UL-COLLEGE OF ACCOUNTANCY

CSC42: AUDITING IN A CIS ENVIRONMENT

Quiz on Chapter 17

Name: ____________________________________ Score: _________

Schedule: _____________________ Date: ____________

Strictly no erasures!

1. Which input control check would detect a posting to the wrong customer account?
a. missing data check
b. check digit
c. reasonableness check
d. validity check
ANS: B PTS: 1

2. The employee entered "40" in the "hours worked per day" field. Which check would detect this unintentional
error?
a. numeric/alphabetic data check
b. sign check
c. limit check
d. missing data check
ANS: C PTS: 1

3. An inventory record indicates that 12 items of a specific product are on hand. A customer purchased two of the
items, but when recording the order, the data entry clerk mistakenly entered 20 items sold. Which check could
detect this error?
a. numeric/alphabetic data checks
b. limit check
c. range check
d. reasonableness check
ANS: B PTS: 1

4. Which check is not an input control?

a. reasonableness check
b. validity check.
c. spooling check
d. missing data check
ANS: C PTS: 1

5. A computer operator was in a hurry and accidentally used the wrong master file to process a transaction file. As a
result, the accounts receivable master file was erased. Which control would prevent this from happening?
a. header label check
b. expiration date check
c. version check
d. validity check
ANS: A PTS: 1

6. Run-to-run control totals can be used for all of the following except
a. to ensure that all data input is validated
b. to ensure that only transactions of a similar type are being processed
c. to ensure the records are in sequence and are not missing
d. to ensure that no transaction is omitted
ANS: A PTS: 1

7. Methods used to maintain an audit trail in a computerized environment include all of the following except
a. transaction logs
b. Transaction Listings.
c. data encryption
d. log of automatic transactions
ANS: C PTS: 1
1
 UL-COLLEGE OF ACCOUNTANCY
CSC42: AUDITING IN A CIS ENVIRONMENT
Quiz on Chapter 17

8. Risk exposures associated with creating an output file as an intermediate step in the printing process (spooling)
include all of the following actions by a computer criminal except
a. gaining access to the output file and changing critical data values
b. using a remote printer and incurring operating inefficiencies
c. making a copy of the output file and using the copy to produce illegal output reports
d. printing an extra hardcopy of the output file
ANS: B PTS: 1

9. Which statement is not correct?

a. only successful transactions are recorded on a transaction log
b. unsuccessful transactions are recorded in an error file
c. a transaction log is a temporary file
d. a hardcopy transaction listing is provided to users
ANS: C PTS: 1

10. Input controls include all of the following except

a. check digits
b. Limit check.
c. spooling check
d. missing data check
ANS: C PTS: 1

11. Which of the following is an example of an input error correction technique?

a. immediate correction
b. rejection of batch
c. creation of error file
d. all are examples of input error correction techniques
ANS: D PTS: 1

12. Which test of controls will provide evidence that the system as originally implemented was free from material
errors and free from fraud? Review of the documentation indicates that
a. a cost-benefit analysis was conducted
b. the detailed design was an appropriate solution to the user's problem
c. tests were conducted at the individual module and total system levels prior to
implementation
d. problems detected during the conversion period were corrected in the maintenance phase
ANS: C PTS: 1

13. Which statement is not true?

a. An audit objective for systems maintenance is to detect unauthorized access to application
databases.
b. An audit objective for systems maintenance is to ensure that applications are free from
errors.
c. An audit objective for systems maintenance is to verify that user requests for maintenance
reconcile to program version numbers.
d. An audit objective for systems maintenance is to ensure that the production libraries are
protected from unauthorized access.
ANS: A PTS: 1

14. When the auditor reconciles the program version numbers, which audit objective is being tested?
a. protect applications from unauthorized changes
b. ensure applications are free from error
c. protect production libraries from unauthorized access
d. ensure incompatible functions have been identified and segregated
ANS: A PTS: 1

2
 UL-COLLEGE OF ACCOUNTANCY
CSC42: AUDITING IN A CIS ENVIRONMENT
Quiz on Chapter 17

15. When auditors do not rely on a detailed knowledge of the application's internal logic, they are performing
a. black box tests of program controls
b. white box tests of program controls
c. substantive testing
d. intuitive testing
ANS: A PTS: 1

16. All of the following concepts are associated with the black box approach to auditing computer applications
except
a. the application need not be removed from service and tested directly
b. auditors do not rely on a detailed knowledge of the application's internal logic
c. the auditor reconciles previously produced output results with production input
transactions
d. this approach is used for complex transactions that receive input from many sources
ANS: D PTS: 1

17. Which test is not an example of a white box test?

a. determining the fair value of inventory
b. ensuring that passwords are valid
c. verifying that all pay rates are within a specified range
d. reconciling control totals
ANS: A PTS: 1

18. When analyzing the results of the test data method, the auditor would spend the least amount of time reviewing
a. the test transactions
b. error reports
c. updated master files
d. output reports
ANS: A PTS: 1

19. All of the following are advantages of the test data technique except
a. auditors need minimal computer expertise to use this method
b. this method causes minimal disruption to the firm's operations
c. the test data is easily compiled
d. the auditor obtains explicit evidence concerning application functions
ANS: C PTS: 1

20. All of the following are disadvantages of the test data technique except
a. the test data technique requires extensive computer expertise on the part of the auditor
b. the auditor cannot be sure that the application being tested is a copy of the current
application used by computer services personnel
c. the auditor cannot be sure that the application being tested is the same application used
throughout the entire year
d. preparation of the test data is time-consuming
ANS: A PTS: 1

21. All of the following statements are true about the integrated test facility (ITF) except
a. production reports are affected by ITF transactions
b. ITF databases contain "dummy" records integrated with legitimate records
c. ITF permits ongoing application auditing
d. ITF does not disrupt operations or require the intervention of computer services personnel
ANS: A PTS: 1

22. Which statement is not true? Embedded audit modules

a. can be turned on and off by the auditor.
b. reduce operating efficiency.
c. may lose their viability in an environment where programs are modified frequently.
3
 UL-COLLEGE OF ACCOUNTANCY
CSC42: AUDITING IN A CIS ENVIRONMENT
Quiz on Chapter 17

d. identify transactions to be analyzed using white box tests.

ANS: D PTS: 1

23. Generalized audit software packages perform all of the following tasks except
a. recalculate data fields
b. compare files and identify differences
c. stratify statistical samples
d. analyze results and form opinions
ANS: D PTS: 1

24. Which of the following is not an input control?

a. Range check
b. Limit check
c. Spooling check
d. Validity check
e. They are all input controls
ANS: C PTS: 1

25. Which of the following is an input control?

a. Reasonableness check
b. Run-to-run check
c. Spooling check
d. Batch check
e. None are input controls
ANS: A PTS: 1

1.Programs in their compiled state are very susceptible to the threat of unauthorized modification.

ANS: F PTS: 1

2. Maintenance access to systems increases the risk that logic will be corrupted either by the accident or intent to
defraud.

ANS: T PTS: 1

3. Source program library controls should prevent and detect unauthorized access to application programs.

ANS: T PTS: 1

4. A check digit is a method of detecting data coding errors.

ANS: T PTS: 1

5. Input controls are intended to detect errors in transaction data after processing.

ANS: F PTS: 1

6. A header label is an internal, machine-readable label.

ANS: T PTS: 1

7. The user test and acceptance procedure is the last point at which the user can determine the system’s acceptability
prior to it going into service.

ANS: T PTS: 1
4
 UL-COLLEGE OF ACCOUNTANCY
CSC42: AUDITING IN A CIS ENVIRONMENT
Quiz on Chapter 17

8. A run-to-run control is an example of an output control.

ANS: F PTS: 1

9. Shredding computer printouts is an example of an output control.

ANS: T PTS: 1

10. In a CBIS environment, all input controls are implemented after data is input.

ANS: F PTS: 1

11. Achieving batch control objectives requires grouping similar types of input transactions (such as sales orders)
together in batches and then controlling the batches throughout data processing.

ANS: T PTS: 1

12. The "white box" tests of program controls are also known as auditing through the computer.

ANS: T PTS: 1

13. The presence of a SPLMS effectively guarantees program integrity.

ANS: F PTS: 1

14. When using the test data method, the presence of multiple error messages indicates a flaw in the preparation of
test transactions.

ANS: F PTS: 1

15. The Base Case System Evaluation is a variation of the test data method.

ANS: T PTS: 1