Chapter12 - final

1、CHAPTER 12 Multiple-Choice Questions1.easyIT has several significant effects on an organization. Which of the following would not be important from an auditing perspective?da.Organizational changes.b.The visibility of information.c.The potential for material misstatement.d.None of the above; i.e., t

2、hey are all important.2.easyThe audit procedure which is least useful in gathering evidence on significant computer processes is:ba.documentation.b.observation.c.test decks.d.generalized audit software.3.Which of the following is not a benefit of using IT-based controls?easya.Ability to process larg

3、e volumes of transactions.db.Ability to replace manual controls with computer-based controls.c.Reduction in misstatements due to consistent processing of transactions.d.Over-reliance on computer-generated reports.4.easyOne significant risk related to an automated environment is that auditors may _ i

4、nformation provided by an information system.ba.under-rely onb.over-rely onc.rely to little ond.over test5.Which of the following is not a risk specific to IT environments?easya.Reliance on the functioning capabilities of hardware and software.bb.Increased human involvement.c.Loss of data due to ins

5、ufficient backup.d.Reduced segregation of duties.6.easyWhich of the following is not an enhancement to internal control that will occur as a consequence of increased reliance on IT?da.Computer controls replace manual controls.b.Higher quality information is available.c.Computer-based controls provid

6、e opportunities to enhance separation of duties.d.Manual controls replace automated controls.7.Which of the following is not a risk to IT systems?easya.Need for IT experiencecb.Separation of IT dutiesc.Improved audit traild.Hardware and data vulnerability8.Which of the following is not a category of

7、 an application control?easya.Processing controls.cb.Output controls.c.Hardware controls.d.Input controls.9.Old and new systems operating simultaneously in all locations is a test approach known as:easya.pilot testing.db.horizontal egrative testing.d.parallel testing.10.easyaWhen the cl

8、ient uses a computer but the auditor chooses to use only the non-IT segment of internal control to assess control risk, it is referred to as auditing around the computer. Which one of the following conditions need not be present to audit around the computer?a.Computer programs must be available in E

9、nglish.b.The source documents must be available in a non-machine language.c.The documents must be filed in a manner that makes it possible to locate them.d.The output must be listed in sufficient detail to enable the auditor to trace individual transactions.11.Which of the following is a category of

10、 general controls?easya.Processing controls.cb.Output controls.c.Physical and online security.d.Input controls.12.Which of the following statements related to application controls is correct?easyda.Application controls relate to various aspects of the IT function including software acquisition and t

11、he processing of transactions.b.Application controls relate to various aspects of the IT function including physical security and the processing of transactions in various cycles.c.Application controls relate to all aspects of the IT function.d.Application controls relate to the processing of indivi

12、dual transactions.13.General controls include all of the following except:easya.systems development.cb.online cessing controls.d.hardware controls.14.Which of the following IT duties should be separated from the others?easya.Systems development.db.Operations.c.Data control.d.All of the

13、 above should be separated.15.The extent to which IT duties are separated in an organization depends on:easya.the organizations size.cb.the organizations complexity.c.both a and b.d.neither a nor b.16.easyPredesigned formats for audit documentation and letters can be created and saved using both ele

14、ctronic spreadsheets and word processors. These are called:ba.desktop publishing.b.templates.c.macros.d.work files.17.easy_ involves implementing a system in one part of the organization, while other locations continue to use the current system.ca.Parallel testingb.Online testingc.Pilot testingd.Non

15、e of the above.18.To determine that user ID and password controls are functioning, an auditor would most likely:easya.attempt to sign on to the system using invalid user identifications and passwords.ab.write a computer program that simulates the logic of the clients access control software.c.extrac

16、t a random sample of processed transactions and ensure that the transactions were appropriately authorized.d.examine statements signed by employees stating that they have not divulged their user identifications and passwords to any other person.19.easyWhen IT programs or files can be accessed from t

17、erminals, users should be required to enter a(n):da.echo check.b.parity check.c.self-diagnosis test.d.authorized password.20.An auditors flowchart of a clients system is a graphical representation that depicts the auditors:gram for tests of controls.bb.understanding of the system.c.understa

18、nding of the types of errors that are probable given the present system.d.documentation of the study and evaluation of the system.21.Which of the following is not a characteristic of an online processing system?mediuma.Output of the data files is available on request.db.Master files are updated at t

19、he time the entry is made.c.Display terminals are used for both input and output purposes.d.Programming is not allowed online and must be done separately.22.Typical controls developed for manual systems which are still important in IT systems include:per authorization of transactions.db.c

20、ompetent and honest personnel.c.careful and complete preparation of source documents.d.all of the above.23.The effectiveness of manual controls depends largely on:mediuma.the competence of the person performing the control.db.diligence of the person performing the control.c.neither a nor b, but othe

21、r factors.d.both a and b.24.mediumWhich of the following does not properly complete the following sentence: “Input controls are designed to ensure that the information entered into the computer is _.”ba.authorized.”b.for transactions occurring in the correct period.”c.accurate.”d.a complete record o

22、f the transactions entered.”25._ controls prevent and detect errors while transaction data are processed.mediuma.Softwarecb.Applicationc.Processingd.Transaction26.A database management system:mediuma.physically stores each element of data only once.ab.stores data on different files for different pur

23、poses, but always knows where they are and how to retrieve them.c.allows quick retrieval of data but at a cost of inefficient use of file space.d.allows quick retrieval of data, but it needs to update files continually.27.Which of the following is not associated with converting from a manual to an I

24、T system?mediuma.It usually centralizes data.db.It permits higher quality and more consistent controls over operations.c.It may eliminate the control provided by division of duties of independent persons who perform related functions and compare results.d.It may take the recordkeeping function and t

25、he document preparation function away from those who have custody of assets and put those functions into the IT center.28.Which of the following statements about general controls is not correct?mediuma.Disaster recovery plans should identify alternative hardware to process company data.db.Successful

26、 IT development efforts require the involvement of IT and non-IT personnel.c.The chief information officer should report to senior management and the board.d.Programmers should have access to computer operations to aid users in resolving problems.29.Which of the following statements is correct?mediu

27、ma.Auditors should evaluate application controls before evaluating general controls.cb.Auditors should evaluate application controls and general controls simultaneously.c.Auditors should evaluate general controls before evaluating application controls.d.None of these statements is correct.30.An impo

28、rtant characteristic of IT is uniformity of processing. Therefore, a risk exists that:mediuma.auditors will not be able to access data quickly.cb.auditors will not be able to determine if data is processed consistently.c.erroneous processing can result in the accumulation of a great number of missta

29、tements in a short period of time.d.all of the above.31.mediumAuditors should evaluate the _ before evaluating application controls because of the potential for pervasive effects.da.input controlsb.control cessing controlsd.general controls32.A control that relates to all parts of th

30、e IT system is called a(n):mediuma.general control.ab.systems control.c.universal control.d.applications control.33.Controls which apply to a specific element of the system are called:mediuma.user controls.db.general controls.c.systems controls.d.applications controls.34.Which of the following is no

31、t an example of an applications control?mediuma.An equipment failure causes system downtime.ab.There is a preprocessing authorization of the sales transactions.c.There are reasonableness tests for the unit selling price of a sale.d.After processing, all sales transactions are reviewed by the sales d

32、epartment.35.mediumWhich of the following is least likely to be used in obtaining an understanding of client general controls?ca.Examination of system documentationb.Inquiry of client personnel (e.g., key users)c.Observation of transaction processingd.Reviews of questionnaires completed by client IT

33、 personnel36.Which of the following is not a general control?mediuma.Reasonableness test for unit selling price of a sale.ab.Equipment failure causes error messages on monitor.c.Separation of duties between programmer and operators.d.Adequate program run instructions for operating the computer.37.Co

34、ntrols which are built in by the manufacturer to detect equipment failure are called:mediuma.input controls.cb.fail-safe controls.c.hardware controls.d.manufacturers controls.38.Auditors usually evaluate the effectiveness of: mediuma.hardware controls before general controls.cb.sales-cycle controls

35、before application controls.c.general controls before applications controls.d.applications controls before the control environment.39.mediumControls which are designed to assure that the information processed by the computer is authorized, complete, and accurate are called:aa.input ces

36、sing controls.c.output controls.d.general controls.40.Programmers should be allowed access to:mediuma.user controls.db.general controls.c.systems controls.d.applications controls.41.Programmers should do all but which of the following?mediuma.Test programs for proper performance.bb.Evaluate legitima

37、cy of transaction data input.c.Develop flowcharts for new applications.d.Programmers should perform each of the above.42._ tests determines that every field in a record has been completed.mediuma.Validationcb.Sequencec.Completenessd.None of the above43.In an IT-intensive environment, most processing

38、 controls are:mediuma.input controls.cb.operator grammed controls.d.documentation controls.44.Which of the following is not a processing control?mediuma.Control totals.cb.Logic tests.c.Check digits.d.Computations tests.45.Output controls are not designed to assure that data generated b

39、y the computer are:mediuma.accurate.db.distributed only to authorized plete.d.used appropriately by employees in making decisions.46.Auditors usually obtain information about general and application controls through:erviews with IT personnel.db.examination of systems documenta

40、tion.c.reading program change requests.d.all of the above methods.47.When auditors consider only non-IT controls in assessing control risk, it is known as:mediuma.the single-stage audit.cb.the test deck approach.c.auditing around the computer.d.generalized audit software (GAS).48.mediumThe auditors

41、objective to determine whether the clients computer programs can correctly handle valid and invalid transactions as they arise is accomplished through the:aa.test data approach.b.generalized audit software approach.c.microcomputer-aided auditing approach.d.generally accepted auditing standards.49.me

42、diumThe audit approach in which the auditor runs his or her own program on a controlled basis to verify the clients data recorded in a machine language is:ca.the test data approach.b.called auditing around the computer.c.the generalized audit software approach.d.the microcomputer-aided auditing appr

43、oach.50.mediumWhich of the following is not one of the three categories of testing strategies when auditing through the computer?aa.Pilot simulation.b.Test data approach.c.Parallel simulation.d.Embedded audit module.51.mediumdCompanies with non-complex IT environments often rely on microcomputers to

44、 perform accounting system functions. Which of the following is not an audit consideration in such an environment?a.Limited reliance on automated controls.b.Unauthorized access to master files.c.Vulnerability to viruses and other risks.d.Excess reliance on automated controls.52.Internal control is i

45、neffective when computer personnel:mediuma.participate in computer software acquisition decisions.cb.design flowcharts and narratives for computerized systems.c.originate changes in customer master vide physical security over program files.53.When using the test data approach:mediuma.test

46、 data should include only exception conditions.db.application programs tested must be virtually identical to those used by employees.c.select data may remain in the client system after testing.d.none of the above statements is correct.54.mediumBecause general controls have a _ effect on the operatin

47、g effectiveness of application controls, auditors must consider general controls.ba.nominalb.pervasivec.mitigatingd.worsening55.Errors in data processed in a batch computer system may not be detected immediately because:mediuma.transaction trails in a batch system are available only for a limited pe

48、riod of time.bb.there are time delays in processing transactions in a batch system.c.errors in some transactions cause rejection of other transactions in the batch.d.random errors are more likely in a batch system than in an online system.56._ link equipment in large geographic regions.mediuma.Cosmo

49、politan area networks (CANs)cb.Local area networks (LANs)c.Wide area networks (WANs)d.Virtual area networks (VANs)57.mediumcWhich of the following computer-assisted auditing techniques allows fictitious and real transactions to be processed together without client operating personnel being aware of

50、the testing process?a.Parallel simulation.b.Generalized audit software programming.c.Integrated test facility.d.Test data approach.58.Firewalls are used to protect:mediuma.erroneous internal handling of data.db.against insufficient documentation of transactions.c.illogical programming commands.d.una

51、uthorized use of system resources.59.In an IT system, automated equipment controls or hardware controls are designed to:mediuma.correct errors in the computer programs. cb.monitor and detect errors in source documents.c.detect and control errors arising from the use of equipment.d.arrange data in a

52、logical sequential manner for processing purposes.60.mediumIf a control total were to be computed on each of the following data items, which would best be identified as a hash total for a payroll IT application?ba.Gross wages earned.b.Employee numbers.c.Total hours worked.d.Total debit amounts and t

53、otal credit amounts.61.What tools do companies use to limit access to sensitive company data?mediuma.Encryption techniques.db.Digital signatures.c.Firewalls.d.All of the above.62.mediumRather than maintain an internal IT center, many companies use _ to perform many basic functions such as payroll.ba.general service providersb.application service providersc.either a or bd.neither a nor b63.mediumdA company uses the account code 669 for maintenance expense. However, one of the company clerks often codes maintenance expense as 996. The highest account code in the system is 750. What