Module H

Question 0

Step 2: customer order transaction file submitted for automated processing

Answer 0

System accesses the customer master file, using the customer
name/number to ensure sale is made to approved customer

Program then accesses inventory master file to verify current
Inventory items are available at current prices

Question 1

Automated processing of sales transaction, 3 steps

Answer 1

1 customer order

2 customer order transaction file

3 automated transaction processing system

Question 2

Automated processing sales transaction step 3, 3 things

Answer 2

1 Computerized system processes order using price from inventory
Master file and quantity from customer order
2 prepares shipping document and sales invoice

3 updates sales transaction file

Question 3

What 5 circumstances must be considered by audit team for information technology environments?

Answer 3

1 possibility of input errors
2 existence of systematize rather that random processing errors
3 lack of audit trail
4 possibility of inappropriate access to computer files and programs
5 reduced human involvement in processing transactions

Question 4

The possibility of input errors

Answer 4

The need for client personnel to convert/enter info into electronic
Format introduces possibility of errors

Question 5

Existence or systematic rather than random processing errors

Answer 5

technology systems handle all transactions in an identical Manner

Can Result in accounting system erroneously processing all
Transactions

Question 6

Lack of an audit trail

Answer 6

Audit team can’t see a paper trail because all info is directly
Entered into computer system

And processing is completed electronically producing only a
Hard copy of the final result

Question 7

3 major phases in audit team’s evaluation of internal control

Answer 7

1 understanding

2 assessment

3 testing

Question 8

Understanding 2

Answer 8

1 obtain understanding of controls established by client related
To automated processing of transactions

2 document controls established by client related to automated
Processing of transactions

Question 9

Assessment

Answer 9

Consider controls established by client related to automated processing of transactions in preliminary assessment of control risk

Question 10

Testing 3

Answer 10

1 identify controls related to automated processing of transactions
To be tested and degree of compliance required
2 perform test of those controls

3 evaluate degree of compliance with stated criteria and perform
Planned substantive procedures

Question 11

Major issue introduced in automated processing of transactions is The need for audit team to understand, consider and evaluate IT controls…

Answer 11

that have been designed to mitigate risk of material misstatement
At assertion level

Question 12

General controls

Answer 12

Apply to all applications of accounting info system

Ex. Processing transactions across various cycles

Question 13

Automated application controls

Answer 13

Controls applied to specific business activities within an accounting
Info system

To address management assertions regarding the financial
Statements

Ex. Processing transactions within the revenue cycle

Question 14

Because general controls apply to all applications of an accounting information system, the effectiveness of these controls has…

Answer 14

A pervasive effect on the entity’s automated processing of

Transactions

Question 15

4 categories of general controls

Answer 15

1 program development controls
2 program change controls
3 computer operations controls
4 access to programs and data controls

Question 16

objectives of program development controls, are to provide reasonable assurance that:

acquisition or development of computer programs and software is…3

Answer 16

1 properly authorized

2 conducted in accordance with entity policies

3 supports entity’s financial reporting requirements

Question 17

objectives of program development controls, are to provide reasonable assurance that:

Appropriate users participate in…

Answer 17

Software acquisition or program development process

Question 18

objectives of program development controls, are to provide reasonable assurance that:

Programs and software are tested and…

Answer 18

Validated prior to being placed into operation

Question 19

objectives of program development controls, are to provide reasonable assurance that:

All software and programs have…

Answer 19

Appropriate documentation

Question 20

Systems development life cycle (SDLC)

Answer 20

Important program development control used by entity

Process to plan, develop and implement new accounting
Information systems (or database)

Question 21

Effective systems development life cycle SDLC controls ensure that the entity:

Follows established policies and procedures for…

Answer 21

Acquiring or developing software or programs

Question 22

Effective systems development life cycle SDLC controls ensure that the entity:

Involves users in the design of…

Answer 22

Programs, selection of prepackaged software and programs

And testing of programs

Question 23

Effective systems development life cycle SDLC controls ensure that the entity:

Tests and validates new programs and…

Answer 23

Develops proper implementation and “back out” plans

Prior to placing programs into operation

Question 24

Back out plans

Answer 24

Plans to cancel the results of processing

in the event of an error or program failure

Question 25

Effective systems development life cycle SDLC controls ensure that the entity:

Periodically reviews policies and procedures for acquiring and developing software or programs for continued…

Answer 25

Appropriateness

and modifying these policies and procedures if necessary

Question 26

Documentation for SDLC, why does the audit team evaluate controls over the documentation? 2

Answer 26

1 gain understanding of system and determine whether
documentation is adequate to support proper use of programs

2 determine whether client personnel follow standards

Question 27

Of utmost importance is whether the client has established…2

Answer 27

1 systems development

2 Documentation standards

Question 28

Program change controls, these controls are implemented by the entity to provide reasonable assurance that requests and modifications to existing programs are:

Are properly…3

Answer 28

1 authorized
2 conducted in accordance with entity policies
3 support entities financial reporting requirements

Question 29

Program change controls, these controls are implemented by the entity to provide reasonable assurance that requests and modifications to existing programs are:

Involve appropriate users in the…

Answer 29

Program modification process

Question 30

Program change controls, these controls are implemented by the entity to provide reasonable assurance that requests and modifications to existing programs are:

Are tested and…

Answer 30

Validated prior to being placed into operation

Question 31

Program change controls, these controls are implemented by the entity to provide reasonable assurance that requests and modifications to existing programs are:

Have been appropiately…

Answer 31

Documented

Question 32

Program change controls parallel those relating to…

Answer 32

Program development

Question 33

Computer operations controls,
Are concerned with providing reasonable assurance that:

processing of transactions through…

Answer 33

accounting info system is in accordance with entity’s objectives

Question 34

Computer operations controls,
Are concerned with providing reasonable assurance that:

Processing failures are resolved and do…

Answer 34

Not affect/delay processing of other transactions within the batch

Question 35

Computer operations controls,
Are concerned with providing reasonable assurance that:

Actions are taken to facilitate…

Answer 35

The backup and recovery of important data when need arises

Question 36

Systems analysts, 3 job functions

Answer 36

1 examine requirements for information

2 evaluate the existing system

3 design new/improved accounting info systems (with
specifications and documentation)

Question 37

Programmers, 2 job functions

Answer 37

1 prepare flow harts and code the logic of computer programs
Required by accounting info system designed by systems analyst

2 prepare program documentation

Question 38

Computer operators, job function

Answer 38

Operate computer for each accounting application system

According to written operating procedures found in computer
Operation instructions

Question 39

Data conversion operators, job function

Answer 39

Prepare data for machine processing

by converting manual data into machine readable form or
Directly entering transactions into the system using remote
Terminals

Question 40

Librarians, job function

Maintain control over…2

Answer 40

1 system and program documentation

2 data files and programs using processing transactions

Question 41

Control group, 3 job functions

Answer 41

1 ensures the integrity of data

2 monitors the accuracy of processing and output

3 controls distribution of output to appropriate user groups

Question 42

Separation of duties performed by systems analysts, programmers and computer operators is an important…

2) Otherwise what would this be considered?

Answer 42

General control

2) serious weakness in general control

Question 43

Anyone who designs an accounting information system should not…

Answer 43

Do technical programming work

Question 44

Only computer operators should have access to…

Answer 44

Equipment

Question 45

Computer operations controls for files and data used in processing:

The files used in automated processing are appropriate

Answer 45

Accomplished through use of external labels on portable files

And use of header and trailer labels on internal records

Question 46

Computer operations controls for files and data used in processing:

Files are secured and protected from loss

Answer 46

Accomplished by storing them in fireproof and waterproof
Locations

Also storage of back up files at offsite locations

Question 47

3 Computer operations controls for files and data used in processing

Answer 47

1 files used in automated processing are appropriate

2 files are appropriately secured and protected from loss

3 files can be reconstructed from earlier versions of info used in
Processing

Question 48

Computer operations controls for files and data used in processing:

Files can be reconstructed from earlier versions of info used in processing

Answer 48

Accomplished by creating and implementing policies to retain

Prior versions of files for specified time periods

Question 49

Access to programs and data controls

Answer 49

Provides reasonable assurance that access to programs and

Data is granted only to authorized users

Question 50

The most common form of control related to access is…

Answer 50

The use of passwords

Question 51

3 areas where separation of duties should occur

Answer 51

1 authorization to execute transactions

2 recording of transactions

3 custody of related assets

Question 52

With increasing ability of employees to access systems remotely, physical security controls are becoming…

Answer 52

Less effective in restricting access to programs and data

Question 53

Assertion: Accuracy, 3

For information technology

Answer 53

Ensuring accuracy of data and testing computer programs
Prior to implementation

Increases probability that transactions are processed properly

Ex. Program development controls, program change controls,
Computer operations controls

Question 54

Assertion: Occurrence,3

For information technology

Answer 54

Restricting inappropriate access to programs and data

reduces probability that fictitious transactions are entered into
The system and processed

Ex. Computer operations control (separation of duties), access
To program and data controls

Question 55

Program development, 2 examples

Answer 55

1 Use of systems development life cycle (SDLC) for authorization,
User involvement, testing/validation of new programs

2 appropriate documentation for new programs

Question 56

Program development, objective

Answer 56

Programs developed and software acquired by entity are consistent
With entity’s objectives

Question 57

Program change, objective

Answer 57

Modifications to existing programs are authorized and are

consistent with entity’s objectives

Question 58

4 objectives of computer operations

Answer 58

1 transactions are processed in accordance with entity’s objectives
2 appropriate files and records are used in processing transactions
3 files are appropriately secured/protected from loss
4 files can be reconstructed from previous versions

Question 59

Automated application controls

Answer 59

Applied to specific business activities within the accounting info
System to achieve financial reporting objectives

Question 60

Automated application controls are specific to…

Answer 60

Each cycle (revenue and collection, acquisition and expenditure)

Question 61

Automated application controls, function

Answer 61

Designed to ensure proper recording of activities and prevent/
Detect fraud and error for transactions within the cycles

Question 62

3 categories of automated application controls

Answer 62

1 input controls

2 processing controls

3 output controls

Question 63

Input controls

Answer 63

Designed to provide reasonable assurance that data for
processing by the computer department

Has been properly authorized and accurately entered or converted
For processing

Question 64

Input controls also provide the opportunity for entity personnel to…

Answer 64

Correct and resubmit data initially rejected as erroneous

Question 65

Input control:

data entry and formatting controls 3

Answer 65

Controls related to design of data entry interface to provide
Familiar consistent format

And reduce frequency of input errors by personnel

Ex. Pull down menus, standardized formats and screens

Question 66

Standardized formats and screens

Answer 66

Increase user familiarity with various fields

And reduce data are inadvertently input in incorrect field

Question 67

Input control:

Authorization and approval controls

Answer 67

Only properly authorized and approved input should be accepted
For processing

Question 68

Digitized signature

Answer 68

An approved encrypted password that releases a transaction

By assigning a special code to it

Question 69

Online editing and site verification (data entry and formatting control)

Answer 69

Ability of personnel to review input prior to submitting it for
Processing within the system

Question 70

Input control:

Check digits

Answer 70

Check digit is an extra number tagged onto the end of a basic
Identification number (such as employee ID or account number)

Question 71

Check digits are used to detect…

Answer 71

Coding errors or keying errors (such as transportation of digits)

Question 72

Input control:

Record counts

Answer 72

Known # of records entered can be compared to count of
Records produced by data conversion device

Ex. Number of sales transactions or count of records

Question 73

Record counts: differences between the manual counts of transactions and the number of transactions processed indicate that transactions…

Answer 73

May have been Inputted more than once

Question 74

Input control:

Batch totals

Answer 74

Sum of important quantity, Used the same way as record counts
(Ex. Total sales dollars in a batch of invoices)

Totals allow input errors to be detected prior to submission
For processing, ensure all transactions entered only once

Question 75

Input control:

Hash total

Answer 75

Similar to batch total but not meaningful for accounting records
(Ex. Sum of invoice numbers)

Allow input errors to be detected prior to submission, and all
Transactions are entered only once

Question 76

Input control:

Valid character tests

Answer 76

Input controls used to check input fields when they are supposed
To have numbered

Or alphabetic characters when they are supposed to have
alphabetic characters

Question 77

Input control:

Valid sign tests

Answer 77

Similar to valid character tests

Signed data fields are checked for appropriate positive or negative
Signs

Question 78

Input control:

Missing data tests

Answer 78

Evaluate fields to verify whether any are blank when they must
Contain data for the record entry to be correct

Question 79

Input control:

Sequence tests

Answer 79

Normally applied to evaluate input data for numerical sequence
Of documents when sequence is important for processing

Can check for missing documents in prenumbered series

Question 80

Input control:

Limit and reasonableness tests

Answer 80

Determine whether data values exceed or fall below some
Predetermined limit

Ex. Payroll application can have a limit test to flag or reject
Any weekly payroll time record of 50 or more hours

Question 81

Input control:

Error correction and resubmission procedures

Answer 81

These policies and procedures ensure identification of input
Errors on a timely basis

And correction and resubmission by appropriate personnel
For processing

Question 82

Processing controls

Answer 82

Designed to provide reasonable assurance that data processing
Has been performed accurately

without any omission or duplicate processing of transactions

Question 83

The most fundamental (yet important) processing control a client can implement is…

Answer 83

Periodically testing and evaluating the processing accuracy of its programs

Question 84

Processing control:

File and operator controls

Answer 84

Ensure proper files are used in applications,
external and internal labels can be used to identify files

Systems software should produce log at records time and be
Reviewed by personnel

Question 85

Processing control:

Run-to-run totals

Answer 85

Movement of data from one department to another is controlled

Question 86

Run-to-run totals can be…

Answer 86

Record counts, batch totals or hash totals obtained at end

Of one processing run

Question 87

Runs

Answer 87

Sequential processing operations

Question 88

Control totals

Answer 88

Record counts, batch totals, hash totals and run-to-run totals

Question 89

Processing control:

Control total reports

Answer 89

Control totals should be calculated during processing operations
And summarized in report

Total should be reconciled by entity personnel

Question 90

Processing control:

Limit and reasonableness tests

Answer 90

Programmed to ensure illogical conditions don’t occur
(Ex. Depreciating an asset below 0, calculating negative inventory
Quantity)

Important and should generate error reports for supervisor
Review

Question 91

Processing control:

Error correction and resubmission procedures

Answer 91

Controls related to identification of errors/unusual conditions
Encountered in processing transactions on timely basis

Correction and resubmission for processing should be implemented
As transactions are processed

Question 92

Output controls

Answer 92

Represent final check of accuracy of results of automated
Transaction processing

Designed to provide reasonable assurance that only authorized
Persons receive output

Question 93

Output controls are concerned with…

Answer 93

Detecting errors rather than preventing errors

Question 94

Preventing errors is the focus of…

Answer 94

Input and processing controls

Question 95

Output control:

Review of output for reasonableness

Answer 95

Individual knowledgeable about nature of transactions and
Processing should perform overall review of output for
reasonableness

Helps detect systematic errors

Ex. Employee gets paid 10 times their normal salary

Question 96

Output control:

Control total reports

Answer 96

Control totals produced as output should be compared
And reconciled to input and run-to-run control totals

Independent data control group should be responsible for
Reviewing output control totals and investigating differences

Question 97

Output control:

Master file changes

Answer 97

Master files are updated during transaction processing

Any changes should be authorized by entity and reported
In detail to user department

Question 98

Output distribution

Answer 98

Systems’ output should only be distributed to persons authorized
To receive the output

A distribution list should be maintained and used to deliver
Report copies

Question 99

Management assertions for technology:

Accuracy 2

Answer 99

Input of individual transactions and data is accurate

Processing transactions is accurate

Question 100

Management assertions for technology:

Completeness

Answer 100

All transactions are entered

Question 101

Management assertions for technology:

Occurrence

Answer 101

Transactions are entered only once

Question 102

How audit team assesses control risk of IT environment 4

Answer 102

1 identify types of misstatements that can occur in significant
Accounting applications
2 identify points in flow of transactions where specific types of
Misstatements could occur
3 identify specific control procedures designed to prevent/detect
Misstatements
4 evaluate design of control procedures to determine whether
The design suggests a low control risk and whether controls are
Cost effective

Question 103

4 methods of testing operating effectiveness of controls

Answer 103

1 inquiry
2 observation
3 document examination
4 reperformance

Question 104

Type of general control: program development

Method of testing?

Answer 104

Examine documentation related to development of programs

Question 105

Type of general control: program change

Method of testing?

Answer 105

Examine documentation related to proper authorization for program changes and implementation of those changes

Question 106

Type of general control: computer operations

Method of testing? 2

Answer 106

1 observe separation of duties of systems analysts, programmers,
Computer operators

2 examine documentary evidence regarding use of backup
And file reconstruction techniques

Question 107

Type of general control: access to programs and data

Method of testing? 2

Answer 107

1 examine documentary evidence related to authorization for
accessing programs and data

2 observe the use of passwords required to access programs
And data

Question 108

Type of automated application control: input

Method of testing? 2

Answer 108

1 inquire, observe or examine documentary evidence regarding
The use of various input controls

2 examine documentary evidence related to the resolution
Of errors identified by input controls

Question 109

Type of automated application control,
Method of testing-Processing:

Inquire, observe, or examine documentary evidence that the client…

Answer 109

Periodically tests programs for processing accuracy

Question 110

Type of automated application control,
Method of testing-Processing:

Through reperformance, test the…

Answer 110

Client’s programs for processing accuracy

Question 111

Type of automated application control,
Method of testing-Processing:

Inquire, observe, or examine documentary evidence regarding use of…

Answer 111

Various processing controls

Question 112

Type of automated application control,
Method of testing-Processing:

Examine documentary evidence related to the resolution of…

Answer 112

Errors or unusual conditions identified during processing

Question 113

Type of automated application control,
Method of testing-Output:

Inquire, observe, or examine documentary evidence that the client…

Answer 113

Reviews output for reasonableness

Question 114

Type of automated application control,
Method of testing-Output:

Examine documentary evidence related to use of control…

Answer 114

Total reports and reconciliation of those reports to input and
Run-to-run totals

Question 115

Type of automated application control,
Method of testing-Output:

Examine documentary evidence related to authorization for…

Answer 115

Changes in master file information

Question 116

Type of automated application control,
Method of testing-Output:

Observe, inquire, or inspect documentary evidence related to limited…

Answer 116

Distribution of output to identified users

Question 117

End users

Answer 117

Individuals who use personal computers, laptops, tablets

And other portable computing devices

Question 118

End user computing environments introduce the 4 control issues that the audit team must consider

Answer 118

1 lack of separation of duties
2 lack of physical security
3 lack of program documentation and testing
4 limited computer knowledge

Question 119

Lack of program documentation and testing

Answer 119

Because users often modify or adapt existing programs for
Their own use,

End user computing environments are often characterized by
A lack of appropriate program documentation and testing

Question 120

Limited computer knowledge

Answer 120

Extensive reliance on packaged software and utility programs
In end user environments

May result in personnel having limited computer knowledge

Question 121

Computer operations controls

Answer 121

Involve limiting concentration of functions (separation of duties)

Establish proper supervision over individuals performing these
Functions

Question 122

With respect to separation of duties, 2 compensating controls that increase the likelihood of accurate processing

Answer 122

1 comparison of manual control totals with totals from computer
Output

2 careful inspection of output for accuracy

Question 123

Usefulness of computer operations controls:

Joint operation of…

Answer 123

Computerized processing by 2 or more individuals

Question 124

Usefulness of computer operations controls:

Rotation of…

Answer 124

Assigned duties among individuals

Question 125

Usefulness of computer operations controls:

Comparisons of computer use time to…

Answer 125

Averages or norms and investigation of excess usage

Question 126

Usefulness of computer operations controls:

Proper supervision of…

Answer 126

Computer operations

Question 127

Usefulness of computer operations controls:

Required…

Answer 127

Vacations for all individuals

Question 128

In end user computing environments, the most important controls are those over…

Answer 128

Online data entry (accounting transactions)

Question 129

3 data entry controls

Answer 129

1 restrictions on access to input devices

2 standard screens and computer prompting

3 online editing and sight verification

Question 130

Restrictions on access to input devices 3

Answer 130

1 locking terminals

2 requiring use of passwords for access

3 using automatic terminal log off

Question 131

4 important processing controls, to ensure appropriate processing of data

Answer 131

1 transaction logs
2 control totals
3 data comparisons
4 audit trail

Question 132

Transaction logs

Answer 132

Transaction entry through terminal should be captured
automatically in computerized log

Transaction logs for each terminal should be summarized into
Equivalent batch totals

Question 133

Control totals

Answer 133

Master files should contain records that accumulate the number
Of records and batch totals

Update processing should automatically change these control
Records

Question 134

Data comparisons

Answer 134

Summary of daily transactions and the master file control
Totals from computer

Should be compared to manual control totals maintained
By accounting department

Question 135

Audit trail

Answer 135

Transaction logs and periodic dumps of master files should

Provide audit trail and means for recovery

Question 136

Service organizations

Answer 136

Because of lack of expertise and cost benefit analysis entities
May outsource specialized data processing to service organizations

Question 137

Computer abuse AKA Computer fraud

Answer 137

Use of information technology by perpetrator to achieve gain

At expense of victim

Question 138

Prevention controls

Answer 138

Keep errors and frauds from entering the system

Question 139

Detection controls

Answer 139

Designed to discover frauds, should they get past the prevention
Controls

Question 140

Damage-limiting controls

Answer 140

Designed to limit damage if fraud does occur

Question 141

Administrative level controls

Answer 141

Affect the management of an entity’s computer resources

Limit nature and scope of activities personnel can perform

Question 142

Physical controls

Answer 142

Affect computer equipment and related documents

Question 143

Technical controls example

Answer 143

Encrypting data

Question 144

Computer forensics

Answer 144

Science of acquiring, preserving, retrieving and presenting data
That have been processed electronically

and stored in computer database

Question 145

Using computer forensics, when computer hard drives are used
as storage media evidence can be…

Answer 145

retrieved even when data is deleted