CHAPTER 11 Auditing Computer-Based Information Systems Flashcards
- An audit is planned so that the most of it focuses on the areas with the highest risk factors.
The risk that auditors and their audit procedures will fail to detect a material error or misstatement
is an
a. inherent risk.
b. control risk.
c. detection risk.
c. detection risk. (Correct. Auditors and their audit procedures will fail to detect a material
error or misstatement.)
- Auditing is the systematic process of obtaining and evaluating evidence regarding assertions
about economic actions and events in order to determine how well they correspond
with the established criteria. Developing knowledge of business operations is regarded as
a part of the following audit process.
a. planning
b. collection of evidence
c. evaluation of evidence
d. communication of results
a. planning (Correct. The first step in an operational audit is planning, during which
knowledge of business operations is developed.)
- Reperformance of calculations is part of the collection of the evidence process.
a. True
b. False
a. True (Correct. Performing calculations again to verify quantitative information. It is a
part of the collection of audit evidence.)
- At what step in the audit process do the concepts of reasonable assurance and materiality
enter into the auditor’s decision process?
a. planning
b. evidence collection
c. evidence evaluation
d. They are important in all three steps.
d. They are important in all three steps. (Correct. Materiality and reasonable assurance
are important when the auditor plans an audit and when the auditor collects and evaluates
evidence.)
5. What is the four-step approach to internal control evaluation that provides a logical framework for carrying out an audit? a. inherent risk analysis b. systems review c. tests of controls d. risk-based approach to auditing
d. risk-based approach to auditing (Correct. The risk-based audit approach is a four-step
approach to carrying out an audit. The four steps are determining threats, identifying
control procedures, evaluating control procedures, and evaluating weaknesses.)
- Which of the following procedures is NOT used to detect unauthorized program changes?
a. source code comparison
b. parallel simulation
c. reprocessing
d. reprogramming code
d. reprogramming code (Correct. Reprogramming code is not used to test for unauthorized
program changes.)
- Which of the following is a concurrent audit technique that monitors all transactions and
collects data on those that meet certain characteristics specified by the auditor?
a. ITF
b. snapshot techniques
c. SCARF
d. audit hooks
c. SCARF (Correct. System control audit review file is a concurrent audit technique that
embeds audit modules into application software to monitor continuously all transaction
activity.)
- Which of the following is a computer technique that assists an auditor in understanding
program logic by identifying all occurrences of specific variables?
a. mapping program
b. program tracing
c. automated flowcharting
d. scanning routine
d. scanning routine (Correct. Scanning routine software programs search for particular
variable names or specific characters.)
- Which of the following is a computer program written especially for audit use?
a. GAS
b. CATAS
c. ITF
d. CIS
a. GAS (Correct. Generalized audit software is a software program written especially for
audit uses, such as testing data files. Examples are ACL and IDEA.)
- The focus of an operational audit is on which of the following?
a. reliability and integrity of financial information
b. all aspects of information systems management
c. internal controls
d. safeguarding assets
b. all aspects of information systems management (Correct. An operational audit is concerned
with all aspects of information systems management.)
