Deck 11: Auditing Computer-Based Information Systems

A) financial
B) information systems
C) management
D) internal control

A) audit planning.
B) collection of audit evidence.
C) communication of audit results.
D) evaluation of audit evidence.

A) collection of audit evidence
B) communication of audit results
C) audit planning
D) evaluation of audit evidence

A) financial
B) informational
C) information systems
D) operational

A) reperformance.
B) confirmation.
C) substantiation.
D) documentation.

A) financial
B) informational
C) information systems
D) operational

A) susceptibility to material risk in the absence of controls.
B) risk that a material misstatement will get through the internal control structure and into the financial statements.
C) risk that auditors and their audit procedures will not detect a material error or misstatement.
D) risk auditors will not be given the appropriate documents and records by management who wants to control audit activities and procedures.

A) audit planning
B) collection of audit evidence
C) communication of audit results
D) evaluation of audit evidence

A) planning; evaluating audit evidence
B) planning; collecting audit evidence
C) collecting audit evidence; communicating audit results
D) communicating audit results; evaluating audit evidence

A) operational or management
B) financial
C) information systems
D) internal control

A) helping management to improve organizational effectiveness
B) assisting in the design and implementation of an AIS
C) preparation of the company's financial statements
D) implementing and monitoring of internal controls

A) control
B) detection
C) inherent
D) investing

A) operational and management audits
B) information system audits
C) financial statement audit
D) financial audit of accounting records

A) absolute reliability
B) reasonable objectivity
C) reasonable evidence
D) reasonable assurance

A) audit planning
B) the collection of audit evidence
C) the communication of audit results
D) the evaluation of audit evidence

A) control risk.
B) detection risk.
C) inherent risk.
D) investigating risk.

A) review of documentation.
B) vouching.
C) physical examination.
D) analytical review.

A) collection, review, and documentation of audit evidence.
B) planning and verification of economic events.
C) collection of audit evidence and approval of economic events.
D) testing, documentation, and certification of audit evidence.

A) review of the documentation.
B) vouching.
C) physical examination.
D) analytical review.

A) evaluate the control procedures.
B) determine the threats facing the AIS.
C) identify the control procedures that should be in place.
D) evaluate weaknesses to determine their effect on the audit procedures.

A) confirmation.
B) reperformance.
C) vouching.
D) analytical review.

A) A systems review
B) A systems overhaul
C) Tests of controls
D) both B and C

A) to determine the inherent risk factors found in the system
B) to review and evaluate the internal controls that protect the system
C) to examine the reliability and integrity of accounting records
D) to examine whether resources have been used in an economical and efficient manner in keeping with organization goals and objectives

A) tests of controls.
B) compensating controls.
C) the feasibility of a systems review.
D) materiality and inherent risk factors.

A) overall security.
B) program development.
C) program modifications.
D) processing.

A) risk-based approach
B) risk-adjusted approach
C) financial audit approach
D) information systems approach

A) vouching.
B) confirmation.
C) reperformance.
D) analytical review.

A) reduce detection risk.
B) reduce control risk.
C) increase detection risk.
D) increase control risk.

A) reviewing corporate organizational structure and reporting hierarchies
B) examining procedures for reporting and disposing of hazardous waste
C) reviewing source documents and general ledger accounts to determine integrity of recorded transactions
D) comparing estimates and analysis made before purchase of a major capital asset to actual numbers and results achieved

A) reducing inherent risk.
B) reducing control risk.
C) reducing detection risk.
D) reducing audit risk.

A) confirmation.
B) reperformance.
C) vouching.
D) analytical review.

A) reduce inherent risk.
B) reduce control risk.
C) increase inherent risk.
D) increase control risk.

A) The internal audit department processes test data at Panther Designs.
B) Panther Designs pays its employees well, decreasing the likelihood of errors.
C) Panther Designs only hires competent programmers, decreasing the likelihood of errors.
D) All of Panther Design's IT applications are less than 2 years old.

A) Only material program changes should be thoroughly tested and documented.
B) During the change process, the developmental version of the program must be kept separate from the production version.
C) After the modified program has received final approval, the change is implemented by replacing the developmental version with the production version.
D) When a program change is submitted for approval, a list of all required updates should be compiled and then approved by management and program users.

A) use of a source code comparison program
B) use of the reprocessing technique to compare program output
C) interviewing and making inquiries of the programming staff
D) use of parallel simulation to compare program output

A) development; processing
B) processing; development
C) operational; internal
D) internal; operational

A) an independent reviewer only
B) a developer of internal controls
C) an advisor and developer of internal control specifications
D) A and B above

A) Security provisions exist to protect data from unauthorized access, modification, or destruction.
B) Obtaining evidence to provide reasonable assurance the financial statements are not materially misstated
C) Programs have been developed and acquired in accordance with management's authorization.
D) Program modifications have received management's authorization and approval.

A) Review software license agreements.
B) Test new programs, including user acceptance testing.
C) Purchase hardware only from management approved vendors.
D) Require management approval of programming specifications.

A) Observe computer-site access procedures.
B) Investigate how unauthorized access attempts are handled.
C) Review logical access policies and procedures.
D) Examine the results of disaster recovery plan simulations.

A) an application that records how well systems personnel have performed on company competency examinations
B) an application that prepares data that can be used for auditing the effectiveness of computer processing
C) an application that records which professional examinations systems personnel have obtained
D) a backup generator application that can be used to generate data if the original storage device fails

A) an audit log.
B) a mapping program.
C) a scanning routine.
D) program tracing.

A) An input control matrix
B) A flowchart generator program
C) A program algorithm matrix
D) A mapping program

A) Verify the extent and effectiveness of encryption.
B) Inspect computer sites.
C) Test assignment procedures for user IDs.
D) Observe the preparation of backup files.

A) concurrent audit techniques
B) test data processing
C) integrated test facility
D) dual process

A) examining system access logs
B) developing the information system
C) examining logical access policies and procedures
D) making recommendations to management for improvement of existing internal controls

A) Review logical access control policies.
B) Discuss modification policies with management, users, and systems personnel.
C) Verify logical access controls are in effect for program changes.
D) Separate development, test, and production versions of programs.

A) test data processing
B) parallel simulation
C) concurrent audit techniques
D) analysis of program logic

A) by interviewing and making inquiries of the programming staff
B) by examining the systems design and programming documentation
C) by using a source code comparison program
D) by interviewing and making inquiries of recently terminated programming staff

A) an employee or outsider obtaining data about an important client.
B) a data entry clerk from introducing data entry errors into the system.
C) a computer operator from losing or corrupting files or data during transaction processing.
D) programmers making unauthorized modifications to programs.

A) a SCARF.
B) reperformance.
C) the snapshot technique.
D) an audit hook.

A) an integrated test facility.
B) the snapshot technique.
C) a system control audit review file.
D) continuous and intermittent simulation.

A) Windows Media Converter
B) concurrent audit technique
C) computer assisted audit techniques software
D) Adobe Professional

A) eliminate auditor judgment errors
B) assist the auditor in retrieving and reviewing information
C) detect unauthorized modifications to system program code
D) recheck all mathematical calculations, cross-foot, reprocess financial statements and compare to originals

A) the snapshot technique.
B) a system control audit review file.
C) audit hooks.
D) continuous and intermittent simulation.

A) a local car dealership
B) a mom and pop grocery store
C) a large lumber mill that uses an ERP system
D) a medium-sized shoe retailer with outlets in many cities

A) an integrated test facility.
B) the snapshot technique.
C) a system control audit review file.
D) continuous and intermittent simulation.

A) to identify fraudulent Medicare claims
B) to perform random audits of government spending
C) to replace human auditors with computerized auditors
D) to develop a more balanced government budget

A) audit hooks.
B) an integrated test facility.
C) the snapshot technique.
D) a system control audit review file.

A) audit hooks.
B) the snapshot technique.
C) a system control audit review file.
D) continuous and intermittent simulation.

A) embedded audit modules.
B) scanning routines.
C) mapping programs.
D) automated flow charting programs.

A) input controls matrix.
B) CAATS.
C) embedded audit module.
D) mapping program.

A) program tracing.
B) scanning routines.
C) mapping programs.
D) embedded audit modules.