Deck 11: Auditing Computer-Based Information Systems

A)control
B)detection
C)inherent
D)investing

A)financial
B)informational
C)information systems
D)operational

A)audit planning
B)collection of audit evidence
C)communication of audit results
D)evaluation of audit evidence

A)control
B)detection
C)inherent
D)investing

A)audit planning
B)the collection of audit evidence
C)the communication of audit results
D)the evaluation of audit evidence

A)Planning; evaluating audit evidence.
B)Planning; collecting audit evidence.
C)Collecting audit evidence; communicating audit results.
D)Communicating audit results; evaluating audit evidence.

A)susceptibility to material risk in the absence of controls.
B)risk that a material misstatement will get through the internal control structure and into the financial statements.
C)risk that auditors and their audit procedures will not detect a material error or misstatement.
D)risk auditors will not be given the appropriate documents and records by management who wants to control audit activities and procedures.

A)collection, review, and documentation of audit evidence.
B)planning and verification of economic events.
C)collection of audit evidence and approval of economic events.
D)testing, documentation, and certification of audit evidence.

A)control risk.
B)detection risk.
C)inherent risk.
D)investigating risk.

A)Operational and management audits.
B)Information system audits.
C)Financial statement audit.
D)Financial audit of accounting records.

A)operational or management
B)financial
C)information systems
D)internal control

A)financial
B)informational
C)information systems
D)operational

A)Helping management to improve organizational effectiveness.
B)Assisting in the design and implementation of an AIS.
C)Preparation of the company's financial statements.
D)Implementing and monitoring of internal controls.

A)reperformance.
B)confirmation.
C)substantiation.
D)documentation.

A)Collection of audit evidence.
B)Communication of audit results.
C)Audit planning.
D)Evaluation of audit evidence.

A)Helping management to improve organizational effectiveness.
B)Assisting in the design and implementation of an AIS.
C)Preparation of the company's financial statements.
D)All of the above.

A)reduce detection risk.
B)reduce control risk.
C)increase detection risk.
D)increase control risk.

A)A four-step approach to internal control evaluation.
B)A three-step approach to internal control evaluation.
C)A four-step approach to financial statement review and recommendations.
D)A three-step approach to financial statement review and recommendations.

A)evaluate the control procedures.
B)determine the threats facing the AIS.
C)identify the control procedures that should be in place.
D)evaluate weaknesses to determine their effect on the audit procedures.

A)reduce inherent risk.
B)reduce control risk.
C)increase inherent risk.
D)increase control risk.

A)absolute reliability
B)reasonable objectivity
C)reasonable evidence
D)reasonable assurance

A)reducing inherent risk.
B)reducing control risk.
C)reducing detection risk.
D)reducing audit risk.

A)A systems review
B)A systems overhaul
C)Tests of controls
D)Both B and C

A)review of the documentation.
B)vouching.
C)confirmation.
D)analytical review.

A)confirmation.
B)reperformance.
C)vouching.
D)analytical review.

A)review of the documentation.
B)vouching.
C)physical examination.
D)analytical review.

A)risk-based approach
B)risk-adjusted approach
C)financial audit approach
D)information systems approach

A)tests of controls.
B)compensating controls.
C)the feasibility of a systems review.
D)materiality and inherent risk factors.

A)review of the documentation.
B)vouching.
C)confirmation.
D)analytical review.

A)review of documentation.
B)vouching.
C)physical examination.
D)analytical review.

A)audit planning.
B)collection of audit evidence.
C)communication of audit results.
D)evaluation of audit evidence.

A)vouching.
B)confirmation.
C)reperformance.
D)analytical review.

A)confirmation.
B)reperformance.
C)vouching.
D)analytical review.

A)Security provisions exist to protect data from unauthorized access, modification, or destruction.
B)Obtaining evidence to provide reasonable assurance the financial statements are not materially misstated
C)Programs have been developed and acquired in accordance with management's authorization.
D)Program modifications have received management's authorization and approval.

A)Verify the extent and effectiveness of encryption.
B)Inspect computer sites.
C)Test assignment procedures for user IDs.
D)Observe the preparation of backup files.

A)overall security.
B)program development.
C)program modifications.
D)processing.

A)To determine the inherent risk factors found in the system.
B)To review and evaluate the internal controls that protect the system.
C)To examine the reliability and integrity of accounting records.
D)To examine whether resources have been used in an economical and efficient manner in keeping with organization goals and objectives.

A)Review logical access control policies.
B)Discuss modification policies with management, users, and systems personnel.
C)Verify logical access controls are in effect for program changes.
D)Separate development, test, and production versions of programs.

A)overall security.
B)program development.
C)program modifications.
D)processing.

A)overall security.
B)program development.
C)program modifications.
D)processing.

A)A review of the corporate organizational structure and reporting hierarchies.
B)An examination of procedures for reporting and disposing of hazardous waste.
C)A review of source documents and general ledger accounts to determine integrity of recorded transactions.
D)A comparison of estimates and analysis made before purchase of a major capital asset to actual numbers and results achieved.

A)The internal audit department processes test data at Panther Designs.
B)Panther Designs pays its employees well, decreasing the likelihood of errors.
C)Panther Designs only hires competent programmers, decreasing the likelihood of errors.
D)All of Panther Design's IT applications are less than 2 years old.

A)Review software license agreements.
B)Test new programs, including user acceptance testing.
C)Purchase hardware only from management approved vendors.
D)Require management approval of programming specifications.

A)Observe computer-site access procedures.
B)Investigate how unauthorized access attempts are handled.
C)Review logical access policies and procedures.
D)Examine the results of disaster recovery plan simulations.

A)It is an application that records how well systems personnel have performed on company competency examinations.
B)It is an application that prepares data that can be used for auditing the effectiveness of computer processing.
C)It is an application that records which professional examinations systems personnel have obtained.
D)It is a backup generator application that can be used to generate data if the original storage device fails.

A)concurrent audit techniques
B)test data processing
C)integrated test facility
D)dual process

A)automated flowcharting programs.
B)automated decision table programs.
C)mapping programs.
D)tracing program.

A)a SCARF.
B)reperformance.
C)the snapshot technique.
D)an audit hook.

A)An input control matrix
B)A flowchart generator program
C)A program algorithm matrix
D)A mapping program

A)development; processing
B)processing; development
C)operational; internal
D)internal; operational

A)an independent reviewer only
B)a developer of internal controls
C)an advisor and developer of internal control specifications
D)A and B above

A)integrated test facility.
B)snapshot technique.
C)system control audit review file.
D)audit hooks.

A)The use of a source code comparison program.
B)The use of the reprocessing technique to compare program output.
C)By interviewing and making inquiries of the programming staff.
D)The use of parallel simulation to compare program output.

A)automated flowcharting programs.
B)automated decision table programs.
C)mapping programs.
D)tracing program.

A)integrated test facility.
B)snapshot technique.
C)system control audit review file.
D)audit hooks.

A)test data processing
B)parallel simulation
C)concurrent audit techniques
D)analysis of program logic

A)Examining system access logs.
B)Developing the information system.
C)Examining logical access policies and procedures.
D)Making recommendations to management for improvement of existing internal controls.

A)integrated test facility.
B)snapshot technique.
C)system control audit review file.
D)audit hooks.

A)an audit log.
B)a mapping program.
C)a scanning routine.
D)program tracing.

A)By interviewing and making inquiries of the programming staff.
B)By examining the systems design and programming documentation.
C)By using a source code comparison program.
D)By interviewing and making inquiries of recently terminated programming staff.

A)integrated test facility.
B)snapshot technique.
C)system control audit review file.
D)audit hooks.

A)Only material program changes should be thoroughly tested and documented.
B)During the change process, the developmental version of the program must be kept separate from the production version.
C)After the modified program has received final approval, the change is implemented by replacing the developmental version with the production version.
D)When a program change is submitted for approval, a list of all required updates should be compiled and then approved by management and program users.