Characteristics of CIS

Computer processing
virtually eliminates the
occurrence of
A characteristic that distinguishes computational errors
computer processing from manual normally associated with
processing is manual processing.
Which of the following is not an Computers leave a
advantage of a computerized thorough audit trail which
accounting system? can be easily followed
Data can be erased from
A common difficulty in auditing a the computer with no
computerized accounting system is: visible evidence.

Which of the following is least likely

to be considered by an auditor
considering engagement of an
information technology (IT) specialist Requirements to assess
on an audit? going concern status

Computer systems are typically

supported by a variety of utility May enable unauthorized
software packages that are important changes to data files if not
to an auditor because they properly controlled.

The characteristics that distinguish

computer processing from manual
processing include the following:

1) Computer processing uniformly

subjects like transactions to the same
instructions.

2) Computer systems always

ensure that complete transaction
trails useful for audit purposes are
preserved for indefinite purpose.

3) Computer processing virtually

eliminates the occurrence of clerical
errors normally associated with
manual processing.

4.) Control procedures as to

segregation of functions may no
longer be necessary in computer Only statements 1 and 3
environment are true
Which of the following statements
most likely represents a disadvantage
for an entity that maintains data files It is usually easier for
on personal computers (PCs) rather unauthorized persons to
than manually prepared files? access and alter the files.
Specific methods in
Which would largely change in an implementing the basic
audit of a CIS environment? audit concepts

Manual elements in internal control

may be more suitable where
judgment and discretion are required
such as for the following
circumstances (choose the High volume or recurring
exception): transactions

Internal control in a CIS environment

Matthews Corp. has changed from a

system of recording time worked on
clock cards to a computerized payroll
system in which employees record
time in and out with magnetic cards.
The computer system automatically
updates all payroll records. Because Part of the audit trail is
of this change altered.

In planning the portions of the audit

which may be affected by the client’s
CIS environment, the auditor should
obtain an understanding of the
significance and complexity of the CIS
activities and the availability of data Material financial
for use in the audit. The following statement assertions are
relate to the complexity of CIS affected by the computer
activities except when processing.

Which of the following is correct They are designed to detect

about check digits? transcription errors.
The management of ABC Co. suspects
that someone is tampering with pay
rates by entering changes through
the Co.’s

remote terminals located in the

factory. The method ABC Co. should
implement to protect the system
from these unauthorized alterations
to the system’s files is Passwords

The possibility of erasing a large

amount of information stored on
magnetic tape most likely would be
reduced by the use of File protection rings

A company using EDI (electronic data

interchange) made it a practice to
track the functional
acknowledgments from trading
partners and to issue warning
messages if acknowledgments did
not occur within a reasonable length Transmission of EDI
of time. What risk was the company transactions to trading
attempting to address by this partners may sometimes
practice? fail.

An auditor would be most likely to

assess control risk at the maximum
level in an electronic environment Fixed asset transactions are
with automated system-generated few in number, but large in
information when peso amount.

Mill Co. uses a batch processing

method to process its sales
transactions. Data on Mill’s sales
transaction tape are electronically
sorted by customer number and are
subjected to programmed edit checks
in preparing its invoices, sales
journals, and updated customer
account balances. One of the direct
outputs of the creation of this tape Report showing exceptions
most likely would be a and control totals

To avoid invalid data input, a bank

added an extra number at the end of
each account number and subjected
the new number to an algorithm. This
technique is known as A check digit `
 Enter invalid identification
To obtain evidence that online access numbers or passwords to
controls are properly functioning, an ascertain whether the
auditor most likely would system rejects them.

Where computers are used, the

effectiveness of internal control
depends, in part, upon whether the
organizational structure includes any
incompatible functions. Such a
combination would exist when there Programming and
is no separation of duties between computer operator
End-user computing is an example of
which of the following? Decentralized processing

Which of the following would not be

an appropriate procedure for testing Testing for the serial
the general control activities of an sequence of source
information system? documents.

An entity should plan the physical

location of its computer facility.
Which of the following is the primary
consideration for selecting a
computer site? It should provide security.
Controls for documenting
and approving programs
Application controls do not include and changes to programs

Data need to be added with

a mathematically calculated
Which of the following input controls digit to detect transposition
describes a “self-checking digit”? errors

Using microcomputers in auditing Working paper

may affect the methods used to documentation may not
review the work of staff assistants contain readily observable
because details of calculations.

Encryption performed by
Which of the following statements is physically secure hardware
correct concerning the security of devices is more secure than
messages in an electronic data encryption performed by
interchange (EDI) system? software.
An entity installed antivirus software
on all its personal computers. The
software was designed to prevent
initial infections, stop replication
attempts, detect infections after their
occurrence, mark affected system
components, and remove viruses
from infected components. The
major risk in relying on antivirus
software is that it may Not detect certain viruses.

The completeness test of computer-

generated sales figures can be tested
by comparing the number of items
listed on the daily sales report with
the number of items billed on the
actual invoices. This process uses Control totals

Preventing someone with sufficient

technical skill from circumventing
security procedures and making
changes to production programs is Providing suitable
best accomplished by segregation of duties
A well-prepared flowchart should Trace the origin and
make it easier for the auditor to disposition of documents

Client/server architecture may

potentially involve a variety of
hardware, systems software, and
application software from many
vendors. The best way to protect a A combination of
client/server system from application and general
unauthorized access is through access control techniques

The internal auditor is reviewing a

new policy on electronic mail. Erasing all employee’s
Appropriate elements of such a policy electronic mail immediately
would include all of the following upon employment
except: termination

Controls on procedures
used to initiate, record,
process and report
transactions or other
General IT-controls do not include financial data
A company’s management is
concerned about computer data
eavesdropping and wants to maintain
the confidentiality of its information
as it is transmitted. The company
should utilize Data encryption

The Internet is a private

network that only allows
Which of the following statements access to authorized
concerning the Internet is incorrect? persons or entities.
Which of the following passwords
would be most difficult to crack? 12 HOUSE 24

If a control total were to be

computed on each of the following
data items, which would best be
identified as a hash total for a payroll
CIS application? Department numbers

One major category of computer

viruses is programs that attach
themselves to other programs, thus
infecting the other programs. While
many of these viruses are relatively
harmless, some have the potential to
cause significant damage. Which of
the following is an indication that a
computer virus of this category is Unexplainable losses of or
present? changes to data

It is more likely to result in

Which of the following is correct an easy-to-follow audit trail
concerning batch processing of than is on-line transaction
transactions? processing.

Totals of amounts in computer-

record data fields, which are not
usually added but are used only for
data processing control purposes are
called Hash totals
A widely used disaster recovery
approach includes Regular backups

Good planning will help an

organization restore computer
operations after a processing outage. Backup/restart procedures
Good recovery planning should have been built into job
ensure that streams and programs.
Which function or activity is not Conversion of data to
performed in the user department? machine-readable format

Auditing around the computer

Which of the following is not among
the errors that an auditor might
include in the test data when auditing Numeric characters in
a client’s computer system? alphanumeric fields

Which of the following methods of

testing application controls utilizes a
generalized audit software package
prepared by the auditors? Parallel simulation

When an auditor tests a Test data are processed by

computerized accounting system, the client’s computer
which of the following is true of the programs under the
test data approach? auditor’s control.
Test data must consist of all
Which of the following statement is possible valid and invalid
not true about test data? conditions.

Auditing by testing the input and Not detect program errors

output of a computer system instead which do not show up in
of the computer program itself will the output sampled

Which of the following computer-

assisted auditing techniques
processes client input data on a
controlled program under the
auditor’s control to test controls in
the computer system? Test data

Which of the following computer-

assisted auditing techniques allows
fictitious and real transactions to be
processed together without client
operating personnel being aware of Integrated test facility
the testing process? approach
Verify processing accuracy
An ITF would be appropriate when concurrently with
the auditor needs to processing

Which of the following combinations

is correct?

1) Integrated test facility

(1) Test data, live program;
2) Test data (2) Test data, live program;
(3) Live data, test
3) Paralel simulation program
Parallel simulation is an audit
technique employed to verify
processing by making use of audit
test programs. These audit test
programs “simulate” the processing
logic of an application program or
progress under review. Which Live transactions are
statement indicates the use of processed using test
parallel simulation? programs

The auditor traces adding

machine tapes of sales
order batch totals to a
Which of the following is an example computer printout of the
of auditing “around” the computer? sales journal.
In a highly automated information May be required in some
processing system tests of control circumstances

The following are benefits of using IT- Over-reliance on computer-

based controls, except generated reports.

Which of the following strategies

would a CPA most likely consider in
auditing an entity that processes Continuous monitoring and
most of its financial data only in analysis of transaction
electronic form, such as a paperless processing with an
system? embedded audit module

It allows fictitious and real

transactions to be
processed together without
the client operating
Which of the following does not personnel being aware of
support the “test data” approach? the testing process.

Output controls ensure that the

results of computer processing are Matching input data with
accurate, complete, and properly information on master files
distributed. Which of the following is and placing unmatched
not a typical output control? items in a suspense file

An auditor estimates that 10,000

checks were issued during the
accounting period. If a computer
application control which performs a
limit check for each request is to be
subjected to the auditor’s test data
approach, the sample should include One transaction
A retail entity uses electronic data
interchange (EDI) in executing and
recording most of its purchase
transactions. The entity’s auditor
recognized that the documentation
of the transactions will be retained
for only a short period of time. To Perform tests several times
compensate for this limitation, the during the year, rather than
auditor most likely would only at year-end.

An auditor most likely would

introduce test data into a
computerized payroll system to test Discovery of invalid
controls related to the employee I.D. numbers

Auditing through the computer

(CAATS)

Auditors often make use of computer

programs that perform routine
processing functions such as sorting
and merging. These programs are
made available by electronic data
processing companies and others and
are specifically referred to as Utility programs
An auditor is least likely to find that a Dynamic linking character
client’s data is input through reader

It involves application of auditing

procedures using the computer as an
audit tool. This includes computer
programs and data the auditor uses
as part of the audit procedures to
process data of audit significance
contained in an entity’s information Computer-assisted audit
systems. techniques
In auditing through a computer, the
test data method is used by the Procedures contained
auditors to test the within the program

The employee entered “40” in the

“hours worked per day” field. Which
check would detect this unintentional
error? Limit check

An auditor who wishes to capture an

entity’s data as transactions are
processed and continuously test the
entity’s computerized information
system most likely would use which
of the following techniques? Embedded audit module
 The focus is more on the
Which is most likely correct about processing rather than the
“whitebox audit” or “auditing input and output
through the computer”? components of the system.

Identify and reserve the

A primary reason auditors are fictitious entries to avoid
reluctant to use an ITF is that it contamination of master
requires them to file

The test data approach

Which of the following is an incorrect involves processing the
statement regarding testing client's data on a test basis
strategies related to auditing through to determine the integrity
the computer? of the system.

Smith Corporation has numerous

customers. A customer file is kept on
disk storage. Each customer file
contains name, address, credit limit, Develop a program to
and account balance. The auditor compare credit limits with
wishes to test this file to determine account balances and print
whether credit limits are being out the details of any
exceeded. The best procedure for the account with a balance
auditor to follow would be to exceeding its credit limit.

PAPS 1009 (Computer-Assisted Audit

Techniques) states, “Customized or
purpose-written programs perform
audit tasks in specific circumstances
where package audit software is
deemed unsuitable usually because
system constraints make it difficult or
impossible to use.” A purpose-written
program may be developed by

1) The auditor

2) The entity being audited

3) An outside programmer hired by 1) Yes 2) Yes 3)

the auditor Yes
An entity has recently converted its
purchasing cycle from a manual
process to an online computer
system. Which of the following is a
probable result associated with Traditional duties are less
conversion to the new IT system? separated.

The use of a computer changes the

processing, storage, and
communication of financial
information. A CIS environment may The overall objective and
affect the following, except scope of an audit.
Computer program libraries can best Restricting physical and
be kept secure b logical access
A “hot site” is most frequently
associated with Disaster recovery
Which attribute below relates more Similar transactions are
to computer processing than manual uniformly subjected to
processing? similar instructions.
Which of the following is a risk that is
higher when an electronic funds Unauthorized access and
transfer (EFT) system is used? activity
Internal control is ineffective when Originate changes in master
computer personnel files

The computer flags any

transmission for which the
control field value did not
Which of the following is an example match that of an existing
of a validity check? file record.

The specific methods

appropriate for
implementing the basic
auditing concepts do not
Which of the following presumptions change, as systems become
is not correct? more complex.
The discount rate set by the Federal Rate that the central bank
Reserve System is the CMA charges for loans to
0694 1-196 commercial banks
The discount rate set by the Federal Rate that the central bank
Reserve System is the CMA charges for loans to
0694 1-197 commercial banks
The discount rate set by the Federal Rate that the central bank
Reserve System is the CMA charges for loans to
0694 1-198 commercial banks
The discount rate set by the Federal Rate that the central bank
Reserve System is the CMA charges for loans to
0694 1-199 commercial banks
The discount rate set by the Federal Rate that the central bank
Reserve System is the CMA charges for loans to
0694 1-200 commercial banks
The discount rate set by the Federal Rate that the central bank
Reserve System is the CMA charges for loans to
0694 1-201 commercial banks
The discount rate set by the Federal Rate that the central bank
Reserve System is the CMA charges for loans to
0694 1-202 commercial banks
The discount rate set by the Federal Rate that the central bank
Reserve System is the CMA charges for loans to
0694 1-203 commercial banks
The discount rate set by the Federal Rate that the central bank
Reserve System is the CMA charges for loans to
0694 1-204 commercial banks
The discount rate set by the Federal Rate that the central bank
Reserve System is the CMA charges for loans to
0694 1-205 commercial banks
The discount rate set by the Federal Rate that the central bank
Reserve System is the CMA charges for loans to
0694 1-206 commercial banks
The discount rate set by the Federal Rate that the central bank
Reserve System is the CMA charges for loans to
0694 1-207 commercial banks
The discount rate set by the Federal Rate that the central bank
Reserve System is the CMA charges for loans to
0694 1-208 commercial banks
The discount rate set by the Federal Rate that the central bank
Reserve System is the CMA charges for loans to
0694 1-209 commercial banks
The discount rate set by the Federal Rate that the central bank
Reserve System is the CMA charges for loans to
0694 1-210 commercial banks
The discount rate set by the Federal Rate that the central bank
Reserve System is the CMA charges for loans to
0694 1-211 commercial banks
The discount rate set by the Federal Rate that the central bank
Reserve System is the CMA charges for loans to
0694 1-212 commercial banks
The discount rate set by the Federal Rate that the central bank
Reserve System is the CMA charges for loans to
0694 1-213 commercial banks
The discount rate set by the Federal Rate that the central bank
Reserve System is the CMA charges for loans to
0694 1-214 commercial banks