1. Which attribute below relates more to computer processing than manual processing?

- Similar transactions are uniformly subjected to similar transactions

2. A characteristic that distinguishes computer processing from manual processing is?
- Computer processing virtually eliminates the occurrence of computational errors
normally associated with manual processing
3. The characteristics that distinguish computer processing from manual processing include
the following:
- Only statements 1 & 3 are true
(1)Computer processing uniformly subjects like transactions to the same
instructions.
(3) Computer processing virtually eliminates the occurrence of clerical errors
normally associated with manual processing

4. Which of the following is least likely to be considered by an auditor considering engagement of

an information technology (IT) specialist on an audit?

- Requirements to assess going concern status

5. Which of the following statements most likely represents a disadvantage for an entity that
maintains data files on personal computers (PCs) rather than manually prepared files?

- It is usually easier for unauthorized persons to access and alter the files

6. Which would largely change in an audit of a CIS environment?

- Specific methods in implementing the basic audit concepts.

7. Which of the following statements most likely represents disadvantaged for an entity that keeps
microcomputer-prepared data files rather than manually prepared files?

- It is usually easier for unauthorized persons to access and alter the files

8. Which of the following is not an advantage of a computerized accounting system?

- Computers leave a thorough audit trail which can be easily followed.

9. Which of the following statements most likely represents a disadvantage for an entity that
maintains data files on personal computers (PCs) rather than manually prepared files?

- It is usually easier for unauthorized persons to access and alter the files

10. Computer systems are typically supported by a variety of utility software packages that are
important to an auditor because they

- May enable unauthorized changes to data files if not properly controlled.

11. Which of the following activities would most likely be performed in the CIS department?

- Conversion of information to machine-readable form

12. A common difficulty in auditing a computerized accounting system is:

- Data can be erased from the computer with no visible evidence

13. The use of a computer changes the processing, storage, and communication of financial
information. A CIS environment may affect the following, except
- The overall objective and scope of an audit

14. Manual elements in internal control may be more suitable where judgement and discretion are
required such as for the following circumstances (choose the exception):

- High volume or recurring transactions

**

1. The internal auditor is reviewing a new policy on electric mail. Appropriate elements of
such a policy would include all of the following except:
- Erasing all employee’s electronic mail immediately upon employment termination
2. In entering the billing address for a new client in Emil Company’s computerized database, a
clerk erroneously entered a non-existent zip code. As a result, the first month’s bill mailed
to the new client was returned to Emil Company. Which one of the following would most
likely have led to discovery of the error at the time of entry into Emil Company’s
computerized database?
- Validity test
3. Matthews Corp. has changed from a system of recording time worked on clock cards to a
computerized payroll system in which employees record time in and out with magnetic
cards. The computer system automatically updates all payroll records. Because of this
change
- Part of the audit is altered
4. A widely used disaster recovery approach includes
- Regular backups
5. ABC Co. updates its accounts receivable master file weekly ad retains the master files and
corresponding update transactions for the most recent 2-week period. The purpose of this
practice is to
- Permit reconstruction of the master file if needed.
6. A corporation receives the majority of its revenue from top-secret military contracts with
the government. Which of the following would be of greatest concern to an auditor
reviewing a policy about selling the company’s used microcomputers to outside parties?
- Whether deleted files on the hard disk drive have been completely erased

7. A company’s management is concerned about computer data eavesdropping and wants to

maintain the confidentiality of its information as it is transmitted. The company should utilize

- Data encryption

8. Which function or activity is not performed in the user department?

- Conversion of data to machine-readable format

9. The management of ABC Co. suspects that someone is tampering with pay rates by entering
changes through the Co.’s remote terminals located in the factory. The method ABC Co. should
implement to protect the system from these unauthorized alterations to the system’s files is

- Passwords

10. An entity has recently converted its purchasing cycle from a manual process to an online
computer system. Which of the following is a probable result associated with conversion to the
new IT system?
- Traditional duties are less separated

11. In traditional information systems, computer operators are generally responsible for backing
up software and data files on a regular basis. In distributed or cooperative systems, ensuring that
adequate backups are taken is the responsibility of

- User management

12. A company is concerned that a power outage or disaster could impair the computer hardware’s
ability to function as designed. The company desires off-site backup hardware facilities that are
fully configured and ready to operate within several hours. The company most likely should
consider a

- Hot site

13. The internal controls over computer processing include both manual procedures and
procedures designed into computer programs (programmed control procedures). These manual
and programmed control procedures comprise the general CIS control and CIS application controls.
The purpose of general CIS control is to

- Establish a framework of overall controls over the CIS activities and to provide a reasonable level of
assurance that the overall objectives of internal control are achieved.

14. Which of the following is a password security problem?

- Users are assigned passwords when accounts are created, but do not change them

15. Which of the following statements concerning the internet is incorrect?

- The Internet is a private network that only allows access to authorized persons or entities

16. Which of the following statements is correct concerning the security of messages in an
electronic data interchange (EDI) system?

- Encryption performed by physically secure hardware devices is more secure than encryption
performed by software.

17. Which of the following statements is correct concerning internal control when a client is using
an electronic data interchange system for its sales?

- Encryption controls may help to assure that messages are unreadable to unauthorized persons.

18. General IT -controls do not include

- Controls on procedures used to initiate, record, process and report transactions or other financial
data.

19. Using microcomputers in auditing may affect the methods used to review the work of staff
assistants because

- Working paper documentation may not contain readily observable details of calculations

20. Which of the following is a password security problem?

- Users are assigned passwords when accounts are created, but do not change them
21. Client/server architecture may potentially involve a variety of hardware, systems software, and
application software from many vendors. The best way to protect a client/server system from
unauthorized access is through

- A combination of application and general access control techniques.

22. Which of the following is not an example of an application control?

- An equipment failure causes an error message on the monitor.

23. A “hot site” is most frequently associated with

- Disaster recovery

24. In planning the portions of the audit which may be affected by the client’s CIS environment,
the auditor should obtain an understanding of the significance and complexity of the CIS activities
and the availability of data for use in the audit. The following relate to the complexity of CIS
activities except when

- Material financial statement assertions are affected by the computer processing

25. Which of the following functions within the CIS department are incompatible?

- Data input and data conversion

26. Which of the following statements is correct concerning internal control when a client is using
an electronic data interchange system for its sales?

- Encryption controls may help to assure that messages are unreadable to unauthorized persons

27. A clerk inadvertently entered an account number 12368 rather than account number 12638. In
processing this transaction, the errors would be detected with which of the following controls?

- Self-checking digit

28. One major category of computer viruses is programs that attach themselves to other programs,
thus infecting the other programs. While many of these viruses are relatively harmless, some have
the potential to cause significant damage. Which of the following is an indication that a computer
virus of this category is present?

- Unexplainable losses of or changes to data

29. An auditor anticipates assessing control risk at a low level in a CIS environment. Under these
circumstances, on which of the following procedures would the auditor initially focus?

- General control procedures

30. A manufacturer is considering using bar-code identification for recording information on parts
used by the manufacturer. A reason to use bar codes rather than other means of identification is to
ensure that

- the movement of parts is easily and quickly recorded

31. Which of the following is a computer test made to ascertain whether a given characteristics
belongs to the group?

- Validity check
32. End-user computing is an example of which of the following?

- Decentralized processing

33. Which of the following controls most likely would assure that an entity can reconstruct its
financial records?

- Backup diskettes or tapes of files are stored away from originals

34. The completeness test of computer-generated sales figures can be tested by comparing the
number of items listed on the daily sales report with the number of items billed on the actual
invoices. This process uses

- Control totals

35. Which of the following is unique to CIS?

- Error listing

36. Which of the following input controls describes a “self-checking digit”?

- Data need to be added with a mathematically calculated digit to detect transposition errors

37. An auditor would be most likely to assess control risk at the maximum level in an electronic
environment with automated system-generated information when

- Fixed asset transactions are few in number, but large in peso amount

38. Total of amounts in computer-record data fields, which are not usually added but are used only
for data processing control purposes are called

- Hash totals

39. End-user computing is most likely to occur on which of the following types of computers?

- Personal computers

40. Good planning will help an organization restore computer operations after a processing outage.
Good recovery planning should ensure that

- Backup/restart procedures have been built into job streams and programs

41. A critical aspect of a disaster recovery plan is to be able to regain operational capability as soon
as possible. In order to accomplish this, an organization can have an arrangement with its
computer hardware vendor to have a fully operational facility available that is configured to the
user’s specific needs. This is best known as a (n)

- Hot site

42. The auditor shall consider the entity’s CIS environment in designing audit procedures to reduce
risk to an acceptably low level. Which of the following statements is incorrect?

- The methods of applying audit procedures to gather audit evidence are not influenced by the
methods of computer processing

43. Which of the following computer-assisted auditing techniques allows fictitious and real
transactions to be processed together without client operating personnel being aware of the
testing process?
- Integrated test facility approach

44. The following are benefits of using IT-based controls, except

- Over-reliance on computer-generated reports

45. Which of the following is not among the errors that an auditor might include in the test data
when auditing a client’s computer system?

- Numeric characters in alphanumeric fields

46. An auditor most likely would introduce test data into a computerized payroll system to test
controls related to the

- Discovery of invalid employee I.D. numbers

47. In a highly automated information processing system tests of control

- May be required in some circumstances

48. Which of the following strategies would a CPA most likely consider in auditing an entity that
processes most of its financial data only in electronic form, such as paperless system?

- Continuous monitoring and analysis of transaction processing with an embedded audit module

49. Output controls ensure that the results of computer processing are accurate, complete, and
properly distributed? Which of the following is not a typical output control?

- Matching input data with information on master files and placing unmatched items in a suspense
file

50. An auditor estimates that 10,000 checks were issued during the accounting period. If a
computer application control which performs a limit check for each request is to be subjected to
the auditor’s test data approach, the sample should include

-One transaction

51. Parallel simulation is an audit technique employed to verify processing logic by making use of
audit test programs. These audit test programs “simulate” the processing logic of an application
program or programs under review. Which statement indicates the use of parallel simulation audit
technique?

-Live transactions are processed using test programs

52. Which of the following combinations is correct?

- (1) Test data, live program (2) Test data, live program (3) Live data, test program

53. A retail entity uses electronic data interchange (EDI) in executing and recording most of its
purchase transactions. The entity’s auditor recognized that the documentation of the transactions
will be retained for only a short period of time. To compensate for this limitation, the auditor most
likely would

- Perform tests several times during the year, rather than only at year-end

54. In a highly automated information processing system tests of control

- May be required in some circumstances

55. Auditing by testing the input and output of a computer system instead of the computer
program itself with

- Not detect program errors which do not show up in the output sampled.

56. Which of the following methods of testing application controls utilizes a generalized audit
software package prepared by the auditors?

- Parallel simulation

57. Which of the following statement is not true about test data?

- Test data must consist of all possible valid and invalid conditions

58. Which of the following does not support the “test data” approach?

- It allows fictitious and real transactions to be processed together without the client operating
personnel being aware of the testing process.

59. When an auditor tests a computerized accounting system, which of the following is true of the
test data approach?

- Test data are processed by the client’s computer programs under the auditor’s control

60. An ITF would be appropriate when the auditor needs to

-Verify processing accuracy concurrently with processing

61. The employee entered “40” in the “hours worked per day” field. Which check would detect this
unintentional error?

- Limit check

62. PAPS 1009 (Computer-Assisted Audit Techniques) states, “Customized or purpose-written

programs perform audit tasks in specific circumstances where package audit software is
deemed unsuitable usually because system constraints make it difficult or impossible to
use.” A purpose-written program may be developed by (1) The auditor (2) The entity being
audited (3) An outside programmer hired by the auditor

- 1) Yes 2) Yes 3) Yes

63. Which is most likely correct about “whitebox audit” or “auditing through the computer”?

- The focus is more on the processing rather than the input and output components of the system

64. An auditor who wishes to capture a entry’s data as transactions are processed and
continuously test the entity’s computerized information system most likely would use
which of the following techniques?

- Embedded audit module

65. In auditing through a computer, the test data method is used by the auditors to test the

- Procedures contained within the program

66. Which of the following is an incorrect statement regarding testing strategies related to auditing
through the computer?
- The test data approach involves processing the client’s data o a test basis to determine the integrity
of the system

67. Smith Corporation has numerous customers. A customer file is kept on disk storage. Each
customer file contains name, address, credit limit, and account balance. The auditor
wishes to test this file to determine whether credit limits are being exceeded. The best
procedure for the auditor to follow would be to

- Develop a program to compare credit limits with account balances and print out the details of any
account with a balance exceeding its credit limit.

68. A primary reason auditors are reluctant to use an ITF is that it requires them to

- Identify and reserve the fictitious entries to avoid contamination of master file

69. Auditors often make use of computer programs that perform routine processing functions such
as sorting and merging. These programs are made available by electronic data processing
companies and others and are specifically referred to as

- Utility programs

70. An auditor is least likely to find that a clients’ s data is input through

- Dynamic linking character reader

71. It involves applications of auditing procedures using the computer as an audit tool. This
includes computer programs and data the auditor uses as part of the audit procedures to
process data of audit significance contained in an entity’s information systems.

- Computer-assisted audit techniques

73. Which of the following would not be an appropriate procedure for testing the general control
activities of an information system?

- Testing for the serial sequence of source documents

74. After the preliminary phase of the review of a client’s computer controls, an auditor may
decide not to perform tests of controls (compliance tests) related to the controls within the
computer portion of the client’s internal control. Which of the following would not be valid
reason for choosing to omit such tests?

- The controls appear adequate

75. Preventing someone with sufficient technical skill from circumventing security procedures and
making changes to production programs is best accompanied by

- Providing suitable segregation of duties

76. A company often revises its production processes. The changes may entail revisions to
processing and result in minimal risk to the system is a function of

- Change control

77. Which of the following is correct concerning batch processing of transactions?

- It is more likely to result in an easy-to-flow audit trail than is on-line transaction processing
78. Which of the following computer-assisted auditing techniques processes client input data on a
controlled program under the auditor’s control to test controls in the computer system?

- Parallel simulation

79. Which of the following is correct about check digits?

- They are designed to detect transcription errors