Which of the following procedures would be least likely to be utilized during the planning stage of the audit?

Which of the following computer documentations would an auditor most likely utilize in obtaining an understanding of internal control? a. Systems flowcharts b. Record counts c. Program listings d. Record layouts

One of the major problems in an IT system is that incompatible functions may be performed by the same individual. One compensating control for this is the use of a. Echo checks b. A self-checking digit system c. Computer-generated hash totals d. A computer log

Which of the following is a general control that would most likely assist an entity whose systems analyst left the entity in the middle of a major project? a. Grandfather-father-son record retention b. Input and output validation routines c. Systems documentation d. Check digit verification

A retail entity uses electronic data interchange (EDI) in executing and recording most of its purchase transactions. The entity's auditor recognizes that the documentation of the transactions will be retained for only a short period of time. To compensate for this limitation, the auditor most likely would a. Increase the sample of EDI transactions to be selected for cutoff tests b. Perform tests several times during the year, rather than only at year-end c. Plan to make a 100% count of the entity's inventory at or near the year-end d. Decrease the assessed level of control risk for the existence or occurrence assertion

b. Perform tests several times during the year, rather than only at year-end

Which of the following is an engagement attribute for an audit of an entity that processes most of its financial data in electronic form without any paper documentation? a. Discrete phases of planning, interim, and year-end fieldwork b. Increased effort to search for evidence of management fraud c. Performance of audit tests on a continuous basis d. Increased emphasis on the completeness assertion

c. Performance of audit tests on a continuous basis

An auditor anticipates assessing control risk at a low level in a computerized environment. Under these circumstances, on which of the following procedures would the auditor initially focus? a. Programmed control procedures b. Application control procedures c. Output control procedures d. General control procedures

d. General control procedures

A retailing entity uses the internet to execute and record its purchase transactions. The entity's auditor recognizes that the documentation of details of transactions will be retained for only a short period of time. To compensate for this limitation, the auditor most likely would a. Compare a sample of paid vendors' invoices to the receiving records at year-end b. Plan for a large measure of tolerable misstatement in substantive tests c. Perform tests several times during the year, rather than only at year-end d. Increase the sample of transactions to be selected for cutoff tests

c. Perform tests several times during the year, rather than only at year-end

Which of the following is an example of how specific controls in a database environment may differ from controls in a nondatabase environment? a. Controls should exist to ensure that users have access to and can update only the data elements that they have been authorized to access. b. Controls over data sharing by diverse users within an entity should be the same for every user. c. The employee who manages the computer hardware should also develop and debug the computer programs. d. Controls can provide assurance that all processed transactions are authorized, but cannot verify that all authorized transactions are processed.

a. Controls should exist to ensure that users have access to and can update only the data elements that they have been authorized to access.

Misstatements in a batch computer system caused by incorrect programs or data may not be detected immediately because a. Errors in some transactions may cause rejection of other transactions in the batch. b. The identification of errors in input data typically is not part of the program. c. There are time delays in processing transactions in a batch system. d. The processing of transactions in a batch system is not uniform.

c. There are time delays in processing transactions in a batch system.

which of the following most likely represents a significant deficiency in internal control? a. systems programmer designs systems for computerized applications & maintains output controls b. systems analyst reviews applications of data processing and maintains systems documentation c. control clerk establishes control over data received by the IT department and reconciles control totals after processing d. AP clerk prepares data for computer processing and enters the data into the computer

a. systems programmer designs systems for computerized applications & maintains output controls

When evaluating internal control of an entity that processes sales transactions on the Internet, an auditor would be most concerned about the a. Lack of sales invoice documents as an audit trail. b. Potential for computer disruptions in recording sales. c. Inability to establish an integrated test facility. d. Frequency of archiving and data retention.

b. Potential for computer disruptions in recording sales.

Which of the following statements is correct concerning internal control in an electronic data interchange (EDI) system? a. Preventive controls generally are more important than detective controls in EDI systems. b. Control objectives for EDI systems generally are different from the objectives for other information systems. c. Internal controls in EDI systems rarely permit control risk to be assessed at below the maximum. d. Internal controls related to the segregation of duties generally are the most important controls in EDI systems.

a. Preventive controls generally are more important than detective controls in EDI systems.

Which of the following would most likely be a weakness in IC of a client that utilizes microcomps rather than a larger computer system a. employee collusion possibilities are increased bc microcomputers from one vendor can process the programs of a system from a different vendor b. microcomputer operators may remove hardware and software components & modify them at home c. programming errors result in all similar transactions being processed incorrectly when they are processed under the same conditions d. certain transactions may be automatically initiated by the microcomputers & management's authorization of these transactions may be implicit in its acceptance of the system design

b. the microcomputer operators may be able to remove hardware and software components & modify them at home

Which of the following statements most likely represents a disadvantage for an entity that keeps microcomputer-prepared data files rather than manually prepared files a. attention is focused on the accuracy of the programming process rather than errors in individual transactions b. it is usually easier for unauthorized persons to access and alter the files c. random error associated with processing similar transactions in different ways is usually greater d. it is usually more difficult to compare recorded accountability with physical count of assets

b. it is usually easier for unauthorized persons to access and alter the files

Which of the following characteristics distinguishes computer processing from manual processing? a. computer processing virtually eliminates the occurrence of computational error normally associated with manual processing b. the potential for systematic error is ordinarily greater in manual processing than in computerized processing c. errors or fraud in computer processing will be detected soon after their occurrence d. most computer systems are designed so that transaction trails useful for audit purposes do not exist

a. computer processing virtually eliminates the occurrence of computational error normally associated with manual processing

Which of the following control procedures most likely could prevent IT personnel from modifying programs to bypass programmed controls a. periodic management review of computer utilization reports and systems documentation b. segregation of duties within IT for computer programming and computer operations c. participation of user department personnel in designing and approving new systems d. physical security of IT facilities in limiting access to IT equipment

b. segregation of duties within IT for computer programming and computer operations

When an accounting application is processed by computer, an auditor can't verify the reliable operation of programmed control procedures by a. constructing a processing system for accounting apps & processing actual data from throughout the period through both the client/ auditor's programs b. manually comparing detail transactions files used by an edit program to the program's generated error listings to determine that errors were properly identified by the edit program c. manually reperforming as of a point in time, the processing of input data and comparing the simulated results to the actual results d. periodically submitting auditor-prepd test data to the same computer process and evaluating results

c. manually reperforming as of a point in time, the processing of input data and comparing the simulated results to the actual results

Which of the following outcomes is a likely benefit of information technology used for internal control? a. processing of unusual or nonrecurring transactions b. enhanced timeliness of information c. potential loss of data d. recording of unauthorized transactions

b. enhanced timeliness of information

In which of the following circumstances would an auditor expect to find that an entity implemented automated controls to reduce risks of misstatement? a. When errors are difficult to predict b. When misstatements are difficult to define c. When large, unusual, or nonrecurring transactions require judgement d. When transactions are high-volume and recurring

d. When transactions are high-volume and recurring

In an environment that is highly automated, an auditor determines that it is not possible to reduce detection risk solely by substantive tests of transactions. under these circumstances, the auditor most likely would a. perform tests of controls to support a lower level of assessed control risk b. increase the sample size to reduce sampling risk and detection risk c. adjust the materiality level and consider the effect on inherent risk d. apply analytical procedures and consider the effect on control risk

a. perform tests of controls to support a lower level of assessed control risk

Which of the following is not a major reason for maintaining an audit trail for a computer system? a. Deterrent to fraud b. Monitoring purposes c. Analytical procedures d. Query answering

Which of the following is an essential element of the audit trail in an electronic data interchange (EDI) system? a. Disaster recovery plans that ensure proper backup of files. b. Encrypted hash totals that authenticate messages. c. Activity logs that indicate failed transactions. d. Hardware security modules that store sensitive data.

c. Activity logs that indicate failed transactions.

Which of the following activities most likely would detect whether payroll data were altered during processing? a. Monitor authorized distribution of data control sheets. b. Use test data to verify the performance of edit routines. c. Examine source documents for approval by supervisors. d. Segregate duties between approval of hardware and software specifications.

b. Use test data to verify the performance of edit routines.

Matthews Corp. has changed from a system of recording time worked on clock cards to a computerized payroll system in which employees record time in and out with magnetic cards. The EDP system automatically updates all payroll records. Because of this change a. A generalized computer audit program must be used. b. Part of the audit trail is altered c. Transactions must be processed in batches d. The potential for payroll-related fraud is diminished

b. Part of the audit trail is altered

An auditor who is testing IT controls in a payroll system would most likely use test data that contain conditions such as a. Deductions not authorized by employees b. Overtime not approved by supervisors c. Payroll checks with unauthorized signatures d. Time tickets with invalid job numbers

d. Time tickets with invalid job numbers

In a computerized payroll system environment, an auditor would be least likely to use test data to test controls related to a. missing employee numbers b. proper approval of overtime by supervisors c. time tickets with invalid job numbers d. agreement of hours per clock cards with hours on time tickets

b. proper approval of overtime by supervisors

Which of the following could be difficult to determine because electronic evidence may not be retrievable after a specific period?

a. The acceptance level of detection risk.

b. The timing of control and substantive tests.

c. Whether to adopt substantive or reliance test strategies.

d. The assessed level of inherent risk.

b. The timing of control and substantive tests.

An auditor would most likely be concerned with which of the following controls in a distributed data processing system? a. Hardware controls b. Systems documentation controls c. Access controls d. Disaster recovery controls

To obtain evidence that on-line access controls are properly functioning, an auditor most likely would a. create checkpoints at periodic intervals after live data processing to test for unauthorized use of the system b. examine the transactions log to discover whether any transactions were lost or entered twice due to a system malfunction c. enter invalid ID numbers or passwords to ascertain whether the system rejects them d. vouch a random sample of processed transactions to assure proper authorization

c. enter invalid ID numbers or passwords to ascertain whether the system rejects them

A client that recently installed a new accounts payable system assigned employees a user identification code (UIC) and a separate password. Each UIC is a person's name, and the individual's password is the same as the UIC. Users are not required to change their passwords at initial log-in nor do passwords ever expire. Which of the following statements does not reflect a limitation of the client's computer-access control? a. Employees can easily guess fellow employees' passwords b. Employees are not required to change passwords c. Employees can circumvent procedures to segregate duties d. Employees are not required to take regular vacations

d. Employees are not required to take regular vacations

Which of the following would an auditor ordinarily consider the greatest risk regarding an entity’s use of electronic data interchange (EDI)? a. Authorization of EDI transactions. b. Duplication of EDI transmissions. c. Improper distribution of EDI transactions. d. Elimination of paper documents.

c. Improper distribution of EDI transactions.

Which of the following controls is a processing control designed to ensure the reliability and accuracy of data processing?

a. Yes                 Yes b. No                   No c. No                   Yes d. Yes                 No

Which of the following is usually a benefit of using electronic funds transfer for international cash transactions a. improvement of the audit trail for cash receipts and disbursements b. creation of self-monitoring access controls c. reduction of the frequency of data entry errors d. off site storage of source documents for cash transactions

c. reduction of the frequency of data entry errors

Which of the following statements is correct concerning the security of messages in an electronic data interchange (EDI) system? a. When the confidentiality of data is the primary risk, message authentication is the preferred control rather than encryption. b. Encryption performed by physically secure hardware devices is more secure than encryption performed by software. c. Message authentication in EDI systems performs the same function as segregation of duties in other information systems. d. Security at the transaction phase in EDI systems is not necessary because problems at that level will usually be identified by the service provider.

b. Encryption performed by physically secure hardware devices is more secure than encryption performed by software.

The completeness of IT-generated sales figures can be tested by comparing the number of items listed on the daily sales report with the number of items billed on the actual invoices. This process uses a. Check digits b. Control totals c. Process tracing data d. Validity tests

An IT input control is designed to ensure that a. only authorized personnel have access to the computer area b. machine processing is accurate c. data received for processing are properly authorized and converted to machine readable form d. electronic data processing has been performed as intended for the particular application

c. data received for processing are properly authorized and converted to machine readable form

A customer intended to order 100 units of product Z96014, but incorrectly ordered nonexistent product Z96015. Which of the following controls most likely would detect this error? a. Check digit verification. b. Record count. c. Hash total. d. Redundant data check.

a. Check digit verification.

Which of the following input controls is a numeric value computed to provide assurance that the original value has not been altered in construction or transmission? a. Hash total b. Parity check c. Encryption d. Check digit

When an auditor tests a computerized accounting system, which of the following is true of the test data approach?

a. The program tested is different from the program used throughout the year by the client.
b. Test data must consist of all possible valid and invalid conditions.
c. Test data are processed by the client's computer programs under the auditor's control.
d. Several transactions of each type must be tested.

c. Test data are processed by the client's computer programs under the auditor's control.

19. Which of the following is the primary reason that many auditors hesitate to use embedded audit modules?
A. Embedded audit modules cannot be protected from computer viruses.
B. Auditors are required to monitor embedded audit modules continuously to obtain valid results.
C. Embedded audit modules can easily be modified through management tampering.
D. Auditors are required to be involved in the system design of the application to be monitored.

D.

Auditors are required to be involved in the system design of the application to be monitored.

An auditor most likely would test for the presence of unauthorized IT program changes by running a. A program with test data b. A check digit verification program c. A source code comparison program d. A program that computes control totals

c. A source code comparison program

Which of the following computer assisted auditing techniques allows fictitious and real transactions to be processed together without client operating personnel being aware of the testing process? a. Integrated test facility b. Input controls matrix c. Parallel simulation d. Data entry monitor

a. Integrated test facility

Which of the following compute-assisted auditing techniques processes client input data on a controlled program under the auditor's control to test controls in the computer system? a. Test data b. Review of program logic c. Integrated test facility d. Parallel simulation

An auditor would least likely use compute software to a. Construct parallel simulations b. Access client data files c. Prepare spreadsheets d. Assess IT control risk

d. Assess IT control risk

Processing data through the use of simulated files provides an auditor with information about the operating effectiveness of control policies and procedures. One of the techniques involved in this approach makes use of a. Controlled reprocessing b. An integrated test facility c. Input validation d. Program code checking

b. An integrated test facility

An auditor who wishes to capture an entity's data as transactions are processed and continuously test the entity's computerized information system most likely would use which of the following techniques? a. Snapshot application b. Embedded audit module c. Integrated data check d. Test data generator

In parallel simulation, actual client data are reprocessed using an auditor software program. An advantage of using parallel simulation, instead of performing tests of controls without a computer, is that:

a. The client's computer personnel do not know when the data are being tested.
b. The test includes all types of transaction errors and exceptions that may be encountered.
c. The size of the sample can be greatly expanded at relatively little additional cost.
d. There is no risk of creating potentially material errors in the client's data.

c. The size of the sample can be greatly expanded at relatively little additional cost.

When an auditor tests the ICs of a computerized accounting system, which of the following is true of the test data approach a. test data are coded to a dummy subsidiary so they can be extracted from the system under actual operating conditions b. test data programs need not be tailor-made by the auditor for each client's computer applications c. test data programs usually consist of all poss valid & invalid conditions regarding compliance w IC d. Test data are processed with the client's computer and the results are compared with the auditor's pre-determined results

d. Test data are processed with the client's computer and the results are compared with the auditor's pre-determined results

In auditing an entity's computerized payroll transactions, an auditor would be least likely to use test data to test controls concerning:

a. Control and distribution of unclaimed checks.
b. Withholding of taxes and Social Security contributions.
c. Missing employee identification numbers.
d. Overpayment of employees for hours not worked.

a. Control and distribution of unclaimed checks.

Which of the following is a compute-assisted audit technique that permits an auditor to insert the auditor's version of a client's program to process data and compare the output with the client's output? a. Test data module b. Frame relay protocol c. Remote node router d. Parallel simulation

A primary advantage of using generalized audit software packages to audit the financial statements of a client is that the auditor may a. access info stored on computer files while having a limited understanding of the client's hardware and software features b. consider increasing the use of substantive tests of transactions in place of analytical procedures c. substantiate the accuracy of data through self-checking digits and hash totals d. reduce the level of required tests of controls to a relatively small amount

a. access info stored on computer files while having a limited understanding of the client's hardware and software features

When conducting fieldwork for a physical inventory, an auditor cannot perform which of the following steps using a generalized audit software package a. observing inventory b. selecting sample items of inventory c. analyzing data resulting from inventory d. recalculating balances in inventory reports

Using personal computers in auditing may affect the methods used to review the work of staff assistants because a. supervisory personnel may not have an understanding of the capabilities and limitations of personal computers b. working paper documentation may not contain readily observable details of calculations c. documentation the supervisory review may require assistance of management services personnel d. the audit fieldwork standards for supervision may differ

b. working paper documentation may not contain readily observable details of calculations

When companies use information technology (IT) extensively, evidence may be available only in electronic form. What is an auditor's best course of action in such situations?

a. Assess the control risk as high.
b. Use audit software to perform analytical procedures.
c. Perform limited tests of controls over electronic data.
d. Use generalized audit software to extract evidence from client databases.

d. Use generalized audit software to extract evidence from client databases.

Which of the following is a term for an attest engagement in which a CPA assesses a client's commercial Internet site for predefined criteria that are designed to measure transaction integrity, information protection, and disclosure of business practices? a. ElectroNet b. EDIFACT c. TechSafe d. WebTrust

Which of the following is a professional engagement that a CPA may perform to provide assurance on a system's reliability? a. MAS AssurAbility b. CPA WebMaster c. MAS AttestSure d. CPA SysTrust

Which of the following procedures would a CPA least likely perform in the planning?

Which of the following is not normally performed in the planning stage of the audit *?

Which of the following is the auditor least likely to do when assessing a client's risk?

Which of the following matter would least likely appear in the audit program?