Auditing in a CIS/IT Environment Flashcards
- The use of a computer changes the processing, storage, and communication of financial information. A CIS environment may affect the following, EXCEPT
A. The accounting and internal control systems of the entity.
B. The overall objective and scope of an audit.
C. The auditor’s design and performance of tests of control and substantive procedures to satisfy the audit objectives.
D. The specific procedures to obtain knowledge of the entity’s accounting and internal control systems.
B. The overall objective and scope of an audit.
- The following are benefits of using IT-based controls, EXCEPT
A. Ability to process large volume of transactions.
B. Over-reliance on computer-generated reports.
C. Ability to replace manual controls with computer-based controls.
D. Reduction in misstatements due to consistent processing of transactions.
B. Over-reliance on computer-generated reports.
- Which of the following statements concerning the Internet is INCORRECT?
A. The Internet is a shared public network that enables communication with other entities and individuals around the world.
B. The Internet is a private network that only allows access to authorized persons or entities.
C. The Internet is interoperable, which means that any computer connected to the Internet can communicate with any other computer connected to the Internet.
D. The Internet is a worldwide network that allows entities to engage in e-commerce/e-business activities.
B. The Internet is a private network that only allows access to authorized persons or entities.
- In planning the portions of the audit which may be affected by the client’s CIS environment, the auditor should obtain an understanding of the significance and complexity of the CIS activities and the availability of data for use in the audit. The following relate to the COMPLEXITY of CIS activities EXCEPT when
A. Transactions are exchanged electronically with other organizations (for example, in electronic data interchange systems [EDI]).
B. Complicated computations of financial information are performed by the computer and/or material transactions or entries are generated automatically without independent validation.
C. Material financial statement assertions are affected by the computer processing.
D. The volume of transactions is such that users would find it difficult to identify and correct errors in processing.
C. Material financial statement assertions are affected by the computer processing.
- The auditor shall consider the entity’s CIS environment in designing audit procedures to reduce risk to an acceptably low level. Which of the following statements is INCORRECT?
A. The auditor’s specific audit objectives do not change whether financial information is processed manually or by computer.
B. The methods of applying audit procedures to gather audit evidence are not influenced by the methods of computer processing.
C. The auditor may use either manual audit procedures, computer-assisted audit techniques (CAATs), or a combination of both to obtain sufficient appropriate audit evidence.
D. In some CIS environments, it may be difficult or impossible for the auditor to obtain certain data for inspection, inquiry, or confirmation without the aid of a computer.
B. The methods of applying audit procedures to gather audit evidence are not influenced by the methods of computer processing.
- A characteristic that distinguishes computer processing from manual processing is
A. The potential for systematic error is ordinarily greater in manual processing than in computerized processing.
B. Errors or fraud in computer processing will be detected soon after their occurrences.
C. Most computer systems are designed so that transaction trails useful for audit purposes do not exist.
D. Computer processing virtually eliminates the occurrence of computational errors normally associated with manual processing.
D. Computer processing virtually eliminates the occurrence of computational errors normally associated with manual processing.
- Which of the following statements most likely represents a disadvantage for an entity that maintains data files on personal computers (PCs) rather than manually prepared files?
A. It is usually more difficult to compare recorded accountability with the physical count of assets.
B. Random error associated with processing similar transactions in different ways is usually greater.
C. Attention is focused on the accuracy of the programming process rather than errors in individual transactions.
D. It is usually easier for unauthorized persons to access and alter the files.
D. It is usually easier for unauthorized persons to access and alter the files.
- The internal controls over computer processing include both manual procedures and procedures designed into computer programs (programmed control procedures). These manual and programmed control procedures comprise the general CIS controls and CIS application controls. The purpose of general CIS controls is to
A. Establish specific control procedures over the accounting applications in order to provide reasonable assurance that all transactions are authorized and recorded and are processed completely, accurately, and on a timely basis.
B. Establish a framework of overall controls over the CIS activities and to provide a reasonable level of assurance that the overall objectives of internal control are achieved.
C. Provide reasonable assurance that systems are developed and maintained in an authorized and efficient manner.
D. Provide reasonable assurance that access to data and computer programs is restricted to authorized personnel.
B. Establish a framework of overall controls over the CIS activities and to provide a reasonable level of assurance that the overall objectives of internal control are achieved.
- An entity has recently converted its purchasing cycle from a manual process to an online computer system. Which of the following is a probable result associated with conversion to the new IT system?
A. Traditional duties are less separated.
B. Increased processing time.
C. Reduction in the entity’s risk exposure.
D. Increased processing errors.
A. Traditional duties are less separated.
- An entity should plan the physical location of its computer facility. Which of the following is the primary consideration for selecting a computer site?
A. It should be in the basement or on the ground floor.
B. It should maximize the visibility of the computer.
C. It should minimize the distance that data control personnel must travel to deliver data and reports and be easily accessible by a majority of company personnel.
D. It should provide security.
D. It should provide security.
- An entity installed antivirus software on all its personal computers. The software was designed to prevent initial infections, stop replication attempts, detect infections after their occurrence, mark affected system components, and remove viruses from infected components. The major risk in relying on antivirus software is that it may
A. Consume too many system resources.
B. Interfere with system operations.
C. Not detect certain viruses.
D. Make software installation too complex.
C. Not detect certain viruses.
