Information Technology

Multiple Choice
Identify the choice that best completes the statement or answers the question.

____ 1. Which of the following is least likely to be considered by an auditor considering the engagement of an
information technology (IT) specialist on an audit?
a. Requirements to assess going concern c. The complexity of client’s systems and IT
status. controls.
b. Client’s use of emerging technologies. d. The extent of an entity’s participation in
electronic commerce.
____ 2. After the preliminary review phase of a client’s computer controls, an auditor may decide not to perform tests
of controls related to the controls within the computer portion of the client’s internal control. Which of the
following would not be a valid reason for choosing to omit such tests?
a. The controls appear adequate. c. There appear to be major weaknesses that
would preclude reliance on the stated
procedure.
b. The time and peso costs of testing exceed d. The duplicate controls operative controls
the time and peso savings in substantive existing else- where in the structure.
testing if the tests of controls show the
controls to be operative.
____ 3. Which of the following types of evidence would an auditor most likely examine to determine whether internal
control is operating as designed?
a. Confirmations of receivables verifying c. Client records documenting the use of
account balances. computer programs.
b. Gross margin information regarding the d. Anticipated results documented in budgets
client’s industry. or forecasts.
____ 4. Computer systems are typically supported by a variety of utility software packages that are important to an
auditor because they
a. Are written specifically to enable auditors c. They are very versatile programs that can
to extract and sort data. be used on hard- ware of many
manufacturers.
b. May be significant components of a d. May enable unauthorized changes to data
client’s application programs. files if not properly controlled.
____ 5. A CPA often uses automated work paper software to create lead schedules for an audit engagement. What is
client information needed to begin this process?
a. General ledger information includes c. Interim financial information such as
account numbers, prior year account third-quarter sales, net income, and
balances, and current year unadjusted inventory and receivables balances.
information.
b. Adjusting entry information such as d. Specialized journal information such as
deferrals and accruals and reclassification the invoice and purchase order numbers of
journal entries. the year's last few sales and purchases.
____ 6. Matthews Corp. has changed from a system of recording time worked on clock cards to a computerized
payroll system in which employees record time in and out with magnetic cards. The computer system
automatically updates all payroll records. Because of this change
 a. Transactions must be processed in c. A generalized computer audit program
batches. must be used.
b. The potential for payroll-related fraud is d. Part of the audit trail is altered.
diminished.
____ 7. Which of the following computer-assisted auditing techniques allows fictitious and real transactions to be
processed together without client operating personnel being aware of the testing process?
a. Parallel simulation. c. Integrated test facility.
b. Input controls matrix. d. Data entry monitor.
____ 8. Which of the following methods of testing application controls utilizes a generalized audit software package
prepared by the auditors?
a. Test data approach. c. Integrated testing facility approach.
b. Parallel simulation. d. Exception report tests.
____ 9. An auditor who wishes to capture an entity’s data as transactions are processed and continuously test the
entity’s computerized information system most likely would use which of the following techniques?
a. Snapshot application. c. Integrated data check.
b. Embedded audit module. d. Test data generator.
____ 10. Auditing by testing the input and output of a computer system instead of the computer program itself will
a. Provide the auditor with the same type of c. Not provide the auditor with confidence in
evidence as tests of application controls. the results of the auditing procedures.
b. Not detect program errors that do not d. Detect all program errors, regardless of
show up in the output sample. the nature of the output.
____ 11. Which of the following is not among the errors an auditor might include in the test data when auditing a
client’s computer system?
a. Numeric characters in alphanumeric c. Illogical entries in fields whose logic is
fields. tested by programmed consistency checks.
b. Authorized code. d. Differences in the description of units of
measure.
____ 12. An auditor most likely would introduce test data into a computerized payroll system to test controls related to
the
a. Early cashing of payroll checks by c. Discovery of invalid employee I.D.
employees. numbers.
b. Proper approval of overtime by d. Existence of unclaimed payroll checks
supervisors. held by supervisors.
____ 13. When an auditor tests a computerized accounting system, which of the following is true of the test data
approach?
a. The program tested differs from the c. Several transactions of each type must be
program used throughout the year by the tested.
client.
b. Test data are processed by the client’s d. Test data must consist of all possible valid
computer pro­ grams under the auditor’s and invalid conditions.
control.
____ 14. Would an auditor most likely be concerned with the following controls in a distributed data processing
system?
a. Disaster recovery controls. c. Systems documentation controls.
b. Hardware controls. d. Access controls.
____ 15. In a highly automated information processing system, tests of control
a. Must be performed in all circumstances. c. Are never required.
b. Are required in first-year audits. d. It may be required in some circumstances.
____ 16. Which of the following is correct concerning batch processing of transactions?
a. It has largely been replaced by online c. It is used only in non-database
real-time processing in all but legacy applications.
systems.
b. Transactions are processed in the order d. It is more likely to result in an
they occur, regardless of type. easy-to-follow audit trail than is online
transaction processing.
____ 17. Which of the following is not a major reason for maintain- ing an audit trail for a computer system?
a. Analytical procedures. c. Monitoring purposes.
b. Query answering. d. Deterrent to fraud.
____ 18. Using laptop computers in auditing may affect the methods used to review the work of staff assistants because
a. The generally accepted auditing standards c. Supervisory personnel may not understand
may differ. the capabilities and limitations of laptops.
b. Working paper documentation may not d. Documenting the supervisory review may
contain readily observable details of require the assistance of consulting
calculations. services personnel.
____ 19. Which of the following computer-assisted auditing techniques processes client input data on a controlled
program under the auditor’s control to test controls in the computer system?
a. Test data. c. Review of program logic.
b. Integrated test facility. d. Parallel simulation.
____ 20. Which of the following client information technology (IT) systems generally can be audited without
examining or directly testing the IT computer programs of the system?
a. A system updates a few essential master c. A system that performs relatively
files and produces no printed output other complicated processing and produces very
than final balances. little detailed output.
b. A system that affects many essential d. A system that performs relatively
master files and produces a limited output. uncomplicated processes and produces
detailed output.
____ 21. An auditor would least likely use computer software to
a. Prepare spreadsheets. c. Assess computer control risk.
b. Construct parallel simulations. d. Access client data files.
____ 22. An auditor most frequently uses a flowchart in connection with the
a. Performance of analytical procedures of c. Review of the client’s internal control.
account balances.
b. Use of statistical sampling in performing d. Preparation of generalized computer audit
an audit. plans.
____ 23. An advantage of using systems flowcharts to document information about internal control instead of using
internal control questionnaires is that systems flowcharts
a. Indicate whether control procedures are c. Provide a visual depiction of clients’
operating effectively. activities.
b. Identify internal control weaknesses more d. Reduce the need to observe clients’
 prominently. employees per- forming routine tasks.
____ 24. To obtain evidence that online access controls are properly functioning, an auditor most likely would
a. Create checkpoints at periodic intervals c. Vouch for a random sample of processed
after live data processing to test for transactions to assure proper
unauthorized system use. authorization.
b. Enter invalid identification numbers or d. Examine the transaction log to discover
passwords to ascertain whether the system whether any transactions were lost or
rejects them. entered twice due to a system malfunction.
____ 25. Smith Corporation has numerous customers. A customer file is kept on disk storage. Each customer file
contains name, address, credit limit, and account balance. The auditor wishes to test this file to determine
whether credit limits are exceeded. The best procedure for the auditor to follow would be to
a. Develop test data that would cause some c. Request a printout of all account balances
account balances to exceed the credit limit manually against the credit limits.
and determine if the system properly
detects such situations.
b. Develop a program to compare credit d. Request a printout of a sample of account
limits with account balances and print out balances so they can be individually
the details of any account with a balance checked against the credit limits.
exceeding its credit limit.
____ 26. A primary advantage of using generalized audit software packages to audit the financial statements of a client
that uses a computer system is that the auditor may
a. Consider increasing the use of substantive c. Reduce the level of required tests of
tests of transactions in place of analytical controls to a relatively small amount.
procedures.
b. Substantiate the accuracy of data through d. Access information stored on computer
self- checking digits and hash totals. files while having a limited understanding
of the client’s hardware and software
features.
____ 27. An auditor would be most likely to assess control risk at the maximum level in an electronic environment
with automated system generated information when
a. Sales orders are initiated using c. Fixed asset transactions are few in number
predetermined, auto- mated decision rules. but large in peso amount.
b. Payables are based on many transactions d. Accounts receivable records are based on
and are large in peso amount. many transactions and are large in peso
amount.
____ 28. An auditor most likely would test for the presence of unauthorized computer program changes by running a
a. Program with test data. c. Source code comparison program.
b. The program that computes control totals. d. Check digit verification program.
____ 29. Which of the following strategies would a CPA most likely consider in auditing an entity that processes most
of its financial data only in electronic form, such as a paperless system?
a. Continuous monitoring and analysis of c. Extensive testing of firewall boundaries
transaction processing with an embedded that restrict the recording of outside
audit module. network traffic.
b. Verification of encrypted digital d. Increased reliance on internal control
certificates used to monitor the activities that emphasize the segregation
authorization of transactions. of duties.
____ 30. Auditors often use computer programs that per- form routine processing functions such as sorting and
merging. These programs are made available by electronic data processing companies and others and are
specifically referred to as
a. Compiler programs. c. User programs.
b. Supervisory programs. d. Utility programs.
Information Technology
Answer Section

MULTIPLE CHOICE

1. A
SOL:
The requirement to assess going concern status remains the same on all audits and thus does not directly
affect the engagement of an IT specialist.
2. A
SOL:
The fact that the controls appear adequate is not sufficient justification for reliance; tests of controls must be
performed before the auditor can rely upon a control procedure to reduce control risk.
3. C
SOL:
The inspection of documents and records such as those related to computer programs represents an approach
for understanding internal control.
4. D
SOL:
Client use of such packages requires that the auditor include tests to determine that no unplanned
interventions using utility routines have occurred during processing.
5. A
SOL:
A lead schedule is used to summarize like accounts (e.g., if a client has five cash accounts, those accounts
may be summarized on a lead schedule). Lead schedules include account numbers, prior year account
balances, and current year unadjusted information.
6. D
SOL:
The automatic updating of payroll records alters the audit trail, which included steps pertaining to manual
updating in the past.
7. C
SOL:
The integrated test facility approach introduces dummy transactions into a system in live transactions.
Accordingly, client operating personnel may not be aware of the testing process.
8. B
SOL:
The parallel simulation method processes the client’s data using the CPA’s software.
9. B
SOL:
An embedded audit module is inserted within the client’s information system to test transactions' processing
continuously.
10. B
SOL:
Portions of the program which have errors not reflected on the output will be missed. Thus, if a “loop” in a
program is not used in one application, it is not tested.
11. A
SOL:
One would not use test data to test numeric characters in alphanumeric fields; numeric characters are accepted
in alphanumeric fields and thus do not represent error conditions.
12. C
SOL:
Test data with invalid employee I.D. numbers could be processed to test whether the program detects them.
13. B
SOL:
The test data approach processes a set of dummy transactions on the client’s computer system. The test data
approach is used to test the operating effectiveness of controls the auditor intends to assess control risk at a
level lower than the maximum.
14. D
SOL:
A distributed data processing system is one in which there is a network of remote computer sites, each having
a computer connected to the main computer system, thus allowing access to the computers by various levels
of users. Numerous individuals may access the system, thereby making such controls of extreme importance.
15. D
SOL:
In some circumstances, substantive tests alone will not be sufficient to restrict detection risk to an acceptable
level.
16. D
SOL:
The similar nature of transactions involved with batch processing ordinarily makes it relatively easy to follow
the transactions throughout the system.
17. A
SOL:
Analytical procedures use the system's outputs, and therefore the audit trail is of little importance.
18. B
SOL:
Laptops typically produce many “working papers” in computer disk form. Many computations, etc., will be
performed directly by the computer with few details of the calculations conveniently available.
19. D
SOL:
Parallel simulation processes client data through an auditor’s generalized audit software program.
20. D
SOL:
Auditing around the system is possible if the system performs uncomplicated processes and produces detailed
output (i.e., is a fancy bookkeeping machine).
21. C
SOL:
An auditor will judgmentally assess control risk related to both the computer and manual systems after
performing the various controls tests.
22. C
SOL:
Flowcharts are suggested as being appropriate for documenting the auditor’s consideration of internal control.
23. C
SOL:
Flowcharts provide a visual depiction of clients’ activities, making it possible for auditors to understand the
system's design quickly.
24. B
SOL:
Entering invalid identification numbers or passwords will provide the auditor with evidence on whether
controls are operating as designed.
25. B
SOL:
A program to compare actual account balances with the predetermined credit limit and prepare a report on
whether any actual credit limits are being exceeded will accomplish the stated objective.
26. D
SOL:
Generalized audit software allows an auditor to perform tests on a client’s computer files.
27. C
SOL:
The few transactions involved in fixed assets make it most likely to be one in which a substantive approach of
restricting detection risk is most likely to be effective and efficient.
28. C
SOL:
Comparing the program's source code with a correct program version will disclose unauthorized computer
program changes.
29. A
SOL:
Continuous monitoring and analysis of transaction processing with an embedded audit module might provide
an effective way of auditing these processes - although some question exists as to how many embedded audit
modules CPAs have used in practice.
30. D
SOL:
A utility program is a standard routine for performing commonly required processing such as sorting,
merging, editing, and mathematical routines.