Deck 11: Auditing Computer-Based Information Systems

A) audit planning
B) collection of audit evidence
C) evaluation of audit evidence
D) communication of audit results

A) audit planning
B) the collection of audit evidence
C) the communication of audit results
D) the evaluation of audit evidence

A) susceptibility to material risk in the absence of controls.
B) risk that a material misstatement will get through the internal control structure and into the financial statements.
C) risk that auditors and their audit procedures will not detect a material error or misstatement.
D) risk auditors will not be given the appropriate documents and records by management who wants to control audit activities and procedures.

A) operational and management audits
B) information system audits
C) financial statement audit
D) financial audit of accounting records

A) review of the documentation.
B) vouching.
C) physical examination.
D) analytical review.

A) collection, review, and documentation of audit evidence.
B) planning and verification of economic events.
C) collection of audit evidence and approval of economic events.
D) testing, documentation, and certification of audit evidence.

A) financial
B) information systems
C) internal control
D) operational or management

A) control
B) detection
C) inherent
D) investing

A) audit planning
B) collection of audit evidence
C) communication of audit results
D) evaluation of audit evidence

A) helping management to improve organizational effectiveness
B) assisting in the design and implementation of an AIS
C) preparation of the company's financial statements
D) implementing and monitoring of internal controls

A) planning; evaluating audit evidence
B) planning; collecting audit evidence
C) collecting audit evidence; communicating audit results
D) communicating audit results; evaluating audit evidence

A) absolute reliability
B) reasonable evidence
C) reasonable assurance
D) reasonable objectivity

A) financial
B) informational
C) information systems
D) operational

A) review of documentation.
B) vouching.
C) physical examination.
D) analytical review.

A) financial
B) information systems
C) management
D) internal control

A) control risk.
B) detection risk.
C) inherent risk.
D) investigating risk.

A) financial
B) informational
C) information systems
D) operational

A) audit planning
B) collection of audit evidence
C) communication of audit results
D) evaluation of audit evidence

A) a four-step approach to internal control evaluation.
B) a four-step approach to financial statement review and recommendations.
C) a three-step approach to internal control evaluation.
D) a three-step approach to financial statement review and recommendations.

A) risk-based approach
B) risk-adjusted approach
C) financial audit approach
D) information systems approach

A) Use of a source code comparison program
B) Use of the reprocessing technique to compare program output
C) Interviewing and making inquiries of the programming staff
D) Use of parallel simulation to compare program output

A) a systems overhaul.
B) a systems review.
C) tests of controls.
D) both B and C

A) input controls matrix.
B) CAATS.
C) embedded audit module.
D) mapping program.

A) overall security.
B) program development.
C) program modifications.
D) processing.

A) making recommendations to management for improvement of existing internal controls.
B) examining system access logs.
C) examining logical access policies and procedures.
D) developing the information system.

A) Identify the control procedures that should be in place.
B) Evaluate the control procedures.
C) Determine the threats facing the AIS.
D) Evaluate weaknesses to determine their effect on the audit procedures.

A) To determine the inherent risk factors found in the system
B) To review and evaluate the internal controls that protect the system
C) To examine the reliability and integrity of accounting records
D) To examine whether resources have been used in an economical and efficient manner in keeping with organization goals and objectives

A) a flowchart generator program.
B) a mapping program.
C) an input control matrix.
D) a program algorithm matrix.

A) a mapping program.
B) an audit log.
C) a scanning routine.
D) program tracing.

A) a SCARF.
B) an audit hook.
C) an audit sinker.
D) the snapshot technique.

A) Only material program changes should be thoroughly tested and documented.
B) When a program change is submitted for approval, a list of all required updates should be compiled and then approved by management and program users.
C) During the change process, the developmental version of the program must be kept separate from the production version.
D) After the modified program has received final approval, the change is implemented by replacing the developmental version with the production version.

A) tests of controls.
B) the feasibility of a systems review.
C) materiality and inherent risk factors.
D) compensating controls.

A) an employee or outsider obtaining data about an important client.
B) a data entry clerk from introducing data entry errors into the system.
C) a computer operator from losing or corrupting files or data during transaction processing.
D) programmers making unauthorized modifications to programs.

A) computer assisted audit techniques software
B) Windows Media Converter
C) concurrent audit technique
D) Adobe Professional

A) By interviewing and making inquiries of the programming staff
B) By examining the systems design and programming documentation
C) By using a source code comparison program
D) By interviewing and making inquiries of recently terminated programming staff

A) test data processing
B) parallel simulation
C) concurrent audit techniques
D) analysis of program logic

A) an advisor and developer of internal control specifications.
B) a developer of internal controls.
C) an independent reviewer only.
D) A and B above

A) development; processing
B) processing; development
C) operational; internal
D) internal; operational

A) concurrent audit techniques
B) test data processing
C) integrated test facility
D) dual process

A) an integrated test facility.
B) the snapshot technique.
C) a system control audit review file.
D) continuous and intermittent simulation.

A) the snapshot technique.
B) a system control audit review file.
C) audit hooks.
D) continuous and intermittent simulation.

A) reviewing corporate organizational structure and reporting hierarchies
B) examining procedures for reporting and disposing of hazardous waste
C) reviewing source documents and general ledger accounts to determine integrity of recorded transactions
D) comparing estimates and analysis made before purchase of a major capital asset to actual numbers and results achieved

A) the snapshot technique.
B) a system control audit review file.
C) audit hooks.
D) continuous and intermittent simulation.

A) confirmation.
B) reperformance.
C) vouching.
D) analytical review.

A) an integrated test facility.
B) the snapshot technique.
C) a system control audit review file.
D) audit hooks.

A) increasing detection risk.
B) reducing detection risk.
C) increasing control risk.
D) reducing control risk.

A) reducing control risk.
B) reducing detection risk.
C) reducing inherent risk.
D) reducing audit risk.

A) embedded audit modules.
B) scanning routines.
C) mapping programs.
D) automated flow charting programs.

A) increasing inherent risk.
B) reducing inherent risk.
C) increasing control risk.
D) reducing control risk.

A) program tracing.
B) scanning routines.
C) mapping programs.
D) embedded audit modules.

A) financial
B) operational
C) information systems
D) all of the above

A) evidence collection
B) evidence evaluation
C) testing
D) internal control

A) confirmation.
B) reperformance.
C) vouching.
D) analytical review.

A) operational
B) information systems
C) financial
D) internal control

A) eliminate auditor judgment errors
B) assist the auditor in retrieving and reviewing information
C) detect unauthorized modifications to system program code
D) recheck all mathematical calculations, cross-foot, reprocess financial statements and compare to originals

A) confirmation.
B) reperformance.
C) vouching.
D) analytical review.

A) an integrated test facility.
B) the snapshot technique.
C) a system control audit review file.
D) continuous and intermittent simulation.