JOSE RIZAL UNIVERSITY80 Shaw Boulevard, Mandaluyong City

Auditing in CIS EnvironmentACC63-401A

Computer-Assisted Audit Tools and TechniquesMultiple Choice Questions

Submitted to:Atty. Zander J. Plaza, CPA

Prepared by:

GROUP IV

Leader: RED, Sunshine S.

Members:

ENRIQUEZ, JaysonESCOBEDO, Xybelle

NARVAEZ. Juana MariePAZ, Gene Kelly

RENIVA, LeandraROMANA, Fatima Bianca

ULAYE, Vanessa

Computer-Assisted Audit Tools and TechniquesMultiple Choice Questions

1. The stage designed to ensure that the transactions are valid, accurate andcomplete.

a. Batch controlb. Validation controlc. Input controld. Error control

2. The following are broad classes of Input control except:a. Source document controlb. Output controlc. Batch controld. Validation control

3. These are source documents that have unique sequential number on them.a. Post numbered source documentb. Numbered source documentc. Pre numbered source documentd. None of the above

4. The following are types of errors that can corrupt data codes and causeprocessing errors except:

a. Transcription errorsb. Single transposition errorsc. Double transposition errorsd. Multiple transposition errors

5. This error occurs when two adjacent digits are reversed.a. Transcription errorsb. Single transposition errorsc. Double transposition errorsd. Multiple transposition errors

6. The following are classes of transcription errors except:a. Multiplicationb. Additionc. Truncationd. Substitution

7. This error occurs when non adjacent digits are transposed.a. Transcription errorsb. Single transposition errorsc. Double transposition errors

d. Multiple transposition errors

8. A control digit added to the code that is originally assigned that allows theintegrity of the code to be established during subsequent processing.

a. Check digitsb. Cross digitsc. Digitsd. None of the above

9. An effective method of managing high volumes of transaction data throughsystem.

a. Single controlb. Batch controlc. Dual controld. None of the above

10.These controls are intended to detect errors in transaction before the data areprocessed.

a. Single controlb. Batch controlc. Validation controld. None of the above

11.What are controls that must be exercised over physical source documents insystems that use them to initiate transactions?

a. Validation Controlsb. Batch Controlsc. Check Digitsd. None of the above

12.What method is used to establish application integrity by processing speciallyprepared sets of input data through production applications that are underreview?

a. White Box Approachb. Test Data Methodc. Black Box Approachd. All of the above

13. What controls that are check on the integrity of data codes used in processing?a. Application Controlsb. Input Controlsc. Source Document Controlsd. Data Coding Controls

14. It performs standard validation routines that are common to many differentapplications.

a. Input Error correction

b. Case System Evaluationc. Generalized Validation Moduled. Generalized Data Input System

15.These are the specific run-to-run control figures, EXCEPT:a. Recalculate Control Totalsb. Transaction Codesc. Sequence Checkd. All of the Above

16.Transcription errors fall into three classes. Except.a. Addition errorb. Truncation errorc. Substitution errord. None

17.An online data entry technique that can be employed when inexperiencedpersonnel enter data is the use of.

a. Overflow proceduresb. Compatibility testsc. Promptingd. Checkpoints

18.Edit checks in a completed accounting systema. Are preventive controlsb. Should be performed on transactions prior to updating a master file.c. Must be installed for the system to be operational.d. Should be performed immediately prior to output distribution.

19.An employee in the receiving department eyed in a shipment from a remoteterminal and advertently omitted the purchase order number. The best systemscontrol to detect this error would be.

a. Completenessb. Batch totalc. Sequence checkd. Reasonableness test

20.An accounting system identification code that uses a sum-of-digits check digit willdetect all of the ff. except.

a. Validity errorsb. Transposition errorsc. Completeness errorsd. Transcription errors

21. In an automated payroll processing environment, a department managersubstituted the time card for a terminated employee with a time card for a

fictitious employee. The fictitious employee had the same pay rate and hoursworked as the terminated employee. The best control technique to detect thisaction using employee identification numbers would be a

a. batch totalb. record countc. hash totald. subsequent check

22.An employee in the receiving department keyed in a shipment from a remoteterminal and inadvertently omitted the purchase order number. The best systemscontrol to detect this error would be a

a. batch totalb. completeness testc. sequence checkd. reasonableness test

23.An online data entry technique that can be employed when inexperiencedpersonnel enter data is the use of

a. Overflow procedures.b. Prompting.c. Compatibility tests.d. Checkpoints

24.Edit checks in a computerized accounting systema. Are preventive controls.b. Should be performed on transactions prior to updating a master file.c. Must be installed for the system to be operational.d. Should be performed immediately prior to output distribution.

25.Which one of the following statements concerning concurrent auditing techniquesis not correct?

a. They allow monitoring a system on a continuous basis for fraudulenttransactions.

b. They are most useful in complex online systems in which audit trails haveeither become diminished or are very limited.

c. They allow faster detection of unauthorized transactions.d. They are standard components of generic software packages.

26. In auditing computer-based systems, the integrated test facility (ITF)a. allows the auditor to assemble test transactions and run them through the

computer system to test the integrity of controls on a sample data baseb. is a set of specialized software routines that are designed to perform

specialized audit tests and store audit evidencec. is a concurrent audit technique that establishes a special set of

dummy master files and enters transactions to test the programsusing the dummy files during regular processing runs

d. uses an audit log to record transactions and data having special auditsignificance during regular processing runs

27.An accounting system identification code that uses a sum-of-digits check digit willdetect all of the following errors except

a. Completeness errors.b. Transcription errors.c. Transposition errors.d. Validity errors.

28. In order to prevent, detect, and correct errors and unauthorized tampering, apayroll system should have adequate controls. The best set of controls for apayroll system includes

a. Batch and hash totals, record counts of each run, proper separationof duties, passwords and user codes, and backup copies of activityand master files.

b. Employee supervision, batch totals, record counts of each run, andpayments by check.

c. Passwords and user codes, batch totals, employee supervision, and recordcounts of each run.

d. Batch totals, record counts, user codes, proper separation of duties, andonline edit checks.

29.Data input validation routines includea. Terminal logs.b. Passwords.c. Hash totals.d. Backup controls.

30.Whether or not a real-time program contains adequate controls is mosteffectively determined by the use of

a. Audit software.b. An integrated test facility.c. A tagging routine.d. A tracing routine.

31.Which of the following is not a processing control?a. Control riskb. Reasonable Testc. Check digitsd. Control total

32.Which of the following is correct?a. Check digits should be used for all data codesb. Check digits are always placed at the end of a data codec. Check digits do not affect processing efficiencyd. Check digits are designed to detect transcription errors

33.A clerk inadvertently entered an account number 12368 rather than accountnumber 12638. In processing this transaction, the error would be detected withwhich of the following controls?

a. Batch totalb. Key verifyingc. Self-checking digitd. An internal consistency check

34.Total amounts in computer-record data fields, which are not usually added butare used only for data processing control purposes are called

a. Record totalsb. Hash totalsc. Processing data totalsd. Field totals

35. If a control total were to be computed on each of the following data items, whichwould be best identified as a hash total for a payroll CIS application?

a. Net payb. Hours workedc. Department numbersd. Total debits and total credits

36.Which is statement is not correct? The goal of batch controls is to ensure thatduring processing

a. Transactions are not omittedb. Transactions are not addedc. Transactions are processed more than onced. An audit trail is created

37.An example of hash total isa. Total payroll checks – P12,315b. Total number of employees – 10c. Sum of the social security numbers - 12,555,437,251d. None of the above

38.The employee entered 40 in the hours worked per day field. Which check woulddetect this unintentional error?

a. Numeric/alphabetic checkb. Sign checkc. Limit checkd. Missing data check

39.When auditing around the computer, the independent auditor focuses solelyupon the source documents and

a. Test datab. CIS processing

c. Compliance techniquesd. CIS output

40.Which of the following is not a common type of white box approach?a. Test datab. Integrated test facilityc. Auditing around the computerd. Parallel simulation

41.Run-to-run control totals can be used for all of the following excepta. to ensure that all data input is validatedb. to ensure that only transactions of a similar type are being processedc. to ensure the records are in sequence and are not missingd. to ensure that no transaction is omitted

42.Methods used to maintain an audit trail in a computerized environment include allof the following except

a. transaction logsb. unique transaction identifiersc. data encryptiond. log of automatic transactions

43.A computer operator was in a hurry and accidentally used the wrong master fileto process a transaction file. As a result, the accounts receivable master file waserased. Which control would prevent this from happening?

a. header label checkb. expiration date checkc. version checkd. validity check

44.Risk exposures associated with creating an output file as an intermediate step inthe printing process (spooling) include all of the following actions by a computercriminal except

a. gaining access to the output file and changing critical data valuesb. using a remote printer and incurring operating inefficienciesc. making a copy of the output file and using the copy to produce illegal

output reportsd. printing an extra hard copy of the output file

45.Which statement is NOT correct?a. Only successful transactions are recorded on a transaction log.b. Unsuccessful transactions are recorded in an error file.c. A transaction log is a temporary file.d. A hard copy transaction listing is provided to users.

46.Which statement is correct?

a. compiled programs are very susceptible to unauthorized modificationb. the source program library stores application programs in source

code formc. modifications are made to programs in machine code languaged. the source program library management system increases operating

efficiency

47.An example of a hash total isa. total payroll checks—$12,315b. total number of employees—10c. sum of the social security numbers—12,555,437,251d. none of the above

48.The employee entered “40” in the “hours worked per day” field. Which checkwould detect this unintentional error?

a. numeric/alphabetic data checkb. sign checkc. limit checkd. missing data check

49.Which of the following is correct?a. Check digits should be used for all data codes.b. Check digits are always placed at the end of data codes.c. Check digits do not affect processing efficiency.d. Check digits are designed to detect transcription errors.

50.Which of the following is an example of an input error correction technique?a. immediate correctionb. rejection of batchc. creation of error filed. all are examples of input error correction techniques

51.To obtain evidence that online access controls are properly functioning, anauditor most likely would

a. Create checkpoints at periodic intervals after live data processing to test forunauthorized use of the system.

b. Examine the transaction log to discover whether any transactions were lostor entered twice due to a system malfunction.

c. Enter invalid identification numbers or passwords to ascertainwhether the system rejects them.

d. Vouch a random sample of processed transactions to assure properauthorization.

52. An auditor most likely would introduce test data into a computerized payrollsystem to test controls related to the

a. Existence of unclaimed payroll checks held by supervisors.b. Early cashing of payroll checks by employees.c. Discovery of invalid employee LD. numbers.d. Proper approval of overtime by supervisors.

53.Which of the following is not among the errors that an auditor might include in thetest data when auditing a client's computer system?

a. Numeric characters in alphanumeric fields.b. Authorized code.c. Differences in description of units of measure.d. Illogical entries in fields whose logic is tested by programmed consistency

checks.

54. Which of the following computer-assisted auditing techniques allows fictitiousand real transactions to be processed together without client operating personnelbeing aware of the testing process?

a. Integrated test facility.b. Input controls matrix.c. Parallel simulation.d. Data entry monitor.

55.Which of the following methods of testing application controls utilizes ageneralized audit software package prepared by the auditors'?

a. Parallel simulation.b. Integrated testing facility approach.c. Test data approach.d. Exception report tests.

56. In creating lead schedules for an audit engagement, a CPA often usesautomated work paper software. What client information is needed to begin thisprocess?

a. Interim financial information such as third quarter sales, net income, andinventory and receivables balances.

a. Specialized journal information such as the invoice and purchase ordernumbers of the last few sales and purchases of the year.

b. General ledger information such as account numbers prior yearaccount balances and current year unadjusted information.

c. Adjusting entry information such as deferrals and accruals, andreclassification journal entries.

57.Using microcomputers in auditing may affect the methods used to review thework of staff assistants because

a. The audit fieldwork standards for supervision may differ.b. Documenting the supervisory review may require assistance of consulting

services personnel.c. Supervisory personnel may not have an understanding of the capabilities

and limitations of microcomputers.

d. Working paper documentation may not contain readily observabledetail is of calculations.

58.An auditor would least likely use computer software toa. Access client data files.b. Prepare spreadsheets.c. Assess computer control risk.d. Construct parallel simulations.

59.A primary advantage of using generalized audit software packages to audit thefinancial statements of a client that uses a computer system is that the auditormay

a. Access information stored on computer files while having a limitedunderstanding of the client's hardware and software features.

b. Consider increasing the use of substantive tests of transactions in place ofanalytical procedures.

c. Substantiate the accuracy of data through self-checking digits and hashtotals.

d. Reduce the level of required tests of controls 10 a relatively small amount.

60. Auditors often make use of computer programs that perform routine processingfunctions such as sorting and merging. These programs are made available byelectronic data processing companies and others and are specifically referred toas

a. Compiler programs.b. Supervisory programs.c. Utility programs.d. User programs.

61.These are programmed procedures designed to deal with potential exposuresthat threaten specific applications.

a. Input controlsb. Output controlsc. Application controlsd. Process controls

62.Application controls fall into three broad categories, except:a. Input controlsb. Output controlsc. Application controlsd. Process controls

63. It is a control digit (or digits) added to the code when it is originally assigned thatallows the integrity of the code to be established during subsequent processing.

a. Check digitsb. Batch controls

c. Data digitsd. Field interrogation

64.STATEMENT 1: Validity checks compare actual values in a field against knownacceptable values.STATEMENT 2: Validity checks are used to verify such things as transactioncodes, state abbreviations or employee job skill codes.

a. Both statements are correct.b. Both statements are wrong.c. Only statement 1 is correct.d. Only statement 2 is correct.

65. Its purpose is to ensure that the correct file is being processed by the system.a. Version checksb. Record interrogationc. File interrogationd. Expiration date check

66.Processing controls are divided into three categories, except:a. run-to-run controlsb. operator intervention controlsc. audit trail controlsd. none of the above

67.Tests which verify that an individual, a programmed procedure, or a messageattempting to access a system is authentic.

a. Authenticity testsb. Accuracy testsc. Completeness testsd. Redundancy tests

68.What is the advantage of Test Data Techniques?a. Auditors must rely on computer services personnel.b. They require only minimal computer expertise on the part of Auditors.c. They provide a static picture of application integrity at a single point in time.d. Their relatively high cost of implementation, which results in audit

inefficiency.

69. It requires the auditor to write a program that simulates key features or processesof application under review.

a. Parallel simulationb. Black-box Approachc. Hash totald. Base case system evaluation

70.This group is responsible for verifying the accuracy of computer output before itis distributed to the user.

a. Database administrationb. Check Digit Groupc. Data Digits Groupd. Data Control Group

71. If a control total were to be computed on each of the following data items, whichwould best be identified as a hash total for a payroll computer application?

a. Net pay.b. Department numbers.c. Hours worked.d. Total debits and total credits.

72.Auditing by testing the input and output of a computer system instead of thecomputer program itself will:

a. Not detect program errors which do not show up in the outputsampled.

b. Provide the auditors with the same type of evidence.c. Detect all program errors, regardless of the nature of the outputd. Not provide the auditors with the confidence in the results of the auditing

procedures.

73.Parallel simulation programs used by the auditors for testing programs:a. Must simulate all functions of the production computer-application system.b. Cannot be developed with the aid of generalized audit software.c. Can use live data or test data.d. Is generally restricted to data base environments.

74.Smith Corporation has numerous customers. A customer file is kept on diskstorage. Each account in the customer file contains name, address, credit limit,and account balance. The auditor wishes to test this file to determine whethercredit limits are being exceeded. The best procedure for the auditor to followwould be to:

a. Develop test data that would cause some account balance to exceed thecredit limit and determine if the system properly detects such situations.

b. Develop a program to compare credit limits with account balancesand print out the details of any account with a balance exceeding itscredit limit.

c. Require a printout of all account balances so they can be manuallychecked against the credit limits.

d. Request a printout of a sample of account balances so they can beindividually checked against the credit limits.

75. In the weekly computer run to prepare payroll checks, a check was printed for anemployee who had been terminated the previous week. Which of the followingcontrols, if properly utilized, would have been most effective in preventing theerror or ensuing its prompt detection?

a. A control total for hours worked, prepared from time cards collectedby the timekeeping department.

b. Requiring the treasurer's office to account for the numbers of the pre-numbered checks issued to the computer department for the processing ofthe payroll.

c. Use of a check digit for employee numbers.d. Use of a header label for the payroll input sheet.

76. In the weekly computer run to prepare payroll checks, a check was printed for anemployee who had been terminated the previous week. Which of the followingcontrols, if properly utilized, would have been most effective in preventing theerror or ensuring its prompt detection?

a. A control total for hours worked, prepared from time cards collectedby the timekeeping department.

b. Requiring the treasurer's office to account for the number of the pre-numbered checks issued to the CBIS department for the processing of thepayroll.

c. Use of a check digit for employee numbers.d. Use of a header label for the payroll input sheet.

77.An auditor is preparing test data for use in the audit of a computer basedaccounts receivable application. Which of the following items would beappropriate to include as an item in the test data?

a. A transaction record which contains an incorrect master file control total.b. A master files record which contains an invalid customer identification

number.c. A master files record which contains an incorrect master file control total.d. A transaction record which contains an invalid customer

identification number.

78.Unauthorized alteration of on-line records can be prevented by employing:a. Key verification.b. Computer sequence checks.c. Computer matching.d. Data base access controls.

79. In auditing through a computer, the test data method is used by auditors to testthe

a. Accuracy of input data.b. Validity of the output.c. Procedures contained within the program.d. Normalcy of distribution of test data.

80.Which of the following is an advantage of generalized computer audit packages?a. They are all written in one identical computer language.b. They can be used for audits of clients that use differing CBIS

equipment and file formats.c. They have reduced the need for the auditor to study input controls for CBIS

related procedures.d. Their use can be substituted for a relatively large part of the required

control testing.

81.Processing simulated file data provides the auditor with information about thereliability of controls from evidence that exists in simulated files. One of thetechniques involved in this approach makes use of

a. Controlled reprocessing.b. Program code checking.c. Printout reviews.d. Integrated test facility.

82.An integrated test facility (ITF) would be appropriate when the auditor needs toa. Trace a complex logic path through an application system.b. Verify processing accuracy concurrently with processing.c. Monitor transactions in an application system continuously.d. Verify load module integrity for production programs.

83.When auditing "around" the computer, the independent auditor focuses solelyupon the source documents and

a. Test data.b. CBIS processing.c. Control techniques.d. CBIS output.

84.A hash total of employee numbers is part of the input to a payroll master fileupdate program. The program compares the hash total to the total computed fortransactions applied to the master file. The purpose of this procedure is to:

a. Verify that employee numbers are valid.b. Verify that only authorized employees are paid.c. Detect errors in payroll calculations.d. Detect the omission of transaction processing.

85.When testing a computerized accounting system, which of the following is nottrue of the test data approach?

a. The test data need consist of only those valid and invalid conditions inwhich the auditor is interested.

b. Only one transaction of each type need be tested.c. Test data are processed by the client's computer programs under the

auditor's control.d. The test data must consist of all possible valid and invalid

conditions.

86.Which of the following procedures is an example of auditing "around" thecomputer?

a. The auditor traces adding machine tapes of sales order batch totalsto a computer printout of the sales journal.

b. The auditor develops a set of hypothetical sales transactions and, using theclient's computer program, enters the transactions into the system andobserves the processing flow.

c. The auditor enters hypothetical transactions into the client's processingsystem during client processing of live" data.

d. The auditor observes client personnel as they process the biweekly payroll.The auditor is primarily concerned with computer rejection of data that failsto meet reasonableness limits.

87.Auditing by testing the input and output of a computer-based system instead ofthe computer program itself will

a. Not detect program errors which do not show up in the outputsampled.

b. Detect all program errors, regardless of the nature of the output.c. Provide the auditor with the same type of evidence.d. Not provide the auditor with confidence in the results of the auditing

procedures.

88.The applications of auditing procedures using the computer as an audit tool referto

a. Integrated test facilityb. Data-based management systemc. Auditing through the computerd. Computer assisted audit techniques

89.Audit automation least likely includea. Expert systems.b. Tools to evaluate a client’s risk management procedures.c. Manual working papers.d. Corporate and financial modeling programs for use as predictive audit

tests.

90.Whether or not a real time program contains adequate controls is most effectivelydetermined by the use of

a. Audit softwareb. An integrated test facilityc. A tracing routined. A traditional test deck