Chapter 7

Question 1

Nature of Computers

Answer 1

• fast
• do not think the way humans do
• do not get tired but succumbs to technical problems
• follows the dictum: “do it right the first time, do it right all the time.”

Question 2

Three broad classes of application controls

Answer 2

1. Input Controls
2. Processing Controls
3. Output Controls

Question 3

Designed to ensure that the transactions that bring data into the system are valid, accurate, and complete

Answer 3

Input controls

Question 4

Data input procedures can be:

Answer 4

• Source document triggered (batch)
• Direct input (real-time)

Question 5

Classes of input controls:

Answer 5

1. Source document controls
2. Data coding controls
3. Batch controls
4. Validation controls
5. Input error correction
6. Generalized data input systems

Question 6

Five CAATTs approaches used for testing application logic:

Answer 6

1. Test data method
2. Base care system evaluation
3. Tracing
4. Integrated test facility
5. Parallel simulation

Question 7

Source document input requires human involvement and is prone to clerical errors.

Answer 7

True

Question 8

Direct input employs real-time editing techniques to identify and correct errors immediately.

Answer 8

True

Question 9

Controls in systems that are using physical source documents.

Answer 9

Source document controls

Question 10

Control procedures over source documents:

Answer 10

• Use pre-numbered source documents
• Use source documents in sequence
• Periodically audit source documents

Question 11

Checks on the integrity of data codes used in processing.

Answer 11

Data Coding Controls

Question 12

Three types of processing errors:

Answer 12

1. Transcription errors
2. Single transposition errors
3. Multiple transposition errors

Question 13

Three classes of transcription errors:

Answer 13

1. Addition errors
2. Truncation errors
3. Substitution errors

Question 14

Occurs when an extra digit or character is added to the code.

Answer 14

Addition errors

Question 15

Occurs when a digit or character is removed from the end of a code.

Answer 15

Truncation errors

Question 16

The replacement of one digit in a code with another.

Answer 16

Substitution errors

Question 17

Occurs when two adjacent digits are reversed.

Answer 17

Single transposition errors

Question 18

Occurs when non-adjacent digits are transposed.

Answer 18

Multiple transposition errors

Question 19

Data coding controls:

Answer 19

Check digits

Question 20

A control digit added to the code when it is originally assigned that allows the integrity of the code to be established during subsequent processing. (suffix, prefix, embedded)

Answer 20

Check digits

Question 21

Check-digit techniques:

Answer 21

1. Sum of digits
2. Modulus 11

Question 22

The steps in modulus 11:

Answer 22

1. Assign weights
2. Sum the products
3. Divide by the modulus
4. Subtract the remainder from the modulus to obtain the check digit.
5. Add the check digit to the original code to yield the new code.

Question 23

An effective method of managing high volumes of transaction data through a system, especially paper-fed information system.

Answer 23

Batch controls

Question 24

Batch controls provide assurance that:

Answer 24

1. All records in the batch are processed.
2. No records are processed more than once.
3. An audit trail of transactions is created from input through processing to the output stage of the system.

Question 25

Two documents used to accomplish batch control objectives:

Answer 25

1. Batch transmittal sheet
2. Batch control log

Question 26

The batch transmittal sheet captures relevant information such as:

Answer 26

1. A unique batch number
2. A batch date
3. A transaction code
4. The number of records in the batch
5. The total dollar value of a financial field (batch control total)
6. The total of a unique non-financial field (hash total)

Question 27

Refers to a simple control technique that uses non-financial data to keep track of the records in a batch.

Answer 27

Hash total

Question 28

Are intended to detect errors in transaction data before the data are processed.

Answer 28

Validation controls

Question 29

Three levels of input validation controls

Answer 29

1. Field interrogation
2. Record interrogation
3. File interrogation

Question 30

Types of files in a computer-based systems:

Answer 30

1. Master file
2. Transaction file
3. Reference file
4. Archive file

Question 31

Audit trails in computer-based systems are less observable than in a traditional manual system.

Answer 31

True

Question 32

Generally contains account data.

Answer 32

Master file

Question 33

A temporary file of transaction records used to change or update data in a master file. Examples are sales orders, inventory receipts, and cash receipts.

Answer 33

Transaction file

Question 34

Stores data that are used as standards for processing transactions.

Answer 34

Reference file

Question 35

Contains records of past transactions that are retained for future reference.

Answer 35

Archive file

Question 36

Examples of transaction files

Answer 36

• Sales orders
• Inventory receipts
• Cash receipts

Question 37

Examples of reference file

Answer 37

• price list used for preparing customer invoices
• list of authorized suppliers
• employee rosters
• customer credit files for approving credit sales

Question 38

Hierarchy of data

Answer 38

1. Field (name, year level)
2. Record (for every student)
3. File (all bsa students)
4. Database (all HNU students)

Question 39

Involves programmed procedures that examine the characteristics of the data in the field.

Answer 39

Field interrogation

Question 40

Common types of field interrogation:

Answer 40

1. Missing data checks
2. Numeric-alphabet data checks
3. Zero value checks
4. Limit checks
5. Range checks
6. Validity checks
7. Check digit

Question 41

Used to examine the contents of a field for the presence of blank spaces.

Answer 41

Missing data checks

Question 42

Determine whether the correct form of data is in a field.

Answer 42

Numeric-alphabet data checks

Question 43

Are used to verify that certain fields are filled with zeros.

Answer 43

Zero-value checks

Question 44

Determine if the value in the field exceeds an authorized limit.

Answer 44

Limit checks

Question 45

Assign upper and lower limits to acceptable data values.

Answer 45

Range checks

Question 46

Compare actual values in a field against known acceptable values.

Answer 46

Validity checks

Question 47

Identify keystroke errors in key fields by testing the internal validity of the code.

Answer 47

Check digit

Question 48

Procedures which validate the entire record by examining the interrelationship of its field values.

Answer 48

Record interrogation

Question 49

Determine if a value in one field, which has already passed a limit check and arrange check, is reasonable when considered along with other data fields in the record.

Answer 49

Reasonableness checks

Question 50

Are tests to see if the sign of a field is correct for the type of record being processed.

Answer 50

Sign checks

Question 51

Are used to determine if a record is out of order.

Answer 51

Sequence checks

Question 52

To ensure that the correct file is being processed by the system.

Answer 52

File interrogation

Question 53

Verify that the file processed is the one the program is actually calling for.

Answer 53

Internal label checks

Question 54

Are used to verify that the version of the file being processed is correct.

Answer 54

Version checks

Question 55

Prevents a file from being deleted before it expires.

Answer 55

Expiration date check

Question 56

What consists the label part of the Header Label on Magnetic Tape

Answer 56

1. Tape serial number
2. File name
3. Expiration date
4. Control totals
5. Number of records

Question 57

When errors are detected in a batch they must be corrected and the records resubmitted for reprocessing.

Answer 57

Input error correction

Question 58

Three common error handling techniques:

Answer 58

1. Correct immediately.
2. Create an error file.
3. Reject the entire batch.

Question 59

Some forms of errors are associated with the entire batch and are not clearly attributable to individual records.

Answer 59

Reject the batch.

Question 60

Upon detecting a keystroke error or an illogical relationship, the system should halt the data procedure until the user corrects the error.

Answer 60

Correct immediately.

Question 61

At the end of the validation procedure, the records flagged as errors are removed from the batch and placed in a temporary error holding file until the errors can be investigated.

Answer 61

Create an error file.

Question 62

Includes centralized procedures to manage the data input for all of the organization’s transaction processing systems.

Answer 62

Generalized Data Input Systems

Question 63

It eliminates the need to recreate redundant routines for each new application.

Answer 63

GDIS

Question 64

Advantages of the Generalized Data Input Systems

Answer 64

1. Improves control by having one common system perform all data validation.
2. Ensures that each AIS application applies a consistent standard for data validation.
3. Improves systems development efficiency.

Question 65

It is where the input data that are validated by the generalized validation module are stored.

Answer 65

Validated data file

Question 66

Performs standard validation routines that are common to many different applications.

Answer 66

Generalized validation module

Question 67

Plays the same role as a traditional error file.

Answer 67

Error file

Question 68

Distributed to users to facilitate error correction.

Answer 68

Error reports

Question 69

A permanent record of all validated transactions.

Answer 69

Transaction log

Question 70

Three categories of processing controls:

Answer 70

1. Run-to-run controls
2. Operator intervention controls
3. Audit trail controls

Question 71

Uses batch figures to monitor the batch as it moves from one program procedure to another.

Answer 71

Run-to-run controls

Question 72

Specific uses of run to run controls:

Answer 72

1. Recalculate control totals.
2. Check transaction codes.
3. Sequence checks

Question 73

This happens when operator manually enters controls into the system

Answer 73

Operator Intervention Controls

Question 74

Examples of operator intervention controls:

Answer 74

1. Entering control totals for a batch
2. Providing parameter values
3. Activating a program

Question 75

Systems that limit operator intervention through operator intervention controls are thus less prone to processing errors.

Answer 75

True

Question 76

To reduce error parameter values and programs start points be derived logically and look-up tables be provided by system.

Answer 76

True

Question 77

Makes sure that every transaction becomes traceable from input to output.

Answer 77

Audit Trail Controls

Question 78

Examples of techniques used to preserve audit trails in computer based accounting systems:

Answer 78

1. Transaction logs
2. Log of automatic transactions
3. Listing of automatic transactions
4. Unique transaction identifiers
5. Error listing

Question 79

Ensures that system output is not lost, misdirected, or corrupted, and that privacy is not violated.

Answer 79

Output controls

Question 80

Output controls ensure that system output is:

Answer 80

• not misplaced or lost
• not misdirected
• not corrupted
• and privacy is not violated

Question 81

Output controls:

Answer 81

1. Output spooling
2. Print programs
3. Bursting
4. Waste
5. Data control
6. Report distribution
7. End user controls

Question 82

Two general approaches in testing computer application controls:

Answer 82

1. Black box (around the computer) approach
2. White box (through the computer) approach

Question 83

Common types of test of controls in the white box approach includes:

Answer 83

1. Authenticity tests
2. Accuracy tests
3. Completeness tests
4. Redundancy tests
5. Access tests
6. Audit trail tests
7. Rounding error tests

Question 84

Used to establish application integrity by processing specially prepared sets of input data through production applications that are under review.

Answer 84

The test data method

Question 85

When the set of test data in use is comprehensive.

Answer 85

Base case system evaluation

Question 86

Performs an electronic walk-through of the application’s internal logic.

Answer 86

Tracing

Question 87

The three steps of the tracing procedure:

Answer 87

1. The application under review must undergo a special compilation to activate the trace option.
2. Specific transactions are types of transactions are created as test data.
3. The test data transactions are traced through all processing stages of the program and a listing is produced of all program instructions that were executed during the test.

Question 88

Three primary advantages of test data techniques:

Answer 88

1. They employ through-the-computer testing, thus providing the auditor with explicit evidence concerning application functions.
2. If properly planned test data runs can be employed with only minimal disruption to the organization’s operations.
3. They require only minimal computer expertise on the part of auditors.

Question 89

Disadvantages of test data techniques:

Answer 89

1. Auditors must rely on computer services personnel to obtain a copy of the application for test purposes.
2. They provide a static picture of application integrity at a single point in time.
3. Their relatively high cost of implementation, which results in audit inefficiency.

Question 90

An automated technique that enables the auditor to test an application’s logic and controls during its normal operation.

Answer 90

The integrated test facility

Question 91

Advantages of integrated test facility:

Answer 91

1. It supports ongoing monitoring of controls as required by SAS 78.
2. Applications with ITF can be economically tested without disrupting the user’s operations and without the intervention of computer services personnel.

Question 92

Disadvantage of integrated test facility

Answer 92

The potential for corrupting the data files of the organization with test data.

Question 93

Steps to remedy the disadvantage of ITF:

Answer 93

1. Adjusting entries may be processed to remove the effects of ITF from general ledger account balances.
2. Data files can be scanned by special software that remove the ITF transactions.

Question 94

Requires the auditor to write a program that simulates key features or processes of the application under review.

Answer 94

Parallel simulation

Question 95

Five major components of GDIS:

Answer 95

Generalized validation module
Validated data file
Error file
Error reports
Transaction log