Deck 20: Auditing in a Computerized Environment

A) Integrated test facility.
B) Input controls matrix.
C) Parallel simulation.
D) Data entry monitor.

A) Create checkpoints at periodic intervals after data processing to test for unauthorized use of the system.
B) Examine the transaction log to discover whether any transactions were lost or entered twice due to a system malfunction.
C) Enter invalid identification numbers or passwords to ascertain whether the system rejects them.
D) Vouch a random sample of processed transactions to ensure proper authorization.

A) Check digits.
B) Valid sign tests.
C) Sequence tests.
D) Limit and reasonableness tests.

A) Around the computer.
B) Through the computer.
C) Without the computer.
D) With the computer.

A) Test data.
B) Test deck.
C) Generalized audit software.
D) Parallel simulation.

A) Programmer.
B) Systems analyst.
C) Computer operator.
D) Data conversion operator.

A) The duties of application programming, computer operation, and control of data files should be separated.
B) Computer operators should maintain control of all software programs.
C) Specific passwords should be required to access online files.
D) Computer programmers should be periodically rotated across different applications.

A) Access client data files.
B) Prepare spreadsheets.
C) Assess control risk related to computerized processing systems.
D) Construct and perform parallel simulations.

A) Several transactions of each type must be tested.
B) Test data are processed by the client's computer programs under the audit team's control.
C) Test data must consist of all possible valid and invalid combinations.
D) The computer program used to process test data is different from the program used throughout the year by the client.

A) The audit team's test data are consistent with the client's normal transactions.
B) Controls operate as described in responses to internal control questionnaire items and program flowcharts.
C) Every possible error is prevented or detected by the client's computer controls.
D) All possible combinations of valid data are correctly processed.

A) Existence of unclaimed payroll checks held by supervisors.
B) Early cashing of payroll checks by employees.
C) Discovery of invalid employee identification numbers.
D) Proper approval of overtime by supervisors.

A) Generalized audit software.
B) Parallel simulation.
C) Test data.
D) Tagging transactions.

A) Control totals.
B) Balance of input to output.
C) File backup and retention.
D) Transaction logs.

A) Ensure that appropriate files are used in computerized processing.
B) Ensure restricted access to the computing environment.
C) Ensure that files are appropriately secured and protected from loss.
D) Ensure that files can be reconstructed from earlier versions of information used in processing.

A) Can be performed using only actual transactions because testing simulated transactions does not provide relevant evidence.
B) Can be performed using actual transactions or simulated transactions.
C) Is impractical because many procedures within the computerized processing system leave no visible evidence of having been performed.
D) Is inadvisable because it may distort the evidence in real-time systems.

A) Preventive maintenance.
B) Echo check.
C) Internal label.
D) Parity check.

A) Embedded audit modules.
B) Monitoring system activity.
C) Snapshot.
D) Test data.

A) Transaction logs.
B) Control totals.
C) Comparing input to output.
D) Online editing and sight verification.

A) Completeness and accuracy.
B) Occurrence and rights and obligations.
C) Accuracy and occurrence.
D) Completeness and occurrence.

A) Hardware controls are built into the computer by the computer manufacturer.
B) Backup files are stored in a location separate from original copies.
C) Personnel who are independent of data input perform parallel simulations.
D) System flowcharts provide accurate descriptions of computer operations.

A) Access to programs and data.
B) Computer operations.
C) Data file controls.
D) Hardware controls.

A) Ensuring that all software acquisition and program development efforts are consistent with the organization's needs and objectives.
B) Testing and validating new programs and developing proper implementation plans.
C) Requiring that all programming efforts take place under the control of the requesting user department.
D) Ensuring that data are converted completely and accurately for use in the new systems.

A) These standards enable the organization to understand the programming logic underlying recently developed programs.
B) These standards ensure that the program controls and documentation included in recently developed programs is adequate.
C) The absence of these standards would constitute a material weakness in internal control.
D) These standards ensure the appropriate separation of duties of computer personnel.

A) A transposition of numbers in a numeric field.
B) Entry of an unauthorized transaction supported by documentary evidence.
C) Failure to enter a valid transaction through input error.
D) Erroneously entering the same transaction twice.

A) The client's computer controls duplicate manual controls existing elsewhere in the system.
B) There appear to be major weaknesses that indicate a high level of control risk.
C) The time and dollar costs of testing computer controls exceed the time and dollar savings in substantive procedures.
D) The client's controls appear to function at an adequate level to justify a low assessment of control risk.

A) Separation of duties within the computer function.
B) Controls over source documents.
C) Documentation maintained for accounting applications.
D) Relationship between costs and benefits of computer operations.

A) The types of transactions that are processed through the system(s).
B) The specific control procedures that have been implemented by the client to prevent or detect misstatements that could occur based on the audit team's analysis.
C) The programs and files that are accessed by the system(s) in processing transactions.
D) The type of output that is created as a result of processing transactions through the system(s).

A) Periodic management review of computer utilization reports and systems documentation.
B) Separation of duties for computer programming and computer operations.
C) Participation of user department personnel in designing and approving new systems.
D) Physical security of computer facilities in limiting access to computer equipment.

A) Parity check.
B) Personal identification code.
C) Self-diagnosis test.
D) Echo check.

A) Employee collusion possibilities are increased because portable computing devices from one vendor can process the programs of a system from different vendors.
B) Computer operators may be able to remove hardware and software components and modify them at an off-site location.
C) Programming errors result in all similar transactions being processed incorrectly because those transactions are processed under the same conditions.
D) Certain transactions may be automatically initiated by the computerized processing system and management's authorization of these transactions may be implicit in its acceptance of the system design.

A) Providing for the separation of duties between data input and error listing operations.
B) Using a systems development life cycle for authorization, user involvement, and testing of program modifications.
C) Preparing batch totals to provide assurance that file updates are made for the entire group of transactions.
D) Performing a validity check of an identification number before a user can obtain access to the computer files.

A) The objective of the audit examination focuses on detection of fraud and theft through the computer.
B) The type of substantive procedures performed by the audit team change because of the use of computerized processing.
C) The effectiveness of computer controls implemented by the client over its computerized processing may need to be evaluated by audit teams.
D) Different independence standards are introduced for audit teams when clients utilize computerized processing.

A) General controls.
B) Hardware controls.
C) Input controls.
D) Transmission controls.

A) The test data are created for a separate entity and are run simultaneously with the client's actual data.
B) Only one of each type of error transaction needs to be included in the test data.
C) The manual results of processing the test data are compared to the results of processing these data through the client's computerized processing system.
D) Audit teams consider potential errors and conditions of interest in generating the test data.

A) Batch totals.
B) Hash totals.
C) Missing data tests.
D) Sequence tests.

A) Grandfather-father-son file retention.
B) Input and output validation routines.
C) Systems documentation.
D) Check digit verification.

A) Using passwords requiring access to those programs and files.
B) Periodically reviewing and confirming access rights for the organization's users.
C) Monitoring actual user activity through a program log and comparing that activity to authorized levels.
D) Ensuring that access to programs and files is removed for recently terminated employees.

A) Computer controls.
B) Environment controls.
C) Automated application controls.
D) General controls.

A) Is a required approach under generally accepted auditing standards.
B) Requires the audit team to evaluate the operating effectiveness of important computer controls.
C) Is normally utilized when the client has not implemented significant computer controls.
D) Focuses on reconciling the input data to the results generated by the client's computerized processing system.

A) The organization's use of the systems development life cycle when implementing or modifying computerized processing systems.
B) The organization's use of check digits to ensure accurate input of transaction data.
C) Periodic and preventative maintenance performed on the computer and related equipment.
D) The existence of appropriate separation of duties within the computer department.

A) Submitting test data at several different times for processing on the computer program the client uses for actual transaction processing.
B) Manually comparing detailed transactions that the internal auditors used to test a program to the program's actual error messages.
C) Programming a model transaction processing system and processing actual client transactions for comparison to the output produced by the client's program.
D) Manually reperforming actual transaction processing with comparison of results to the actual system output.

A) Check digit verification.
B) Record count.
C) Hash total.
D) Redundant data check.

A) Payroll processing program.
B) Operating system program.
C) Data management system software.
D) Utility program.

A) Make corroborative inquiries.
B) Observe the separation of duties of personnel.
C) Review transactions submitted for processing and comparing them to related output.
D) Review the run manual.

A) Writing a computer program that simulates the logic of a good password control system.
B) Selecting a random sample of the client's completed transactions to check the existence of proper authorization.
C) Attempting to sign on to the computerized processing system with a false password.
D) Obtaining representations from the client's computer personnel that the password control prevents unauthorized entry.

A) Make copies of client data files for controlled reprocessing.
B) Construct a parallel simulation to test the client's computer controls.
C) Perform tests of a client's hardware controls.
D) Test the operative effectiveness of a client's password access control.

A) Arrange data in a logical sequential manner for processing purposes.
B) Correct errors in the computer programs.
C) Monitor and detect errors in source documents.
D) Detect and control errors arising from use of equipment.

A) The client's computer programs process test data under the audit team's control.
B) The test data must consist of all possible valid and invalid conditions.
C) The test data need consist only of those valid and invalid conditions in which audit teams are interested.
D) Only one transaction of each type need be tested.

A) Control totals.
B) Record counts.
C) Limit checks.
D) External labels.

A) The computer librarian maintains custody of computer program instructions and detailed lists.
B) Computer operators have access to operator instructions and detailed program lists.
C) The control group is solely responsible for the distribution of all computer output.
D) Computer programmers write and debug programs that perform routines designed by the systems analyst.

A) The collection of similar transactions that are sorted and processed sequentially against a master file.
B) The input of transactions prior to processing.
C) The production of numerous printouts.
D) The posting of a transaction as it occurs to several files without intermediate printouts.

A) It is usually difficult to detect arithmetic errors.
B) Unauthorized persons find it easy to access the computer and alter the data files.
C) Transactions are coded for account classifications before they are processed on the computer.
D) Random errors in report printing are rare in packaged software systems.

A) A system that performs relatively uncomplicated processes and produces detailed output.
B) A system that affects a number of master files and produces a limited output.
C) A system that updates a few master files and produces no other printed output than final balances.
D) A system that performs relatively complicated processing and produces very little detailed output.

A) The speed and efficiency of the computer results in reduced sample sizes.
B) The risk of misstatement is typically lower in a computerized processing environment.
C) Audit teams generally perform more extensive substantive testing in a computerized processing environment, resulting in less need to test processing controls.
D) In a computerized processing environment, each transaction is handled in an identical manner.

A) Input data.
B) Machine capacity.
C) Control procedures contained within the program.
D) General controls.

A) Condenses data significantly.
B) Highlights abnormal conditions.
C) Decreases the necessary level of tests of computer controls.
D) Is an efficient computer input control.

A) Sequence checking.
B) Batch totals.
C) Limit tests.
D) Check digits.

A) Batch totals.
B) Hash totals.
C) Check digits.
D) Record counts.

A) Batch processing.
B) Real-time processing.
C) Integrated data processing.
D) Random access processing.

A) Employees in a computerized environment are highly skilled.
B) Audit teams cannot evaluate the computerized processing system during the year.
C) Higher dollar amounts are involved in a computerized environment.
D) Employees have increased access to processing systems and computer resources in a computerized environment.