Deck 8: Consideration of Internal Control in an Information Technology Environment

A)The operating system.
B)Printers.
C)Off-the-shelf accounting software.
D)Enterprise resource planning (ERP)systems.

A)Procedures for developing new programs and systems.
B)Requirements for system documentation.
C)A change request log.
D)A validity test.

A)cloud approach.
B)method of data encryption.
C)firewall.
D)test data approach.

A)Users are assigned (or select)passwords when accounts are created,but do not change them.
B)Users have accounts on several systems with different passwords.
C)Users copy their passwords on paper which is kept in their wallets.
D)Users select passwords that are not listed in any online dictionary.

A)Limit tests.
B)Segregation of duties controls.
C)Allowed character tests.
D)Missing data tests.

A)Telecommunication transmission systems.
B)Database administration.
C)End user computing.
D)Electronic data interchange systems.

A)The systems analyst.
B)The programmer.
C)The operator.
D)The librarian.

A)Convert all data from external formats to an internal company format.
B)Maintain a program to prevent illegal activity.
C)Develop an auxiliary power supply to provide uninterrupted electricity.
D)Store duplicate copies of files in a location away from the computer center.

A)Decentralization of data processing activities.
B)Decreased concern over the accuracy of computerized processing.
C)Decrease in the number of local area networks.
D)Increase for general computer control activities.

A)Input validation checks.
B)Control total.
C)Firewalls.
D)Self-checking numbers.

A)Check digit.
B)Password.
C)Test facility.
D)Read only memory.

A)Online analytical processing.
B)Online transaction processing.
C)Essential information batch processing.
D)Decentralized processing.

A)The application programmer.
B)The computer operator.
C)The systems analyst.
D)The systems programmer.

A)Design of controls to restrict access.
B)Adequate physical layout space for the operating system.
C)Inclusions of an adequate power supply system with surge protection.
D)Consideration of risks related to other uses of electricity in the area.

A)Private lines.
B)Validity tests.
C)Self-checking numbers.
D)Limit tests.

A)Data communication.
B)Integrated database.
C)Batch processing of transactions.
D)Distributive data processing.

A)Data redundancy.
B)Quick response to users' request for information.
C)Control of users' identification numbers and passwords.
D)Logging of terminal activity.

A)Test data.
B)Integrated test facilities.
C)Controlled programs.
D)Tagging and tracing transactions.

A)Performing certain analytical procedures,such as inventory turnover.
B)Observing inventory.
C)Recomputing depreciation.
D)Selecting audit samples.

A)Mainframe.
B)Relational databased computers.
C)Personal computers,tablets and other such devices.
D)Personal reference assistants.

A)Data encryption.
B)Parity check.
C)Message acknowledgment techniques.
D)Distributed data processing.

A)Supplier of the computer system.
B)Computers of various users.
C)Computer that contains the networks software and provides services to a server.
D)Database administrator.

A)The systems programmer.
B)The application programmer.
C)The computer operator.
D)The telecommunications specialist.

A)Generalized audit software.
B)Observation,inspection,and inquiry.
C)Program analysis techniques.
D)Test data.

A)Stand-alone computing.
B)End user computing.
C)Distributed computing.
D)Decentralized computing.

A)Input transactions are batched and system logic is straightforward.
B)Processing primarily consists of sorting the input data and updating the master file sequentially.
C)Processing is primarily online and updating is real-time.
D)Outputs are in hard copy form.

A)Observing inventory.
B)Selecting sample items of inventory.
C)Analyzing data resulting from inventory.
D)Recalculating balances in inventory reports.

A)The audit trail normally does not exist.
B)The audit trail is sometimes generated only in machine readable form.
C)The client's internal auditors may have been involved at the design stage.
D)Tests of controls are not possible.

A)Batch controls.
B)Controls written into the computer system.
C)Equipment controls.
D)Documentation controls.

A)Integrated test facilities.
B)Test data.
C)Controlled programs.
D)Tagging and tracing transactions.

A)The controls duplicate operative controls existing elsewhere.
B)There appear to be major weaknesses that would preclude reliance on the stated procedure.
C)The time and dollar costs of testing exceed the time and dollar savings in substantive testing if the tests show the controls to be operative.
D)The controls appear adequate.

A)Unauthorized access to system program and data files.
B)Unauthorized physical availability of remote terminals.
C)Physical destruction of system program and data files.
D)Physical destruction of electronic devices.

A)Limit test.
B)Validity test.
C)Authorization test.
D)Check digit test.

A)Completeness test.
B)Validity test.
C)Limit test.
D)Control total.

A)Net pay.
B)Department numbers.
C)Hours worked.
D)Total debits and total credits.

A)Both applications are examples of EDI.
B)Both applications are examples of online real-time processing.
C)The first application is an example of EDI and the second is an example of online real-time.
D)The first application is an example of online real-time and the second is an example of EDI.

A)Supervisor of computer operations.
B)Systems analyst.
C)Data control group.
D)Computer programmer.

A)Use generalized audit software to develop test data that would cause some account balance to exceed the credit limit and determine if the system properly detects such situations.
B)Use generalized audit software to compare credit limits with account balances and print out the details of any account with a balance exceeding its credit limit.
C)Require a printout of all account balances so they can be manually checked against the credit limits.
D)Request a printout of a sample of account balances so they can be individually checked against the credit limits.

A)Improper programming intelligence.
B)Cloud.
C)Malware.
D)Malfeasance.

A)Processing controls.
B)Manual input controls.
C)Authorization.
D)Firewalls.

A)A system with weak internal control.
B)Equipment combination.
C)Tightly coupled.
D)Offline development.

A)One generation of backup files is stored in an off-premises location.
B)Operators distribute error messages to the control group.
C)Operators do not have access to the complete systems manual.
D)Operators are supervised by programmers.

A)A control total for hours worked,prepared from time cards collected by the timekeeping department.
B)Requiring the treasurer's office to account for the numbers of the prenumbered checks issued to the computer department for the processing of the payroll.
C)Use of a check digit for employee numbers.
D)Use of a header label for the payroll input sheet.

A)The segregation of duties within the computer center.
B)The control over source documents.
C)The documentation maintained for accounting applications.
D)The cost/benefit of data processing operations.

A)Inaccurate processing of data.
B)Unauthorized access to personal computer.
C)Inaccurate dating of transactions.
D)Unauthorized access to the system.

A)Self-checking numbers.
B)Control totals.
C)Validity tests.
D)Process tracing data.

A)Not detect program errors which do not show up in the output sampled.
B)Detect all program errors,regardless of the nature of the output.
C)Provide the auditors with the same type of evidence.
D)Not provide the auditors with the confidence in the results of the auditing procedures.

A)The operations manual.
B)Hash total.
C)Systems documentation.
D)Control over program changes.

A)Change request report.
B)Type 1 report.
C)Type 2 report.
D)OE report.

A)Programmed controls.
B)Application controls.
C)Output controls.
D)General controls.

A)Machine processing is accurate.
B)Only authorized personnel have access to the computer area.
C)Data received for processing are properly authorized and converted to machine-readable form.
D)Computer processing has been performed as intended for the particular application.

A)Database management system (DBMS).
B)Transaction processing system (TPS).
C)Decision support system (DSS).
D)Enterprise resource planning (ERP)system.

A)Optical character recognition (OCR)software.
B)Check digit.
C)Validity check.
D)Field (format)check.

A)Limiting entry of sales transactions to only valid credit customers.
B)Creating hash totals from Social Security numbers for the weekly payroll.
C)Restricting entry of accounts payable transactions to only authorized users.
D)Restricting access to the computer center by use of biometric devices.

A)User passwords are not required to be in alphanumeric format.
B)Management procedures for user accounts are not documented.
C)User accounts are not removed upon termination of employees.
D)Security logs are not periodically reviewed for violations.

A)Password management.
B)Data encryption.
C)Biometric identifiers.
D)Batch processing.

A)Personal computers become much more likely to be physically stolen.
B)Anyone with access to the personal computers could log on to the mainframe.
C)Backup procedures for data files would not be as effective.
D)Users with inadequate training would make more mistakes.

A)When transactions are transmitted over local area networks.
B)When wire transfers are made between banks.
C)When confidential data are sent over the Internet.
D)When financial data are sent over dedicated leased lines.

A)Database administrator.
B)Controller.
C)Systems analyst.
D)Systems librarian.

A)Computer programmer.
B)Data processing manager.
C)Systems analyst.
D)Internal auditor.

A)Analysis.
B)Implementation.
C)Testing.
D)Design.

A)Auditing through the computer is more difficult than auditing around the computer.
B)It is difficult to design test data that incorporate all potential variations in transactions.
C)Test data may be commingled with live data causing operating problems for the client.
D)The program with which the test data are processed may differ from the one used in actual operations.