Auditing with Technology

Question 1

1. An advantage of using systems flowcharts to document
   information about internal control instead of using internal
   control
   questionnaires is that systems flowcharts
   a. Identify internal control weaknesses more
   prominently.
   b. Provide a visual depiction of clients’ activities.
   c. Indicate whether control procedures are operating
   effectively.
   d. Reduce the need to observe clients’ employees performing
   routine tasks.

Answer 1

1. (b) The requirement is to identify an advantage of using
   systems flowcharts to document information about internal
   control
   instead of using internal control questionnaires.
   Answer (b) is correct because flowcharts provide a visual
   depiction of clients’ activities which make it possible for
   auditors to quickly understand
   the design of the system.
   Answer (a) is incorrect because while the flow of operations
   is visually depicted, internal control weaknesses are not as
   obvious. Answer (c) is incorrect because while a flowchart
   describes a system, the flowchart alone does not indicate
   whether that system is operating effectively. Answer (d) is
   incorrect because auditors still need to determine whether the
   system has been placed in operation and therefore the need to
   observe employees performing routine tasks remains.

Question 2

2. A flowchart is most frequently used by an auditor in
   connection
   with the
   a. Preparation of generalized computer audit plans.
   b. Review of the client’s internal control.
   c. Use of statistical sampling in performing an audit.
   d. Performance of analytical procedures of account
   balances.

Answer 2

2. (b) The requirement is to determine when a flowchart
   is most frequently used by an auditor. Answer (b) is correct
   because
   flowcharts are suggested as being appropriate for
   documenting
   the auditor’s consideration of internal control.
   Answer
   (a) is incorrect because auditors do not frequently
   write their own generalized computer audit programs, the most
   likely time a flowchart would be used with respect to such
   software. Answers (c) and (d) are incorrect because statistical
   sampling and analytical procedures do not in general require
   the use of flowcharts.

Question 3

3. Matthews Corp. has changed from a system of recording
   time worked on clock cards to a computerized payroll system
   in which employees record time in and out with magnetic
   cards. The computer system automatically updates all payroll
   records. Because of this change
   a. A generalized computer audit program must be used.
   b. Part of the audit trail is altered.
   c. The potential for payroll-related fraud is diminished.
   d. Transactions must be processed in batches.

Answer 3

3. (b) The requirement is to identify the correct statement
   with respect to a computerized, automatically updating payroll
   system in which magnetic cards are used instead of a manual
   payroll system with clock cards. Answer (b) is correct because
   the automatic updating of payroll records alters the audit
   trail which, in the past, included steps pertaining to manual
   updating. Answer (a) is incorrect because although an auditor
   may choose to use a generalized computer audit program, it is
   not required. Answer (c) is incorrect because no information
   is presented that would necessarily indicate a change in the
   likelihood of fraud. Answer (d) is incorrect because given
   automatic updating, a large portion of the transactions are not
   processed in batches.

Question 4

4. Which of the following is correct concerning batch processing
   of transactions?
   a. Transactions are processed in the order they occur, regardless
   of type.
   b. It has largely been replaced by online real-time processing
   in all but legacy systems.
   c. It is more likely to result in an easy-to-follow audit
   trail than is online transaction processing.
   d. It is used only in non-database applications.

Answer 4

4. (c) The requirement is to identify the correct statement
   concerning the batch processing of transactions. Batch processing
   involves processing transactions through the system
   in groups of like transactions (batches). Answer (c) is correct
   because
   the similar nature of transactions involved with batch
   processing
   ordinarily makes it relatively easy to follow the
   transactions
   throughout the system. Answer (a) is incorrect because transactions are processed by type, not in the order
   they occur regardless of type. Answer (b) is incorrect because
   many batch applications still exist and might be expected to
   exist well into the future. Answer (d) is incorrect because
   batch processing may be used for database applications

Question 5

5. An auditor would be most likely to assess control risk
   at the maximum level in an electronic environment with
   automated system-generated information when
   a. Sales orders are initiated using predetermined, automated
   decision rules.
   b. Payables are based on many transactions and large in
   dollar amount.
   c. Fixed asset transactions are few in number, but large
   in dollar amount.
   d. Accounts receivable records are based on many
   transactions
   and are large in dollar amount.

Answer 5

5. (c) The requirement is to determine when an auditor
   would be most likely to assess control risk at the maximum
   level in an electronic environment with automated systemgenerated
   information. Answer (c) is correct because the few
   transactions involved in fixed assets make it most likely to be
   one in which a substantive approach of restricting detection
   risk is most likely to be effective and efficient. Answer (a)
   is incorrect because an auditor might be expected to perform
   tests of controls to assess control risk below the maximum
   when automated decision rules are involved for an account
   (sales) which ordinarily has many transactions. Answers (b)
   and (d) are incorrect because the numerous transactions in
   payables and receivables make it likely that control risk will be
   assessed below the maximum.

Question 6

6. In a highly automated information processing system tests
   of control
   a. Must be performed in all circumstances.
   b. May be required in some circumstances.
   c. Are never required.
   d. Are required in first year audits.

Answer 6

6. (b) The requirement is to identify the most accurate
   statement with respect to tests of controls of a highly
   automated information processing system. Answer (b) is
   correct because in some such circumstances substantive
   tests alone will not be sufficient
   to restrict detection risk to
   an acceptable level. Answer (a) is incorrect because tests of
   controls need not be performed in all such circumstances.
   Answer (c) is incorrect because such tests are sometimes
   required. Answer (d) is incorrect because tests of controls are
   not in such circumstances in all first year audits.

Question 7

7. Which of the following is least likely to be considered
   by an auditor considering engagement of an information
   technology (IT) specialist on an audit?
   a. Complexity of client’s systems and IT controls.
   b. Requirements to assess going concern status.
   c. Client’s use of emerging technologies.
   d. Extent of entity’s participation in electronic
   commerce.

Answer 7

7. (b) The requirement is to identify the least likely
   circumstance in which an auditor would consider engagements
   of an IT specialist on an audit. Answer (b) is correct because
   the requirement to assess going concern status remains the
   same on all audits, and thus does not directly affect engagement
   of an IT specialist. Answers (a), (c), and (d) are all incorrect
   because complexity, the use of emerging technologies, and
   participation in electronic commerce are all factors which make
   it more likely that an IT specialist will be engaged.

Question 8

8. Which of the following strategies would a CPA most
   likely consider in auditing an entity that processes most of
   its financial data only in electronic form, such as a paperless
   system?
   a. Continuous monitoring and analysis of
   transaction processing with an embedded audit
   module.
   b. Increased reliance on internal control activities that
   emphasize the segregation of duties.
   c. Verification of encrypted digital certificates used to
   monitor the authorization of transactions.
   d. Extensive testing of firewall boundaries that restrict
   the recording of outside network traffic.

Answer 8

8. (a) The requirement is to identify a strategy that a CPA
   most likely would consider in auditing an entity that processes
   most of its financial data only in electronic form. Answer
   (a) is correct because continuous monitoring and analysis
   of transaction
   processing with an embedded audit module might provide an effective way of auditing these processes—
   although some question exists as to how many embedded audit
   modules CPAs have actually used in practice. Answer (b) is
   incorrect because there may well be a decrease in reliance on
   internal control activities
   that emphasize this segregation of
   duties since so many controls
   are in the hardware and software
   of the application. Answer (c) is incorrect because digital
   certificates deal with electronic commerce between companies,
   a topic not directly addressed by this question, and because
   such certificates provide limited evidence
   on authorization.
   Answer (d) is incorrect because while firewalls do control
   network traffic, this is not the most significant factor in the
   audit of electronic form financial data.

Question 9

9. Which of the following is not a major reason for maintaining
an audit trail for a computer system?
a. Deterrent to fraud.
b. Monitoring purposes.
c. Analytical procedures.
d. Query answering.

Answer 9

9. (c) The requirement is to identify the reply that is not
   a major reason for maintaining an audit trail for a computer
   system.
   Answer (c) is correct because analytical procedures
   use the outputs of the system, and therefore the audit trail is of
   limited importance. Answer (a) is incorrect because an audit
   trail may deter fraud since the perpetrator may realize that his
   or her act may be detected. Answer (b) is incorrect because
   an audit trail will help management to monitor the computer
   system. Answer
   (d) is incorrect because an audit trail will
   make it much easier to answer queries.

Question 10

10. Computer systems are typically supported by a variety
    of utility software packages that are important to an auditor
    because they
    a. May enable unauthorized changes to data files if not
    properly controlled.
    b. Are very versatile programs that can be used on hardware
    of many manufacturers.
    c. May be significant components of a client’s
    application programs.
    d. Are written specifically to enable auditors to extract
    and sort data.

Answer 10

10. (a) The requirement is to identify a reason that utility
    software packages are important to an auditor. Answer (a)
    is correct because client use of such packages requires that
    the auditor
    include tests to determine that no unplanned
    interventions using utility routines have taken place during
    processing (Audit and Accounting Guide, Computer Assisted
    Audit Techniques). Answer (b) is incorrect because a client’s
    use of such programs implies that they are useful on his/her
    computer hardware, and therefore any flexibility is not of
    immediate relevance to the auditor.
    Answer (c) is incorrect
    because the primary purpose of utility
    programs is to support
    the computer user’s applications (Computer Assisted Audit
    Techniques). Answer (d) is incorrect because utility software
    programs have a variety of uses in addition
    to enabling
    auditors to extract and sort data (Computer Assisted
    Audit
    Techniques).