lOMoARcPSD|47945818

lOMoARcPSD|47945818

Auditing in CIS Environment REVIEWER

Auditing Theory – Multiple Choice

1. Which of the following statements is not correct?

a. There is no distinction between the audit concept applicable to complex electronic data processing
and those applicable to non-complex systems.
b. When a computers or other aspect of EDP Systems are introduced, standards on auditing and their
interpretations, the Code of Professional Conduct, legal liability, and the basic concepts of evidence
accumulation remain the same.
c. Most EDP-based accounting system rely extensively on the same type of procedures for control that
are used in non-complex systems.
d. The specific methods appropriate for implementing the basic auditing concepts do not change as
systems become more complex.

2. Which of the following is not a characteristic on an on-line processing system?

a. Master files are updated at the time the entry is made.
b. Output of the date files is available on request.
c. Programing is not allowed on-line and must be done separately.
d. Display terminals are used for input and output purposes.

3. When the computing function is apportioned among CPUs spread geographically and connected by a
communications system, it is called a. On-line processing
b. Distributed processing
c. Processing with communications systems.
d. Off-line processing

4. A data base management system

a. Physically stores each element of data only once.
b. Stores data on different files for different purposes, but always knows where they are and how to
retrieve them.
c. Allows quick retrieval of data but at a cost of inefficient use of file space.
d. Allows quick retrieval of data but it needs to update files continually.

5. Complex operating systems

a. Allow different functions to carried out simultaneously.
b. Manage the application of one function at a time.
c. Save energy by keeping the CPU idle while other functions are being performed.
d. Are fast but at a cost of inefficiency.
 lOMoARcPSD|47945818

6. Which of the following is not an advantage of converting form a manual to an EDP system? a. It is
usually centralizes data.
b. It permits higher quality control over operations.
c. It may eliminate the control provided by division of duties of independent persons who perform
related functions and compare results.
d. It may take the record-keeping function and the document preparation function away from those
who have custody of assets and put those functions into the EDP Center.

7. In comparing the control environment in complex versus non-complex EDP Systems, the control
environment in complex EDP System is
a. More critical because there is a greater potential for errors an irregularities.
b. Less critical because the complexity ensures that control will be built into the system.
c. More critical because of the high degree of technical competence reeded by the programmers and
operators.
d. Less critical because non-expert do not have the opportunity to interact with the system and mess it
up.

8. A control which relates to all parts of the EDP System is called a(n)
a. System Control
b. General Control
c. Application Control
d. Universal Control

9. Controls which apply to a specific use of the system are called

a. System controls
b. General Controls
c. Applications Controls
d. User Controls

10. Which of the following is not a general control?

a. The plan organization and operation of EDP activity.
b. Procedures for documenting, reviewing and approving systems and program c. Processing Control
d. Hardware Control

11. Which of the following is not an example of an applications controls?

a. An equipment failure causes an error message on the monitor.
b. There is a preprocessing authorization of the sales transactions.
c. There are reasonableness test for the unit selling price at a sale.
d. After processing all sales transactions are reviewed by the sales department.
 lOMoARcPSD|47945818

12. Controls which are built in by the manufacturer to detect equipment failures are called. a. Input controls
b. Hardware controls
c. Manufacturer’s Controls.
d. Fail/safe controls.

13. Auditors usually evaluate the effectiveness of

a. Hardware control first,
b. Sales cycle control first.
c. General Control before application controls
d. Application control first.

14. Which of the following is not an input control?

a. Proper authorization of transactions
b. Control total
c. Check digits
d. Adequate documents.

15. Control which are designed to assure that the information processed by the computer is valid, complete
and accurate are called. a. Input controls
b. Processing controls
c. Output controls
d. General controls

16. Which of the following is not a processing control?

a. Control Totals
b. Logic Tests
c. Check digits
d. Compensation tests.

17. The most important output control is

a. Distribution control, which assures that only authorized personnel received the reports generated by
the system.
b. Review of the data for reasonableness by someone who knows what the output should look like.
c. Control totals, which are used to verify that the computer’s results are correct.
d. Logic test, which verify that no mistakes were made in processing .

Downloaded by lisa cogollodo (lisalibertino8@gmail.com)

 lOMoARcPSD|47945818

18. The objective of understanding that internal control structures and assessing control risk in an EDP
system is
a. To aid in determining the audit evidence that should be accumulated.
b. To gain an understanding of the computer hardware and software.
c. To evaluate management’s efficiency in designing and using the EDP system.
d. To determine it the CPA firm must have an EDP Auditor on the team. e.
19. In order to gain an understanding of client’s internal control structure of the EDP system, it is common to
start by obtaining preliminary information from three major sources. Which of the following is not one
of those sources? a. Flowcharts.
b. EDP questionnaires
c. Error listings generated by the system
d. Written descriptions of the system prepared by the audit.

20. Should the auditor feel, after obtaining an understanding of the EDP internal control structure, that
control risk cannot be reduced, he or she will a. Issue a disclaimer
b. Issue an adverse opinion
c. Increase the sample size for tests of controls.
d. Expand the substantive testing portion of the audit.

21. When client uses a computer but the auditor chooses to use only the non-EDP segment of the internal
control structure to assess control risk, it is referred to as auditing around the computer. Which one of
the following conditions need not be present in order to audit around the computer? a. The source
documents must be available in a non-machine language.
b. The documents must be filed in a manner that makes it possible to locate them.
c. Computer program must be available in English.
d. The output must be listed in sufficient detail to enable the auditor to trace individual transactions.

22. The auditor’s objective to determine whether the client’s computer program can correctly handle valid
and invalid transaction as they arise is accomplished through the a. Test data approach
b. Generalized audit software approach.
c. Microcomputer-aided auditing approach
d. Standard on Auditing.

23. Which of the following is not a shortcoming of the test data approach?
a. Test data must include all relevant conditions the auditor desires to test.
b. The program tested by the auditor must be the program that client used throughout the year.
 lOMoARcPSD|47945818

c. Test data must be removed from client’s record after processing

d. The auditor knows all the error that exist in the test data.

24. In circumstances in which elimination of test data from client’s record is not feasible, it is common
practice for auditor to
a. Enter only valid data that does not have to be removed.
b. Enter only invalid data, realizing these tests are incomplete.
c. Use all the test data and allow the fictitious data to remain in client’s records.
d. Change methods and just use inquiry of client.

25. The audit approach in which the auditor runs his/her own program on a controlled basis in order to
verify the client’s data recorded in a machine language is a. Test data approach
b. The generalized audit software approach.
c. The microcomputer-aided auditing approach.
d. Called auditing around the computer.

26. The auditor’s computer program approach and the test data approach
a. Are complementary
b. Are mutually exclusive
c. Are incompatible
d. Must be used simultaneously

27. The auditor can perform many different kinds of tests and other functions with the auditor’s computer
program. Which of the following tests or functions could not be performed?
a. Analyze exception responses returned with confirmation received from customers. b.
Verify extension and footings.
c. Compare data on separate files.
d. Re-sequence data and perform analyses.

28. Which of the following is not an advantage of generalized audit software (GAS) programs?
a. The audit staff can be quickly trained to use them with little formal EDP education.
b. A single program can be applied to a wide range of tasks.
c. They operate at a very efficient processing speed.
d. They often can accumulate sufficient competent evidence at a reduce cost.

29. Generalized Audit Software

a. Is a method of verifying the client’s data which is recorded in a machine language.
b. Is often used even when client’s data are not computerized.

Downloaded by lisa cogollodo (lisalibertino8@gmail.com)

 lOMoARcPSD|47945818

c. Is used when client’s software is not compatible with the auditors.

d. Can be used for all three of the above.

30. Many clients now have their data processed at an independent computer service center rather than
have their own computer. The difficulty the independent auditor faces when a computer service center
is used is
a. Gaining the permission of the services center to review their work.
b. Finding compatible programs that will analyze the service centers programs.
c. In trying to abide by the Code of Professional Conduct to maintain the security and confidentiality of
client’s data.
d. In determining the adequacy of the service center’s internal controls.

31. Internal control is inefficient when computer department personnel

a. Participate in computer software acquisition decision.
b. Design documentation for computerized systems.
c. Originate changes in master files.
d. Provide physical security for program files.

32. Mathew Corp., has changed from a system of recording time worked on clock cards to a computerized
payroll system in which employees record time in and out with magnetic cards. The EDP system
automatically updates all payroll records. Because of this change a. A generalized computer audit
program must be used.
b. Part of the audit trail is altered.
c. The potential for payroll related fraud is diminished.
d. Transactions must be processed in batches.

33. Error in data processed in a batch computer system may not be detected immediately because
a. Transaction trails in a batch system are available only for a limited period of time.
b. There are time delays in processing transaction in a batch system.
c. Error in some transactions cause rejection of other transaction in the batch.
d. Random errors are more likely in a batch system than in an online system.

34. When EDP programs or files can be accessed from terminals, users should be required to enter a(n) a.
Parity check
b. Personal identification code
c. Self-diagnosis test
d. Echo check
 lOMoARcPSD|47945818

35. An auditor who is testing EDP controls in a payroll system would most likely use test data that contain
conditions such as ‘
a. Deductions not authorized by employees.
b. Overtime not approval by supervisors.
c. Time tickets with invalid job numbers.
d. Payroll checks with unauthorized signatures.

36. Which of the following is not a major reason why an accounting audit trail should be maintained for a
computer system?
a. Monitoring purposes
b. Analytical procedures
c. Query answering
d. Deterrent to irregularities

37. Which of the following computer-assisted auditing techniques allows fictitious and real transactions to
be processed together without client operating personnel being aware of the testing process? a. Parallel
simulation
b. Generalized audit software programming
c. Integrated test facilities
d. Test data approach

38. When an accounting application is processed by computer, an auditor cannot verify the reliable
operation of programmed control procedures by
a. Manually comparing detail transaction files used by an edit program to the program’s generated
error listing to determine that errors were properly identified by the edit program.
b. Constructing a processing system for accounting applications and processing actual data from
throughout the period through both the client’s program and the auditor’s program.
c. Manually re-performing, as of a point of time, the processing of input data and comparing the
simulated results to actual results.
d. Periodically submitting auditor-prepared test data to the same computer process and evaluating the
results.

39. To obtain evidence that user identification and password controls are functioning as designed, an auditor
would most likely
a. Attempt to sign-on to the system using invalid user identifications and password.
b. Write computer program that stimulates the logic of the client’s access control software.
c. Extract a random sample of processed transactions and ensure that the transactions were
appropriately authorized.

Downloaded by lisa cogollodo (lisalibertino8@gmail.com)

 lOMoARcPSD|47945818

d. Examine statements signed by employees stating that they have not divulged their user
identifications and passwords to any other person.

40. An Auditor flow chart of a client’s accounting system is a diagrammatic representation that depicts the
auditor’s
a. Program for test of controls
b. Understanding of the system
c. Understanding of the types of irregularities that are probable, given the present system.
d. Documentation of the study and evaluation of the system.

41. Computer system are typically supported by a variety of utility software packages that are important to
an auditor because they
a. May unable unauthorized changes to data files if not properly controlled,
b. Are very versatile programs that can be used on hardware of many manufacturers.
c. May be significant components of a client’s application
d. Are written specifically to enable auditors to extract and sort data.

42. The possibilities of erasing a large amount of information stored on magnetic tape most likely would be
reduced by the use of
a. File protection rings
b. Check digits
c. Completeness tests
d. Conversion verification.

43. Which of the following is not a characteristic of a batch processed computer system?
a. The collection of like transactions that are sorted and processed sequentially against a master file?
b. Keypunching of transactions, followed by machine processing.
c. The production of numerous printouts
d. The posting of a transactions, as it occurs, to several files, without intermediate printouts.

44. An auditor’s investigation of a company’s electronic data processing control procedures has disclosed
the following four circumstances. Indicate which circumstances constitutes a weakness in internal
control.
a. Machine operators do not have access to complete run manual.
b. Machine operators are closely supervised by programmers.
c. Programmers do not have the authorization to operate equipment.
d. Only one generation of back-up files is stored in an off-premises location.
 lOMoARcPSD|47945818

45. When an on-line, real-time (OLRT) electronic data processing system is in use, internal control can be
strengthened by
a. Providing for the separation of duties between key punching and error listing operations.
b. Attaching plastic file protection rings to reels of magnetic tape before new data can be entered on
the file.
c. Preparing batch totals to provide assurance that files updates are made for the entire input.
d. Making a validity check of an identification number before a user can obtain access to the computer
files.

46. If a control total were to be computed on each of the following data items, which would be best
identified as a hash total for a payroll EDP application?

a. Net pay. c. Hours worked

b. Department numbers d. Total debits and credits

47. A computer programmer has written a program for updating perpetual inventory records. Responsibility
for initial testing (debugging) of the program should be assigned to the
A. EDP department control group
B. Internal audit control group
C. Programmer
D. Machine operator

48. Partially check, read-after-write checks and duplicate circuitry are electronic data processing controls
that are designed to detect
a. Erroneous internal handling of data
b. Lack of sufficient documentation for computer processes.
c. Illogical programming commands.
d. Illogical uses of hardware.

49. A control features in an electronic data processing system requires the central processing unit (CPU) to
send signals to the printer to activate the print machine for each character. The mechanism, just prior to
printing sends a signal back to the CPU verifying that the proper print position has been achieved. This
type of hardware control is referred to as a. Echo control
b. Validity control
c. Signal control
d. Check digit control

Downloaded by lisa cogollodo (lisalibertino8@gmail.com)

 lOMoARcPSD|47945818

50. In an electronic data processing system, automated equipment controls or hardware controls are
designed to
a. Arrange data in a logical sequential manner for processing purposes,
b. Correct errors in the computer programs
c. Monitor and detect errors in source documents.
d. Detect and control errors arising from use of equipment.

51. An advantage of manual processing is that human processor may note data errors and irregularities. To
replace the human element of error detection associated with manual processing, a well-designed
electronic data processing system should introduce a. Programmed limits
b. Dual circuity
c. Echo checks
d. Read after write

52. An internal administrative control is sometimes used in connection with procedures to detect
unauthorized or unexplained computer usage is a. Maintenance of a computer tape library
b. Use of file controls
c. Maintenance of a computer console log.
d. Control over program tapes.

53. An independent auditor studies and evaluate a client’s electronic data processing system. The
auditor’s study portion includes two phase: a) a review of investigation of the system and b) test
of compliance.
The latter phase might include which of the following?
a. Examination of system flowcharts to determine whether they reflect the current status of the
system.
b. Examination of the systems manuals to determine whether existing procedures are satisfactory.
c. Examination of the machine room log book to determine whether control information is properly
recorded.
d. Examination of organization charts to determine whether electronic data processing department
responsibilities are properly separated to afford effective control.

54. A computer service center processes, for an auditor’s client, financial data that has a material
effect on that client’s financial statements. The independent auditor need not consider a review
of the service center control if
a. The service center controls have already been reviewed by an internal audit team of the client.
b. The service center process data exclusively for the audit client and its subsidiary.
 lOMoARcPSD|47945818

c. The user controls relied upon, which are external to the service center, are adequate to provide
assurance that error and irregularities may be discovered.
d. The service center is a partially owned subsidiary of the client company, whose financial statements
are examined by another CPA.

55. The real-time feature normally would be least useful when applied to accounting for a firm’s a.
Bank-account balances
b. Property and depreciation
c. Customer accounts receivable
d. Merchandise inventory

56. Data Corporation has just completely computerized its billing and accounts receivable record-
keeping. You want to make maximum use of the new computer in your audit of Data
Corporation. Which of the following audit techniques could not be performed through a
computer program? a. Tracing audited cash receipt to accounts receivable credits.
b. Selecting on a random number basis accounts to be confirmed.
c. Examining sales invoices for completeness, consistency between different items, valid conditions and
reasonable amounts.
d. Resolving differences reported by customers on confirmation requests.

57. General and special computer programs have been developed for use in auditing EDP Systems.
When considering the use of these computer-audit programs, the auditor
a. Should determine the audit efficiency of using a given computer program.
b. Will find them ineffective for applications containing many records and requiring significant time for
testing.
c. Should use them on a surprise basis in order for them to be effective
d. Will find them economically feasible for any size EDP system

58. A group of related records in a data-processing system is a

a. Character
b. Field
c. Cluster
d. File

59. An Auditor obtains a magnetic tape that contains the peso amounts of all client inventory items
by style number. The information on the tape is in on particular sequence. The auditor can best
ascertain that no consigned merchandise is included on the tape by using a computer program
that a. Statistically selected samples of all amounts
b. Excludes all amount for items with particulars style numbers that indicates consigned
merchandise.

Downloaded by lisa cogollodo (lisalibertino8@gmail.com)

 lOMoARcPSD|47945818

c. Mathematically calculates the extension of each style quantity by the unit price.
d. Prints on paper the information on the magnetic tape

60. Which of the following would be least likely to suggest to an auditor that the client’s
management may have overridden the internal control system?
a. Differences are always disclosed on a computer exception report.
b. Management does not correct internal control weakness that it knows about.
c. There have been two new controllers this year,
d. There are numerous delays in preparing timely internal financial reports.

61. What is the computer process called when data processing is performed concurrently with a
particular activity and the results are available soon enough to influence that particular course
of action being taken or the decision being made? a. Real-time processing
b. Batch processing
c. Random access data processing
d. Integrated data processing

62. When an auditor performs a review of interim financial statements which of the following steps
would not be part of the review?
a. Review of the computer control
b. Inquiry of management
c. Ratio of ratios and trends
d. Reading the minutes of the stockholder’s meetings.
63. A company uses the account code 669 for maintenance expense.
However, one of the company clerks often codes maintenance expense as 996.
What would be the best internal control check to build into the company’s computer program to detect
this error?
a. A check tor this type of error would have to be made before the information was transmitted to the
EDP department.
b. Valid-character test.
c. Sequence check
d. Valid-code test

64. In a computerized system, procedure or problem-oriented language is converted to machine

language through a (an)
a. Interpreter
b. Verifier
c. Compiler
d. Converter
 lOMoARcPSD|47945818

65. When auditing a computerized system, an auditor may use the “integrated test deck” technique,
sometimes referred to as the mini-company approach, as an audit tool. This technique a. Is
more applicable to independent audits than internal audits.
b. Involves using test decks
c. Is the most commonly used audit tools for “auditing through the computer”
d. Involves introducing simulated transaction into a system simultaneously with actual transactions.

66. More than one file may be stored on a single magnetic memory disc. Several programs may be in
the core unit simultaneously. In both cases it is important to prevent the mixing of data. One
way to do this is to use
a. File integrity control
b. Boundary protection
c. Interleaving
d. Paging

67. The Smith Corporation numerous small customers. A customer file is kept on disk storage, For
each customer the file contains customer name, address, credit limit, and account balance. The
auditor wishes to test this file to determine whether credit limits are being exceeded. Assuming
that computer time is available , the best procedure for the auditor to follow would be to
a. Develop a test deck which would cause the account balance to certain accounts to be increased until
the credit limit was exceed to see if the system would react properly.
b. Develop a program to compare credit limits with account balances and print out the details of any
account with a balance exceeding its credit limit.
c. Ask for a prior printout of all account balances so that they can be manually checked against the
credit limit.
d. Ask for a printout of a sample of account balances so that they can be individually checked against
credit limit.
68. The procedural control used in the management of a computer center to minimized the
possibility of data or program file destruction through operator error included a. Control
figures.
b. Crossfooting tests
c. Limit checks
d. Eternal label

69. In updating a computerized accounts receivable file, which one of the following would be used
as a batch control to verify the accuracy of the posting of cash receipts remittances? a. The sum
of the cash deposits plus the discounts less the sales returns.
b. The sum of cash deposits
c. The sum of cash deposits less discount taken by customers.
d. The sum of cash deposits plus discounts taken by customers.

Downloaded by lisa cogollodo (lisalibertino8@gmail.com)

 lOMoARcPSD|47945818

70. After a preliminary phase of the review of a client’s EDP Controls, an auditor may decide not to
perform compliance test related to the control procedures within the EDP portion of the client’s
internal control system. Which of the following would not be a valid reason for choosing to omit
compliance test? a. The controls appear adequate.
b. The controls duplicate operative controls existing elsewhere in the system.
c. There appear to be major weakness that would preclude reliance on the stated procedure.
d. The time and peso costs of testing exceed the time and peso savings in substantive if the compliance
tests show the control to be operative.

71. Management’s responsibility in a computer system would not include

a. Ensuring the documentation of the system in complete and up to date.
b. Maintaining a system of transaction processing that includes an audit trail
c. Assessment of the control risk
d. Making computer resources and knowledge personnel available.

72. The characteristics that distinguish computer processing from manual processing would not
include
a. A decrease of management supervision of system
b. Automatic initiation and execution of transactions.
c. Control procedures may be concentrated.
d. Great potential to gain unauthorized access to data.

73. When evaluating the effect of a client’s computer processing in an audit of financial statements,
auditor need not consider the
a. Organizational structure of the computer processing activities.
b. Differences in standards for computer auditing
c. Computer-assisted audit techniques to increase the efficiency of audit procedures. d. Need for
specialized skills.

74. Control risk assessment when a computer is used would not involve
a. Identifying specific control procedures designed to achieve the control objectives.
b. Identifying the interdependent control procedures which must function for an identified specific
control procedure to be effective.
c. Evaluating the design of control procedures to determine control risk.
d. Performance of specific tests of control audit procedures.

75. In computer systems the general controls would not include

a. Processing control procedures.
 lOMoARcPSD|47945818

b. Segregation of various computer system functions

c. Documentation of the data processing system
d. Control over physical access to computer hardware.

76. In computer systems the processing controls would not include

a. Run-to-run totals
b. Master file changes
c. File and operator controls
d. Limit and reasonable test.

77. Audit and control specifications for an audit trail need to be established at the
a. Planning stage of the audit
b. Time a system is designed, leased, or purchased.
c. Control risk assessment phase
d. Negotiation phase of accepting the client.

78. The data base administrator should not have the following responsibility
a. Program the applications in the data base
b. Design the content and organization of the data base
c. Protect the data base and software
d. Monitor the performance of the data base management

79. In micro-computer systems the most important aspect for auditors to consider is the a. Audit
techniques.
b. Computer technology
c. Control environment
d. Computer software

80. In micro-computer systems the processing control procedures would not include a. Transaction
logs
b. Control risk
c. Balancing input to output
d. On-line editing and sight verification

81. An auditor’s approach to computer systems that consists of using visible evidence such as input
source data and machine-produced error listing is referred to as auditing. a. Around the
computer
b. Through the computer
c. Without the computer

Downloaded by lisa cogollodo (lisalibertino8@gmail.com)

 lOMoARcPSD|47945818

d. With the computer

82. The reprocessing of live data to test program controls is called

a. Test data
b. Test deck
c. Generalized audit software
d. Parallel simulation

83. To achieve the control objective in an advanced computer environment the system would not
include the following feature
a. Ability to identify fraudulent entries
b. Capability to identify each person using the system
c. Able to determine if user request is authorized
d. Capable of recording user activity.

84. Techniques needed to select specific live data transactions of audit interest for testing would not
include a. Audit hooks
b. Test data
c. Trap data
d. Transaction tags.

85. The essential advantages of a generalized audit software package would not include
a. Same software can be used in various clients’ computer systems.
b. Large number of GAS package are currently available
c. Software package are inexpensive.
d. Ability to control and modify program to auditors’ need.

86. Generalized Audit Software could not be used for the following;
Audit task
a. Test calculations and make computations
b. Evaluation control risk assessment
c. Summarize, re-sequence and reformat data
d. Compare audit evidence from manual audit procedures to company needs.
 lOMoARcPSD|47945818

87. Comparing data on separate files can be accomplished by generalized audit software to
determine whether compatible information is in agreement. Examples of such comparison
would not include a. Payroll details with personnel records.
b. Current and prior inventory to details of purchases and sales
c. Paid vouchers to disbursements.
d. Observation of inventory counts.

88. The processing phase of using generalized audit software would not include
a. Coding the application design into specific computer language
b. Verifying that the status of the client file has not changed.
c. Obtaining a copy of the client file
d. Reviewing results and updating working paper.

89. The design auditing application of the microcomputer as an audit tool would not include
a. Spreadsheet analysis working papers
b. Sample planning, selection and evaluation
c. Continuous monitoring
d. Analytical review

90. Method of limiting access to computer resources to prevent computer abuse would not include
a. Definition of duties
b. Dual-person access
c. Access-code passwords.
d. Analytical review of output.

91. A well-prepared flow chart should make it easier for the auditor to
a. Prepare audit procedure
b. Prepare detailed job descriptions
c. Trace the origin and disposition of documents
d. Assess the degree of accuracy of financial data

92. Which of the following characteristics distinguishes computer processing from manual
processing?
a. Computer processing virtually eliminates occurrence of computational error normally associated
with manual processing.
b. Error of irregularities in computer processing will be detected soon after their occurrence.
c. The potential for systematic error is ordinarily greater in manual processing than in computerized
processing
d. Most computer systems are designed so that the transaction trails useful for audit proposes do not
exist.

Downloaded by lisa cogollodo (lisalibertino8@gmail.com)

 lOMoARcPSD|47945818

93. Which of the following most likely represents a significant deficiency in the internal control
structure?
a. The systems analyst reviews applications of data processing and maintains systems documentation.
b. The system programmer design system for computerized application and maintain the output
controls.
c. The control clerk establishes control over data received by the EDP department and reconciles
control total over processing
d. The accounts payable clerk prepares data for computer processing and enters the data into the
computer.

94. Internal control is ineffective when computer department personnel

a. Participate in computer software acquisition decision
b. Design documentation for computerized systems
c. Changes in Master files
d. Provide physical securing for program files.

95. Which of the following activities would most likely be performed in the EDP department?
a. Initiation of changes to master records.
b. Conversion of information to machine readable form
c. Correction of transaction errors
d. Initiation of changes to existing application

96. For control purposes, which of the following should be organizationally segregated from the
computer operations functions? a. Data conversion
b. Surveillance of CRT messages
c. System development
d. Minor maintenance according to a schedule

97. Which of the following is not a major reason for maintaining am an audit trail for a computer
system? a. Deterrent to irregularities
b. Monitoring purposes
c. Analytical procedures
d. Query answering

98. First Federal S&L has an outline real-time system, which terminal installed in all of its branches.
This system will not accept a customer’s cash withdrawals instruction in excess of P1,000
without the use of a “terminal audit key”. After the transaction is authorized by a supervisor, the
 lOMoARcPSD|47945818

bank teller then processes the transaction with the audit key. This control can be strengthened
by a. On-line recording of the transaction on an audit override sheet.
b. Increasing the peso amount of P1,500.
c. Requiring manual, rather than on-line, recording of all such transactions.
d. Using parallel simulation.

99. The use of a header label in conjunction with magnetic tape is most likely to prevent error by the
a. Computer operator
b. Keypunch operator
c. Computer programmer
d. Maintenance technician

100. For the accounting system of Acme Company, the amounts of cash disbursements entered into
an EDP terminal are transmitted to the computer that immediately transmits the amount back
to the terminal for display on the terminal system screen. This display enables the operator to a.
Establish the validity of the account number
b. Verify the amount was entered accurately
c. Verify the authorization of the disbursement
d. Prevent the overpayment of the account

101. When EDP programs or files can be accessed from terminals, users should be required to enter a
(an)
a. Parity check
b. Personal identification code
c. Self-diagnosis test
d. Echo check

102. The possibility of erasing a large amount of information stored on magnetic tape most likely
would be reduced by the use of a. File protection rings
b. Check digits
c. Completeness tests
d. Conversion verification

103. Mathew Corp has changed from a system of recording time worked on clock cards to a
computerized payroll system in which employees record time in and out with magnetic cards.
The EDP system automatically updates all payroll records. Because of this change a. A
generalized computer audit program must be used.
b. Part of the audit trail is altered.
c. The potential for payroll related fraud is diminished.

Downloaded by lisa cogollodo (lisalibertino8@gmail.com)

 lOMoARcPSD|47945818

d. Transactions must be processed in batches.

104. An auditor anticipates assessing control risk at a low level in a computerized environment. Under
these circumstances, on which of the following procedures would the auditor initially focus? a.
Programmed control procedures
b. Application control procedures
c. Output control procedures
d. General control procedures

105. A flowchart is most frequently used by an auditor in connection with the

a. Preparation of generalized computer audit programs.
b. Review of the client’s internal controls
c. Use of statistical sampling in performing an audit
d. Performance of analytical procedures of account balances

106. After the preliminary phase of the review of a client’s EDP controls, an auditor may decide not to
perform tests of controls (compliance test) related to the control procedures within the EDP
portion of the client’s internal control structures. Which of the following would not be valid
reason for choosing to omit such test?
a. The controls duplicate operative controls existing elsewhere in the structures
b. There appear to major weakness that would preclude reliance on the stated procedures.
c. The time and peso costs of testing exceed the time and peso savings in substantive testing if the test
results of controls show the control to be operative.
d. The controls appear adequate

107. Auditing by testing the input and output of an EDP system instead of the computer program
itself will
a. Not detect program errors which do not show up in the output sampled.
b. Detect all program errors, regardless of the nature of the output.
c. Provide the auditor with the same type of evidence.
d. Not provide the auditor with confidence in the results of the auditing procedures.

108. Which of the following client electronic data processing (EDP) system generally can be audited
without examining of directly testing the EDP computer programs of the system?
a. A system that performs relatively uncomplicated processes and procedures detailed output.
b. A system that affects a number of essential master files and produces a limited output.
c. A system that updates a few essential master files and produces no printed output other than final
balances,
d. A system that performs relatively complicated processing and produces very little detailed output.
 lOMoARcPSD|47945818

109. Computer system are typically supported by a variety of utility software packages that are
important to an auditor because they
a. May enable unauthorized changes to data files if not properly controlled.
b. Are very versatile programs that can be used on hardware of many manufacturers.
c. May be significant components of a client’s application programs
d. Are written specifically to enable auditors to extract and sort data

110. An Auditor would least likely use computer software to

a. Access client data files
b. Prepare spreadsheets
c. Assess EDP Control risk
d. Construct parallel simulations

111. A primary advantage of using generalized audit software packages to audit the financial
statements of a client that uses an EDP system is that auditor may
a. Consider increasing the use of substantive test of transactions in place of analytical procedures.
b. Substantive the accuracy of data through self-checking digits and hash totals
c. Reduce the level of required tests of controls to a relatively small amount.
d. Access information stored on computer files while having a limited understanding of client’s
hardware and software features.

112. Auditors often make use of computer programs that perform routine processing functions such
as sorting and merging. These programs are made available be electronic data processing
companies and others and are specifically referred to as a. Compiler programs
b. Supervisory programs
c. Utility programs
d. Use programs

113. Smith Corporation has numerous customers. A customer file is kept on disk storage. Each
customer file is kept on disk storage. Each customer file contains name, address, credit limit, and
account balance. The auditor wishes to test this file to determine whether credit limits are being
exceeded. The best procedure for the auditor tor follow would be to
1. Develop test data would cause some account balances to exceed the credit limit and determine if
the system properly detects such situations.
2. Develop a program to compare credit limits with account balances and print out the details of any
account with a balance exceeding its credit limit.
3. Request a printout of all account balances so they can be manually checked against the credit limits.

Downloaded by lisa cogollodo (lisalibertino8@gmail.com)

 lOMoARcPSD|47945818

4. Request a printout of a sample of account balances so they can be individually checked against credit
limits.

114. An auditor most likely would test for the presence of unauthorized EDP program changes by
running a
a. Program with test data
b. Check digit verification program
c. Source code comparison program
d. Program that computes control totals.

115. When an auditor tests a computerized accounting system, which of the following is true of the
test data approach?
a. Test data must consist of all possible valid and invalid conditions.
b. The program tested is different from the program used throughout the year by the client.
c. Several transactions of each type must be tested.
d. Test data are processed by the client’s computer programs under the auditor’s control

116. Which of the following statements is not true to the test data approach when testing a
computerized accounting system?
a. The test need consist of only those valid and invalid conditions which interest the auditor.
b. Only one transaction of each type needs to be tested.
c. The test data must consist of all possible valid and invalid conditions.
d. Test data are processed by the client’s computer programs under the auditor’s control.

117. Which of the following is not among the errors that an auditor might include in the test data
when auditing client’s EDP System?
a. Numeric character in alphanumeric fields.
b. Authorized code.
c. Differences in description of units of measure
d. Illogical entries in field whose logic is tested by programmed.

118. An auditor who is testing EDP Controls in payroll system would most likely use test data that
contain conditions such as
a. Deductions not authorized by employees
b. Overtime not approved by supervisors
c. Time ticket with invalid job number
d. Payroll checks with unauthorized signatures.
 lOMoARcPSD|47945818

119. To obtain evidence that user identification and password controls are functioning as designed,
an auditor would most likely
a. Attempt to sign on the system using invalid user identifications and password
b. Write a computer program that simulates the logic of the client’s access control software
c. Extract a random sample of processed transactions and ensure that the transactions were
appropriately authorized.
d. Examine statements signed by employees stating that they have not divulged their user
identifications and passwords to any other person.

120. Processing data through the use of simulated files provides an auditor with information about
the operating effectiveness of control policies and procedures. On of the techniques involved in
this approach makes use of
a. Controlled reprocessing
b. An integrated test facility
c. Input validation
d. Program code checking

121. Which of the following computer-assisted auditing techniques allows fictitious and real
transactions to be processed together with client operating personnel being aware of the testing
process?
a. Parallel testing
b. Generalized audit software programming
c. Integrated test facility
d. Test data approach

122. Which of the following method of testing application controls utilizes a generalized audit
software package prepared by the auditors? a. Parallel Simulations
b. Integrated testing facilities approach
c. Test data approach
d. Exception report tests.

123. Using microcomputers in auditing may affect the methods used to review the work of staff
assistants because
a. Supervisory personnel may not have an understanding of the capabilities and limitations of
microcomputers.
b. Working paper documentation may not contain readily observable details of calculations.

Downloaded by lisa cogollodo (lisalibertino8@gmail.com)

 lOMoARcPSD|47945818

c. The audit field work standards for supervisory may differ.

d. Documenting the supervisory review may require assistance of management services personnel.

124. Which of the following is not the characteristic of a batch processed computer system?
a. The collection of like transaction which are sorted and processed sequentially against a master file.
b. Key punching of transactions, followed by machine processing
c. The production of numerous printouts.
d. Posting of a transaction as it occurs, to several files without intermediates printouts.

125. Errors in data processed in a batch computer system may not be detected immediately because
a. Transaction trails in a batch system are available only for a limited period of time.
b. There are time delays in processing transactions in a batch system.
c. Errors in some transactions cause rejection of other transaction in the batch.
d. Random errors are more likely in a batch system than in an on-line system.

126. Where disk files are used, the grandfather-father-son updating backup concept is relatively
difficult to implement because the
a. Location of information points on disks is an extremely time-consuming task.
b. Magnetic fields and other environmental factors cause off-site storage to be impractical
c. Information must be dumped in the form of hard copy if it is to be reviewed before used in updating.
d. Process of updating old records is destructive
127. Which of the following statement most likely represents a disadvantage for an entity that keeps
microcomputer-prepared data files rather than manually prepared files?
a. Random error associated with processing similar transactions in different ways is usually greater.
b. It is usually more difficult to compare recorded accountability with physical count of assets
c. Attention is focused on the accuracy of the programming process rather than errors in individual
transactions.
d. It is usually easier for unauthorized person to access and alter the files.

128. An auditor would most likely be concerned with which of the following controls in a disturbed
data processing system? a. Hardware controls
b. System documentation controls
c. Access controls
d. Disaster recovery controls.

129. If a control total were computed on each of the following data items, which would best be
identified as a hash total for a payroll EDP application? a. Total Debits and Total Credits
b. Net Pay
c. Department Numbers
 lOMoARcPSD|47945818

d. Hours worked

130. Which of the following is a computer test made to ascertain whether a given characteristic
belongs to the group? a. Parity check
b. Validity Check
c. Echo Check
d. Limit Check
131. A control feature in an electronic data processing system requires the central processing unit
(CPU) to send signal to the printer to activate mechanism for each character. The print
mechanism, just flying that the proper print position has been activated. This type of hardware
control is referred to as a. Echo control
b. Validity control
c. Signal control
d. Check digit control

132. Which of the following is an example of a check digit?

a. An agreement of the total number of employees to the total number of checks printed by the
computer.
b. An algebraically determined number produced by the other digits of the employee number.
c. A logic-test that ensure all employee numbers are nine digits.
d. A limit check that an employee’s hour don not exceed 50hours per work week.

133. In a computerized system, procedure or problem-oriented language is converted to machine

language through a (an) a. Interpreter
b. Verifier
c. Compiler
d. Converter

134. What type of EDP system is characterized by data that are assembled from more than one
location and records that are updated immediately? a. Microcomputer system
b. Minicomputer system
c. Batch processing system
d. On-line real-time system

135. Which of the following controls most likely would assure that an entity can reconstruct its
financial records?
a. Hardware controls are built into the computer by the computer manufacturer.
b. Backup diskettes or tapes of files are stored away from original
c. Personnel who are independent of data input perform parallel simulations

Downloaded by lisa cogollodo (lisalibertino8@gmail.com)

 lOMoARcPSD|47945818

d. System flowcharts provide accurate descriptions of input and output operations.

136. Mill Company uses a batch processing method to process its sales transactions. Data on Mill’s
sales transaction tape are electronically sorted by customer number and are subjected to
programmed edit checks in preparing its invoices, sales journals and updated customer accounts
balances. One of the direct outputs of the creation of this tape most likely would be a a. Report
showing exceptions and control totals
b. Printout of the updated inventory records
c. Report showing overdue accounts receivable
d. Printout of the sales master file

137. To obtain evidence that on-line access controls properly functioning, an auditor most likely
would
a. Create checkpoints at periodic intervals after live data processing to test for unauthorized use of the
system
b. Examine the transaction log to discover whether any transactions were lost or entered twice due to
a system malfunction
c. Enter invalid identification numbers of password to ascertain whether the system rejects them.
d. Vouch a random sample of processed transactions to assure proper authorization.

138. An advantage of using system, flowchart to document information about internal control instead
of using internal control questionnaires is the systems flowcharts a. Identify internal control
weakness more prominently,
b. Provide a visual depiction of client’s activities.
c. Indicate whether control procedures are operating efficiently
d. Reduce the need to observe client’s employee performing routine task.