Professional Documents
Culture Documents
I. Review Questions
4. In a batch system, files are stored off-line for the most part, and access control
assumes the form of safeguarding the programs, transaction files, and
master files by assigning responsibility for the files to a librarian and
instituting a formal checkout system. Only those persons authorized to
process transactions (computer operators) are permitted access to
transaction and master files; and programmers are permitted access to
programs only for testing and “debugging” purposes. In an on-line, real-
time system, transactions and master files are stored internally, often in a
system of integrated data bases. Access control in this type of data
environment assumes the form of controlling access to data bases and fixing
of responsibility for the data base components. Assigning a password to an
individual who is responsible for the data base component accessible by that
password, canceling passwords of former employees, and frequent changing
11-2 Solutions Manual - Principles of Auditing and Other Assurance Services
of existing employees’ passwords are examples of access controls in a real-
time system.
5. Recording forms and transaction logs assure consistency and completeness of
data inputs. The form or log should include codes describing such transaction
components as employee number, customer number, vendor number,
department number, stock number, purchased part number, or job number. The
form should also provide for quantities, prices, dates, and usually a short
narrative description of products, parts, materials, or services for purchase and
sales transactions.
6. A transaction file is the batch of entered data that has been converted into
machine-readable form. A transaction file may contain payroll information for a
specific period of time. It is similar to a journal in a manually prepared system.
A master file contains updated information through a particular time period. It
is similar to a ledger in a manual system.
1. d 5. c 9. c 13. c 17. c
2. c 6. c 10. c 14. d 18. a
3. a 7. c 11. d 15. a 19. b
4. a 8. b 12. c 16. a 20. a
An auditor should have the following concerns about the Box system:
Does the system have any flaws or incompatibilities? (No one appears to
have tested the software or found out about others’ satisfaction with it.)
The computer sits out in the open. (Anyone could have access to and
damage the hardware.)
Anyone could come up with the password by guessing.
The backup disks are not stored in a safe place.
A Risk-based Audit Approach – Part II 11-3
Was the conversion appropriately executed, with no data lost or added?