CIS-Prelim-Exam - AUDITING IN CIS ENVIRONMENT

TEST BANK
Auditing in CIS Environment (Holy Angel University)

Scan to open on Studocu

Downloaded by Rhea Lyn Gumalog

Studocu is not sponsored or endorsed by any college or university

Downloaded by Rhea Lyn Gumalog

 Auditing in a CIS Environment Prelim
Directions: Encircle the letter of the correct answer. Avoid processing, storage and communication
any erasures. Use ballpen only. of

1. Which one of the following represents a lack of

internal control in a computer−based information
system?
a. The design and implementation is
performed in accordance with
management9s specific authorization.
b. Any and all changes in application programs
have the authorization and approval of
management.
c. Provisions exist to protect data files from
unauthorized access, modification, or
destruction.
d. Both computer operators and programmers
have unlimited access to the programs and
data files.

2. In an automated payroll processing environment, a

department manager substituted the time card for a
terminated employee with a time card for a
fictitious employee. The fictitious employee had the
same pay rate and hours worked as the terminated
employee. The best control technique to detect this
action using employee identification numbers would
be a
a. Batch total
b. Hash total
c. Record count
d. Subsequent check

3. An employee in the receiving department keyed in a

shipment from a remote terminal and inadvertently
omitted the purchase order number. The best
systems control to detect this error would be
a. Batch total
b. Sequence check
c. Completeness test
d. Reasonableness test

4. Which statement is incorrect when auditing in a CIS

environment?
a. A CIS environment exists when a computer
of any type or size is involved in the
processing by the entity of financial
information of significance to the audit,
whether that computer is operated by the
entity or by a third party.
b. The auditor should consider how a CIS
environment affects the audit.
c. The use of a computer changes the

AUDICIS WB CAYANONG.,CPA

Downloaded by Rhea Lyn Gumalog

 Auditing in a CIS Environment Prelim
financial information and may affect the
accounting and internal control systems
employed by the entity.
d. A CIS environment changes the overall
objective and scope of an audit

5. Which of the following significance and complexity of

the CIS activities should an auditor least understand?
a. The organizational structure of the client9s
CIS activities.
b. Lack of transaction trails.
c. The significance and complexity of computer
processing in each significant accounting
application.
d. The use of software packages instead of
customized software

6. Which of the following is not normally a removable

storage media?
a. Compact disk
b. Tapes
c. Diskettes
d. Hard disk

7. Personal computers are susceptible to theft, physical

damage, unauthorized access or misuse of equipment.
Which of the following is least likely a physical security
to restrict access to personal computers when not in
use?
a. Using door locks or other security
protection during non−business hours.
b. Fastening the personal computer to a table
using security cables.
c. Locking the personal computer in a
protective cabinet or shell.
d. Using anti−virus software programs

8. It is a communication system that enables computer

users to share computer equipment, application
software, data and voice and video transmissions.
a. Network
b. File server
c. Host
d. Client

9. A type of network that multiple buildings are close

enough to create a campus, but the space between the
buildings is not under the control of the company is
a. Local Area Network (LAN)
b. Metropolitan Area Network (MAN)

AUDICIS WB CAYANONG.,CPA

Downloaded by Rhea Lyn Gumalog

 Auditing in a CIS Environment Prelim
c. Wide Area Network (WAN) 15. The development of CIS will generally result in
d. World Wide Web (WWW) design and procedural characteristics that are
different from those found in manual systems.
10. Gateway is These different design and procedural aspectsof CIS
a. A hardware and software solution that include, except:
enables communications between two a. Consistency of performance.
dissimilar networking systems or protocols. b. Programmed control procedures.
b. A device that forwards frames based on c. Vulnerability of data and program storage
destination addresses. media
c. A device that connects and passes packets d. Multiple transaction update of multiple
between two network segments that use computer files or databases.
the same communication protocol.
d. A device that regenerates and retransmits 16. These require a database administrator to assign
the signal on a network. security attributes to data that cannot be changed
by database users.
11. A device that works to control the flow of data a. Discretionary access controls
between two or more network segments b. Name−dependent restrictions
a. Bridge c. Mandatory access controls
b. Router d. Content−dependent restrictions.
c. Repeater
d. Switch 17. A discretionary access control wherein users are
permitted or denied access to data resource
12. A collection of data that is shared and used by a depending on the time series of accesses to and
number of different users for different purposes. actions they have undertaken on data resources.
a. Database a. Name−dependent restrictions
b. Information file b. Context−dependent restriction
c. Master file c. Content−dependent restriction
d. Transaction file d. History−dependent restriction

13. Database administration tasks typically include 18. Types of workstations include General Purpose
I. Defining the database structure. Terminals and Special Purpose Terminals. Special
II. Maintaining data integrity, security and Purpose Terminals include
completeness. a. Basic keyboard and monitor
III. Coordinating computer operations related b. Point of sale devices
to the database. c. Intelligent terminal
IV. Monitoring system performance. d. Personal computers
V. Providing administrative support.
19. Special Purpose Terminal used to initiate, validate,
a. All of the above record, transmit and complete various banking
b. All except I transactions
c. II and V only a. Automated teller machines
d. II, III and V only b. Intelligent terminal
c. Point of sale devices
14. System characteristics that may result from the d. Personal computers
nature of CIS processing include, except
a. Absence of input documents. 20. The nature of the risks and the internal
b. Lack of visible transaction trail. characteristics in CIS environment that the auditors
c. Lack of visible output. are mostly concerned include the following except:
d. Difficulty of access to data and computer a. Lack of segregation of functions.
programs. c. Lack of transaction trails
b. Dependence of other control over
computer processing.

AUDICIS WB CAYANONG.,CPA

Downloaded by Rhea Lyn Gumalog

 Auditing in a CIS Environment Prelim
d. Cost−benefit ratio. d. Yes No

21. Which of the following is least likely a risk 26. Which of the following characteristics distinguishes
characteristic associated with CIS environment? computer processing from manual processing?
a. Errors embedded in an application9s a. Computer processing virtually eliminates
program logic maybe difficult to manually the occurrence of computational error
detect on a timely basis. normally associated with manual
b. Many control procedures that would processing.
ordinarily be performed by separate b. Errors or irregularities in computer
individuals in manual system maybe processing will be detected soon after their
concentrated in CIS. occurrences.
c. The potential unauthorized access to data or c. The potential for systematic error is
to alter them without visible evidence ordinarily greater in manual processing
maybe greater. than in computerized processing.
d. Initiation of changes in the master file is d. Most computer systems are designed so
exclusively handled by respective users that transaction trails useful for audit do
not exist.
22. A collection of data that is shared and used by a
number of different users for different purposes. 27. Which of the following most likely represents a
a. Database significant deficiency in the internal control
b. Information file structure?
c. Master file a. The systems analyst review applications of
d. Transaction file data processing and maintains systems
documentation.
23. . Which of the following least likely indicates b. The systems programmer designs systems
a complexity of computer processing? for computerized applications and
a. Transactions are exchanged electronically maintains output controls.
with other organizations without manual c. The control clerk establishes control over
review of their propriety. data received by the EDP department and
b. The volume of the transactions is such that reconciles control totals after processing
users would find it difficult to identify and d. The accounts payable clerk prepares data
correct errors in processing. for computer processing and enters the
c. The computer automatically generates data into the computer.
material transactions or entries directly to
another applications. 28. Which of the following activities would most likely
d. The system generates a daily exception report be performed in the EDP Department?
a. Initiation of changes to master records.
24. The most critical aspect regarding separation of b. Conversion of information to machine−
duties within information systems is between readable form.
a. Project leaders and programmers c. Correction of transactional errors.
b. Programmers and systems analysts d. Initiation of changes to existing
c. Programmers and computer operators applications.
d. Data control and file librarians
29. For control purposes, which of the following should
25. Which of the following controls is a processing be organizationally segregated from the computer
control designed to ensure the reliability and operations function?
accuracy of data processing? a. Data conversion
b. Systems development
Limit test Validity check test c. Surveillance of CRT messages
a. Yes Yes d. Minor maintenance according to a schedule
b. No No
c. No Yes

AUDICIS WB CAYANONG.,CPA

Downloaded by Rhea Lyn Gumalog

 Auditing in a CIS Environment Prelim
30. Which of the following is not a major reason for 36. The primary reason for an audit by an independent,
maintaining an audit trail for a computer system? external audit firm is:
a. Deterrent to irregularities a. To satisfy governmental regulatory to
b. Analytical procedures requirements
c. Monitoring purposes
b. To guarantee that there are no
d. Query answering
misstatements in the financial
31. An auditor anticipates assessing control risk at a low statements.
level in a computerized environment. Under these c. To provide increased assurance to
circumstances, on which of the following procedures users as to the fairness of the financial
would the auditor initially focus? statements.
a. Programmed control procedures d. To ensure that ay fraud will be
b. Output control procedures
discovered.
c. Application control procedures
d. General control procedures
37. Which of the following factors most likely would
32. An auditor anticipates assessing control risk at a low cause a CPA to not accept a new audit engagement?
level in a computerized environment. Under these a. The prospective client has already
circumstances, on which of the following procedures completed its physical inventory count.
would the auditor initially focus?
b. The CPA lacks an understanding of the
a. Programmed control procedures
prospective client9s operation and
b. Output control procedures
c. Application control procedures industry.
d. General control procedures c. The CPA is unable to review the
predecessor9s auditor working papers.
33. The computer process whereby data processing is d. The prospective client is unwilling to
performed concurrently with a particular activity make all financial records available to
and the results are available soon enough to
the CPA.
influence the course of action being taken or the
decision being made is called:
a. Random access sampling 38. When the Auditing Standards uses the word 89shall99
b. On−line, real−time system relating to a requirement, it means, that the auditor:
c. Integrated data processing a. Must fulfill the responsibilities under all
d. Batch processing system circumstances
b. Must comply with requirements unless
34. Internal control is ineffective when computer
the auditor demonstrates and
department personnel
a. Participate in computer software documents that alternative actions
acquisition decisions. were sufficient to achieve the
b. Design documentation for computerized objectives of the standards.
systems. c. Should consider whether to follow the
c. Originate changes in master file. advice based on the excercise of
d. Provide physical security for program files. professional judgement in the
circumstances.
35. An organizational control over CBIS operations is
a. Run−to−run balancing of control totals d. May choose to change responsibilities
b. Check digit verification of unique identifiers relating to various professional
c. Separation of operating and programming standards that remain under
functions consideration.
d. Maintenance of output distribution logs

AUDICIS WB CAYANONG.,CPA

Downloaded by Rhea Lyn Gumalog

 Auditing in a CIS Environment Prelim
39. When the auditor of a parent entity is also the c. Minimum standards of performance which
auditor of its component. Which of the following must be achieved on each engagement.
factors may influence the auditors descision d. Benchmark to be used on all audits.
whether to send a separate engagement letter to
the entity9s component. 43. As the acceptable level of detection risk decreases
an auditor may.
a. Whether a separate auditor9s report is
a. Reduce substantive test by relying on the
to issued on the component. assessments of inherent and control risk.
b. The components management does b. Postpone the planned timing of substantive
not accept its responsibilities that are tests from interim dates to the year−end.
fundamental to the conduct of an c. Eliminate the assessed level of inherent risk
audit. from consideration as planning factor,
d. Lower the assessed level of control risk
c. The financial reporting framework used
from the maximum level to below the
by the component is unaaceptable.
maximum.
d. The preconditions for an audit of the
components financial statements are 44. Inherent risk and control risk differ from the
not present. detection risk in that they.
a. Arise from the misapplication of auditing
40. Which of the following activities should be procedures.
b. May be assessed in either quantitative or
performed by the auditor at the beginning of the
non−quantitative terms.
current audit engagement ? c. Exist independently of the financial
a. Perform procedures regarding the statement audit.
continuance of the client relationship d. Can be changed at the auditors9 discretion.
and the specific audit engagement.
b. Evaluate compliance with relevant 45. Which of the following would an auditor most likely
ethical requirements, including use in determining the auditors9 preliminary
judgement about materiality?
independence.
a. The anticipated sample size of the planned
c. Establish an understanding of the substantive test.
terms of the engagement. b. The entity9s annualized interim financial
a. A,B statements.
b. B,C c. The results of internal control
c. A,C questionnaire.
d. A,B,C. d. The contents of the management
representation letter.

41. In financial statement audits, the audit process

should conform with
a. PSA
b. FRS
c. Audit Program
d. Auditor9s judgement

42. Philippine Standards on Auditing should be looked

upon practitioners as:
a. Ideals strive for, but which are not
achievable.
b. Maximum standards which denote
excellent work.

AUDICIS WB CAYANONG.,CPA

Downloaded by Rhea Lyn Gumalog