Answerkey Auditing CS PDF

CIS CPAr
Study online at https://quizlet.com/_7a6vee
1. 1. Which statement is incorrect when auditing in a CIS d. A CIS envi-

environment? ronment changes
the overall objec-
a. A CIS environment exists when a computer of any tive and scope of
type or size is involved in the processing by the entity an audit.
of financial information of significance to the audit,
whether that computer is operated by the entity or by
a third party.
b. The auditor should consider how a CIS environ-

ment affects the audit.
c. The use of a computer changes the processing,

storage and communication of financial information
and may affect the accounting and internal control
systems employed by the entity.
d. A CIS environment changes the overall objective

and scope of an audit.
2. 2. Which of the following standards or group of stan- d. Standards of

dards is mostly affected by a computerized informa- fieldwork
tion system environment?
a. General standards
b. Second standard of field work
c. Reporting standards
d. Standards of fieldwork
3. 3. Which of the following is least considered if the au- d. The need of the
ditor has to determine whether specialized CIS skills auditor to make
are needed in an audit? analytical proce-
dures during the
a. The auditor needs to obtain a sufficient under- completion stage
standing of the accounting and internal control sys- of audit.
tem affected by the CIS environment.
b. The auditor needs to determine the effect of the CIS

environment on the assessment of overall risk and of
risk at the account balance and class of transactions
1 / 48
CIS CPAr
level.
c. Design and perform appropriate tests of controls

and substantive procedures.
d. The need of the auditor to make analytical proce-

dures during the completion stage of audit.
4. 4. It relates to materiality of the financial statement d. Significance

assertions affected by the computer processing.
a. Threshold
b. Relevance
c. Complexity
d. Significance
5. 5. Which of the following least likely indicates a com- d. The system

plexity of computer processing? generates a daily
exception report.
a. Transactions are exchanged electronically with oth-
er organizations without manual review of their pro-
priety.
b. The volume of the transactions is such that users

would find it difficult to identify and correct errors in
processing.
c. The computer automatically generates material

transactions or entries directly to another applica-
tions.
d. The system generates a daily exception report.
6. 6. The nature of the risks and the internal character- d. Cost-benefit ra-
istics in CIS environment that the auditors are mostly tio.
concerned include the following except:
a. Lack of segregation of functions.
2 / 48
CIS CPAr
b. Dependence of other control over computer pro-
cessing.
c. Lack of transaction trails.
d. Cost-benefit ratio.
7. 7. Which of the following is least likely a risk charac- d. Initiation of

teristic associated with CIS environment? changes in the
master file is
a. Errors embedded in an application's program logic exclusively han-
maybe difficult to manually detect on a timely basis. dled by respective
users.
b. Many control procedures that would ordinarily be
performed by separate individuals in manual system
maybe concentrated in CIS.
c. The potential unauthorized access to data or to

alter them without visible evidence maybe greater
.
d. Initiation of changes in the master file is exclusively
handled by respective users.
8. 8. Which of the following significance and complexity d. The use of soft-

of the CIS activities should an auditor least under- ware packages in-
stand? stead of cus-
tomized software.
a. The organizational structure of the client's CIS ac-
tivities.
b. Lack of transaction trails.
c. The significance and complexity of computer pro-

cessing in each significant accounting application.
d. The use of software packages instead of cus-

tomized software.
9.
3 / 48
CIS CPAr
9. Which statement is correct regarding personal a. Personal com-
computer systems? puters or PCs are
economical yet
a. Personal computers or PCs are economical yet powerful self-con-
powerful self-contained general purpose comput- tained general
ers consisting typically of a central processing unit purpose comput-
(CPU), memory, monitor, disk drives, printer cables ers consisting typ-
and modems. ically of a central
processing unit
b. Programs and data are stored only on non-remov- (CPU), memory,
able storage media. monitor, disk dri-
ves, printer cables
c. Personal computers cannot be used to process and modems.
accounting transactions and produce reports that are
essential to the preparation of financial statements.
d. Generally, CIS environments in which personal

computers are used are the same with other CIS en-
vironments.
10. 10. A personal computer can be used in various con- d. All of the above.
figurations, including
a. A stand-alone workstation operated by a single

user or a number of users at different times.
b. A workstation which is part of a local area network

of personal computers.
c. A workstation connected to a server.
d. All of the above.
11. 11. Which statement is incorrect regarding personal b. A stand-alone

computer configurations? workstation may
be referred to as
a. The stand-alone workstation can be operated by a a distributed sys-
single user or a number of users at different times tem.
accessing the same or different programs.
4 / 48
CIS CPAr
b. A stand-alone workstation may be referred to as a

distributed system.
c. A local area network is an arrangement where

two or more personal computers are linked together
through the use of special software and communica-
tion lines.
d. Personal computers can be linked to servers and

used as part of such systems, for example, as an in-
telligent on-line workstation or as part of a distributed
accounting system.
12. 12. Which of the following is the least likely character- b. They are rela-
istic of personal computers? tively expensive.
a. They are small enough to be transportable.
b. They are relatively expensive.
c. They can be placed in operation quickly.
d. The operating system software is less compre-

hensive than that found in larger computer environ-
ments.
13. 13. Which of the following is an inherent characteris- a. They are typ-
tic of software package? ically used with-
out modifications
a. They are typically used without modifications of of the programs.
the programs.
b. The programs are tailored-made according to the

specific needs of the user.
c. They are developed by software manufacturer ac-

cording to a particular user's specifications.
5 / 48
CIS CPAr
d. It takes a longer time of implementation
14. 14. Which of the following is not normally a removable d. Hard disk
storage media?
a. Compact disk
b. Diskettes
c. Tapes
d. Hard disk
15. 15. It is a computer program (a block of executable a. Virus

code) that attaches itself to a legitimate program or
data file and uses its as a transport mechanism to
reproduce itself without the knowledge of the user.
a. Virus
b. Utility program
c. System management program
d. Encryption
16. 16. Which statement is incorrect regarding internal d. In a typical

control in personal computer environment? personal comput-
er environment,
a. Generally, the CIS environment in which personal the distinction be-
computers are used is less structured than a central- tween general CIS
ly-controlled CIS environment. controls and CIS
application con-
b. Controls over the system development process trols is easily as-
and operations may not be viewed by the developer, certained.
the user or management as being as important or
cost-effective.
c. In almost all commercially available operating sys-
6 / 48
CIS CPAr
tems, the built-in security provided has gradually in-
creased over the years.
d. In a typical personal computer environment, the

distinction between general CIS controls and CIS ap-
plication controls is easily ascertained.
17. 17. Personal computers are susceptible to theft, d. Using anti-virus

physical damage, unauthorized access or misuse of software pro-
equipment. Which of the following is least likely a grams
physical security to restrict access to personal com-
puters when not in use?
a. Using door locks or other security protection dur-

ing non-business hours.
b. Fastening the personal computer to a table using

security cables.
c. Locking the personal computer in a protective cab-

inet or shell.
d. Using anti-virus software programs.
18. 18. Which of the following is not likely a control over a. Using cryptog-
removable storage media to prevent misplacement, raphy, which is
alteration without authorization or destruction? the process of
transforming pro-
a. Using cryptography, which is the process of trans- grams and infor-
forming programs and information into an unintelligi- mation into an un-
ble form. intelligible form.
b. Placing responsibility for such media under per-

sonnel whose responsibilities include duties of soft-
ware custodians or librarians.
c. Using a program and data file check-in and

check-out system and locking the designated storage
locations.
7 / 48
CIS CPAr
d. Keeping current copies of diskettes, compact disks

or back-up tapes and hard disks in a fireproof con-
tainer, either on-site, off-site or both.
19. 19. Which of the following least likely protects critical b. Keeping of back
and sensitive information from unauthorized access up copies offsite.
in a personal computer environment?
a. Using secret file names and hiding the files.
b. Keeping of back up copies offsite.
c. Employing passwords.
d. Segregating data into files organized under sepa-

rate file directories.
20. 20. It refers to plans made by the entity to obtain a. Back-up

access to comparable hardware, software and data in
the event of their failure, loss or destruction.
a. Back-up
b. Encryption
c. Anti-virus
d. Wide Area Network (WAN)
21. 21. The effect of personal computers on the account- d. The cost of per-
ing system and the associated risks will least likely sonal computers.
depend on
a. The extent to which the personal computer is being

used to process accounting applications.
b. The type and significance of financial

transactions being processed.
8 / 48
CIS CPAr
c. The nature of files and programs utilized in the

applications.
d. The cost of personal computers.
22. 22. The auditor may often assume that control risk b. More analytical
is high in personal computer systems since , it may procedures than
not be practicable or cost-effective for management tests of details.
to implement sufficient controls to reduce the risks of
undetected errors to a minimum level. This least likely
entail
a. More physical examination and confirmation of as-

sets.
b. More analytical procedures than tests of details

.
c. Larger sample sizes.
d. Greater use of computer-assisted audit tech-

niques, where appropriate
23. 23. Computer systems that enable users to access a. On-line comput-
data and programs directly through workstations are er systems
referred to as
a. On-line computer systems
b. Database management systems (DBMS)
c. Personal computer systems
d. Database systems
24. 24. On-line systems allow users to initiate various a. I, II, III and IV
functions directly. Such functions include:
I. Entering transactions
II. Making inquiries
9 / 48
CIS CPAr
III. Requesting reports
IV. Updating master files
a. I, II, III and IV
b. I, II and III
c. I and II
d. I and IV
25. 25. Many different types of workstations may be d. Cost

used in on-line computer systems. The functions per-
formed by these workstations least likely depend on
their
a. Logic b. Transmission c. Storage d. Cost
26. 26. Types of workstations include General Purpose c. Point of sale de-
Terminals and Special Purpose Terminals. Special vices
Purpose Terminals include
a. Basic keyboard and monitor
b. Intelligent terminal
c. Point of sale devices
d. Personal computers
27. 27. Which statement is incorrect regarding worksta- d. Workstations

tions? cannot be used
by many users,
a. Workstations may be located either locally or at for different pur-
remote sites. poses, in different
locations, all at the
b. Local workstations are connected directly to the same time.
computer through cables.
10 / 48
CIS CPAr
c. Remote workstations require the use of telecom-
munications to link them to the computer.
d. Workstations cannot be used by many users, for

different purposes, in different locations, all at the
same time.
28. 28. Special Purpose Terminal used to initiate, validate, a. Automated

record, transmit and complete various banking trans- teller machines
actions
a. Automated teller machines

b. Point of sale devices
c. Intelligent terminal
d. Personal computers
29. 29. On-line computer systems may be classified ac- d. All of the above.
cording to
a. How information is entered into the system.

b. How it is processed.
c. When the results are available to the user.
30. 30. In an on-line/real time processing system a. Individual trans-

actions are en-
a. Individual transactions are entered at workstations, tered at work-
validated and used to update related computer files stations, validated
immediately. and used to up-
date related com-
b. Individual transactions are entered at a work- puter files immedi-
station, subjected to certain validation checks and ately.
added to a transaction file that contains other trans-
actions entered during the period.
c. Individual transactions immediately update a

memo file containing information which has been
extracted from the most recent version of the master
file.
11 / 48
CIS CPAr
d. The master files are updated by other systems.
31. 31. It combines on-line/real time processing anda. On-Line/Memo

on-line/batch processing. Update (and Sub-
sequent Process-
a. On-Line/Memo Update (and Subsequent Process- ing)
ing)
b. On-Line Downloading/Uploading Processing
c. On-Line/Inquiry
d. On-Line/Combined Processing
32. 32. It is a communication system that enables com- a. Network

puter users to share computer equipment, applica-
tion software, data and voice and video transmis-
sions.
a. Network b. File server c. Host d. Client
33. 33. A type of network that multiple buildings are close c. Metropolitan
enough to create a campus, but the space between Area Network
the buildings is not under the control of the company (MAN)
is
a. Local Area Network (LAN)

b. Wide Area Network (WAN)
c. Metropolitan Area Network (MAN)
d. World Wide Web (WWW)
34. 34. Which of the following is least likely a character- c. WAN connec-
istic of Wide Area Network (WAN)? tions tend to be
faster than LAN.
a. Created to connect two or more geographically
separated LANs.
b. Typically involves one or more long-distance

providers, such as a telephone company to provide
12 / 48
CIS CPAr
the connections.
c. WAN connections tend to be faster than LAN.
d. Usually more expensive than LAN.
35. 35. Gateway is a. A hardware and

software solution
a. A hardware and software solution that enables that enables com-
communications between two dissimilar networking munications be-
systems or protocols. tween two dis-
similar networking
b. A device that forwards frames based on destina- systems or proto-
tion addresses. cols.
c. A device that connects and passes packets be-

tween two network segments that use the same com-
munication protocol.
d. A device that regenerated and retransmits the

signal on a network.
36. 36. A device that works to control the flow of data b. Router
between two or more network segments
a. Bridge b. Router c. Repeater d. Switch
37. 37. The undesirable characteristics of on-line com- a. Data are usual-
puter systems least likely include ly subjected to im-
mediate validation
a. Data are usually subjected to immediate validation checks.
checks.
b. Unlimited access of users to all of the functions in

a particular application.
c. Possible lack of visible transaction trail.
d. Potential programmer access to the system.
13 / 48
CIS CPAr
38. 38. Certain general CIS controls that are particularly c. Edit, reason-
important to on-line processing least likely include ableness and oth-
er validation tests.
a. Access controls.
b. System development and maintenance controls
c. Edit, reasonableness and other validation tests
d. Use of anti-virus software program.
39. 39. Certain CIS application controls that are particu- c. Transaction
larly important to on-line processing least likely in- logs.
clude
a. Pre-processing authorization.
b. Cut-off procedures.
c. Transaction logs.
d. Balancing.
40. 40. Risk of fraud or error in on-line systems may be d. On-line ac-
reduced in the following circumstances, except cess to data
and programs
a. If on-line data entry is performed at or near the through telecom-
point where transactions originate, there is less risk munications may
that the transactions will not be recorded. provide greater
opportunity for ac-
b. If invalid transactions are corrected and re-entered cess to data
immediately, there is less risk that such transactions and programs by
will not be corrected and re-submitted on a timely unauthorized per-
basis. sons.
c. If data entry is performed on-line by individuals

who understand the nature of the transactions in-
volved, the data entry process may be less prone
to errors than when it is performed by individuals
unfamiliar with the nature of the transactions.
d. On-line access to data and programs through
14 / 48
CIS CPAr
telecommunications may provide greater opportunity
for access to data and programs by unauthorized
persons.
41. 41. Risk of fraud or error in on-line computer systems d. If transactions

may be increased for the following reasons, except are processed im-
mediately on-line,
a. If workstations are located throughout the entity, there is less risk
the opportunity for unauthorized use of a workstation that they will be
and the entry of unauthorized transactions may in- processed in the
crease. wrong accounting
period.
b. Workstations may provide the opportunity for
unauthorized uses such as modification of previous-
ly entered transactions or balances.
c. If on-line processing is interrupted for any reason,

for example, due to faulty telecommunications, there
may be a greater chance that transactions or files
may be lost and that the recovery may not be accurate
and complete.
d. If transactions are processed immediately on-line,

there is less risk that they will be processed in the
wrong accounting period.
42. 42. The following matters are of particular importance d. Cost-benefit ra-
to the auditor in an on-line computer system, except tio of installing
on-line computer
a. Authorization, completeness and accuracy of system.
on-line transactions.
b. Integrity of records and processing, due to on-line

access to the system by many users and program-
mers.
c. Changes in the performance of audit procedures

including the use of CAAT's.
15 / 48
CIS CPAr
d. Cost-benefit ratio of installing on-line computer
system.
43. 43. A collection of data that is shared and used by a a. Database

number of different users for different purposes
.
a. Database
b. Information file
c. Master file
d. Transaction file
44. 44. Which of the following is least likely a character- b. Separate data
istic of a database system? files are main-
tained for each ap-
a. Individual applications share the data in the data- plication and sim-
base for different purposes. ilar data used
by several applica-
b. Separate data files are maintained for each appli- tions may be re-
cation and similar data used by several applications peated on several
may be repeated on several different files. different files.
c. A software facility is required to keep track of the

location of the data in the database.
d. Coordination is usually performed by a group of

individuals whose responsibility is typically referred
to as "database administration."
45. 45. Database administration tasks typically include a. All of the above
I. Defining the database structure.
II. Maintaining data integrity, security and complete-
ness.
III. Coordinating computer operations related to the
database.
IV. Monitoring system performance.
V. Providing administrative support.
a. All of the above

b. All except I
16 / 48
CIS CPAr
c. II and V only
d. II, III and V only
46. 46. Due to data sharing, data independence and other a. General CIS
characteristics of database systems controls normally
have a greater in-
a. General CIS controls normally have a greater influence than CIS
fluence than CIS application controls on database application con-
systems. trols on database
systems.
b. CIS application controls normally have a greater
influence than general CIS controls on database sys-
tems.
c. General CIS controls normally have an equal in-

fluence with CIS application controls on database
systems.
d. CIS application controls normally have no influ-

ence on database systems.
47. 47. Which statement is incorrect regarding the gener- b. Several data
al CIS controls of particular importance in a database owners should be
environment? assigned respon-
sibility for defin-
a. Since data are shared by many users, control may ing access and se-
be enhanced when a standard approach is used for curity rules, such
developing each new application program and for as who can use
application program modification. the data (access)
and what func-
b. Several data owners should be assigned respon- tions they can per-
sibility for defining access and security rules, such form (security).
as who can use the data (access) and what functions
they can perform (security).
c. User access to the database can be restricted

through the use of passwords.
d. Responsibilities for performing the various ac-
17 / 48
CIS CPAr
tivities required to design, implement and operate a
database are divided among technical, design, ad-
ministrative and user personnel.
48. 48. These require a database administrator to assign b. Mandatory ac-

security attributes to data that cannot be changed by cess controls
database users.
a. Discretionary access controls

b. Mandatory access controls
c. Name-dependent restrictions
d. Content-dependent restrictions
49. 49. A discretionary access control wherein users are d. History-depen-

permitted or denied access to data resource depend- dent restriction
ing on the time series of accesses to and actions they
have undertaken on data resources
.
a. Name-dependent restrictions
b. Content-dependent restriction
c. Context-dependent restriction
d. History-dependent restriction
50. 50. The effect of a database system on the account- d. The CIS appli-
ing system and the associated risks will least likely cation controls
depend on:
a. The extent to which databases are being used by

accounting applications.
b. The type and significance of financial transactions

being processed.
c. The nature of the database, the DBMS, the database

administration tasks and the applications
d. The CIS application controls
51. 51. Audit procedures in a database environment will a. The extent to

be affected principally by which the data in
18 / 48
CIS CPAr
the database are
a. The extent to which the data in the database are used by the ac-
used by the accounting system. counting system.
b. The type and significance of financial transactions

being processed.
c. The nature of the database, the DBMS, the database

administration tasks and the applications
d. The general CIS controls which are particularly

important in a database environment.
52. 52. Which statement is incorrect regarding the char- d. Systems em-
acteristics of a CIS organizational structure? ploying CIS meth-
ods do not in-
a. Certain data processing personnel may be the only clude manual op-
ones with a detailed knowledge of the interrelation- erations since the
ship between the source of data, how it is processed number of per-
and the distribution and use of the output. sons involved in
the processing of
b. Many conventional controls based on adequate financial informa-
segregation of incompatible functions may not exist, tion is significantly
or in the absence of access and other controls, may reduced.
be less effective.
c. Transaction and master file data are often con-

centrated, usually in machine-readable form, either
in one computer installation located centrally or in
a number of installations distributed throughout an
entity.
d. Systems employing CIS methods do not include

manual operations since the number of persons in-
volved in the processing of financial information is
significantly reduced.
53. 53. System characteristics that may result from the d. Difficulty of
nature of CIS processing include, except access to data
19 / 48
CIS CPAr
and computer pro-
a. Absence of input documents. grams.
b. Lack of visible transaction trail.
c. Lack of visible output.
d. Difficulty of access to data and computer pro-
grams.
54. 54. The development of CIS will generally result in d. Multiple trans-
design and procedural characteristics that are differ- action update of
ent from those found in manual systems. These dif- multiple computer
ferent design and procedural aspects of CIS include, files or databases.
except:
a. Consistency of performance.
b. Programmed control procedures.
c. Vulnerability of data and program storage media
d. Multiple transaction update of multiple computer
files or databases.
55. 55. Which statement is incorrect regarding internal d. The internal

controls in a CIS environment? controls over com-
puter processing,
a. Manual and computer control procedures comprise which help to
the overall controls affecting the CIS environment achieve the over-
(general CIS controls) and the specific controls over all objectives of in-
the accounting applications (CIS application con- ternal control, in-
trols). clude only the pro-
cedures designed
b. The purpose of general CIS controls is to estab- into computer pro-
lish a framework of overall control over the CIS ac- grams.
tivities and to provide a reasonable level of assur-
ance that the overall objectives of internal control are
achieved.
c. The purpose of CIS application controls is to estab-

lish specific control procedures over the application
systems in order to provide reasonable assurance
that all transactions are authorized and recorded, and
are processed completely, accurately and on a timely
20 / 48
CIS CPAr
basis.
d. The internal controls over computer processing,

which help to achieve the overall objectives of in-
ternal control, include only the procedures designed
into computer programs.
56. 56. General CIS controls may include, except: d. Controls over
computer data
a. Organization and management controls. files.
b. Development and maintenance controls.
c. Delivery and support controls.
d. Controls over computer data files.
57. 57. CIS application controls include, except d. Monitoring con-

trols.
a. Controls over input.
b. Controls over processing and computer data files.
c. Controls over output.
d. Monitoring controls.
58. 58. Which statement is incorrect regarding the review d. It may be

of general CIS controls and CIS application controls? more efficient to
review the design
a. The auditor should consider how these general CIS of the application
controls affect the CIS applications significant to the controls before re-
audit. viewing the gener-
al controls.
b. General CIS controls that relate to some or all
applications are typically interdependent controls in
that their operation is often essential to the effective-
ness of CIS application controls.
21 / 48
CIS CPAr
c. Control over input, processing, data files and out-
put may be carried out by CIS personnel, by users of
the system, by a separate control group, or may be
programmed into application software.
d. It may be more efficient to review the design of

the application controls before reviewing the general
controls.
59. 59. Which statement is incorrect regarding the eval- d. Weaknesses in

uation of general CIS controls and CIS application general CIS con-
controls? trols cannot pre-
clude testing cer-
a. The general CIS controls may have a pervasive ef- tain CIS applica-
fect on the processing of transactions in application tion controls.
systems.
b. If general CIS controls are not effective, there may

be a risk that misstatements might occur and go
undetected in the application systems.
c. Manual procedures exercised by users may provide

effective control at the application level
d. Weaknesses in general CIS controls cannot pre-

clude testing certain CIS application controls.
60. 60. The applications of auditing procedures using the d. Computer as-
computer as an audit tool refer to sisted audit tech-
niques
a. Integrated test facility
b. Data-based management system
c. Auditing through the computer
d. Computer assisted audit techniques
61.
22 / 48
CIS CPAr
61. Which statement is incorrect regarding CAATs? d. Where smaller
volumes of data
a. CAATs are often an efficient means of testing a are processed, the
large number of transactions or controls over large use of CAATs is
populations. more cost effec-
tive.
b. To ensure appropriate control procedures, the
presence of the auditor is not necessarily required at
the computer facility during the running of a CAAT.
c. The general principles outlined in PAPS 1009 apply

in small entity IT environments.
d. Where smaller volumes of data are processed, the

use of CAATs is more cost effective.
62. 62. Consists of generalized computer programs de- a. Package or gen-

signed to perform common audit tasks or standard- eralized audit soft-
ized data processing functions. ware
a. Package or generalized audit software
b. Customized or purpose-written programs
c. Utility programs
d. System management programs
63. 63. Audit automation least likely include c. Manual working

papers.
a. Expert systems.
b. Tools to evaluate a client's risk management pro-

cedures.
c. Manual working papers.
d. Corporate and financial modeling programs for use

as predictive audit tests.
23 / 48
CIS CPAr
64. 1. An internal auditor noted the following points when b. The control
conducting a preliminary survey in connection with group works with
the audit of an EDP department. Which of the follow- user organizations
ing would be considered a safeguard in the control to correct rejected
system on which the auditor might rely? input.
a. Programmers and computer operators correct dai-

ly processing problems as they arise.
b. The control group works with user organizations to

correct rejected input.
c. New systems are documented as soon as possible

after they begin processing live data.
d. The average tenure of employees working in the

EDP department is ten months.
65. 2. An on-line access control that checks whether the c. Compatibility

user's code number is authorized to initiate a specific test
type of transaction or inquiry is referred to as
a. Password
b. Limit check
c. Compatibility test
d. Reasonableness test
66. 3. A control procedure that could be used in an d. Self-checking

on-line system to provide an immediate check on digit
whether an account number has been entered on a
terminal accurately is a
a. Compatibility test
b. Hash total
c. Record count
d. Self-checking digit
67. 4. A control designed to catch errors at the point of c. Self-checking

data entry is digit
24 / 48
CIS CPAr
a. Batch total
b. Record count
c. Self-checking digit
d. Checkpoints
68. 5. Program documentation is a control designed pri- c. Programs are

marily to ensure that kept up to date
and perform as in-
a. Programmers have access to the tape library or tended
information on disk files.
b. Programs do not make mathematical errors.
c. Programs are kept up to date and perform as in-

tended.
d. Data have been entered and processed.
69. 6. Some of the more important controls that relate d. Input validation
to automated accounting information systems are routines
validity checks, limit checks, field checks, and sign
tests. These are classified as
a. Control total validation routines
b. Hash totaling
c. Output controls
d. Input validation routines
70. 7. Most of today's computer systems have hardware c. Duplicate cir-

controls that are built in by the computer manufactur- cuitry, echo check,
er. Common hardware controls are and dual reading
a. Duplicate circuitry, echo check, and internal header

labels
25 / 48
CIS CPAr
b. Tape file protection, cryptographic protection, and
limit checks
c. Duplicate circuitry, echo check, and dual reading
d. Duplicate circuitry, echo check, tape file protection,

and internal header labels
71. 8. Computer manufacturers are now installing soft- d. Firmware

ware programs permanently inside the computer as
part of its main memory to provide protection from
erasure or loss if there is interrupted electrical power.
This concept is known as
a. File integrity
b. Software control
c. Random access memory (RAM)
d. Firmware
72. 9. Which one of the following represents a lack of d. Both computer

internal control in a computer-based information sys- operators and pro-
tem? grammers have
unlimited access
a. The design and implementation is performed in ac- to the programs
cordance with management's specific authorization. and data files.
b. Any and all changes in application programs have

the authorization and approval of management.
c. Provisions exist to protect data files from unautho-

rized access, modification, or destruction
d. Both computer operators and programmers have

unlimited access to the programs and data files.
73. 10. In an automated payroll processing environment, b. Hash total

a department manager substituted the time card for a
terminated employee with a time card for a fictitious
employee. The fictitious employee had the same pay
26 / 48
CIS CPAr
rate and hours worked as the terminated employee.
The best control technique to detect this action using
employee identification numbers would be a
a. Batch total
b. Hash total
c. Record count
d. Subsequent check
74. 11. An employee in the receiving department keyed b. Completeness

in a shipment from a remote terminal and inadver- test
tently omitted the purchase order number. The best
systems control to detect this error would be
a. Batch total
b. Completeness test
c. Sequence check
d. Reasonableness test
75. 12. The reporting of accounting information plays a d. Implementation

central role in the regulation of business operations. of state-of-the-art
Preventive controls are an integral part of virtually software and
all accounting processing systems, and much of the hardware
information generated by the accounting system is
used for preventive control purposes. Which one of
the following is not an essential element of a sound
preventive control system?
a. Separation of responsibilities for the recording,

custodial, and authorization functions.
b. Sound personnel policies.
c. Documentation of policies and procedures.
d. Implementation of state-of-the-art software and

hardware.
76.
27 / 48
CIS CPAr
13. The most critical aspect regarding separation of b. Programmers
duties within information systems is between and computer op-
erators
a. Project leaders and programmers
b. Programmers and computer operators
c. Programmers and systems analysts
d. Data control and file librarians
77. 14. Whether or not a real time program contains ade- b. An integrated
quate controls is most effectively determined by the test facility
use of
a. Audit software
b. An integrated test facility
c. A tracing routine
d. A traditional test deck
78. 15. Compatibility tests are sometimes employed to d. Limit on the

determine whether an acceptable user is allowed to number of trans-
proceed. In order to perform compatibility tests, the action inquiries
system must maintain an access control matrix. The that can be made
one item that is not part of an access control matrix by each user in a
is a specified time pe-
riod.
a. List of all authorized user code numbers and pass-
words.
b. List of all files maintained on the system.
c. Record of the type of access to which each user is

entitled.
d. Limit on the number of transaction inquiries that

can be made by each user in a specified time period.
79.
28 / 48
CIS CPAr
16. Which one of the following input validation rou- c. Sequence
tines is not likely to be appropriate in a real time check
operation?
a. Field check
b. Sign check
c. Sequence check
d. Redundant data check
80. 17. Which of the following controls is a processing a. Yes Yes

control designed to ensure the reliability and accura-
cy of data processing?
Limit test Validity check test

a. Yes Yes
b. No No
c. No Yes
d. Yes No
81. 18. Which of the following characteristics distin- a. Computer pro-

guishes computer processing from manual process- cessing virtually
ing? eliminates the oc-
currence of com-
a. Computer processing virtually eliminates the oc- putational error
currence of computational error normally associated normally associat-
with manual processing. ed with manual
processing.
b. Errors or irregularities in computer processing will
be detected soon after their occurrences.
c. The potential for systematic error is ordinarily

greater in manual processing than in computerized
processing.
d. Most computer systems are designed so that trans-

action trails useful for audit do not exist.
82. 19. Which of the following most likely represents a b. The sys-
significant deficiency in the internal control struc- tems programmer
29 / 48
CIS CPAr
ture? designs systems
for computerized
a. The systems analyst review applications of data applications and
processing and maintains systems documentation. maintains output
controls.
b. The systems programmer designs systems for
computerized applications and maintains output con-
trols.
c. The control clerk establishes control over data re-

ceived by the EDP department and reconciles control
totals after processing
d. The accounts payable clerk prepares data for com-

puter processing and enters the data into the com-
puter.
83. 20. Which of the following activities would most likely b. Conversion
be performed in the EDP Department? of information
to machine-read-
a. Initiation of changes to master records. able form.
b. Conversion of information to machine-readable

form.
c. Correction of transactional errors.
d. Initiation of changes to existing applications
84. 21. For control purposes, which of the following c. Systems devel-
should be organizationally segregated from the com- opment
puter operations function?
a. Data conversion
b. Surveillance of CRT messages
c. Systems development
30 / 48
CIS CPAr
d. Minor maintenance according to a schedule
85. 22. Which of the following is not a major reason for c. Analytical pro-
maintaining an audit trail for a computer system? cedures
a. Deterrent to irregularities
b. Monitoring purposes
c. Analytical procedures
d. Query answering
86. 23. In an automated payroll system, all employees in d. A limit test

the finishing department were paid the rate of P75 that compares the
per hour when the authorized rate was P70 per hour. pay rates per de-
Which of the following controls would have been partment with the
most effective in preventing such an error? maximum rate for
all employees.
a. Access controls which would restrict the personnel
department's access to the payroll master file data.
b. A review of all authorized pay rate changes by the

personnel department.
c. The use of batch control totals by department.
d. A limit test that compares the pay rates per depart-

ment with the maximum rate for all employees.
87. 24. Which of the following errors would be detected d. All of the above.
by batch controls?
a. A fictitious employee as added to the processing of

the weekly time cards by the computer operator
b. An employee who worked only 5 hours in the week

was paid for 50 hours.
c. The time card for one employee was not processed

because it was lost in transit between the payroll
department and the data entry function.
31 / 48
CIS CPAr
88. 25. The use of a header label in conjunction with a. Computer oper-
magnetic tape is most likely to prevent errors by the ator
a. Computer operator
b. Keypunch operator
c. Computer programmer
d. Maintenance technician
89. 26. For the accounting system of ACME Company, the b. Verify the
amounts of cash disbursements entered into an EDP amount was en-
terminal are transmitted to the computer that imme- tered accurately
diately transmits the amounts back to the terminal for
display on the terminal screen. This display enables
the operator to
a. Establish the validity of the account number
b. Verify the amount was entered accurately
c. Verify the authorization of the disbursements
d. Prevent the overpayment of the account
90. 27. When EDP programs or files can be accessed b. Personal identi-
from terminals, users should be required to enter fication code
a(an)
a. Parity check
b. Personal identification code
c. Self-diagnostic test
d. Echo check
91. 28. The possibility of erasing a large amount of infor- a. File protection
mation stored on magnetic tape most likely would be ring
reduced by the use of
a. File protection ring

b. Check digits
32 / 48
CIS CPAr
c. Completeness tests
d. Conversion verification
92. 29. Which of the following controls most likely would b. Backup
assure that an entity can reconstruct its financial diskettes or tapes
records? of files are stored
away from origi-
a. Hardware controls are built into the computer by nals.
the computer manufacturer.
b. Backup diskettes or tapes of files are stored away

from originals.
c. Personnel who are independent of data input per-

form parallel simulations.
d. System flowcharts provide accurate descriptions

of input and output operations.
93. 30. Mill Co. uses a batch processing method to a. Report showing
process its sales transactions. Data on Mill's sales exceptions and
transaction tape are electronically sorted by cus- control totals.
tomer number and are subject to programmed edit
checks in preparing its invoices, sales journals, and
updated customer account balances. One of the di-
rect outputs of the creation of this tape most likely
would be a
a. Report showing exceptions and control totals.
b. Printout of the updated inventory records.
c. Report showing overdue accounts receivable.
d. Printout of the sales price master file.
94. 31. Using microcomputers in auditing may affect the d. Working pa-
methods used to review the work of staff assistants per documenta-
because tion may not con-
33 / 48
CIS CPAr
tain readily ob-
a. The audit field work standards for supervision may servable details of
differ. calculations.
b. Documenting the supervisory review may require

assistance of consulting services personnel
c. Supervisory personnel may not have an under-

standing of the capabilities and limitations of micro-
computers.
d. Working paper documentation may not contain

readily observable details of calculations.
95. 32. An auditor anticipates assessing control risk at a d. General control

low level in a computerized environment. Under these procedures
circumstances, on which of the following procedures
would the auditor initially focus?
a. Programmed control procedures
b. Application control procedures
c. Output control procedures
d. General control procedures
96. 33. After the preliminary phase of the review of a d. The controls ap-
client's EDP controls, an auditor may decide not to pear adequate
perform tests of controls (compliance tests) related
to the control procedures within the EDP portion of
the client's internal control structure. Which of the
following would not be a valid reason for choosing to
omit such tests?
a. The controls duplicate operative controls existing

elsewhere in the structure.
b. There appear to be major weaknesses that would
34 / 48
CIS CPAr
preclude reliance on the stated procedure.
c. The time and costs of testing exceed the time and

costs in substantive testing if the tests of controls
show the controls to be operative.
d. The controls appear adequate.
97. 34. Which of the following client electronic data pro- a. A system that
cessing (EDP) systems generally can be audited with- performs relative-
out examining or directly testing the EDP computer ly uncomplicat-
programs of the system? ed processes and
produces detailed
a. A system that performs relatively uncomplicated output.
processes and produces detailed output.
b. A system that affects a number of essential master

files and produces a limited output.
c. A system that updates a few essential master files

and produces no printed output other than final bal-
ances.
d. A system that performs relatively complicated pro-

cessing and produces very little detailed output.
98. 35. Computer systems are typically supported by a a. May en-

variety of utility software packages that are important able unauthorized
to an auditor because they changes to data
files if not properly
a. May enable unauthorized changes to data files if controlled.
not properly controlled.
b. Are very versatile programs that can be used on

hardware of many manufacturers.
c. May be significant components of a client's appli-

cation programs.
35 / 48
CIS CPAr
d. Are written specifically to enable auditors to extract
and sort data.
99. 36. To obtain evidence that online access controls are c. Enter invalid
properly functioning, an auditor most likely would identification num-
bers or pass-
a. Create checkpoints at periodic intervals after live words to ascertain
data processing to test for unauthorized use of the whether the sys-
system. tem rejects them.
b. Examine the transaction log to discover whether

any transactions were lost or entered twice due to a
system malfunction
c. Enter invalid identification numbers or passwords

to ascertain whether the system rejects them.
d. Vouch a random sample of processed transactions

to assure proper authorisation
100. 37. Which of the following statements most likely b. It is usually eas-
represents a disadvantage for an entity that keeps mi- ier for unautho-
crocomputer-prepared data files rather than manually rized persons to
prepared files? access and alter
the file
a. Attention is focused on the accuracy of the pro-
gramming process rather than errors in individual
transactions.
b. It is usually easier for unauthorized persons to

access and alter the files.
c. Random error associated with processing similar

transactions in different ways is usually greater.
d. It is usually more difficult to compare recorded

accountability with physical count of assets.
101.
36 / 48
CIS CPAr
38. An auditor would least likely use computer soft- c. Assess EDP
ware to controls
a. Access client data files

b. Prepare spreadsheets
c. Assess EDP controls
d. Construct parallel simulations
102. 39. A primary advantage of using generalized audit d. Access in-

software packages to audit the financial statements formation stored
of a client that uses an EDP system is that the auditor
on computer files
may while having a lim-
ited understand-
a. Consider increasing the use of substantive tests of ing of the
transactions in place of analytical procedures client's hardware
and software fea-
b. Substantiate the accuracy of data through tures.
self-checking digits and hash totals.
c. Reduce the level of required tests of controls to a

relatively small amount.
d. Access information stored on computer files while

having a limited understanding of the client's hard-
ware and software features.
103. 40. Auditors often make use of computer programs c. Utility programs
that perform routine processing functions such as
sorting and merging. These programs are made avail-
able by electronic data processing companies and
others and are specifically referred to as
a. Compiler programs
b. Supervisory programs
c. Utility programs
d. User programs
104. 41. Smith Corporation has numerous customers. A b. Develop a pro-

customer file is kept on disk storage. Each customer gram to compare
37 / 48
CIS CPAr
file contains name, address, credit limit, and account
credit limits with
balance. The auditor wishes to test this file to deter-
account balances
mine whether the credit limits are being exceeded. and print out the
The best procedure for the auditor to follow would bedetails of any ac-
to count with a bal-
ance exceeding its
a. Develop test data that would cause some account credit limit
balances to exceed the credit limit and determine if
the system properly detects such situations.
b. Develop a program to compare credit limits with

account balances and print out the details of any
account with a balance exceeding its credit limit.
c. Request a printout of all account balances so they

can be manually checked against the credit limits.
d. Request a printout of a sample of account balances

so they can be individually checked against the credit
limits.
105. 42. The use of generalized audit software package b. Is a major aid in
retrieving informa-
a. Relieves an auditor of the typical tasks of investi- tion from comput-
gating exceptions, verifying sources of information, erized files.
and evaluating reports.
b. Is a major aid in retrieving information from com-

puterized files.
c. Overcomes the need for an auditor to learn much

about computers.
d. Is a form of auditing around the computer.
106. 43. An auditor used test data to verify the existence of a. The program
controls in a certain computer program. Even though tested is the same
the program performed well on the test, the auditor one used in the
may still have a concern that
38 / 48
CIS CPAr
regular production
a. The program tested is the same one used in the runs
regular production runs.
b. Generalized audit software may have been a better

tool to use.
c. Data entry procedures may change and render the

test useless.
d. The test data will not be relevant in subsequent

audit periods.
107. 44. An auditor most likely would introduce test data c. Discovery of
into a computerized payroll system to test internal invalid employee
controls related to the I.D. numbers.
a. Existence of unclaimed payroll checks held by su-

pervisors.
b. Early cashing of payroll checks by employees.
c. Discovery of invalid employee I.D. numbers.
d. Proper approval of overtime by supervisors.
108. 45. When an auditor tests a computerized accounting d. Test data are
system, which of the following is true of the test data processed by the
approach? client's computer
programs under
a. Test data must consist of all possible valid and the auditor's con-
invalid conditions. trol.
b. The program tested is different from the program

used throughout the year by the client.
c. Several transactions of each type must be tested.
39 / 48
CIS CPAr
d. Test data are processed by the client's computer
programs under the auditor's control.
109. 46. Which of the following statements is not true to c. The test data
the test data approach when testing a computerized must consist of all
accounting system? possible valid and
invalid conditions.
a. The test need consist of only those valid and
invalid conditions which interest the auditor
b. Only one transaction of each type need be tested.
c. The test data must consist of all possible valid and

invalid conditions.
d. Test data are processed by the client's computer

programs under the auditor's control.
110. 47. Which of the following is not among the errors a. Numeric char-
that an auditor might include in the test data when acters in alphanu-
auditing a client's EDP system? meric fields.
a. Numeric characters in alphanumeric fields.
b. Authorized code
c. Differences in description of units of measure.
d. Illogical entries in fields whose logic is tested by

programmed consistency checks.
111. 48. An auditor who is testing EDP controls in a payroll c. Time tickets with
system would most likely use test data that contain invalid job num-
conditions such as bers
a. Deductions not authorized by employees.
b. Overtime not approved by supervisors.
40 / 48
CIS CPAr
c. Time tickets with invalid job numbers.
d. Payroll checks with unauthorized signatures.
112. 49. Auditing by testing the input and output of an EDP a. Not detect pro-
system instead of the computer program itself will gram errors which
do not show up
a. Not detect program errors which do not show up in in the output sam-
the output sampled. pled.
b. Detect all program errors, regardless of the nature

of the output.
c. Provide the auditor with the same type of evidence.
d. Not provide the auditor with confidence in the re-

sults of the auditing procedures.
113. 50. Which of the following computer-assisted audit- a. Integrated test

ing techniques allows fictitious and real transactions facility
to be processed together without client operating
personnel being aware of the testing process?
a. Integrated test facility

b. Input controls matrix
c. Parallel simulation
d. Data entry monitor
114. 51. Which of the following methods of testing appli- a. Parallel simula-
cation controls utilizes a generalized audit software tion
package prepared by the auditors?
a. Parallel simulation
b. Integrated testing facility approach
c. Test data approach
d. Exception report tests
115. 52. Misstatements in a batch computer system c. There are time

caused by incorrect programs or data may not be delays in process-
detected immediately because
41 / 48
CIS CPAr
ing transactions in
a. Errors in some transactions may cause rejection a batch system.
of other transactions in the batch.
b. The identification of errors in input data typically is

not part of the program.
c. There are time delays in processing transactions

in a batch system.
d. The processing of transactions in a batch system

is not uniform.
116. 53. Which of the following is not a characteristic of a d. The posting of

batch processed computer system? a transaction, as
it occurs, to sever-
a. The collection of like transactions which are sorted al files, without im-
and processed sequentially against a master file. mediate printouts
b. Keypunching of transactions, followed by machine

processing.
c. The production of numerous printouts.
d. The posting of a transaction, as it occurs, to several

files, without immediate printouts
117. 54. Where disk files are used, the grandfather-fa- d. Process of up-
ther-son updating backup concept is relatively diffi- dating old records
cult to implement because the is destructive.
a. Location of information points on disks is an ex-

tremely time consuming task.
b. Magnetic fields and other environmental factors

cause off-site storage to be impractical.
c. Information must be dumped in the form of hard

copy if it is to be reviewed before used in updating.
42 / 48
CIS CPAr
d. Process of updating old records is destructive.
118. 55. An auditor would most likely be concerned with c. Access controls
which of the following controls in a distributed data
processing system?
a. Hardware controls
b. Systems documentation controls
c. Access controls
d. Disaster recovery controls
119. 56. If a control total were computed on each of the c. Department

following data items, which would best be identified numbers
as a hash total for a payroll EDP application?
a. Total debits and total credits

b. Net pay
c. Department numbers
d. Hours worked
120. 57. Which of the following is a computer test made to b. Validity check
ascertain whether a given characteristic belongs to
the group?
a. Parity check
b. Validity check
c. Echo check
d. Limit check
121. 58. A control feature in an electronic data processing a. Echo check

system requires the central processing unit (CPU)
to send signals to the printer to activate the print
mechanism for each character. The print mechanism,
just prior to printing, sends a signal back to the CPU
verifying that the proper print position has been acti-
vated. This type of hardware control is referred to as
a. Echo check
b. Validity control
43 / 48
CIS CPAr
c. Signal control
d. Check digit control
122. 59. Which of the following is an example of a checkb. An algebraically

digit? determined num-
ber produced by
a. An agreement of the total number of employees to the other digits
the total number of checks printed by the computer. of the employee
number.
b. An algebraically determined number produced by
the other digits of the employee number.
c. A logic test that ensures all employee numbers are

nine digits.
d. A limit check that an employee's hours do not

exceed 50 hours per work week.
123. 60. In a computerized system, procedure or prob- c. Compiler

lem-oriented language is converted to machine lan-
guage through a(an)
a. Interpreter b. Verifier c. Compiler d. Converter
124. 61. A customer erroneously ordered Item No. 86321 b. Self-checking

rather than item No. 83621. When this order is digit
processed, the vendor's EDP department would iden-
tify the error with what type of control?
a. Key verifying
b. Self-checking digit
c. Batch total
d. Item inspection
125. 62. The computer process whereby data processing c. On-line,

is performed concurrently with a particular activity real-time system
and the results are available soon enough to influ-
ence the course of action being taken or the decision
being made is called:
44 / 48
CIS CPAr
a. Random access sampling
b. Integrated data processing
c. On-line, real-time system
d. Batch processing system
126. 63. Internal control is ineffective when computer de- c. Originate

partment personnel changes in master
file.
a. Participate in computer software acquisition deci-
sions.
b. Design documentation for computerized systems.
c. Originate changes in master file.
d. Provide physical security for program files.
127. 64. Test data, integrated test data and parallel simula- c. Generalized au-
tion each require an auditor to prepare data and com- dit software
puter programs. CPAs who lack either the technical
expertise or time to prepare programs should request
from the manufacturers or EDP consultants for
a. The program Code

b. Flowchart checks
c. Generalized audit software
d. Application controls
128. 65. Which of the following best describes a funda- d. Functions that
mental control weakness often associated with elec- would normally be
tronic data processing system? separated in a
manual system
a. EDP equipment is more subject to system error are combined in
than manual processing is subject to human error. the EDP system
like the function of
b. Monitoring is not an adequate substitute for the programmers and
use of test data. operators.
c. EDP equipment processes and records similar
45 / 48
CIS CPAr
transactions in a similar manner.
d. Functions that would normally be separated in a

manual system are combined in the EDP system like
the function of programmers and operators.
129. 66. Which of the following tasks could not be per- b. Physical count
formed when using a generalized audit software of inventories.
package?
a. Selecting inventory items for observations.
b. Physical count of inventories.
c. Comparison of inventory test counts with perpetual

records.
d. Summarizing inventory turnover statistics for ob-

solescence analysis.
130. 67. All of the following are "auditing through the com- a. Reviewing
puter" techniques except source code
a. Reviewing source code
b. Test-decking
c. Automated tracking and mapping
d. Integrated test facility
131. 68. The output of a parallel simulation should always b. Compared with
be actual results
manually
a. Printed on a report.
b. Compared with actual results manually.
c. Compared with actual results using a comparison
46 / 48
CIS CPAr
program.
d. Reconciled to actual processing output.
132. 69. Generalized audit software is a computer-assisted c. Independently

audit technique. It is one of the widely used technique analyze data files.
for auditing computer application systems. General-
ized audit software is most often used to
a. Verify computer processing.
b. Process data fields under the control of the oper-

ation manager.
c. Independently analyze data files.
d. Both a and b.
133. 70. From an audit viewpoint, which of the following b. Their ease of
represents a potential disadvantage associated with access by novice
the widespread use of microcomputers? users
a. Their portability.
b. Their ease of access by novice users.
c. Their easily developed programs using spread-

sheets which do not have to be documented.
134. 71. Which of the following functions would have the d. The applica-
least effect on an audit if it was not properly segre- tions programmer
gated? and the systems
programmer.
a. The systems analyst and the programmer func-
tions.
b. The computer operator and programmer functions.
47 / 48
CIS CPAr
c. The computer operator and the user functions.
d. The applications programmer and the systems pro-

grammer.
135. 72. To obtain evidence that user identification and a. Attempt to sign
password control procedures are functioning as de- on to the system
signed, an auditor would most likely using invalid user
identifications and
a. Attempt to sign on to the system using invalid user passwords
identifications and passwords.
b. Write a computer program that simulates the logic

of the client's access control software.
c. Extract a random sample of processed transac-

tions and ensure that the transactions were appropri-
ately authorized.
d. Examine statements signed by employees stating

that they have not divulged their user identifications
and passwords to any other person.
48 / 48

Answerkey Auditing CS PDF

Uploaded by

Copyright:

Available Formats

Answerkey Auditing CS PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Answerkey Auditing CS PDF

Uploaded by

Copyright:

Available Formats

CIS CPAr

Study online at https://quizlet.com/_7a6vee

1. 1. Which statement is incorrect when auditing in a CIS d. A CIS envi-

b. The auditor should consider how a CIS environ-

c. The use of a computer changes the processing,

d. A CIS environment changes the overall objective

2. 2. Which of the following standards or group of stan- d. Standards of

b. The auditor needs to determine the effect of the CIS

c. Design and perform appropriate tests of controls

d. The need of the auditor to make analytical proce-

4. 4. It relates to materiality of the financial statement d. Significance

5. 5. Which of the following least likely indicates a com- d. The system

b. The volume of the transactions is such that users

c. The computer automatically generates material

d. The system generates a daily exception report.

a. Lack of segregation of functions.

c. Lack of transaction trails.

7. 7. Which of the following is least likely a risk charac- d. Initiation of

c. The potential unauthorized access to data or to

8. 8. Which of the following significance and complexity d. The use of soft-

b. Lack of transaction trails.

c. The significance and complexity of computer pro-

d. The use of software packages instead of cus-

d. Generally, CIS environments in which personal

a. A stand-alone workstation operated by a single

b. A workstation which is part of a local area network

c. A workstation connected to a server.

d. All of the above.

11. 11. Which statement is incorrect regarding personal b. A stand-alone

b. A stand-alone workstation may be referred to as a

c. A local area network is an arrangement where

d. Personal computers can be linked to servers and

a. They are small enough to be transportable.

b. They are relatively expensive.

c. They can be placed in operation quickly.

d. The operating system software is less compre-

b. The programs are tailored-made according to the

c. They are developed by software manufacturer ac-

d. It takes a longer time of implementation

15. 15. It is a computer program (a block of executable a. Virus

c. System management program

16. 16. Which statement is incorrect regarding internal d. In a typical

c. In almost all commercially available operating sys-

d. In a typical personal computer environment, the

17. 17. Personal computers are susceptible to theft, d. Using anti-virus

a. Using door locks or other security protection dur-

b. Fastening the personal computer to a table using

c. Locking the personal computer in a protective cab-

d. Using anti-virus software programs.

b. Placing responsibility for such media under per-

c. Using a program and data file check-in and

d. Keeping current copies of diskettes, compact disks

a. Using secret file names and hiding the files.

b. Keeping of back up copies offsite.

d. Segregating data into files organized under sepa-

20. 20. It refers to plans made by the entity to obtain a. Back-up

d. Wide Area Network (WAN)

a. The extent to which the personal computer is being

b. The type and significance of financial