concept of evidence accumulation
remains the same.

c. Most CIS rely extensively on the same type of procedures for control that are used in
manual processing system.

d. The specific methods appropriate for implementing the basic auditing concepts do not
change, as systems become more complex.

3. The use of CIS will least likely affect the

a. The procedures followed by the auditor in obtaining a sufficient understanding of the

accounting and internal control systems.

b. The auditor’s specific audit objectives.

c. The consideration of inherent risk and control risk through which the auditor arrives at
the rick assessment.

d. The auditor’s design and performance of tests of control and substantive procedures
appropriate to meet the audit objective.
4. Which of the following is unique to CIS

a. Error listing

b. Flowchart

c. Questionnaires

d. Pre-numbered documents

5. Where computer processing is used in significant accounting applications, internal control

procedures may be defined by classifying control procedures in two types: general and

a. Administrative

b. Specific

c. Application

d. Authorization

6. A control which relates to all parts of the CIS is called a(an)

a. Systems control

b. General control

c. Applications control

d. Universal control

7. Controls which apply to a specific use of the system are called

a. Systems controls

b. General controls

c. Applications controls

d. Universal controls

8. Some CIS control procedures relate to all CIS activities (general controls) and some relate to
specific tasks (application controls). General controls include

a. Controls designed to ascertain that all data submitted to CIS for processing have been
properly authorized.

b. Controls that relate to the correction and resubmission of data that were initially
incorrect

c. Controls for documenting and approving programs and changes to programs

d. Controls designed to assure the accuracy of the processing results.

9. An auditor anticipates assessing control risk at a low level in a CIS environment. Under these
circumstances, on which of the following procedures would the auditor initially focus?

a. Programmed control procedures

b. Application control procedures

c. Output control procedures

d. General control procedures

10. Which of the following is not a general control?

a. The plan of organization and operation of CIS activity.

b. Procedures for documenting, reviewing, and approving systems and programs.

c. Processing controls

d. Hardware controls

11. Which of the following activities would most likely be performed in the CIS department?

a. Initiation of changes to master records

b. Conversion of information to machine-readable form

c. Correction of transactional errors

d. Initiation of changes to existing applications

12. For control purposes, which of the following should be organizationally segregated from the
computer operations functions?

a. Data conversion

b. Systems development

c. Minor maintenance according to a schedule

d. Processing of data

13. Where computers are used, the effectiveness of internal control depends, in part, upon whether
the organizational structure includes any incompatible combinations. Such a combination would
exist when there is no separation of the duties between

a. Documentation librarian and manager of programming

b. Programming and computer operator

c. Systems analyst and programmer

d. Processing control clerk and keypunch supervisor

14. Which of the following is a general control that would most likely assist an entity whose system
analyst left the entity in the middle of a major project?

a. Grandfather-father-son record retention.

b. Data encryption.

c. Systems documentation.

d. Check digit verification.

15. Internal control is ineffective when computer department personnel

a. Participate in computer software acquisition decision.

b. Design documentation for computerized systems.

c. Originate changes in master files.

d. Provide physical security for program files.

16. Access control in an on-line CIA can best be provided in most circumstances by

a. An adequate librarianship function controlling access to files.

b. A label affixed to the outside of a file medium holder that identifies the contents.

c. Batch processing of all input through a centralized, well-guarded facility.

d. User and terminal identification controls, such a passwords.

17. Adequate control over access to data processing is required to

a. Deter improper use or manipulation of data files and programs.

b. Ensure that only console operators have access to program documentation.

c. Minimize the need for backup data files.

d. Ensure that hardware controls are operating effectively and as designed by the computer
manufacturer.

18. The management of ABC Co. suspects that someone is tampering with pay rates by entering
changes through the Co.’s remote terminals located in the factory. The method ABC Co. should
implement to protect the system from these unauthorized alterations to the system’s files is

a. Batch totals

b. Checkpoint recovery

c. Passwords

d. Record count
19. The possibility of losing a large amount of information stored in computer files most likely would
be reduced by the use of

a. Back-up files

b. Check digits

c. Completeness tests

d. Conversion verification

20. Which of the following controls most likely would assure that an entity can reconstruct its
financial records?

a. Hardware controls are built into the computer by the computer manufacturer.

b. Backup diskettes or tapes of files are stored away from originals.

c. Personnel who are independent of data input perform parallel simulations.

d. System flowcharts provide accurate descriptions of input and output operations.

21. Unauthorized alteration of on-line records can be prevented by employing:

a. Key verification

b. Computer sequence checks

c. Computer matching

d. Data base access controls

22. A Co. updates its accounts receivable master file weekly and retains the master files and
corresponding update transactions for the most recent 2-week period. The purpose of this
practice is to

a. Verify run-to-run control totals for receivables.

b. Match internal labels to avoid writing on the wrong volume.

c. Permit reconstruction of the master file if needed.

d. Validate groups of update transactions for each.

23. Which of the following is not example of an application control?

a. An equipment failure causes an error message on the monitor.

b. There is a preprocessing authorization of the sales transactions.

c. There are reasonableness tests for the unit-selling price of a sale.

d. After processing, all sales transactions are reviewed by the sales department.
24. Which of the following is not a processing control?

a. Control risk

b. Reasonable test

c. Check digits

d. Control total

25. When CIS programs or files can be accessed from terminals, users should be required to enter a(n)

a. Parity check

b. Personal identification code

c. Self-diagnosis test

d. Echo check

26. Which of the following is an example of a check digit?

a. An agreement of the total number of employees to the total number of checks printed by
the computer.

b. An algebraically determined number produced by the other digits of the employee

number.

c. A logic test that ensures all employee numbers are nine digits.

d. A limit check that an employee’s hours do not exceed 50 hours per work week.

27. The completeness of computer-generated sales figures can be tested by comparing the number
of items listed on the daily sales report with the number of items billed on the actual invoices.
This process uses

a. Check digits

b. Control totals

c. Validity tests

d. Process tracing data

28. Which of the following is correct?

a. Check digits should be used for all data codes.

b. Check digits are always placed at the end of a data code.

c. Check digits do not affect processing efficiency.

d. Check digits are designed to detect transcription errors.

29. A clerk inadvertently entered an account number 12368 rather than account number 12638. In
processing this transaction, the error would be detected with which of the following controls?

a. Batch total

b. Key verifying

c. Self-checking digit

d. An internal consistency check

30. Totals of amounts in computer-record data fields, which are NOT usually added but are used only
for data processing control purposes are called.

a. Record totals

b. Hash totals

c. Processing data tools

d. Field totals

31. If a control total were to be computed on each of the following data items, which would best be
identified as a hash total for a payroll CIS application?

a. Net pay

b. Hours worked

c. Department numbers

d. Total debits and total credits

32. In updating a computerized accounts receivable file, which one of the following would be used as
a batch control to verify the accuracy of the posting of cash receipts remittances?

a. The sum of the cash deposits plus discounts less the sales returns.

b. The sum of the cash deposits.

c. The sum of the cash deposits less the discounts taken by customers.

d. The sum of the cash deposits plus the discounts taken by customers.

33. Which statement is not correct? The goal of batch controls is to ensure that during processing

a. transactions are not omitted.

b. transactions are not added.

c. transactions are processed more than once.

d. an audit trail is created.

34. An example of a hash total is

a. Total payroll checks – P12,315.

b. Total number of employees – 10.

c. Sum of the social security numbers – 12,555,437,251.

d. None of the above.

35. The employee entered “40” in the “hours worked per day” field. Which check would detect this
unintentional error?

a. Numeric/Alphabetic check

b. Sign check

c. Limit check

d. Missing data check

36. An unauthorized employee took computer printouts from output bins accessible to all employees.
A control which would have prevented this occurrence is

a. A storage / retention control.

b. An output review control.

c. A spooler file control.

d. A report distribution control.

37. It involves application of auditing procedures using the computer as an audit tool. This includes
computer programs and data the auditor uses as part of the audit procedures to process data of
audit significance contained in an entity’s information systems.

a. Test data approach

b. Computer assisted audit techniques

c. Generalized audit software

d. Auditing around the computer

38. When auditing “around” the computer, the independent auditor focuses solely upon the source
documents and

a. Test data

b. CIS processing

c. Compliance techniques

d. CIS output
39. Which of the following CIS generally can be audited without examining or directly testing the
computer programs of the system?

a. A system that performs relatively uncomplicated processes and produces detail output.

b. A system that affects a number of essential master files and produces no a limited output.

c. A system that updates a few essential master files and produces no printed output other
than final balances.

d. A system that uses an on-line real-time processing feature.

40. Which of the following procedures is an example of auditing “around” the computer?

a. The auditor traces adding machine tapes of sales order batch totals to a computer
printout of the sales journal.

b. The auditor develops a set of hypothetical sales transactions and, using the client’s
computer program, enters the transactions into the system and observes the processing
flow.

c. The auditor enters hypothetical transactions into the client’s processing system during
client processing of live data.

d. The auditor observes client personnel as they process the biweekly payroll. The auditor is
primarily concerned with computer rejection of data that fails to meet reasonableness
limits.

41. A disadvantage of auditing around the computer is that it

a. Permits no direct assessment of actual processing.

b. Requires highly skilled auditors.

c. Demands intensive use of machine resources.

d. Interacts actively with auditee applications.

42. Auditing by testing the input and output of an IT system instead of the computer program itself
will

a. Not detect program errors which do not show up in the output sampled.

b. Detect all program errors, regardless of the nature of the output.

c. Provide the auditor with the same type of evidence.

d. Not provide the auditor with confidence in the results of the auditing procedures.

43. Which of the following is not a common type of white box approach?

a. Test data
 b. Integrated test facility

c. Auditing around the computer

d. Parallel simulation

44. Compliance testing of an advanced CIS

a. Can be performed using only actual transactions since testing of simulated transactions
is of no consequence.

b. Can be performed using actual transactions or simulated transactions.

c. Is impractical since many procedures within the CIS activity leave no visible evidence of
having been performed.

d. Is inadvisable because it may distort the evidence in master files.

45. Creating simulated transactions that are processed through a system to generate results that are
compared with predetermined results, is an auditing procedure referred to as

a. Program checking

b. Use of test data

c. Completing outstanding jobs

d. Parallel simulation

46. An auditor estimates that 10,000 checks were issued during the accounting period. If a computer
application control which performs a limit check for each check request is to be subjected to the
auditor’s test data approach, the sample should include

a. Approximately 1,000 test items

b. A number of test items determined by the auditor to be sufficient under the

circumstances

c. A number of test items determined by the auditor’s reference to the appropriate

sampling tables

d. One transaction

47. An integrated test facility (ITF) would be appropriate when the auditor needs to

a. Trace a complex logic path through an application system.

b. Verify processing accuracy concurrently with processing.

c. Monitor transactions in an application system continuously.

d. Verify load module integrity for production programs.

48. The auditor’s objective to determine whether the client’s computer programs can correctly handle
 valid and invalid transactions as they arise is accomplished through the

a. Test data approach.

b. Generalized audit software approach.

c. Microcomputer-aided auditing approach.

d. Generally accepted auditing standards.

49. When an auditor tests a computerized accounting system, which of the following is true of the
test data approach?

a. Several transactions of each type must be tested

b. Test data must consist of all possible valid and invalid conditions

c. The program tested is different from the program used throughout the year by the client

d. Test data are processed by the client’s computer programs under the auditor’s control

50. Which of the following statements is not true to the test data approach when testing a
computerized accounting system?

a. The test needs to consist of only those valid and invalid conditions which interest the
auditor

b. Only one transaction of each type need be tested

c. The test data must consist of all possible valid and invalid conditions

d. Test data are processed by the client’s computed programs under the auditor’s control

51. In auditing through a computer, the test data method is used by auditors to test the

a. Accuracy of input data

b. Validity of the output

c. Procedures contained within the program

d. Normalcy of distribution of test data

52. Which of the following computer-assisted auditing techniques allows fictitious and real
transactions to be processed together without client operating personnel being aware of the
testing process?

a. Parallel simulation.

b. Generalized audit software programming.

c. Integrated test facility.

d. Test data approach.

53. A primary reason auditors are reluctant to use an ITF is that it requires them to

a. Reserve specific master file records and process them at regular intervals

b. Collect transaction and master file records in a separate file

c. Notify user personnel so they can make manual adjustments to output

d. Identify and reverse the fictitious entries to avoid contamination of the master file

54. Which of the following is a disadvantage of the integrated test facility approach?

a. In establishing fictitious entities, the auditor may be compromising audit independence.

b. Removing the fictitious transactions from the system is somewhat difficult and, if not
done carefully, may contaminate the client’s files.

c. ITF is simply an automated version of auditing “around” the computer.

d. The auditor may not always have a current copy of the authorized version of the client’s
program.

55. The audit approach in which the auditor runs his/her own program on a controlled basis in order
to verify the client’s data recorded in a machine language is

a. The test date approach.

b. The generalized audit software approach.

c. The microcomputer-aided auditing approach.

d. Called auditing around the computer.

56. This question is based on the following flowchart:

Transaction
File

Client’s Auditor’s
Program Program

Transaction
File

Output Compare Output

 Exceptions
Reports

This flowchart depicts

a. Program code checking

b. Parallel simulation

c. Integrated test facility

d. Controlled reprocessing

57. Which of the following methods of testing application controls utilizes a generalized audit
software package prepared by the auditors?

a. Parallel simulation

b. Integrated testing facility approach

c. Test data approach

d. Exception report tests

58. Parallel simulation is an audit technique employed to verify processing by making use of audit
test programs. These audit test programs “simulate” the processing logic of an application
program or progress under review. Which statement indicates the use of parallel simulation audit
techniques?

a. Live transactions are processed using live programs

b. Live transactions are processed with test master file

c. Live transactions are processed using test programs

d. Live transactions are processed using test programs