DE LA SALLE UNIVERSITY MANILA

RVR COB DEPARTMENT OF ACCOUNTANCY

REVDEVT 1st AY 15 - 16
Auditing Theory
AT Quizzer 12

Prof. Francis H.Villamin

Auditing in a Information Systems (CIS) Environment

1.

A computer information systems (CIS) environment exists when:

a. A computer of any type or size is involved in the processing by the entity of financial
information of significance to the audit, only if that computer is operated by the entity.
b. A computer of any type or size is involved in the processing by the entity of financial
information of significance to the audit, only if that computer is operated by a third party.
c. Only a personal computer is involved in the processing by the entity of financial information of
significance to the audit, whether that computer is operated by the entity or by a third party.
d. A computer of any type or size is involved in the processing by the entity of financial
information of significance to the audit, whether that computer is operated by the entity or by a
third party.

2.

The characteristics that distinguish computer processing from manual processing include the
following:
I.
II.
III.
IV.
a.
b.
c.
d.

Computer processing uniformly subjects like transactions to the same instructions.

Computer systems always ensure that complete transaction trails useful for audit purposes are
preserved for indefinite periods.
Computer processing virtually eliminates the occurrence of clerical errors normally associated
with manual processing.
Control procedures as to the segregation of functions may no longer be necessary in a
computerized environment.
All of the above statements are true.
Only statements I and III are true.
Only statements III and IV are true.
All of the above statements are false.

3.

A characteristic that distinguishes computer processing from manual processing is

a. The potential for systematic error is ordinarily greater in manual processing than in
computerized processing.
b. Errors or fraud in computer processing will be detected soon after their occurrences.
c. Most computer systems are designed so that transaction trails useful for audit purposes do not
exist.
d. Computer processing virtually eliminates the occurrence of computational errors normally
associated with manual processing

4.

The objective of understanding that internal control structure and assessing control risk in a CIS
environment is
a. To aid in determining the audit evidence that should be accumulated.
b. To gain an understanding of the computer hardware and software.
c. To evaluate managements efficiency in designing and using the CIS.
d. To determine if the CPA firm must have a CIS auditor on the team.

5.

Should the auditor feel, after obtaining an understanding of the CIS internal structure, that control
risk cannot be reduced, he or she will
a. Issue a disclaimer.
b. Issue an adverse opinion.
c. Increase the sample size for tests of controls.
d. Expand the substantive testing portion of the audit.

AT Quizzer 12
6.

Information Systems Audit & Assurance

Page 2

When a client uses a computer but the auditor chooses to use only the non CIS segment of the
internal control structure to assess the control risk, it is referred to as auditing around the computer.
Which one of the following conditions need not be present to audit around the computer?
a. The source documents must be available in a non-machine language.
b. The documents must be filed in a manner that makes it possible to locate them.
c. Computer programs must be available in English.
d. The output must be listed in sufficient detail to enable the auditor to trace individual
transactions.

7. Control risk assessment when a computer is used would not involve

a. Identifying specific control procedures designed to achieve the control objectives.
b. Identifying the interdependent control procedures which must function for an identified specific
control procedure to be effective.
c. Evaluating the design of control procedures to determine control risk.
d. Performance of specific tests of control audit procedures.
8. Which of the following represent examples of general, application and user controls activi ties,
respectively, in the computer environment?
a. Control over access to programs, computer exception reports, and manual checks of computer
output.
b. Manual checks of computer output, control over access to programs, and computer exception
reports.
c. Computer exception reports, control over access to programs, and manual checks of computer
output.
d. Manual checks of computer output, computer exception reports, and control over access to
programs.
9. Which of the following is least likely a risk characteristic associated with a CIS environment?
a. Error embedded in an applications program logic may be difficult to manually detect on a
timely basis.
b. The separation of functional responsibilities diminishes in a computerized environment.
c. Initiation of changes in the master file is exclusively handled by respective users.
d. The potential unauthorized access to data or to alter them without visible evidence may be
greater.
10. The use of a computer changes the processing, storage, and communication of financial information.
A CIS environment may affect the following, except:
a. The accounting and internal control systems of the entity.
b. The overall objective and scope of an audit.
c. The auditors design and performance of tests of control and substantive procedures to satisfy
the audit objectives.
d. The specific procedures to obtain knowledge of the entitys accounting and internal control
systems.
11. Which of the following is an incorrect statement regarding testing strategies related to auditing
through the computer?
a. The test data approach involves processing the clients data on a test basis to determine the
integrity of the system.
b. The test data approach involves processing the auditors test data on the clients computer
system to determine whether computer-performed controls are working properly.
c. Test data should include all relevant data conditions that the auditor is interested in testing.
d. When the auditor uses the embedded audit module approach, an audit module is inserted in the
clients system to capture transactions with certain characteristics.
12.

When conducting an audit in a CIS environment, an auditor is required to have sufficient

knowledge of the CIS to plan, direct , supervise and review the work performed. Moreover, the
auditor should consider whether specialized CIS skills are needed in the audit, and if these are
needed, the auditor would consider seeking the assistance of a professional possessing such skills.
This individual is
I.
A staff member of the audit firm.
II. An outside professional an expert according to PSA 620 (Using the Work of an Expert)
a.
b.
c.
d.

I only
II only
Either I or II
Neither I nor II

AT Quizzer 12

Information Systems Audit & Assurance

Page 3

13. A system with several computers that are connected for communication and data transmission
purposes, but where each computer can also process its own data, is known as
a. Distributed data processing network.
b. Multidrop network
c. Centralized network.
d. Decentralized network.
14. A compiler is
a. A procedure-oriented language.
b. A machine that converts procedure oriented language to a machine language.
c. A program that converts procedure oriented language to a machine language.
d. A program that translate symbolic language to machine language.
15. An operating system is
a. The assembler program including the source and object program.
b. All hardware and software needed to operate the computer system.
c. The program that manage the processing operations of the computer.
d. Only the hardware of the computer system.
16. A CIS where two or more personal computers are linked together through the use of special
software and communication lines and allows the sharing of application software, data files, and
computer peripherals such as printers and optical scanners is a/an
a. Local area network (LAN).
b. On-line system.
c. Batch processing system.
d. Wide area network (WAN).
17. What type of online computer system is characterized by data that are assembled from more than
one location and records that are updated immediately?
a. Online, batch processing system.
b. Online, real-time processing system.
c. Online, inquiry system.
d. Online, downloading/uploading system.
18. Mainframe computer systems include several advanced processing procedures. Two of the most
common processing procedures are multiprocessing and multiprogramming. Which of the following
statements about these processing procedures is false?
a. Multiprogramming allows multiple programs to be executed at exactly the same time.
b. Multiprogramming switches back and forth between programs during processing.
c. Multiprocessing allows the sharing of a central memory during processing.
d. Multiprocessing allows multiple programs to be executed at exactly the same time.
19. When the client has a large number of transactions that processed by stand alone personal
computer, the auditor
a. May do tests of controls which he intends to rely on, if appropriate, to reduce the assessed
control risk, and do audit work on the data a preliminary date.
b. Understand the control environment and flow of transactions but must omit preliminary audit
tests.
c. May do tests of controls and if those controls can be relied on, do interim testing and omit year
end audit testing.
d. Usually omits the understanding of control environment because the stand alone personal
compute environment is not reliable.
20. How does the stand alone personal computer environment of the client entity affect the auditors
procedures?
a. The auditor often assumes that control risk is reasonably low.
b. Because of the advantage provided by the use of stand alone personal computers, the audit
procedures are restricted to low level.
c. The auditor usually concentrates the audit efforts on substantive tests at or near the end of the
year.
d. To be cost effective, the auditor makes an extensive review of general CIS and CIS application
controls as basis of reducing the audit efforts to be performed on detailed testing of balances
and transaction classes.

AT Quizzer 12

Information Systems Audit & Assurance

Page 4

21. Audit team members can use the same database and programs when their PCs share a hard disk
and printer on a LAN. Which of the following communication devices enables a PC to connect to a
LAN?
a. A network interface card (NIC) that plugs into the motherboard.
b. A fax modem that sends that plugs into the motherboard.
c. An internal modem that plugs into the motherboard.
d. An external modem with a cable connection to a serial port.
22.

Auditing in a Computer Information Systems Environment, states, In planning the portions of the
audit which may be affected by the clients CIS environment, the auditor should obtain an
understanding of the significance and complexity of the CIS activities and the availability of data
for use in the audit. The following relate to the complexity of CIS activities except when
a. Transactions are exchanged electronically with other organizations (for example, in electronic
data interchange systems (EDI).
b. Complicated computations of financial information are performed by computer and/or material
transactions or entries are generated automatically without independent validation.
c. Material financial assertions are affected by computer processing.
d. The volume of transactions is such that users would find it difficult to identify and correct errors
in processing.

23.

The auditor is required by the standard to consider the CIS environment in designing audit
procedures to reduce risk to an acceptably low level. Which of the following statements is
incorrect?
a. The auditors specific audit objectives do not change whether financial information is
processed manually or by the computer.
b. The methods of applying audit procedures to gather audit evidence are not influenced by the
methods of computer processing.
c. The auditor may use either manual audit procedures, computer-assisted audit techniques
(CAATs), or a combination of both to obtain sufficient appropriate audit evidence.
d. In some CIS environments, it may be difficult or impossible for the auditor to obtain certain
data for inspection, inquiry, or confirmation without the aid of computer.

24.

Regardless of the nature of an entitys environment, the auditor must consider internal control. In
a CIS environment, the auditor must, at a minimum, have
a. A background in programming procedures.
b. An expertise in programming procedures.
c. A sufficient knowledge of the computers operating system.
d. A sufficient knowledge of the computer information system.

25.

The use of CIS will least likely affect the

a. The procedures followed by the auditor in obtaining a sufficient understanding of the
accounting and internal control systems.
b. The auditors specific objectives.
c. The consideration of inherent risk and control risk through which the auditor arrives at the risk
assessment.
d. The auditors design and performance of tests of control and substantive procedures
appropriate to meet the audit objective.

26.

Who is ultimately responsible for the design and implementation of cost-effective controls in a CIS
environment?
a. The internal audit manager.
b. The entitys management.
c. The CIS manager.
d. The control group in the CIS environment.

27.

Which of the following is unique to CIS?

a. Error listing.
b. Flowchart.
c. Questionnaires.
d. Pre-numbered documents.

AT Quizzer 12
28.

Information Systems Audit & Assurance

Are the following risks greater in CIS than in manual systems?

a
b
Erroneous data conversion
Yes
Yes
Erroneous source document preparation
Yes
Yes
Repetition of errors
No
No
Concentration of data
Yes
No

c
Yes
Yes
Yes
Yes

Page 5

d
Yes
No
Yes
Yes

29.

Which of the following is not a hardware element in a CIS environment?

a. Scanners.
b. CD-Rom drive.
c. Application programs.
d. Modems.

30.

A computer information system that allows individual users to develop and execute application
programs, enter and process data, and generate reports in a decentralized manner is called a/an:
a. Online system.
b. Batch processing system.
c. End-user computing.
d. Networking.

31.

Which of the following statements most likely represents a disadvantage for an entity that
maintains data files on personal computers (PCs) rather than manually prepared files?
a. It is usually more difficult to compare recorded accountability with the physical count of assets.
b. Random error associated with processing similar transactions in different ways is usually
greater.
c. Attention is focused on the accuracy of the programming process rather than errors in
individual transactions.
d. It is usually easier for unauthorized persons to access and alter the files.

32.

Misstatements in a batch computer system caused by incorrect programs or data may not be
detected immediately because
a. The processing of transactions in a batch system is not uniform.
b. There are time delays in processing transactions in a batch system.
c. The identification of errors in input data typically is not part of the program.
d. Errors in some transactions may cause rejection of other transactions in the batch.

33.

Compliance testing of an advanced CIS

a. Can be performed using only actual transactions since testing of simulated transactions is of
no consequence.
b. Can be performed using actual transactions or simulated transactions.
c. Is impractical since many procedures within the CIS activity leave no visible evidence of
having been performed.
d. Is inadvisable because it may distort the evidence in master files.

34.

Which of the following procedures is an example of auditing around the computer?

a. The auditor traces adding machine tapes of sales order batch totals to a computer printout of
the sales journal.
b. The auditor develops a set of hypothetical sales transactions and using the clients computer
program, enters the transactions into the system and observes the processing flow.
c. The auditor enters hypothetical transactions into the clients processing system during client
processing of live data.
d. The auditor observes client personnel as they process the bi weekly payroll. The auditor is
primarily concerned with computer rejection of data that fails to meet reasonableness limits.

35.

Auditing by testing the input and output of an CIS instead of the computer program itself will
a. Not detect program errors which do not show up in the output sampled.
b. Detect all program errors, regardless of the nature of the output.
c. Provide the auditor with the same type of evidence.
d. Not provide the auditor with confidence in the results of the auditing procedures.

AT Quizzer 12

Information Systems Audit & Assurance

Page 6

36.

Which of the following is incorrect about personal computers?

a. Personal computers may constitute only a part but not the entire computer-based accounting
system.
b. Computer information system environments in which personal computers are used are different
from other CIS environments.
c. Personal computers are economical yet powerful self-contained general-purpose computer
consisting typically of a central processing unit, memory, monitor and other paraphernalia.
d. Certain types of internal controls need to be emphasized due to the characteristics of personal
computer and the environments in which they are used.

37.

How have Electronic Data Interchange (EDI) systems affected audits?

a. Since orders and billing transactions are done over the computer, source documents cannot
be obtained.
b. Auditors often need to plan ahead to capture information about selected transactions over the
EDI.
c. There is no audit trail in an EDI system, so controls are typically assessed as weak.
d. Since all transactions occur over the computer, reliability is high and little substantive testing is
needed.

38.

Which of the following statements is incorrect concerning a client who outsources a portion of its IT
function?
a. Auditors need not be concerned with outsourced IT functions because those functions are
reviewed by other auditors.
b. The extent to which an auditor obtains an understanding of the service centers internal
controls should be based upon the same criteria used to determine the understanding obtained
for a clients internal controls.
c. It is common for single independent auditor to obtain an understanding and test internal
controls of a service center for use by all its customers and their auditors.
d. All of the above are correct statements.

39.

Which of the following is least likely to be of least importance to an auditor in reviewing the internal
control in a company with a computerized system?
a. The segregation of duties within the data processing center.
b. The control over source documents.
c. The documentation maintained for accounting applications.
d. The cost/benefit ratio of data processing operations.

40.

The two requirements, crucial to achieving audit efficiency and effectiveness with microcomputer
are selecting
a. The appropriate software to perform the selected audit tasks and client data that can be
accessed by the auditors microcomputer.
b. Client data that can be accessed by the auditors microcomputer and audit procedures that are
generally applicable to several clients in a specific industry.
c. The appropriate audit tasks for microcomputer applications and the appropriate software to
perform the selected audit tasks.
d. Audit procedures that are generally applicable to several clients in specific industry and the
appropriate audit tasks for microcomputer applications.

41.

Which of the following controls may be built into the application software in order to limit access to
programs and data authorized personnel?
I.
The use of passwords.
II. A written policy of segregation of functions.
III. The use of hidden files and secret file names.
IV. The use of cryptography.
a.
b.
c.
d.

I, II, III and IV.

I, II and III.
I, IV.
I, III, IV.

AT Quizzer 12

Information Systems Audit & Assurance

Page 7

42.

Auditing of computerized records where the computer is used as a tool in the audit:
a. Batch processing
b. Audit trail
c. Auditing around the computer
d. Auditing through the computer.

43.

Auditing from source documents to printed computerized records:

a. COBOL
b. FORTRAN
c. Auditing around the computer
d. Auditing through the computer

44.

Internal accounting control depends in part on the staffing in a computer-user organization in order
to be effective. There will be no incompatible combinations in the CIS organization structure if
there is no separation of the duties between:
a. Programmer and computer operator
b. System analyst and programmer
c. Key punch operator and documentation librarian
d. Programmer and control clerks

45.

A system of tracing items of data from processing step, particularly from a machine produced
report or other machine output back to the original source data:
a. Batch processing
b. Audit trail
c. Auditing around the computer
d. Auditing through the computer

46.

The intention of using generated computer program is to test and analyze the clients computer:
a. Equipment
b. System
c. Processing logic
d. Records

47.

When CIS programs or files can be accessed from terminals, users should be required to enter
a(n)
a. Parity check
b. Personal identification code
c. Self-diagnostic test
d. Echo check

48.

When the auditor tests a computerized accounting system, which of the following is true of the test
data approach?
a. Several transactions of each type must be tested.
b. Test data consist of all possible valid and invalid conditions.
c. Test data are processed by the clients computer program under the auditors control.
d. Several transactions of each type must be tested.

49.

Which of the following CAAT allows fictitious and real transactions to be processed together
without client operating personnel being aware of the testing procedure?
a. Parallel simulation
b. Integrated test facility approach
c. Test data approach
d. Exception report basis

50.

An auditor who is testing CIS controls in a payroll system would most likely use test data that
contain conditions such as
a. Deductions not authorized by employees
b. Overtime not approved by supervisors.
c. Payroll checks with unauthorized signatures
d. Time tickets with invalid job numbers

AT Quizzer 12

Information Systems Audit & Assurance

Page 8

51.

Which of the following controls most likely would assure that an entity can reconstruct its financial
records?
a. Backup diskettes or tapes of files are stored away from originals.
b. Hardware controls are built into the computer by the computer manufacturer.
c. Personnel who are independent of data input perform parallel simulations.
d. System flowcharts provide accurate descriptions of input and output operations.

52.

An auditor anticipates assessing control risk at a low level in a computerized environment. Under
these circumstances, on which of the following procedures would the auditor initially focus?
a. Application control procedures.
b. General control procedures.
c. Output control procedures.
d. Programmed control procedures.

53.

A CIS input controls is designed to ensure that

a. CIS processing has been performed as intended for the particular application.
b. Data received for processing are properly authorized and converted to machine-readable form.
c. Machine processing is accurate.
d. Only authorized personnel have access to the computer area.

54.

Internal control is ineffective when computer department personnel

a. Design documentation for computerized systems.
b. Originate changes to master files.
c. Participate in computer software acquisition decisions.
d. Provide physical security for program files.

55.

Which is not a major reason for maintaining audit trail for a computer system?
a. Analytical procedures
b. Deterrent to fraud
c. Monitoring purposes
d. Query answering

56.

Which of the following types of computer documentation would an auditor most likely to utilize in
obtaining an understanding of the internal control systems?
a. Program listings
b. Record counts
c. Record layouts
d. Systems flowcharts

57.

To obtain evidential matter about control risk, an auditor ordinarily selects tests from variety of
technique, including
a. Analysis
b. Comparisons
c. Confirmations
d. Reprocessing

58.

An auditor would most likely be concerned with which of the following controls in a distributed data
processing system?
a. Access controls
b. Disaster recovery controls
c. Hardware controls
d. System documentation controls

59.

Which of the following is a general control that would most likely assist an entity whose systems
analyst left the entity in the middle of a major project?
a. Check digit verification
b. Grandfather-father-son record retention
c. Input and output validation routines
d. Systems documentation

AT Quizzer 12
60.

Information Systems Audit & Assurance

Page 9

Which of the following most likely represents a weakness in the financial controls of a CBIS?
a. The accounts payable clerk prepares data for computer processing and enters the data into
the computer.
b. The control clerk establishes control over data received by the CBIS department and
reconciles control totals when processing.
c. The systems analyst reviews output and controls the distribution of output from the CBIS
department.
d. The systems programmer designs the operating and control functions of programs and
participates in testing operating systems.

61. In a computerized payroll system environment, an auditor would be least likely to use test data to
test controls related to
a. Agreement of hours per clock cards with hours on the time tickets.
b. Missing employee numbers.
c. Proper approval of overtime by supervisors.
d. Time tickets with invalid numbers.
62. When erroneous data are detected by computer program controls, the data may be excluded from
processing and printed on an error report. This error report should be reviewed and followed up by
the
a. Computer operator.
b. Computer programmer.
c. CIS control group.
d. Systems analyst.
63. To obtain evidence that online access controls are properly functioning, an auditor most likely would
a. Create checkpoints at periodic intervals after live data processing to test for unauthorized use
of the system.
b. Enter invalid identification numbers or passwords to ascertain whether the system rejects them.
c. Examine the transaction log to discover whether any transactions were lost or entered twice due
to a system malfunction.
d. Vouch a random sample of processed transactions to assure proper authorization.
64. Which of the following types of evidence would an auditor most likely examine to determine whether
internal control policies and procedures are operating as designed?
a. Attorneys responses to the auditors inquiries.
b. Client records documenting the use of CBIS programs.
c. Confirmations of receivables verifying account balances.
d. Letters of representations corroborating inventory pricing.
65. To gain access to a banks online customer systems, users must validate themselves with a user
identification code and password. The purpose of this procedure is to provide
a. Context-dependent security.
b. Data security.
c. Physical security
d. Write-protection security.
66. To obtain evidence that user identification and password controls are functioning as designed, an
auditor would most likely
a. Attempt to sign on to the system using invalid user identifications and passwords.
b. Examine statements signed by employees stating that they have not divulged their user
identification and passwords to any other person.
c. Extract a random sample of processed transactions and ensure that the transactions were
appropriately authorized.
d. Write a computer program that simulates the logic of the clients access control software.
67.

What controls are designed to ensure that an organizations computer-based control environment
is stable and well managed?
a. General controls.
b. Application controls.
c. Detective controls.
d. Preventive controls.

AT Quizzer 12
68.

Information Systems Audit & Assurance

Page 10

All the following are effective control procedures to ensure that operators do not make
unauthorized changes to programs and files except
a. Having multiple operators in he computer room during processing.
b. Maintaining and reviewing a log of all operator activity and interventions.
c. Requiring formal written authorization for and documentation of program changes.
d. Rotating duties.

69.

Password effectiveness is enhance by all of the following except

a. Automatic disconnection after several failed attempts
b. Changing passwords frequently.
c. Not displaying the password on the screen.
d. User selection of passwords.

70.

What is the best method to reduce the risk of electronic eavesdropping?

a. Checkpoints and rollback procedures
b. Compatibility tests.
c. Data encryption
d. Using parity bits.

71. In an on-line system, the user enters the customer number and the system responds by displaying
the customer name and asking the user for verification. This is called
a. Closed-loop verification test
b. Compatibility tests
c. Completeness test
d. Redundant data check
72. According to Sys Trust, all of the following are principles a company can use to determine if the
system is reliable except
a. Availability
b. Controllability
c. Integrity
d. Maintainability
73. Which of the following a computer program written especially for audit use?
a. CIS
b. GAS
c. ITF
d. SCARF
74. Which type of audit involves a review of general and application controls, with a focus on
determining if there is a compliance with policies and adequate safeguarding of assets?
a. Compliance audit
b. Financial audit
c. Information systems audit
d. Operational audit
75. Which of the following is not used to detect unauthorized program changes?
a. Parallel simulation
b. Reprocessing
c. Reprogramming code
d. Source code comparison
76. Which of the following a computer technique that assists an auditor in understanding program logic
by identifying all occurrences of specific variables?
a. Automatic flowcharting
b. Mapping program
c. Program tracing
d. Scanning routine
77.

An integrated services digital network is a high-speed phone line that can be used to
a. Access software from the Internet.
b. Access software from a service organization.
c. Encourage end-user computing.
d. Enhance the processing capability of local area networks (LANs).

AT Quizzer 12

Information Systems Audit & Assurance

Page 11

78.

Information systems that access software from the servers and direct print jobs from print servers
are called
a. Intranets.
b. Local area networks (LANs).
c. Telecommunications channels.
d. Service organizations.

79.

Which of the following is not true about test data?

a. Only one transaction of each type needs to be tested.
b. Test data are processed by the clients software under the auditors control.
c. Test data must consist of all possible valid and invalid conditions.
d. Test data should consist only of conditions that interest the auditor.

80.

Processing data through the use of simulated files provides an auditor with information about the
effectiveness of control procedures. One of the CAATs that uses this approach is
a. Audit hooks
b. Base case system evaluation (BCSE)
c. Parallel simulation.
d. Test data.

81. General controls relate to all computer activities and application controls relate to specific tasks.
General controls include
a. Controls designed to assure that all data submitted for processing has been properly
authorized.
b. Controls designed to assure the accuracy of the processing results,
c. Controls for documenting and approving software and changes to software.
d. Controls that relate to the correction and resubmission of data that were initially incorrect.
82. Which of the following CAATs allows fictitious and real transactions to be processed together
without client personnel being aware of the testing process?
a. Audit hooks.
b. Embedded audit modules.
c. Integrated test data.
d. Parallel simulation.
83. One of the major problems in a CIS is that incompatible functions may be performed by the same
individual. One compensating control for this is the use of:
a. Echo checks.
b. Self-checking digit system.
c. Computer-generated hash totals.
d. Computer log
84. If a control total were to be computed on each of the following data items, which would best be
identified as a hash total for a payroll computerized application?
a. Net pay.
b. Department numbers.
c. Hours worked.
d. Total debits and total credits.

85. A computer report which is designed to create an audit trail for each on-line transaction.
a. Transaction file.
b. Master file.
c. Transaction edit report.
d. Transaction log.
86. An internal auditor noted the following points when conducting a preliminary survey in connection
with the audit of an EDP department. Which of the following would be considered a safeguard in
the control system on which the auditor might rely?
a. Programmers and computer operators correct daily processing problems as they arise.
b. The control group works with user organizations to correct rejected input.
c. New systems are documented as soon as possible after they begin processing live data.
d. The average tenure of employees working in the EDP department is ten months.

AT Quizzer 12

Information Systems Audit & Assurance

Page 12

87. A control feature in an electronic data processing system requires the Central Processing Unit
(CPU) to send signals to the printer to activate the print mechanism for each character. The print
mechanism, just prior to printing, sends signal back to the CPU verifying that the proper print
position has been activated. This type of hardware control is referred to as:
a. Echo check.
b. Validity control.
c. Signal control.
d. Check digit control.
88. Which of the following should the auditor not consider of having specialized CIS skills in an audit?
a. The auditor needs to obtain a sufficient understanding of the accounting and internal control
system affected by the CIS environment.
b. The auditor needs to determine the effect of the CIS environment in the assessment of overall
risk and of risk at the account balance and class of transactions level.
c. The need of the auditor to make analytical procedures during the completion stage of audit.
d. Design and perform appropriate tests of controls and substantive procedures.
89. Which of the following characteristics of CIS environment should the auditors be least concerned?
a. Lack of segregation of functions.
b. Cost benefit relationships.
c. Lack of transaction trails.
d. Access control.
90. Which of the following audit techniques most likely provide an auditor with the most assurance
about the effectiveness of the operation of an internal control procedure?
a. Inquiry of client personnel.
b. Recomputation of account balance amounts.
c. Observation of client personnel.
d. Confirmation with outside parties.
91. Creating simulated transactions that are processed through a system to generate results that are
compared with predetermined results, is an auditing procedure referred to as:
a. Desk checking.
b. Use of test data.
c. Completing outstanding jobs.
d. Parallel simulation.
92. When companies write their own software, there is often a high risk of programming and output
errors. If the auditor believes that such a high risk exists, he or she would normally
a. Refuse to accept the engagement.
b. Issue a qualified or adverse opinion.
c. Use generalized audit software (GAS).
d. Audit around the computer.
93. Which of the following is not an advantage of a computerized accounting system?
a. Computers process transactions uniformly.
b. Computers help alleviate human errors.
c. Computers can process many transactions quickly.
d. Computers leave a thorough audit trail which can easily be followed.
94. Interactive system environment is best characterized by
a. Data files with records that are arranged sequentially.
b. Sorting the transaction file before processing.
c. Processing data immediately upon input.
d. The overlapping of input/output and processing of operations.
95. The two requirements crucial to achieving audit efficiency and effectiveness with a microcomputer
are selecting
a. The appropriate software to perform the selected audit tasks and client data that can be
accessed by the auditors microcomputer.
b. Client data that can be accessed by the auditors microcomputer and audit procedures that are
generally applicable to several clients in a specific industry.
c. The appropriate audit tasks for microcomputer applications and the appropriate software to
perform the selected audit tasks.
d. Audit procedures that are generally applicable to several clients in specific industry and the
appropriate audit tasks for microcomputer applications.

AT Quizzer 12

Information Systems Audit & Assurance

Page 13

96. A computer system that enables users to access data and programs directly through workstations.
a. On line computer systems.
c. Flat file systems
b. Data base systems.
d. Computer line system
97. Whether or not a real time program contains adequate controls is most effectively determined by
the use of
a. Audit software.
c. An integrated test facility
b. A tracing routine.
d. A traditional test deck
98. The computer process whereby data processing is performed concurrently with a particular activity
and the results are available soon enough to influence the course of action being taken or the
decision being matched is called:
a. Random access sampling.
c. On line, real time system
b. Integrated data processing.
d. Batch processing system
99. Adequate technical training and proficiency as an auditor encompasses an ability to understand an
CIS sufficiently to identify and evaluate
a. The processing and imparting of information.
b. All accounting control features.
c. The degree to which programming conforms with application of generally accepted accounting
principles.
d. Essential control procedures.
100. A type of computer system whereby individual transactions are entered on line and are added to a
transaction file that contains other transactions entered during the period. Later, this transaction
file, on a periodic basis updates the master file.
a. On line, batch system.
c. On line, memo update system
b. On line, real time system.
d. On line, shadow update system

**************************