Deck 11: Auditing Computer-Based Information Systems

A)reperformance.
B)confirmation.
C)substantiation.
D)documentation.

A)control risk.
B)detection risk.
C)inherent risk.
D)investigating risk.

A)operational or management
B)financial
C)information systems
D)internal control

A)absolute reliability
B)reasonable objectivity
C)reasonable evidence
D)reasonable assurance

A)collection of audit evidence
B)communication of audit results
C)audit planning
D)evaluation of audit evidence

A)helping management to improve organizational effectiveness
B)assisting in the design and implementation of an AIS
C)preparation of the company's financial statements
D)implementing and monitoring of internal controls

A)a four-step approach to internal control evaluation.
B)a three-step approach to internal control evaluation.
C)a four-step approach to financial statement review and recommendations.
D)a three-step approach to financial statement review and recommendations.

A)planning; evaluating audit evidence
B)planning; collecting audit evidence
C)collecting audit evidence; communicating audit results
D)communicating audit results; evaluating audit evidence

A)control
B)detection
C)inherent
D)investing

A)collection,review,and documentation of audit evidence.
B)planning and verification of economic events.
C)collection of audit evidence and approval of economic events.
D)testing,documentation,and certification of audit evidence.

A)review of the documentation.
B)vouching.
C)physical examination.
D)analytical review.

A)susceptibility to material risk in the absence of controls.
B)risk that a material misstatement will get through the internal control structure and into the financial statements.
C)risk that auditors and their audit procedures will not detect a material error or misstatement.
D)risk auditors will not be given the appropriate documents and records by management who wants to control audit activities and procedures.

A)audit planning.
B)collection of audit evidence.
C)communication of audit results.
D)evaluation of audit evidence.

A)audit planning
B)collection of audit evidence
C)communication of audit results
D)evaluation of audit evidence

A)review of documentation.
B)vouching.
C)physical examination.
D)analytical review.

A)audit planning
B)the collection of audit evidence
C)the communication of audit results
D)the evaluation of audit evidence

A)operational and management audits
B)information system audits
C)financial statement audit
D)financial audit of accounting records

A)financial
B)informational
C)information systems
D)operational

A)financial
B)information systems
C)management
D)internal control

A)confirmation.
B)reperformance.
C)vouching.
D)analytical review.

A)evaluate the control procedures.
B)determine the threats facing the AIS.
C)identify the control procedures that should be in place.
D)evaluate weaknesses to determine their effect on the audit procedures.

A)overall security.
B)program development.
C)program modifications.
D)processing.

A)confirmation.
B)reperformance.
C)vouching.
D)analytical review.

A)tests of controls.
B)compensating controls.
C)the feasibility of a systems review.
D)materiality and inherent risk factors.

A)reduce detection risk.
B)reduce control risk.
C)increase detection risk.
D)increase control risk.

A)A systems review
B)A systems overhaul
C)Tests of controls
D)both B and C

A)reviewing corporate organizational structure and reporting hierarchies
B)examining procedures for reporting and disposing of hazardous waste
C)reviewing source documents and general ledger accounts to determine integrity of recorded transactions
D)comparing estimates and analysis made before purchase of a major capital asset to actual numbers and results achieved

A)vouching.
B)confirmation.
C)reperformance.
D)analytical review.

A)to determine the inherent risk factors found in the system
B)to review and evaluate the internal controls that protect the system
C)to examine the reliability and integrity of accounting records
D)to examine whether resources have been used in an economical and efficient manner in keeping with organization goals and objectives

A)reduce inherent risk.
B)reduce control risk.
C)increase inherent risk.
D)increase control risk.

A)reducing inherent risk.
B)reducing control risk.
C)reducing detection risk.
D)reducing audit risk.

A)risk-based approach
B)risk-adjusted approach
C)financial audit approach
D)information systems approach

A)an employee or outsider obtaining data about an important client.
B)a data entry clerk from introducing data entry errors into the system.
C)a computer operator from losing or corrupting files or data during transaction processing.
D)programmers making unauthorized modifications to programs.

A)an independent reviewer only
B)a developer of internal controls
C)an advisor and developer of internal control specifications
D)A and B above

A)Review software license agreements.
B)Test new programs,including user acceptance testing.
C)Purchase hardware only from management approved vendors.
D)Require management approval of programming specifications.

A)an application that records how well systems personnel have performed on company competency examinations
B)an application that prepares data that can be used for auditing the effectiveness of computer processing
C)an application that records which professional examinations systems personnel have obtained
D)a backup generator application that can be used to generate data if the original storage device fails

A)use of a source code comparison program
B)use of the reprocessing technique to compare program output
C)interviewing and making inquiries of the programming staff
D)use of parallel simulation to compare program output

A)concurrent audit techniques
B)test data processing
C)integrated test facility
D)dual process

A)An input control matrix
B)A flowchart generator program
C)A program algorithm matrix
D)A mapping program

A)a SCARF.
B)reperformance.
C)the snapshot technique.
D)an audit hook.

A)by interviewing and making inquiries of the programming staff
B)by examining the systems design and programming documentation
C)by using a source code comparison program
D)by interviewing and making inquiries of recently terminated programming staff

A)Review logical access control policies.
B)Discuss modification policies with management,users,and systems personnel.
C)Verify logical access controls are in effect for program changes.
D)Separate development,test,and production versions of programs.

A)examining system access logs
B)developing the information system
C)examining logical access policies and procedures
D)making recommendations to management for improvement of existing internal controls

A)test data processing
B)parallel simulation
C)concurrent audit techniques
D)analysis of program logic

A)Only material program changes should be thoroughly tested and documented.
B)During the change process,the developmental version of the program must be kept separate from the production version.
C)After the modified program has received final approval,the change is implemented by replacing the developmental version with the production version.
D)When a program change is submitted for approval,a list of all required updates should be compiled and then approved by management and program users.

A)Security provisions exist to protect data from unauthorized access,modification,or destruction.
B)Obtaining evidence to provide reasonable assurance the financial statements are not materially misstated
C)Programs have been developed and acquired in accordance with management's authorization.
D)Program modifications have received management's authorization and approval.

A)The internal audit department processes test data at Panther Designs.
B)Panther Designs pays its employees well,decreasing the likelihood of errors.
C)Panther Designs only hires competent programmers,decreasing the likelihood of errors.
D)All of Panther Design's IT applications are less than 2 years old.

A)an audit log.
B)a mapping program.
C)a scanning routine.
D)program tracing.

A)development; processing
B)processing; development
C)operational; internal
D)internal; operational

A)Verify the extent and effectiveness of encryption.
B)Inspect computer sites.
C)Test assignment procedures for user IDs.
D)Observe the preparation of backup files.

A)Observe computer-site access procedures.
B)Investigate how unauthorized access attempts are handled.
C)Review logical access policies and procedures.
D)Examine the results of disaster recovery plan simulations.

A)embedded audit modules.
B)scanning routines.
C)mapping programs.
D)automated flow charting programs.

A)an integrated test facility.
B)the snapshot technique.
C)a system control audit review file.
D)continuous and intermittent simulation.

A)Windows Media Converter
B)concurrent audit technique
C)computer assisted audit techniques software
D)Adobe Professional

A)eliminate auditor judgment errors
B)assist the auditor in retrieving and reviewing information
C)detect unauthorized modifications to system program code
D)recheck all mathematical calculations,cross-foot,reprocess financial statements and compare to originals

A)input controls matrix.
B)CAATS.
C)embedded audit module.
D)mapping program.

A)audit hooks.
B)the snapshot technique.
C)a system control audit review file.
D)continuous and intermittent simulation.

A)the snapshot technique.
B)a system control audit review file.
C)audit hooks.
D)continuous and intermittent simulation.

A)an integrated test facility.
B)the snapshot technique.
C)a system control audit review file.
D)continuous and intermittent simulation.

A)a local car dealership
B)a mom and pop grocery store
C)a large lumber mill that uses an ERP system
D)a medium-sized shoe retailer with outlets in many cities

A)program tracing.
B)scanning routines.
C)mapping programs.
D)embedded audit modules.

A)audit hooks.
B)an integrated test facility.
C)the snapshot technique.
D)a system control audit review file.

A)to identify fraudulent Medicare claims
B)to perform random audits of government spending
C)to replace human auditors with computerized auditors
D)to develop a more balanced government budget