You are on page 1of 19

Accounting Information Systems, 12e (Romney/Steinbart)

Chapter 11 Auditing Computer-Based Information Systems


1) Auditing involves the
A) collection, review, and documentation of audit evidence.
B) planning and verification of economic events.
C) collection of audit evidence and approval of economic events.
D) testing, documentation, and certification of audit evidence.
Answer: A
Page Ref: !
"#$ective: %earning "#$ective 1
Difficult& : 'as&
AAC(B: Anal&tic
)) *hat is not a t&pical responsi#ilit& of an internal auditor+
A) helping management to improve organi,ational effectiveness
B) assisting in the design and implementation of an A-(
C) preparation of the compan&.s financial statements
D) implementing and monitoring of internal controls
Answer: C
Page Ref: !
"#$ective: %earning "#$ective 1
Difficult& : /oderate
AAC(B: Anal&tic
) *hich t&pe of wor0 listed #elow is not t&pical of internal auditors+
A) operational and management audits
B) information s&stem audits
C) financial statement audit
D) financial audit of accounting records
Answer: C
Page Ref: !
"#$ective: %earning "#$ective 1
Difficult& : 'as&
AAC(B: Anal&tic
1) 2he 33333333 audit e4amines the relia#ilit& and integrit& of accounting records.
A) financial
B) informational
C) information s&stems
D) operational
Answer: A
Page Ref: !
"#$ective: %earning "#$ective 1
Difficult& : 'as&
AAC(B: Anal&tic
1
Cop&right 5 )!1) Pearson 'ducation, -nc. pu#lishing as Prentice 6all
7) 2he 33333333 audit reviews the general and application controls of an A-( to assess its compliance
with internal control policies and procedures and its effectiveness in safeguarding assets.
A) financial
B) information s&stems
C) management
D) internal control
Answer: B
Page Ref: !1
"#$ective: %earning "#$ective 1
Difficult& : 'as&
AAC(B: Anal&tic
8) "ne t&pe of audit that is concerned with the economical and efficient use of resources and the
accomplishment of esta#lished goals and o#$ectives is 0nown as a9n) 33333333 audit.
A) financial
B) information s&stems
C) internal control
D) operational or management
Answer: D
Page Ref: !1
"#$ective: %earning "#$ective 1
Difficult& : /oderate
AAC(B: Anal&tic
:) 2he 33333333 audit is concerned with the economical and efficient use of resources and the
accomplishment of esta#lished goals and o#$ectives.
A) financial
B) informational
C) information s&stems
D) operational
Answer: D
Page Ref: !1
"#$ective: %earning "#$ective 1
Difficult& : 'as&
AAC(B: Anal&tic
;) 2he purpose of 33333333 is to determine wh&, how, when, and who will perform the audit.
A) audit planning
B) the collection of audit evidence
C) the communication of audit results
D) the evaluation of audit evidence
Answer: A
Page Ref: !1
"#$ective: %earning "#$ective 1
Difficult& : 'as&
AAC(B: Anal&tic
)
Cop&right 5 )!1) Pearson 'ducation, -nc. pu#lishing as Prentice 6all
<) "rgani,ing the audit team and the ph&sical e4amination of assets are components of which two
separate audit stages+
A) planning= evaluating audit evidence
B) planning= collecting audit evidence
C) collecting audit evidence= communicating audit results
D) communicating audit results= evaluating audit evidence
Answer: B
Page Ref: !1>!7
"#$ective: %earning "#$ective 1
Difficult& : /oderate
AAC(B: Anal&tic
1!) *ith which stage in the auditing process are the consideration of ris0 factors and materialit& most
associated+
A) audit planning
B) collection of audit evidence
C) communication of audit results
D) evaluation of audit evidence
Answer: A
Page Ref: !1
"#$ective: %earning "#$ective 1
Difficult& : 'as&
AAC(B: Anal&tic
11) A s&stem that emplo&s various t&pes of advanced technolog& has more 33333333 ris0 than
traditional #atch processing.
A) control
B) detection
C) inherent
D) investing
Answer: C
Page Ref: !1
"#$ective: %earning "#$ective 1
Difficult& : 'as&
AAC(B: Anal&tic
1)) Control ris0 is defined as the
A) suscepti#ilit& to material ris0 in the a#sence of controls.
B) ris0 that a material misstatement will get through the internal control structure and into the financial
statements.
C) ris0 that auditors and their audit procedures will not detect a material error or misstatement.
D) ris0 auditors will not #e given the appropriate documents and records #& management who wants to
control audit activities and procedures.
Answer: B
Page Ref: !1
"#$ective: %earning "#$ective 1
Difficult& : 'as&
AAC(B: Anal&tic

Cop&right 5 )!1) Pearson 'ducation, -nc. pu#lishing as Prentice 6all


1) 2he possi#ilit& that a material error will occur even though auditors are following audit procedures
and using good $udgment is referred to as
A) control ris0.
B) detection ris0.
C) inherent ris0.
D) investigating ris0.
Answer: B
Page Ref: !7
"#$ective: %earning "#$ective 1
Difficult& : 'as&
AAC(B: Anal&tic
11) 2he 33333333 stage of the auditing process involves 9among other things) the auditors o#serving the
operating activities and having discussions with emplo&ees.
A) audit planning
B) collection of audit evidence
C) communication of audit results
D) evaluation of audit evidence
Answer: B
Page Ref: !7
"#$ective: %earning "#$ective 1
Difficult& : 'as&
AAC(B: Anal&tic
17) ?erif&ing the accurac& of certain information, often through communication with third parties, is
0nown as
A) reperformance.
B) confirmation.
C) su#stantiation.
D) documentation.
Answer: B
Page Ref: !7
"#$ective: %earning "#$ective 1
Difficult& : /oderate
AAC(B: Anal&tic
18) 2he evidence collection method that e4amines all supporting documents to determine the validit& of
a transaction is called
A) review of documentation.
B) vouching.
C) ph&sical e4amination.
D) anal&tical review.
Answer: B
Page Ref: !8
"#$ective: %earning "#$ective 1
Difficult& : /oderate
AAC(B: Anal&tic
1
Cop&right 5 )!1) Pearson 'ducation, -nc. pu#lishing as Prentice 6all
1:) 2he evidence collection method that considers the relationships and trends among information to
detect items that should #e investigated further is called
A) review of the documentation.
B) vouching.
C) ph&sical e4amination.
D) anal&tical review.
Answer: D
Page Ref: !8
"#$ective: %earning "#$ective 1
Difficult& : /oderate
AAC(B: Anal&tic
1;) Assessing the @ualit& of internal controls, the relia#ilit& of information, and operating performance
are all part of which stage of the auditing process+
A) audit planning
B) collection of audit evidence
C) evaluation of audit evidence
D) communication of audit results
Answer: C
Page Ref: !8
"#$ective: %earning "#$ective 1
Difficult& : 'as&
AAC(B: Anal&tic
1<) An auditor must #e willing to accept some degree of ris0 that the audit conclusion is incorrect.
Accordingl&, the auditor.s o#$ective is to see0 33333333 that no material error e4ists in the information
audited.
A) a#solute relia#ilit&
B) reasona#le evidence
C) reasona#le assurance
D) reasona#le o#$ectivit&
Answer: C
Page Ref: !8
"#$ective: %earning "#$ective 1
Difficult& : /oderate
AAC(B: Anal&tic
)!) 2he ris0>#ased audit approach is
A) a four>step approach to internal control evaluation.
B) a four>step approach to financial statement review and recommendations.
C) a three>step approach to internal control evaluation.
D) a three>step approach to financial statement review and recommendations.
Answer: A
Page Ref: !8
"#$ective: %earning "#$ective 1
Difficult& : 'as&
AAC(B: Anal&tic
7
Cop&right 5 )!1) Pearson 'ducation, -nc. pu#lishing as Prentice 6all
)1) *hich of the following is the first step in the ris0>#ased audit approach+
A) -dentif& the control procedures that should #e in place.
B) 'valuate the control procedures.
C) Determine the threats facing the A-(.
D) 'valuate wea0nesses to determine their effect on the audit procedures.
Answer: C
Page Ref: !8
"#$ective: %earning "#$ective 1
Difficult& : 'as&
AAC(B: Anal&tic
))) Determining whether the necessar& control procedures are in place is accomplished #& conducting
A) a s&stems overhaul.
B) a s&stems review.
C) tests of controls.
D) #oth B and C
Answer: B
Page Ref: !8
"#$ective: %earning "#$ective 1
Difficult& : Difficult
AAC(B: Anal&tic
)) According to the ris0>#ased auditing approach, when a control deficienc& is identified, the auditor
should in@uire a#out
A) tests of controls.
B) the feasi#ilit& of a s&stems review.
C) materialit& and inherent ris0 factors.
D) compensating controls.
Answer: D
Page Ref: !8
"#$ective: %earning "#$ective 1
Difficult& : /oderate
AAC(B: Anal&tic
)1) 2he 33333333 to auditing provides auditors with a clear understanding of possi#le errors and
irregularities and the related ris0s and e4posures.
A) ris0>#ased approach
B) ris0>ad$usted approach
C) financial audit approach
D) information s&stems approach
Answer: A
Page Ref: !8
"#$ective: %earning "#$ective 1
Difficult& : 'as&
AAC(B: Anal&tic
8
Cop&right 5 )!1) Pearson 'ducation, -nc. pu#lishing as Prentice 6all
)7) *hat is the purpose of an information s&stems audit+
A) 2o determine the inherent ris0 factors found in the s&stem
B) 2o review and evaluate the internal controls that protect the s&stem
C) 2o e4amine the relia#ilit& and integrit& of accounting records
D) 2o e4amine whether resources have #een used in an economical and efficient manner in 0eeping with
organi,ation goals and o#$ectives
Answer: B
Page Ref: !:
"#$ective: %earning "#$ective )
Difficult& : /oderate
AAC(B: Anal&tic
)8) 2he information s&stems audit o#$ective that pertains to source data #eing processed into some form
of output is 0nown as
A) overall securit&.
B) program development.
C) program modifications.
D) processing.
Answer: D
Page Ref: !:
"#$ective: %earning "#$ective )
Difficult& : 'as&
AAC(B: Anal&tic
):) 2o maintain the o#$ectivit& necessar& for performing an independent evaluation function, auditors
should not #e involved in
A) ma0ing recommendations to management for improvement of e4isting internal controls.
B) e4amining s&stem access logs.
C) e4amining logical access policies and procedures.
D) developing the information s&stem.
Answer: D
Page Ref: !<
"#$ective: %earning "#$ective
Difficult& : /oderate
AAC(B: Anal&tic
);) 2he auditor.s role in s&stems development should #e as
A) an advisor and developer of internal control specifications.
B) a developer of internal controls.
C) an independent reviewer onl&.
D) A and B a#ove
Answer: C
Page Ref: !<
"#$ective: %earning "#$ective
Difficult& : /oderate
AAC(B: Anal&tic
:
Cop&right 5 )!1) Pearson 'ducation, -nc. pu#lishing as Prentice 6all
)<) Regarding program modifications, which statement #elow is incorrect+
A) "nl& material program changes should #e thoroughl& tested and documented.
B) *hen a program change is su#mitted for approval, a list of all re@uired updates should #e compiled
and then approved #& management and program users.
C) During the change process, the developmental version of the program must #e 0ept separate from the
production version.
D) After the modified program has received final approval, the change is implemented #& replacing the
developmental version with the production version.
Answer: A
Page Ref: 11
"#$ective: %earning "#$ective
Difficult& : 'as&
AAC(B: Anal&tic
!) 6ow could auditors determine if unauthori,ed program changes have #een made+
A) B& interviewing and ma0ing in@uiries of the programming staff
B) B& e4amining the s&stems design and programming documentation
C) B& using a source code comparison program
D) B& interviewing and ma0ing in@uiries of recentl& terminated programming staff
Answer: C
Page Ref: 11
"#$ective: %earning "#$ective
Difficult& : /oderate
AAC(B: Anal&tic
1) *hich auditing techni@ue will not assist in determining if unauthori,ed programming changes have
#een made+
A) Ase of a source code comparison program
B) Ase of the reprocessing techni@ue to compare program output
C) -nterviewing and ma0ing in@uiries of the programming staff
D) Ase of parallel simulation to compare program output
Answer: C
Page Ref: 11
"#$ective: %earning "#$ective
Difficult& : 'as&
AAC(B: Anal&tic
)) (trong 33333333 controls can partiall& compensate for inade@uate 33333333 controls.
A) development= processing
B) processing= development
C) operational= internal
D) internal= operational
Answer: B
Page Ref: 1!
"#$ective: %earning "#$ective
Difficult& : /oderate
AAC(B: Anal&tic
;
Cop&right 5 )!1) Pearson 'ducation, -nc. pu#lishing as Prentice 6all
) 2he 33333333 procedure for auditing computer process controls uses a h&pothetical series of valid
and invalid transactions.
A) concurrent audit techni@ues
B) test data processing
C) integrated test facilit&
D) dual process
Answer: B
Page Ref: 1)
"#$ective: %earning "#$ective
Difficult& : /oderate
AAC(B: Anal&tic
1) 2he auditor uses 33333333 to continuousl& monitor the s&stem and collect audit evidence while live
data are processed.
A) test data processing
B) parallel simulation
C) concurrent audit techni@ues
D) anal&sis of program logic
Answer: C
Page Ref: 1
"#$ective: %earning "#$ective
Difficult& : /oderate
AAC(B: Anal&tic
7) Auditors have several techni@ues availa#le to them to test computer>processing controls. An audit
techni@ue that immediatel& alerts auditors of suspicious transactions is 0nown as
A) a (CARB.
B) an audit hoo0.
C) an audit sin0er.
D) the snapshot techni@ue.
Answer: B
Page Ref: 1
"#$ective: %earning "#$ective
Difficult& : /oderate
AAC(B: Anal&tic
8) A t&pe of software that auditors can use to anal&,e program logic and detect une4ecuted program
code is
A) a mapping program.
B) an audit log.
C) a scanning routine.
D) program tracing.
Answer: A
Page Ref: 11
"#$ective: %earning "#$ective
Difficult& : /oderate
AAC(B: Anal&tic
<
Cop&right 5 )!1) Pearson 'ducation, -nc. pu#lishing as Prentice 6all
:) "ne tool used to document the review of source data controls is
A) a flowchart generator program.
B) a mapping program.
C) an input control matri4.
D) a program algorithm matri4.
Answer: C
Page Ref: 11
"#$ective: %earning "#$ective
Difficult& : /oderate
AAC(B: Anal&tic
;) An audit software program that generates programs that perform certain audit functions, #ased on
auditor specifications, is referred to as a9n)
A) input controls matri4.
B) CAA2(.
C) em#edded audit module.
D) mapping program.
Answer: B
Page Ref: 1:
"#$ective: %earning "#$ective 1
Difficult& : /oderate
AAC(B: Anal&tic
<) 2he use of a secure file li#rar& and restrictions on ph&sical access to data files are control procedures
used together to prevent
A) an emplo&ee or outsider o#taining data a#out an important client.
B) a data entr& cler0 from introducing data entr& errors into the s&stem.
C) a computer operator from losing or corrupting files or data during transaction processing.
D) programmers ma0ing unauthori,ed modifications to programs.
Answer: A
Page Ref: 18
"#$ective: %earning "#$ective
Difficult& : Difficult
AAC(B: Anal&tic
1!) An auditor might use which of the following to convert data from several sources into a single
common format+
A) computer assisted audit techni@ues software
B) *indows /edia Converter
C) concurrent audit techni@ue
D) Ado#e Professional
Answer: A
Page Ref: 1:
"#$ective: %earning "#$ective 1
Difficult& : 'as&
AAC(B: Anal&tic
1!
Cop&right 5 )!1) Pearson 'ducation, -nc. pu#lishing as Prentice 6all
11) *hat is the primar& purpose of computer audit software+
A) eliminate auditor $udgment errors
B) assist the auditor in retrieving and reviewing information
C) detect unauthori,ed modifications to s&stem program code
D) rechec0 all mathematical calculations, cross>foot, reprocess financial statements and compare to
originals
Answer: B
Page Ref: 1:
"#$ective: %earning "#$ective 1
Difficult& : 'as&
AAC(B: Anal&tic
1)) 2he scope of a9n) 33333333 audit encompasses all aspects of s&stems management.
A) operational
B) information s&stems
C) financial
D) internal control
Answer: A
Page Ref: 1;
"#$ective: %earning "#$ective 7
Difficult& : /oderate
AAC(B: Anal&tic
1) 'valuating effectiveness, efficienc&, and goal achievement are o#$ectives of 33333333 audits.
A) financial
B) operational
C) information s&stems
D) all of the a#ove
Answer: B
Page Ref: 1;
"#$ective: %earning "#$ective 7
Difficult& : 'as&
AAC(B: Anal&tic
11) -n the 33333333 stage of an operational audit, the auditor measures the actual s&stem against an
ideal standard.
A) evidence collection
B) evidence evaluation
C) testing
D) internal control
Answer: B
Page Ref: 1;
"#$ective: %earning "#$ective 7
Difficult& : 'as&
AAC(B: Anal&tic
11
Cop&right 5 )!1) Pearson 'ducation, -nc. pu#lishing as Prentice 6all
17) An increase in the effectiveness of internal controls would have the greatest effect on
A) reducing control ris0.
B) reducing detection ris0.
C) reducing inherent ris0.
D) reducing audit ris0.
Answer: A
Page Ref: !1
"#$ective: %earning "#$ective 1
Difficult& : Difficult
AAC(B: Anal&tic
18) An e4pansion of a firm.s operations to include production in Russia and China will have the effect of
A) increasing inherent ris0.
B) reducing inherent ris0.
C) increasing control ris0.
D) reducing control ris0.
Answer: A
Page Ref: !1
"#$ective: %earning "#$ective 1
Difficult& : 'as&
AAC(B: Anal&tic
1:) An increase in the effectiveness of auditing software will have the effect of
A) increasing detection ris0.
B) reducing detection ris0.
C) increasing control ris0.
D) reducing control ris0.
Answer: B
Page Ref: !7
"#$ective: %earning "#$ective 1
Difficult& : /oderate
AAC(B: Anal&tic
1;) An auditor e4amines all documents related to the ac@uisition, repair histor&, and disposal of a firm.s
deliver& van. 2his is an e4ample of collecting audit evidence #&
A) confirmation.
B) reperformance.
C) vouching.
D) anal&tical review.
Answer: C
Page Ref: !8
"#$ective: %earning "#$ective 1
Difficult& : /oderate
AAC(B: Anal&tic
1)
Cop&right 5 )!1) Pearson 'ducation, -nc. pu#lishing as Prentice 6all
1<) An auditor manuall& calculates accumulated depreciation on a deliver& van and compares her
calculation with accounting records. 2his is an e4ample collecting audit evidence #&
A) confirmation.
B) reperformance.
C) vouching.
D) anal&tical review.
Answer: B
Page Ref: !7
"#$ective: %earning "#$ective 1
Difficult& : 'as&
AAC(B: Anal&tic
7!) An auditor finds that emplo&ee a#sentee rates are significantl& higher on /onda&s and Brida&s than
on other wor0 da&s. 2his is an e4ample collecting audit evidence #&
A) confirmation.
B) reperformance.
C) vouching.
D) anal&tical review.
Answer: D
Page Ref: !8
"#$ective: %earning "#$ective 1
Difficult& : /oderate
AAC(B: Anal&tic
71) An auditor creates a fictitious customer in the s&stem and then creates several fictitious sales to the
customer. 2he records are then trac0ed as the& are processed #& the s&stem. 2he auditor is using
A) an integrated test facilit&.
B) the snapshot techni@ue.
C) a s&stem control audit review file.
D) continuous and intermittent simulation.
Answer: A
Page Ref: 1
"#$ective: %earning "#$ective
Difficult& : Difficult
AAC(B: Anal&tic
7)) An auditor sets an em#edded audit module to flag all credit transactions in e4cess of C1,7!!. 2he
flag causes the s&stem state to #e recorded #efore and after each transaction is processed. 2he auditor is
using
A) an integrated test facilit&.
B) the snapshot techni@ue.
C) a s&stem control audit review file.
D) audit hoo0s.
Answer: B
Page Ref: 1
"#$ective: %earning "#$ective
Difficult& : /oderate
AAC(B: Anal&tic
1
Cop&right 5 )!1) Pearson 'ducation, -nc. pu#lishing as Prentice 6all
7) An auditor sets an em#edded audit module to record all credit transactions in e4cess of C1,7!! and
store the data in an audit log. 2he auditor is using
A) the snapshot techni@ue.
B) a s&stem control audit review file.
C) audit hoo0s.
D) continuous and intermittent simulation.
Answer: B
Page Ref: 1
"#$ective: %earning "#$ective
Difficult& : /oderate
AAC(B: Anal&tic
71) An auditor sets an em#edded audit module to flag @uestiona#le online transactions, displa&
information a#out the transaction on the auditor.s computer, and send a te4t message to the auditor.s cell
phone. 2he auditor is using
A) the snapshot techni@ue.
B) a s&stem control audit review file.
C) audit hoo0s.
D) continuous and intermittent simulation.
Answer: C
Page Ref: 1
"#$ective: %earning "#$ective
Difficult& : Difficult
AAC(B: Anal&tic
77) An auditor sets an em#edded audit module to selectivel& monitor transactions. (elected transactions
are then reprocessed independentl&, and the results are compared with those o#tained #& the normal
s&stem processing. 2he auditor is using
A) an integrated test facilit&.
B) the snapshot techni@ue.
C) a s&stem control audit review file.
D) continuous and intermittent simulation.
Answer: D
Page Ref: 1
"#$ective: %earning "#$ective
Difficult& : Difficult
AAC(B: Anal&tic
78) *hich of the following is not one of the t&pes of internal audits+
A) reviewing corporate organi,ational structure and reporting hierarchies
B) e4amining procedures for reporting and disposing of ha,ardous waste
C) reviewing source documents and general ledger accounts to determine integrit& of recorded
transactions
D) comparing estimates and anal&sis made #efore purchase of a ma$or capital asset to actual num#ers
and results achieved
Answer: A
Page Ref: !1
"#$ective: %earning "#$ective 1
Difficult& : /oderate
AAC(B: Reflective 2hin0ing
11
Cop&right 5 )!1) Pearson 'ducation, -nc. pu#lishing as Prentice 6all
7:) *hen programmers are wor0ing with program code, the& often emplo& utilities that are also used in
auditing. Bor e4ample, as program code evolves, it is often the case that #loc0s of code are superseded
#& other #loc0s of code. Bloc0s of code that are not e4ecuted #& the program can #e identified #&
A) em#edded audit modules.
B) scanning routines.
C) mapping programs.
D) automated flow charting programs.
Answer: C
Page Ref: 11
"#$ective: %earning "#$ective
Difficult& : /oderate
AAC(B: Anal&tic
7;) *hen programmers are wor0ing with program code, the& often emplo& utilities that are also used in
auditing. Bor e4ample, as program code evolves, it is often the case that varia#les defined during the
earl& part of development #ecome irrelevant. 2he occurrences of varia#les that are not used #& the
program can #e found using
A) program tracing.
B) scanning routines.
C) mapping programs.
D) em#edded audit modules.
Answer: B
Page Ref: 11
"#$ective: %earning "#$ective
Difficult& : /oderate
AAC(B: Anal&tic
7<) '4plain the differences #etween each t&pe of audit ris0.
Answer: Inherent risk is the threat faced $ust #& conducting #usiness in a chosen wa&. Bor e4ample, a
#usiness with multiple locations in several foreign countries faces more threats than a #usiness with a
single location. Control risk is the threat that a compan& has inade@uate, none4istent or unenforced
policies and procedures to prevent errors and fraud from getting into the s&stem and #eing reflected in
the financial statements. ete!tion risk is the threat that errors or fraud get into the s&stem and audit
procedures do not identif& the errors or fraud.
Page Ref: !1>!7
"#$ective: %earning "#$ective 1
Difficult& : /oderate
AAC(B: Anal&tic
17
Cop&right 5 )!1) Pearson 'ducation, -nc. pu#lishing as Prentice 6all
8!) '4plain wh& the auditor.s role in program development and ac@uisition should #e limited.
Answer: 2he auditor.s role in an& organi,ation s&stems development should #e limited onl& to an
independent review of s&stems development activities. 2he 0e& to the auditor.s role is independence= the
onl& wa& auditors can maintain the o#$ectivit& necessar& for performing an independent evaluation
function is #& avoiding an& and all involvement in the development of the s&stem itself. -f auditor
independence is impaired, the audit itself ma& #e of little value and its results could easil& #e called into
@uestion. 2he auditors could #e #asicall& reviewing their own wor0.
Page Ref: !<
"#$ective: %earning "#$ective
Difficult& : /oderate
AAC(B: Anal&tic
81) 6ow and to whom does an auditor communicate the audit results+
Answer: 2he auditor prepares a written report summari,ing the findings and recommendations, with
references to supporting evidence in wor0ing papers. 2he report is presented to management, the audit
committee, the #oard of directors, and other appropriate parties. 2he auditor then follows up later to
determine if recommendations were implemented.
Page Ref: !8
"#$ective: %earning "#$ective 1
Difficult& : 'as&
AAC(B: Anal&tic
8)) Audit tests and procedures traditionall& have #een performed on a sample #asis. Do options e4ist for
auditors to test significantl& more 9or all) transactions+
Answer: Computer assisted audit techni@ues 9CAA2() allow auditors to automate and simplif& the audit
process. %arge amounts of data can #e e4amined #& software, created from auditor>supplied
specifications. 2wo popular CAA2( pac0ages are Audit Control %anguage 9AC%) and -nteractive Data
'4traction and Anal&sis 9-D'A). Auditors can also use concurrent audit techni@ues to identif& and
collect information a#out certain t&pes of transactions in real>time. '4amples of concurrent audit
techni@ues are em#edded audit modules, integrated test facilit&, s&stem control audit review file
9(CARB), snapshot techni@ue, audit hoo0s and continuous and intermittent simulation 9C-().
Page Ref: 1, 1:
"#$ective: %earning "#$ective
Difficult& : /oderate
AAC(B: Anal&tic
8) *hen doing an information s&stems audit, auditors must review and evaluate the program
development process. *hat errors or fraud could occur during the program development process+
Answer: 2here can #e unintentional errors due to misunderstood s&stems specifications, incomplete
specifications, or poor programming. Developers could insert unauthori,ed code instructions into the
program for fraudulent purposes.
Page Ref: !<
"#$ective: %earning "#$ective
Difficult& : /oderate
AAC(B: Anal&tic
18
Cop&right 5 )!1) Pearson 'ducation, -nc. pu#lishing as Prentice 6all
81) Briefl& descri#e tests that can #e used to detect unauthori,ed program modifications.
Answer: Re"ie# procedures for re@uesting, approving, programming, and testing changes. Re"ie# or
o#serve specific testing and implementation procedures. Compare sour!e !ode from the approved and
tested program with the program code currentl& in use. Randoml& and without notice, use the source
code from the approved and tested program to repro!ess transa!tions, and compare the results with the
operational s&stem results. *rite new code designed to replicate the approved and tested code and use
parallel simulation to reprocess transactions, and compare the results with the operational s&stem
results.
Page Ref: 11
"#$ective: %earning "#$ective
Difficult& : Difficult
AAC(B: Anal&tic
87) Define and give e4amples of em#edded audit modules.
Answer: 'm#edded audit modules are segments of program code that perform audit functions, report
test results and store collected evidence for later review. An Integrated $est %a!ility (I$%) processes
fictitious records through the operational s&stem in real>time. 2he snapshot te!hni&ue records master
file records immediatel& #efore and immediatel& after processing specificall& selected transactions. A
System Control Audit Re"ie# %ile (SCAR%) continuousl& monitors transactions and collects
transaction data that meet, or fall outside, predetermined criteria. Audit 'ooks immediatel& notif&
auditors of suspicious transactions #eing processed, or su#mitted for processing. Continuous and
Intermittent Simulation (CIS) identifies specific transactions with audit significance and processes the
transactions parallel to the operational s&stem. -f discrepancies result, the C-( can store the evidence for
later review or can prevent transaction processing.
Page Ref: 1
"#$ective: %earning "#$ective
Difficult& : Difficult
AAC(B: Anal&tic
88) 6ow is a financial audit different from an information s&stems audit+
Answer: Binancial audits e4amine the relia#ilit& and integrit& of accounting records in terms of
financial and operating information. An information s&stems 9-() audit reviews the general and
application controls of an A-( to assess its compliance with internal control policies and procedures and
its effectiveness in safeguarding assets. Although the A-( ma& generate accounting records and financial
information, it is important that the A-( itself #e audited to verif& compliance with internal controls and
procedures.
Page Ref: !>!1
"#$ective: %earning "#$ective 1
Difficult& : /oderate
AAC(B: Anal&tic
1:
Cop&right 5 )!1) Pearson 'ducation, -nc. pu#lishing as Prentice 6all
8:) *h& do all audits follow a se@uence of events that can #e divided into four stages, and what are the
four stages+
Answer: 2he auditor.s function generall& remains the same no matter what t&pe of audit is #eing
conducted. 2he process of auditing can #e #ro0en down into the four stages of planning, collecting
evidence, evaluating evidence, and communicating audit results. 2hese stages form a wor0ing template
for an& t&pe of financial, information s&stems, or operational or management audits.
Page Ref: !7
"#$ective: %earning "#$ective 1
Difficult& : 'as&
AAC(B: Anal&tic
8;) Dame and descri#e the different t&pes of audits.
Answer:
2he financial audit this audit e4amines the relia#ilit& and integrit& of accounting records 9#oth
financial and operating information).
2he information s&stems audit this audit reviews the general and application controls of an A-( and
assesses its compliance with internal control policies and procedures and effectiveness in safeguarding
assets.
2he operational or management audit this audit conducts an evaluation of the efficient and effective
use of resources, as well as an evaluation of the accomplishment of esta#lished goals and o#$ectives.
Page Ref: !>!1
"#$ective: %earning "#$ective 1
Difficult& : /oderate
AAC(B: Anal&tic
8<) Descri#e the ris0>#ased audit approach.
Answer: 2he ris0>#ased audit approach has four steps that evaluate internal controls. 2his approach
provides a logical framewor0 for conducting an audit of the internal control structure of a s&stem. 2he
first step is to determine the threats facing the A-(. 2hreats here can #e defined as errors and
irregularities in the A-(. "nce the threat ris0 has #een esta#lished, the auditor should identif& the control
procedures that should #e in place to minimi,e each threat. 2he control procedures identified should
either #e a#le to prevent or detect errors and irregularities within the A-(. 2he ne4t step is to evaluate the
control procedures. 2his step includes a s&stems review of documentation and also interviewing the
appropriate personnel to determine whether the needed procedures are in place within the s&stem. 2he
auditor can then use tests of controls to determine if the procedures are #eing satisfactoril& followed.
2he fourth step is to evaluate wea0nesses found in the A-(. *ea0nesses here means errors and
irregularities not covered #& the A-( control procedures. *hen such deficiencies are identified, the
auditor should see if there are compensating controls that ma& counter#alance the deficienc&. A
deficienc& in one area ma& #e neutrali,ed given control strengths in other areas. 2he ultimate goal of the
ris0>#ased approach is to provide the auditor with a clear understanding of errors and irregularities that
ma& #e in the s&stem along with the related ris0s and e4posures. "nce an understanding has #een
o#tained, the auditor ma& provide recommendations to management as to how the A-( control s&stem
can #e improved.
Page Ref: !8
"#$ective: %earning "#$ective 1
Difficult& : Difficult
AAC(B: Anal&tic
1;
Cop&right 5 )!1) Pearson 'ducation, -nc. pu#lishing as Prentice 6all
:!) a) *hat is test data processing+ #) 6ow is it done+ c) *hat are the sources that an auditor can use to
generate test data+
Answer: a) 2est data processing is a techni@ue used to e4amine the integrit& of the computer processing
controls. #) 2est data processing involves the creation of a series of h&pothetical valid and invalid
transactions and the introduction of those transactions into the s&stem. 2he invalid data ma& include
records with missing data, fields containing unreasona#l& large amounts, invalid account num#ers, etc.
-f the program controls are wor0ing, then all invalid transactions should #e re$ected. ?alid transactions
should all #e properl& processed. c) 2he various wa&s test data can #e generated are: A listing of actual
transactions. 2he initial transactions used #& the programmer to test the s&stem. A test data generator
program that generates data using program specifications.
Page Ref: 1)>1
"#$ective: %earning "#$ective
Difficult& : Difficult
AAC(B: Anal&tic
:1) Descri#e the disadvantages of test data processing.
Answer: 2he auditor must spend considera#le time developing an understanding of the s&stem and
preparing an ade@uate set of test transactions. Care must #e ta0en to ensure that test data does not affect
the compan&.s files and data#ases. 2he auditor can reverse the effects of the test transactions or process
the transactions in a separate run using a cop& of the file or data#ase. 6owever, a separate run removes
some of the authenticit& o#tained from processing test data with regular transactions. Also, since the
reversal procedures ma& reveal the e4istence and nature of the auditor.s test to 0e& personnel, it can #e
less effective than a concealed test.
Page Ref: 1
"#$ective: %earning "#$ective
Difficult& : /oderate
AAC(B: Anal&tic
:)) Descri#e how audit evidence can #e collected.
Answer: (ince the audit effort revolves around the identification, collection, and evaluation of evidence,
most audit effort is spent in the collection process. 2o identif&, collect, and evaluate evidence, several
methods have #een developed to assist in the effort. 2hese methods include: 1) the o#servation of the
activities #eing audited= )) a review of documentation to gain a #etter understanding of the A-(= )
discussions with emplo&ees a#out their $o#s and how procedures are carried out= 1) the creation and
administration of @uestionnaires to gather data a#out the s&stem= 7) ph&sical e4amination of tangi#le
assets= 8) confirmation of the accurac& of certain information= :) reperformance of selected calculations=
;) vouching for the validit& of a transaction #& e4amination of all supporting documentation= and, <)
anal&tical review of relationships and trends among information to detect items that should #e further
investigated. -t is important to remem#er that onl& a sample of evidence is collected for audit purposes,
as it is not feasi#le to perform audit procedures on the entire set of activities, records, assets, or
documents that are under the review process in an audit.
Page Ref: !7>!8
"#$ective: %earning "#$ective 1
Difficult& : /oderate
AAC(B: Anal&tic
1<
Cop&right 5 )!1) Pearson 'ducation, -nc. pu#lishing as Prentice 6all