AUDITING THEORY - 090: CIS Environment & Completing an Audit CMP

THE COMPUTER ENVIRONMENT

1. In an electronic data processing system, automated equipment controls or hardware controls are designed to
a. arrange data in a logical sequential manner for processing purposes.
b. correct errors in the computer programs.
c. monitor and detect errors in source documents.
d. detect and control errors arising from use of equipment.

2. Which of the following characteristics distinguishes computer processing from manual processing?
a. Computer processing virtually eliminates the occurrence of computational error normally associated
with manual processing.
b. Errors or fraud in computer processing will be detected soon after their occurrences.
c. The potential for systematic error is ordinarily greater in manual processing than in computerized
processing
d. Most computer systems are designed so that transaction trails useful for audit purposes do not exist.

3. What is the computer process call when data processing is performed concurrently with a particular activity
and the results are available soon enough to influence the particular course of actions being taken or the
decision being made?
a. Real time processing. c. Batch processing.
b. Random access processing. d. Integrated data processing.

4. Which of the following statements is false? In data processing,

a. Data refers to facts which have been organized in a meaningful manner.
b. The sources of data are within the firm and outside the firm.
c. Data processing refers to the operations needed to collect and transform data into useful information.
d. Mechanical data processing is a system in which the operations are performed with the assistance of
major mechanical devices.

5. The grandfather-father-son approach providing protection for important computer files is a concept that is
most often found in
a. on-line, real-time systems. c. magnetic tape systems.
b. punched-card systems. d. magnetic drum systems.

6. Which of the following employees in a company’s electronic data processing department should be responsible
for designing new or improved data processing procedures?
a. Flowchart editor. c. Programmer.
b. Systems analyst. d. Control-group supervisor.

7. An electronic data processing technique which collects data into groups to permit convenient and efficient
processing is known as
a. Document-count processing. c. Multi-programming.
b. Batch processing. d. Generalized-audit processing.

8. A fundamental purpose of a data base management system is to

a. store all data for an organization in multiple files.
b. reduce data redundancy.
c. use physical data organization concepts instead of logical data organization concepts.
d. change the manner in which application programs access individual data elements.

9. A partial set of standard characteristics of a real-time system is

a. batched input, on-line files, and an extensive communication network.
b. reliance upon sequential files, prompt input form users, and interactive programs.
c. on-line files, prompt input form users, and an extensive communication network.
d. the use of high-level language and the major need being for historical reports.

10. All activity related to a particular application in a manual system is recorded in a journal. The name of the
corresponding item in a computerized system is a
a. master file. c. year-to-date file
b. transaction file. d. current balance file.

11. Which of the following is not a major reason for maintaining an audit trail for a computer system?
a. Deterrent to fraud. c. Monitoring purposes.
b. Analytical procedures. d. Current balance file.
AUDITING THEORY - 090: CIS Environment & Completing the Audit CMP
12. An auditor would most likely be concerned with which of the following controls in a distributed data processing
system?
a. Hardware controls. c. Systems documentation controls.
b. Access controls. d. Disaster recovery controls.

13. Which one of the following is not considered a typical risk associated with outsourcing (the practice of hiring an
outside company to handle all or part of the data processing):
a. Inflexibility. c. Loss of control.
b. Loss of confidentiality. d. Less availability of expertise.

14. The initial debugging of a computer of a computer program should normally be done by the
a. Programmer c. Internal auditor.
b. Machine operator. d. Control group.

15. Which of the following is not one of the main components of a computer?
a. Processing unit c. Storage (memory unit )
b. Arithmetic unit d. Verifier

16. The normal sequence of documents and operations on a well-prepared systems flowchart is
a. Top to bottom and left to right. c. Bottom to top and left to right.
b. Top to bottom and right to left. d. Bottom to top and right to left.

17. The purpose of using generalized computer programs is to test and analyze a client’s computer
a. Systems. c. Equipment
b. Records. d. Processing logic.

18. The computer system most likely to be used by a large savings bank for customers’ accounts would be
a. an on-line, real time system. c. a batch processing system.
b. a generalized utility system. d. a direct access data base system.

19. Which of the following lists comprises of the components of the data processing cycle?
a. Batching, processing, output.
b. Collection, refinement, processing, maintenance, output.
c. Input, classifying, batching, verification, transmission.
d. Collection, refinement, storing, output.

20. Which of the following is not a characteristic of a batch processed computer system?
a. The collection of like transactions, which are stored and processed sequentially against a master file.
b. Keypunching of transactions, followed by machine processing.
c. The production of numerous printouts.
d. The posting of a transaction, as it occurs, to several files, without intermediate printouts.

21. Which of the following employees normally would be assigned the operating responsibility for designing a
computerized accounting system, including documentation of application systems?
a. Computer programmer. c. Data processing manager.
b. Systems analyst. d. Internal auditor.

22. A procedural control used in the management of a computer center in minimizing the possibility of data or
program file destruction through operator error includes.
a. control figures c. crossfooting tests
b. limit checks d. external labels

23. Totals of amounts in computer-record data fields which are not usually added but are used only for data
processing control purposes are called
a. record totals. c. hash totals.
b. processing data totals. d. field totals.

24. In updating a computerized accounts receivable file, which one of the following would be used as a batch
control to verify the accuracy of the posting of cash receipts remittances?
a. The sum of the cash deposits plus the discounts less the sales returns.
b. The sum of the cash deposits.
c. The sum of the cash deposits less the discounts taken by customers.
d. The sum of the cash deposits plus the discounts taken by customers.

2|Page Auditing Theory-090 cis Environemnt & Completing an Audit

You came,. You listened.. You retained.
CMPerez
AUDITING THEORY - 090: CIS Environment & Completing the Audit CMP

25. The client’s computerized exception reporting system helps an auditor to conduct a more efficient audit
because it
a. condenses data significantly
b. highlights abnormal conditions
c. decreases the tests of computer controls requirements
d. is efficient computer input control

26. Auditors often make use of computer programs that perform routine processing functions such as sorting and
merging. These programs are made available by software companies and are specifically referred to as
a. compiler programs. c. supervisory programs.
b. utility programs. d. user programs.

27. In the weekly computer run to prepare payroll checks, a check was printed for an employee who had been
terminated the previous week. Which of the following controls, if properly utilized, would have been most
effective in preventing the error or ensuring its prompt detection?
a. A control total for hours worked, prepared from time collected by the timekeeping department.
b. Requiring the treasurer’s office to account for the numbers of the prenumberd checks issued to the
computer department for the processing of the payroll.
c. Use of the check digit for employee numbers.
d. Use of a header label for the payroll input sheet.

28. Which of the following would lessen internal control in a computer system?
a. The computer librarian maintains custody of computer program instructions and detailed listings.
b. Computer operators have access to operator instructions and detailed program listings.
c. The control group is solely responsible for the distribution of all computer output.
d. Computer programmers write and debug programs that perform routines designed by the systems
analyst.

29. Which of the following computer documentation would an auditor most likely utilize in obtaining an
understanding of the internal control system?
a. Systems flowcharts. c. Record counts.
b. Program listings. d. Record layouts.

30. To obtain evidential matter about control risk, an auditor ordinarily selects tests from a variety of techniques,
including
a. analysis. c. confirmations.
b. reprocessing. d. comparison.

31. An EDP input control is designed to ensure that

a. machine processing is accurate.
b. only authorized personnel have access to the computer area.
c. data received for processing are properly authorized and converted to machine-readable form.
d. electronic data processing has been performed as intended for the particular application.

32. Internal control is ineffective when computer department personnel

a. participate in computer software acquisition decisions.
b. design documentation for computerized systems.
c. originate changes in master files.
d. provide physical security for program files.

33. Which of the following most likely represents a weakness in the financial controls of an EDP system?
a. The systems analyst reviews output and control the distribution of output from the EDP department.
b. The accounts payable clerk prepares data for computer processing and enters the data into the
computer.
c. The systems programmer designs the operating and control functions of programs and participates in
testing operating systems.
d. The control clerk establishes control over data received by the EDP department and reconciles control
totals after processing.

34. When EDP programs or files can be accessed from terminals, users should be required to enter a(n)
a. Parity check. c. Personal identification code.
b. Self-diagnosis test. d. Echo check.

3|Page Auditing Theory-090 cis Environemnt & Completing an Audit

You came,. You listened.. You retained.
CMPerez
AUDITING THEORY - 090: CIS Environment & Completing the Audit CMP

35. The possibility of erasing a large amount of information stored on magnetic tape most likely would be reduced
by the use of
a. file protection rings. c. check digits.
b. completeness tests. d. conversion verification.

36. When an accounting application is processed by computer, an auditor cannot verify the reliable operation of
programmed control procedures by
a. Manually comparing the details of transaction files used by an edit program to the program’s generated
error listings in order to determine that error were properly identified by the edit program.
b. Constructing a processing system for accounting applications and processing actual data throughout
the period through both the client’s program and the auditor’s program.
c. Manually reperforming, as at a given point in time, the processing of input data and comparing the
simulated results to the actual results.
d. Periodically submitting auditor-prepared test data to the same computer process and evaluating the
results.

37. An auditor who is testing EDP controls in a payroll systems would most likely use test data that contained
conditions such as
a. deductions not authorized by employees.
b. overtime not approved by supervisors.
c. time tickets with invalid job numbers.
d. payroll checks with unauthorized signatures.

38. To obtain evidence that user identification and password controls are functioning as designed, an auditor would
most likely
a. attempt to sign on to the system using invalid user identifications and passwords.
b. write a computer program that simulated the logic of the client’s access control software.
c. extract a random sample of processed transactions and ensure that the transactions were
appropriately authorized.
d. examine statements signed by employees stating that they had not divulged their user identifications
and passwords to any other person.

39. When erroneous data are detected by computer program controls, the data may be excluded from processing
and printed on an error report. The error report should be reviewed and followed up by the
a. Computer operator. c. Systems analyst.
b. EDP control group. d. Computer programmer.

40. Errors in data processed in a batch computer system may not be detected immediately because
a. transaction trails in a batch system are available only for a limited period of time.
b. there are time delays in processing transactions in a batch system.
c. errors in some transactions cause rejection of other transactions in the batch.
d. random errors are more likely in a batch system than in an on-line system.

41. In a computerized payroll system environment, an auditor would be least likely to use test data to test controls
related to
a. Missing employee numbers.
b. Proper approval of overtime by supervisors.
c. Time tickets with invalid job numbers.
d. Agreement of hours on clock cards with hours on time tickets.

42. Which of the following is not major reason for maintaining an audit trail for a computer system?
a. As deterrent to irregularities. c. For monitoring purposes.
b. For analytical procedures. d. For query answering.

43. Which of the following is a general control that most likely would assist an entity whose systems analyst left
the entity in the middle of a major project?
a. Grandfather-father-son record retention. c. Input and output validation routines.
b. Systems documentation. d. Check digit verification.

44. Which of the following statements most likely represents a disadvantage for entity that keeps microcomputer-
prepared data files rather than manually prepared files?
a. Random error associated with processing similar transactions in different ways in usually greater.
b. It is usually more difficult to compare recorded accountability with physical count of assets.

4|Page Auditing Theory-090 cis Environemnt & Completing an Audit

You came,. You listened.. You retained.
CMPerez
AUDITING THEORY - 090: CIS Environment & Completing the Audit CMP
c. Attention is focused on the accuracy of the programming process rather than errors in individual
transactions.
d. It is usually easier for unauthorized persons to access and alter files.

45. Which of the following most likely represents a significant deficiency in the internal control system?
a. The systems analyst reviews application of data processing and maintains systems documentation.
b. The systems programmer designs systems for computerized applications and maintains output
controls.
c. The control clerk establishes control over data received by the EDP department and reconciles control
totals after processing.
d. The accounts payable clerk prepares data for computer processing and enters the data into the
computer.

46. An auditor anticipates assessing control risk at a low level in a computerized environment. Under these
circumstances, on which of the following procedures would the auditor initially focus?
a. Programmed control procedures. c. Application control procedures.
b. Output control procedures. d. General control procedures.

47. Which of the following client computer systems generally can be audited without examination or directly testing
the computer program of the system?
a. A system that performs relatively uncomplicated processes and produces detailed output.
b. A system that affects a number of master files and produces a limited output.
c. A system that updates a few master files and produces no printed. Output other than final balances.
d. A system that performs relatively complicated processing and produces very little detailed output.

48. Control procedures within the computer system may leave no visible evidence indicating that the procedures
were performed. In such instances, the auditor should test these computer controls by
a. making corroborative inquires.
b. observing the separation of duties of personnel.
c. reviewing transactions submitted for processing and comparing them to related output.
d. reviewing the run manual.

49. An auditor will use the test data method in order to gain certain assurance with respect to the computer
a. input data.
b. machine capacity.
c. control procedures contained within the program.
d. general control procedures.

50. After obtaining a preliminary understanding of a client’s computer control structure, an auditor may decide not
to perform test of controls auditing related to the control procedures within the computerized portion of the
client’s control system. Which of the following would not be a valid reason for choosing to omit tests of controls
auditing?
a. The client’s computer control procedures duplicate manual control procedures existing elsewhere in the
system.
b. There appear to be major weaknesses that indicate a high control risk.
c. The time and peso costs of testing exceed the time and peso savings in substantive work if the tests of
computer controls show the controls to operate effectively.
d. The client’s control procedures appear adequate enough to justify a low control risk assessment.

51. Which of the following is likely to be of least importance to an auditor when obtaining an understanding of the
computer control procedures in a company with a computerized accounting system?
a. The segregation of duties within the computer function.
b. The control procedures over source documents.
c. The documentation maintained for accounting applications.
d. The cost/benefit ratio of computer operations.

52. When an on-line, real-time (OLRT) computer system is in use, the computer control procedures can be
strengthened by
a. Providing for the separation of duties between data input and error listing operations.
b. Attaching plastic file protection rings to reels of magnetic tape before new data can be entered on the
file.
c. Preparing batch totals to provide assurance that file updates are mad for the entire output.
d. Making a validity check of an identification number before a user can obtain access to the computer
files.

5|Page Auditing Theory-090 cis Environemnt & Completing an Audit

You came,. You listened.. You retained.
CMPerez
AUDITING THEORY - 090: CIS Environment & Completing the Audit CMP
53. When auditing a computerized accounting system, which of the following is not true of the test data approach?
a. Test data are processed by the client’s computer programs under the auditor’s control.
b. The test data must consist of all possible valid and invalid conditions.
c. The test data need consists of only those valid and invalid conditions in which the auditor is interested.
d. Only one transaction of each type need to be tested.

54. A primary advantage of using generalized audit packages in the audit of an advanced computer system is that
it enables that auditor to
a. Substantiate the accuracy of data through self-checking digits and hash totals.
b. Utilize the speed and accuracy of the computer.
c. Verify the performance of machine operations which leave visible evidence of occurrence.
d. Gather and store large quantities of supportive evidential matter in machine readable form.

55. Which of the following is an advantage of generalized computer audit packages?

a. They are all written in one identical computer language.
b. They can be use for audits of clients that use differing computer equipment and file formats.
c. They have reduced the need for the auditor to study input controls for computer-related procedures.
d. Their use can be substituted for a relatively large part of the required testing.

56. When an auditor tests a computerized accounting system, which of the following is true of the test data
approach?
a. Tests data must consist of all possible valid and invalid conditions.
b. The program tested is different from the program used throughout the year by the client.
c. Several transactions of each type must be tested.
d. Test data are processed by the client’s computer programs under the auditor’s control.

57. Processing data through the use of simulated files provides an auditor with information about the operating
effectiveness of control policies and procedures. One of the techniques involve in this approach makes use of
a. controlled reprocessing. c, an integrated test facility.
b. input validation. d. program code checking.

58. Which of the following- controls most likely would assure that an entity could reconstruct its financial records
following a system bug down?
a. Hardware controls are built into the computer manufacturer.
b. Backup diskettes or tapes of files are store away from originals.
c. Personnel who are independent of data input perform parallel simulations.
d. System flowcharts provide accurate descriptions of input and output operations.

COMPLETING AN AUDIT
59. An auditor accepted an engagement to audit the 2015 financial statements of EFG Corporation and began the
fieldwork on September 30. EFG gave the auditor the 2015 financial statements on January 17, 2016. The
auditor completed the fieldwork on February 10, 2016, and delivered the report on February 16, 2016. The
client's representation letter normally would be dated
a. December 31, 2015.
b. January 17, 2016.
c. February 10, 2016.
d. February 16, 2016.

60. The audit inquiry letter to the client's legal counsel should be mailed only by the
a. Client after the auditor has reviewed it for appropriate content.
b. Auditor after preparation by the client and review by the auditor.
c. Auditor's attorney after preparation by the client and review by the auditor.
d. Client after review by the auditor's attorney.

61. A written representation letter from a client's management that, among other matters, acknowledges
responsibility for the fair presentation of financial statements, should normally be signed by the
a. Chief executive officer and the chief financial officer.
b. Chief financial officer and the chairman of the board of directors.
c. Chairman of the audit committee of the board of directors.
d. Chief executive officer, the chairman of the board of directors, and the client's lawyer.

62. If a lawyer refuses to furnish corroborating information regarding litigation, claims, and assessments, the
auditor should
a. Honor the confidentiality of the client–lawyer relationship.
b. Consider the refusal to be tantamount to a scope limitation.

6|Page Auditing Theory-090 cis Environemnt & Completing an Audit

You came,. You listened.. You retained.
CMPerez
AUDITING THEORY - 090: CIS Environment & Completing the Audit CMP
c. Seek to obtain the corroborating information from management.
d. Disclose the fact in a footnote to the financial statements.

63. An auditor should obtain written representations from management concerning litigation claims and
assessments. These representations may be limited to matters that are considered either individually or
collectively material, provided an understanding on the limits of materiality for this purpose has been reached
by
a. The auditor and the client's lawyer.
b. Management and the auditor.
c. Management, the client's lawyer, and the auditor.
d. The auditor independently of management.
64. Which of the following auditing procedures is ordinarily performed last?
a. Reading of the minutes of the director's meetings.
b. Confirming accounts payable.
c. Obtaining a management representation letter.
d. Testing of the purchasing function.
65. When auditing contingent liabilities, which of the following procedures would be least effective?
a. Reading the minutes of the board of directors.
b. Reviewing the bank confirmation letter.
c. Examining invoices for professional services.
d. Examining customer confirmation replies.
66. Management's refusal to furnish a written representation on a matter, which the auditor considers essential,
constitutes
a. Prima facie evidence that the financial statements are not presented fairly.
b. A violation of the BIR Circular.
c. An uncertainty sufficient to preclude an unqualified opinion.
d. A scope limitation sufficient to preclude an unqualified opinion.
67. A representation letter issued by a client
a. Is essential for the preparation of the audit program.
b. Is a substitute for testing.
c. Does not reduce the auditor's responsibility.
d. Reduces the auditor's responsibility only to the extent it is relied upon.
68. Which of the following subsequent events will be least likely to result in an adjustment to the financial
statements?
a. Culmination of events affecting the realization of accounts receivable owned as of the balance sheet
date.
b. Culmination of events affecting the realization of inventories owned as of the balance sheet date.
c. Material changes in the settlement of liabilities, which were estimated as of the balance sheet date.
d. Material changes in the quoted market prices of listed investment securities since the balance sheet
date.
69. Which of the following material events occurring subsequent to the December 31, 2014, balance sheet would
not ordinarily result in an adjustment to the financial statements before they are issued on March 2, 2015?
a. Write-off of a receivable from a debtor who had suffered from a deteriorating financial condition for
the past six years. The debtor filed for bankruptcy on January 23, 2015.
b. Acquisition of a subsidiary on January 23, 2015. Acquisition had begun in December 2014.
c. Settlement of extended litigation on January 23, 2015, in excess of the recorded year-end balance.
d. A 3-for-5 reverse stock split effective on January 23, 2015.
70. Subsequent events" for reporting purposes are defined as events which occur subsequent to the
a. Balance sheet date.
b. Date of the auditor's report.
c. Balance sheet date but prior to the date of the auditor's report.
d. Date of the auditor's report and concern contingencies that are not reflected in the financial
statements.
71. Which of the following is not a subsequent events procedure?
a. Review available interim financial information.
b. Read available minutes of meetings of stockholders and directors.
c. Make inquiries with respect to the financial statements covered by the auditor's previously issued
report if new information has become available during the current examination that might affect that
report.
d. Discuss with officers the current status of items in the financial statements that were accounted for on
the basis of tentative, preliminary, or inconclusive data.
72. After an auditor has issued an audit report on a nonpublic entity, there is no obligation to make any further
audit tests or inquiries with respect to the audited financial statements covered by that report unless

7|Page Auditing Theory-090 cis Environemnt & Completing an Audit

You came,. You listened.. You retained.
CMPerez
AUDITING THEORY - 090: CIS Environment & Completing the Audit CMP
a. New information comes to the auditor's attention concerning an event that occurred prior to the date
of the auditor's report that may have affected the auditor's report.
b. Material adverse events occur after the date of the report.
c. Final determination or resolution was made on matters that had resulted in a qualification in the
auditor's report.
d. Final determination or resolution was made of a contingency that had been disclosed.

8|Page Auditing Theory-090 cis Environemnt & Completing an Audit

You came,. You listened.. You retained.
CMPerez