Information Technology

Question 1

What is an advantage of using generalized audit software packages for a client that has EDP

Answer 1

It allows an auditor to perform audit tests on clients computer files while having only a limited understanding of the client’s IT environment

Question 2

What is a Hot site

Answer 2

It has a redundant hardware and software ALREADy configured and ready to go so you have continuity of your operations in the event of a disaster

Question 3

What is the difference between a limit test and a validity test

Answer 3

Limit test - also called a reasonable test - designed to assure that all inputs are in an appropriate range of data ( example - someone can’t enter a birthdate that is before 1900) or enter a date like April 31st

A validity check - this is when data that has been input is compared to a list located permanently in the company. If they do not match the input amount is rejected

Validity and limit tests are both tests that ensure the accuracy of processing - therefore they are both processing controls

Question 4

What is private key for encryption and what are its disadvantages

Answer 4

It a tiny bit of code that is used in asymmetric encryption used to transform an encrypted message into a readable format

one disadvantage is that both a sender and a receiver must have the key for it to work

Question 5

Activity logs that indicate failed transactions provide information on what

Answer 5

They provide documentation about the existence of transactions that become part of the audit trail

Its an essential element of the audit trail in an EDI system

Question 6

What is an integrated test facility and what does it allow you to do

Answer 6

You run fictitious transactions through a client’s system along with the client’s data to make certain that it is receiving the same treatment .

You can compare the actual results to the expected results.

Question 7

What happens in a parallel simulation

Answer 7

This is when you run the client’s data through an auditor developed software packaged.

Auditor can then compare the results to see if the client’s system processed the data similarly

Question 8

What is current or concurrency control and an example

Answer 8

This is a control that allows users to access limited resources on a first come - first serve basis and lock out all remaining once capacity has been filled

Example - Airline reservations. Passenger 1 - hits enter 2 seconds before passenger 2 locking 2 out of the last seat

Question 9

What is a compensating control

Answer 9

this is a tat security measure that compensates for some other security measure that is deemed too difficult or impractical to implement

Question 10

What is a data entry control?

Answer 10

A data entry control validates data

Question 11

EDI

Answer 11

• Transactions are all uniformly formatted - using strict standards
• Still will use software maintenance agreement because will need to update the software periodically
• It is regulated by contract law - like all ordinary commerce
• If you use a VAN to do your EDI - value added network - the cost is higher than using the internet because a VAN is privately owned

Question 12

What does a systems analyst do

Answer 12

They are responsible for the DESIGN of the system

• need to make sure there is adequate documentation so that if the system analyst leaves someone else can follow their work

Question 13

What is a definition of cloud computing

Answer 13

t is a model that allows organizations to use the internet to access and use services on remote third-party technology infrastructure

Question 14

what is virtualization

Answer 14

This is a model where several virtual servers run on one physical host.

It is used for rapid application deployment

Question 15

What is a VPN

Answer 15

Virtual Private Network

Using a VPN you can access network resources from remote locations

Question 16

What techniques are used to see if all data has been processed

Answer 16

record counts and hash totals

Question 17

Why and how do you use redundant data checks

Answer 17

Redundant data checks compare datant from two or more files to determine if they match

This is to make sure the computer has read the data properly

Question 18

How do you use check digit verification

Answer 18

This is one digit in a number that is created from a mathematical formula from other number in the field

It is used to identify inappropriate information in the field - lie a invalid product number

Question 19

What is an input control and what are examples

Answer 19

An input control are computer controls designed to provide reasonable assurance that transactions are:

• properly authorized before being processed by the computer
• accurately converted before being recorded on the computer
• and that is they are inaccurate are rejected, or corrected

Example - Edit Check - this is used to test the validity of data entered into a program for processing

Question 20

What is a mirrored web server

Answer 20

This is a complete duplicate of a computer system

• it can be put into service immediately
• it provides the best assurance of service continuity in the event of a natural disaster

Question 21

Why do you use cryptocurrency - bitcoin

Answer 21

It allows customers to pay for goods or services from a website while maintaining financial privacy

It uses an intermediary so that you do not have to expose any sensitive or private credit or bank account information

Question 22

What is a sight draft

Answer 22

A sight draft is a type of bill or exchange - the exporter holds the title of the goods transferred until the importer receives and pays for them

Question 23

What are application controls

Answer 23

These are designed to ensure that an individual computer application or process performs properly

It is particular to a specific process or subsystem

Question 24

What is a VAN and what does it do

Answer 24

Value added net work - it is privately owned

• it is a way to link different companies computer files together
• It routes datait transactions between trading partners
• It is more expensive that the plain internet because it is private
• its a private data communication system between business partners - because it is private - it is more secure

Question 25

What is the difference between a cold, hot and warm site for disaster recovery

Answer 25

Cold - space available - but no equipment so will been d computers, and data loaded before operations can begin. It is when there is space available for operations. It would be when the delivery of duplicate computer hardware is prearranged, but not installed or read to operate.

Hot - off site location - completely ready to take over -

Warm site - it contains the hardware and equipment, but no copies of backed up data

Question 26

What is an ERP system

Answer 26

It is software that integrates all the business processes of an organization and incorporates data from all aspects of the organization’s activities

Question 27

What are some of the benefits of a EDI system

Answer 27

This is when you electronically transfer funds from one entity to another

• It reduces the time it takes to receive payment
• This shortens the business cycle
• This reduced the average and year-end receivables balances
• must rely more on Internal controls because there is decreased documentation so an auditor will need to increase testing

It uses a an inventory program which can be used to automatically send an order to a supplier when quantities in stock drop below a certain level - so it reduces stock outs

Question 28

If you want to use the internet as a commercial network what must you do

Answer 28

As a company you need to be concerned about access to company information by unauthorized users - so you need to use firewalls

Question 29

What are example of preventive, detective and corrective controls

Answer 29

Preventive - access controls to prevent unauthorized individuals from accessing the system

Detective - hash total is a detective contro. Echo check sis one as well (this is when you send the transmitted data back to the point of origin to compare it to the original data)

Corrective - contingency planning - designed to correct an error or irregularity and minimize consequences

Question 30

What is in a systems specification document

Answer 30

This details what the program will do and how it will operate. Included are the data elements needed of rte program to operate properly

Question 31

What are the control risks associated with micro computers

Answer 31

• Data and software are generally more accessible in a microcomputer environment so unauthorized individuals can more readily access records and modify software

A micro computer is a small computer like a pc

Question 32

What are general controls for a computer system

Answer 32

They ensure the integrity of software and data files in the environment where computer systems are developed, maintained, and operated.

Biometric devices are an example

Question 33

What do you use to detect unauthorized program changes

Answer 33

examine source code or program documentation to see if changes have been made

Question 34

What is translation software and when is it used

Answer 34

It is needed to convert transactions from the entity’s internal former to a standard EDI format

• electronic data format
• this is a computer to computer exchange of business documents using a standard electronic format between business partners

Question 35

What is continuity planning

Answer 35

It focuses on how a company can most effectively restore and continue business operations following a disaster

Question 36

What is capacity planning

Answer 36

this refers to an IT function of optimizing IT infrastructure across the organization

Question 37

The design if an effective management reporting system

Answer 37

• The types of decisions tpo be made has the biggest impact on the design of a system
• If there is a lot of variability in decisions making the system will need to be more flexible
• most systems are very scalable so the number of transactions, users or regulatory agencies has little impact on the system’s design

Question 38

What is a systems development life cycle

Answer 38

1 - planning

2 - analysisi

3 - design

4- development

5 - testing

6 - implementation

7 - maintenance

Question 39

What are some of the risks of ding an audit in an IT environment

Answer 39

Manual intervention - this the ability of someone to alter files by bypassing programs

Over-reliance - this is the risk that results will be accepted when it is the output of an IT system despite lack of support

Access - this is the risk that someone will get access to the system to destroy or alter data

Question 40

What is COBIT 5

Answer 40

This is the seamless integration of the system for governing IT with the system for governing the enterprise.

This is then applied to all components of the enterprise involved in the processing of information - internally or externally

Question 41

What is one of the most significant concerns for an auditor evaluating internal controls of an entity that processes sales transactions on the internet

Answer 41

The potential for computer disruptions in recording sales

This could result in unrecorded or unfulfilled sales

Question 42

What is message encryption software

Answer 42

This is software that encodes messages so that they can only be read by those who know or have a ket.

It increases security but adds costs to the system

Question 43

What is a three-tired architecture for client/server applications

Answer 43

desktop client

application

database

Question 44

What is a distributed processing environment -

Answer 44

This is when various processes are performed separately by the individuals responsible for them in their locations and are integrated into a central system

It is most beneficial with large volumes of data are generated at many locations and fast access is required

they avoid time delays associated with sending large amount of data to and from any central location

Question 45

What is a hash total

Answer 45

It is a number with no intrinsic meaning, but is used solely to determine that all transactions have been recorded

Invoice number added up

Question 46

A payroll processing system is described as

Answer 46

TPS - Transaction processing system

Question 47

What is an application firewall and why would you use them

Answer 47

• they offer more control over application access, but are more expensive and difficult to implement
• They allow additional user authentication features that protect programs and data

Question 48

what is a distributed or cooperative system

Answer 48

This is when there is no system programmer, data entry clerks, or tape librarians

Therefor the user management is the one responsible for making sure there are adequate backups made of software and data files

Question 49

What are AI info systems that learn from experience

Answer 49

Neural networks - like a brain

Case-based reasoning - its decision are made according to information stored in an archive of past cases - it learns from past experienced

Intelligent agents - Ai system that makes decisions based on rules, but can and will modify the rules as new information becomes available

Question 50

What are rule - based expert systems

Answer 50

these simply carry out programming commands which are pre-determined by the programmer - DOESNT learn from prior experience

Question 51

What is a digital signature used for

Answer 51

verify that the SENDER of the message and its content - not the recipient.

Question 52

What is the greatest risk with an EDI system

Answer 52

The risk that data may be inadvertently transmitted to unauthorized or improper users

Question 53

What are the responsibility of a system analyst

Answer 53

the installation and operating system upgrades

• the development of application programs

Question 54

What are the responsibilities of a net work administrator

Answer 54

partially responsible of rte design and implementation is security policies

• overseeing the day to day operations of the businesses networks
• this would include eh managing of remote access in a multinational organization

Question 55

What is online processing

Answer 55

This involves processing transactions and updating files as the transactions occur and provide information on a timely basis

• because it is entered as the transaction occurs -it will always be complete
• this is why inline processing provides the most accurate and complete information for decision making

Question 56

What is the test data approach

Answer 56

This involves running data compiled by the auditor through the client It system , under the auditors control

The datant will have errors and be used to determine if the client’s IT system will deal with them appropriately

only those error you are interest in are included - not all conditions

Question 57

What is an executive support system

Answer 57

Executive support systems provide senior executives with access to internal and relevant external information to assist with making non-routine decisions involving competitors, acquisitions, and business cycles.

Question 58

What duties should be separated in an IT system

Answer 58

authorization (develop or authorize a program)

data entry (recording)

custody - access to outputs

Question 59

When would you use a sequence check

Answer 59

This is used to validate for a correct expected sequence of numbers in an entry. example - renumbered payroll checks

Question 60

updating and maintaining an operating system and compilers is the responsibility of who?

Answer 60

A systems programmer

Question 61

What is a compiler

Answer 61

It is a program that converts instructions into a chosen-code form so that they can be read and executed by a computer

Question 62

Why would you use bar codes to record info on parts used by the manufacturer

Answer 62

It will reduce costs and times involved in tracing and recording the use of parts in the manufacturing process

Question 63

What do you do in mapping

Answer 63

This is used to determine which elements correspond to the standards in eh EDU system

Question 64

When do you use decoding and translation

Answer 64

This is part of the process to convert the data into the appropriate form to enable the transaction

Question 65

What is job control language and how is it used

Answer 65

• This is used in the computer’s operating system to perform scheduling, resource allocation, and data retrieval functions

Its the set of instructions for how to go about doing this

Question 66

What is a characteristic of an audit when the clients financial data is mostly electronic

Answer 66

the auditor would be concerned with the system as well as the individual transactions - therefore audit tests would be performed on a continuous basis - there would be less distinction between the phases of the audit

Question 67

What are logical views

Answer 67

This is the architectural view of the design of a system

It is a box an arrow system to see how functions within the system are connected - very high level

Question 68

What kind of segregation of duties should an applications programmer have

Answer 68

authorization -

Example: coding approved changes to a payroll system

Question 69

What does an online analytical processing system do

Answer 69

This enables users to interactively analyze data through operations such as consolidations, drill -down etc.

Question 70

What is message authentication

Answer 70

This protects the confidentiality of data by making sure that only authorized users have access and encryption

Id a system uses encryption - the system is stronger if the exception is done by physically secure hardware devices

Question 71

Why is an inventory subsidiary file likely to be a master file

Answer 71

Because it contain information that remains relatively consistent over time

Question 72

What are transactions files and examples

Answer 72

Payroll is an example of a transaction file or detail file - they contain information over a given period

Cash disbursement is another example

Cash receipts - same as well

Question 73

What is a digital certificate

Answer 73

It is an electronic document that is used to identify an individual.

It authenticate the web credentials of the sender and lets the recipient know the data is from a trusted source

Question 74

What do you do when you assess EDP control risk

Answer 74

Assessing EDP control risk is a matter that requires the application of judgement

It is not performed by software

Question 75

What is control reprocessing

Answer 75

This is when you run a client’s data through the client’s program using the auditors computer to verify that it is operating as indicated by the client

Question 76

What are example of when you would use test data ti test controls

Answer 76

• to check for missing employee numbers
• Agreement of hours per clock cards
• Time tickets with invalid job numbers

You would not use test data to check for proper approval of overtime by supervisors

Question 77

What is a parity check

Answer 77

It is a hardware control that makes certain that each piece of data has the appropriate odd or even number of data components or data bits

Question 78

What is the objective of data security control

Answer 78

It is to protect the data

such as making sure the data is stored properly and is protected for unauthorized change or destruction

Question 79

What do systems analyst do

Answer 79

they examine problems and recommend an coordinate the development of solutions

Question 80

What is the primary purpose of a DBMS - stat base management system

Answer 80

The ability to access, summarize, create, and modify information contained in an electronic database

Question 81

Colter Corp. is conducting an analysis of a potential capital investment. The project is expected to increase sales by $100,000 and reduce costs by $50,000 annually. Depreciation expense is $30,000 per year. Colter’s marginal tax rate is 40%. What is the annual operating cash flow for the project?

Answer 81

102000

By increasing income by $100,000 and decreasing costs of $50,000, the project will increase annual cash inflow by $150,000.

With depreciation of $30,000 per year, the increase in taxable income will be $120,000 per year, resulting in additional income taxes of $120,000 x 40% or $48,000. The annual operating cash flow for the project is therefore $150,000 - $48,000, or $102,000.

Question 82

Tam Co. is negotiating for the purchase of equipment that would cost $100,000, with the expectation that $20,000 per year could be saved in after-tax cash costs if the equipment were acquired. The equipment’s estimated useful life is 10 years, with no residual value, and would be depreciated by the straight-line method. Tam’s predetermined minimum desired rate of return is 12%. Present value of an annuity of 1 at 12% for 10 periods is 5.65. Present value of 1 due in 10 periods at 12% is .322.

Answer 82

5.0

To calculate an internal rate of return, Tam must determine the interest rate at which the present value of the after-tax cash savings of $20,000 per year for 10 years is equal to the initial investment of $100,000. The formula for calculating the present value is:

 $20,000 x factor = $100,000 or factor = $100,000/$20,000 = 5.0

The factor on a table of present values, Tam will select the rate at which the factor, for 10 periods, is closest to 5.0.

Question 83

An entity is examining potential investments and notes that 1-year maturity yields are higher than those for 10-year maturities. Which of the following explanations for this occurrence is best?

The short-term investments have higher liquidity and therefore carry a higher rate of interest.

The short-term investments carry a more immediate default risk premium resulting in higher rates of return.

The long-term instruments provide a longer stream of investment income and therefore carry a lower rate of return.

Investors are expecting reduced inflation in the future as reflected in the lower long-term returns.

Answer 83

Typically, long-term yields are greater than short-term yields due to a maturity premium.

If investors expect low inflation in the future, the reduced or eliminated inflation premium may offset the maturity premium.

Investments with higher liquidity typically carry a lower rate of return than investments with low liquidity.

Long-term investments can have immediate default risk.

Long-term investments typically have a higher rate of return to compensate the investor for tying up the funds for longer than short-term investments.

Question 84

A company uses its fixed assets of $1,000,000 at 95% capacity to generate sales of $2,000,000. The company wishes to generate sales of $3,000,000. What amount of additional fixed assets must be acquired, assuming that all fixed assets will operate at maximum capacity?

Answer 84

425000

Question 85

The cost of debt most frequently is measured as

Actual interest rate adjusted for inflation

Actual interest rate plus a risk premium

Actual interest rate

Actual interest rate minus tax savings

Answer 85

actual interest rate minus tax savings

Question 86

Which of the following performance measures may lead a manager of an investment center to forgo investments that could benefit the company as a whole?

Residual income.

Return on investment.

Profitability index.

Economic value added.

Answer 86

ROI

A performance measure that could lead a manager to forgo a profitable investment would focus on profit percentage instead of absolute profit.

Return on investment (ROI) measures the profitability of an investment in relation to the average invested capital.

An investment may be profitable, but if the investment would decrease the company’s overall ROI it may be forgone.

Question 87

A lender and a borrower signed a contract for a $1,000 loan for one year. The lender asked the borrower to pay 3% interest. Inflation occurred and prices rose by 2% over the next year. The borrower repaid $1,030. What is the amount worth in real terms, after inflation?

Answer 87

At a rate of inflation of 2%, $102 dollars at the end of the period are equivalent to $100 at the beginning. As a result, $1,030 at the end of the year would be equivalent to $1,030 x 100/102 or $1009.89.

Question 88

Para Co. is reviewing the following data relating to an energy saving investment proposal:

Cost $50,000
Residual value at the end of 5 years $10,000
Present value of an annuity of $1 at 12% for 5 years 3.60
Present value of $1 due in 5 years at 12% 0.57

What would be the annual savings needed to make the investment realize a 12% yield?

Answer 88

In order to realize a 12% yield, the present value of the annual savings for 5 years plus the present value of the residual value at the end of 5 years, both discounted at 12%, must be equal to the $50,000 investment. The present value of the residual value at the end of 5 years is $10,000 x .57 = $5,700. As a result, the present value of the annual savings for 5 years must be equal to the difference of $50,000 - $5,700 or $44,300. Since the present value factor for an annuity for 5 years at 12% is 3.60, the annual savings would be $44,300/3.60 = $12,306 to realize a 12% yield.