SIM Week 1-3

Question 1

a tool used by auditors to

determine irregularities from the given data.

Answer 1

CAATS or Computer-Assisted Audit Techniques

Question 2

What is the meaning of CAATs

Answer 2

Computer-Assisted Audit Techniques

Question 3

are tools used by auditors as part of
their audit procedures to process data of audit significance contained in an entity’s computer
systems.

Answer 3

Computer-Assisted Audit Techniques

Question 4

True or False:

Advantage of CAATS
a. Independently access the data stored on a computer system without dependence on
the client
b. Test the reliability of client software
c. Decrease the accuracy of audit tests
d. Perform audit tests less efficiently, which in the long-term will result in a more costeffective audit.

Answer 4

A. True
B. True
C. False
D. False

Question 5

True or False

Disadvantages of CAATS

CAATs can be expensive and time consuming to set up, the software must either be
purchased or designed (in which case specialist IT staff will be needed);

Answer 5

True

Question 6

True or False

Disadvantages of CAATS

Client permission and cooperation are very easy to obtain

Answer 6

False

Question 7

True or False

Disadvantages of CAATS

Potential compatibility with the client’s computer system

Answer 7

False

Question 8

True or False

Disadvantages of CAATS

The audit team may not have sufficient IT skills and knowledge to create the complex
data extracts and programming required

Answer 8

True

Question 9

True or False

Disadvantages of CAATS

The audit team may not have the knowledge or training needed to understand the
results of the CAATs

Answer 9

True

Question 10

True or False

Disadvantages of CAATS

Data may be corrupted or lost during the application of CAATs.

Answer 10

True

Question 11

Three Classifications of CAATs

Answer 11

1. Audit Software
2. Test Data
3. Other techniques

Question 12

generic term used to describe computer programs designed to carry
out tests of control and/or substantive procedures

Answer 12

Audit Software

Question 13

consist of pre-prepared generalized programs used by auditors and are not
‘client specific

Answer 13

Package Programs

Question 14

These programs are usually ‘client specific’ and may be used to carry out tests of
control or substantive procedures

Answer 14

Purpose written programs

Question 15

Programs used in any event the audit firm’s audit plan should ensure that provision is made to ensure
that specified programs are appropriate for a client’s system and the needs of the
audit.

Answer 15

Purpose written programs

Question 16

used to re-perform computerized control procedures or perhaps to carry out an aged analysis of 
trade receivable (debtor) balances.

Answer 16

Purpose written programs

Question 17

These programs are integral to the client’s accounting system; however, they may
be adapted for audit purposes

Answer 17

Enquiry programs

Question 18

used to test the existence and effectiveness of controls built into an
application program used by an audit client. As such, dummy transactions are
processed through the client’s computerized system. The results of processing are
then compared to the auditor’s expected results to determine whether controls are
operating efficiently and systems’ objectiveness are being achieved.

Answer 18

Audit test data

Question 19

To avoid the risk of corrupting a client’s account system, by processing test data with
the client’s other ‘live’ data, auditors may instigate special ‘test data only’ processing
runs for audit test data. The major disadvantage of this is that the auditor does not
have total assurance that the test data is being processed in a similar fashion to the
client’s live data. To address this issue, the auditor may therefore seek permission
from the client to establish an _________

Answer 19

Integrated test facilities

Question 20

Common CAATs Software

Answer 20

a. Spreadsheets (ActiveData for Excel)
b. Access
c. SAS
d. Generalized Audit Software (e.g. ACL, Arbutus, EAS)
e. Business Intelligence ( e.g. Crystal Reports and Business Objects)

Question 21

Threats to Accounting Information Systems

Answer 21

a. Natural and Political Disasters
b. Software and Hardware Error
c. Unintentional Acts
d. Intentional Acts or Computer Crimes

Question 22

Fraud Triangle

Answer 22

IRO

Intentional
Rationalization
Opportunity

Question 23

Approaches to Computer Fraud

Answer 23

1. Auditing around the computer (black-box approach)

2. Auditing through the computer (white-box approach

Question 24

the auditors test the reliability of the information generated by the
system. The auditors will calculate the expected result of such information give and
compared it to the output generated by the system. If the expected result of the auditor
is the same with the generated output of the system, the auditor will assume the
effectiveness of the system.

Answer 24

Auditing around the computer (black-box approach)

Question 25

The auditor does not need thorough knowledge of the system’s internal logic and the
systems are not interrupted for the purpose of auditing. This is only effective if the
company has a simple system application

Answer 25

Auditing around the computer (black-box approach)

Question 26

In this approach, the auditor will need thorough understanding of the system of the
company. Test cases may be created to test the effectiveness of system’s logic and
controls of the system.

Answer 26

Auditing through the computer (white-box approach)

Question 27

the auditor uses a set of input data, valid or invalid, to

validate the system.

Answer 27

Test data technique

Question 28

the auditor writes a computer program to reprocess the
past data of the firm and generate results. The result from simulation will be
compared to actual results of the company’s system to validate the system.

Answer 28

Parallel simulation

Question 29

the auditor will create fictitious situations through
the systems within the normal operations in order to test the reliability of the
system.

Answer 29

ITF or integrated test facility

Question 30

this is a programmed audit module added to
the company’s system that enables auditor to collect data over online
transactions. This requires computer programming skills to auditors.

Answer 30

EAM or embedded audit module

Question 31

Computer Fraud:

most simple and safe common types of computer abuses.
This is also termed as data diddling and often adopted by persons who are authorized
a certain data for specific purpose like entry, examination, encoding, or transmitting
data.

Answer 31

False data entry

Question 32

when a person get the password and identification
of the authorized user and use it to access computer systems and damage the security
of the information.

Answer 32

Impersonation

Question 33

his a program the create instructions to perform unauthorized act or
functions. This is one of the most difficult to identify the perpetrators.

Answer 33

Trojan horses

Question 34

unnoticed because of low value. The
rounding off of value downward is not noticed easily because per rounding off the
value involved is very low and manual computation for verification is quite
cumber-some. The fractions of rounding off are then automatically accumu-lated in
some other account that can be accessed by the abuser without hurdles.

Answer 34

Salami techniques

Question 35

where an unauthorized access of information
is obtained through with the exchange of information and authentication through the
server information.

Answer 35

Piggybacking

Question 36

It is a utility program generally to authorized emergency access due
to inaccessibility of the system to authorized users. Therefore, it acts as the
master key that bypasses the normal security routines.

Answer 36

Super-zapping

Question 37

It involves searching trash copies or carbon papers of computer listings.
Some software has temporary files that are overwritten that may copied by
unauthorized users

Answer 37

Scavenging

Question 38

During the development of software, programmers leave breaks in the
code as debugging aids that may remain inad-vertently or intentionally in the final
programs. These unexpected and incomplete instructions in program code and
unused param-eters in the code may be misused for Trojan Horses or for false data
entry.

Answer 38

Trapdoors

Question 39

It is set of instructions that are executed when a given condition is
satisfied. Sometimes, programmers include instructions in the code that would
perform unauthorized functions.

Answer 39

Logic bomb

Question 40

also called a wire spying – is also a threat to security of computer
networks.

Answer 40

Wiretapping

Question 41

a self-replicating program that runs and spreads by modifying other programs
or files.

Answer 41

Virus

Question 42

self-replicating, self-propagating, self-contained program that uses
networking mechanisms to spread itself.

Answer 42

Worm

Question 43

unauthorized copying of data files

Answer 43

Data leakage

Question 44

theft of storage media such as floppy disks, cartridge tapes,
USBs, CDs, etc.

Answer 44

Theft of storage media

Question 45

sending unsolicited information in bulk.

Answer 45

spam

Question 46

the prevention of authorized access to resources or

delaying the time-critical operations.

Answer 46

Denial-of-service (DoS)

Question 47

software secretly installed in the system to gather information of the
organization.

Answer 47

Spyware

Question 48

sending a network packet that appears to come from original source

Answer 48

Spoofing

Question 49

manipulating someone to take certain action that may not be in
that best person’s interest.

Answer 49

Social engineering

Question 50

a collection of software robots that overruns computers to act automatically
in response to the bot-herder’s control inputs through the Internet.

Answer 50

Botnet