Module 7

Computerized Environment

1. Which of the following is not an advantage of a computerized accounting system?

A. Computers process transaction uniformly.
B. Computers help alleviate human errors.
C. Computers can process many transactions quickly.
D. Computers leave a thorough audit trail which can be easily followed.
2. A common difficulty in auditing a computerized accounting system is:
A. data can be erased from the computer with no visible evidence.
B. because of lack of an audit trail, computer systems have weaker controls and more
substantive test I required
C. because of the uniform nature of transaction processing, computer systems have strong
controls and less substantive testing is required.
D. the large dissemination of entry points into the computer system leads to weak overall
reliance on information generated by a computer.
3. Which of the following most likely represents a disadvantage for an entity that maintains
computer data files rather than manual files?
A. It’s usually more difficult to detect transposition errors.
B. Transactions are usually authorized before they are executed and recorded.
C. It’s usually easier for unauthorized persons to access and alter files.
D. Random error is more common when similar transactions are processed in different
ways.
4. Which of the following statements best describes a weakness often associated with computers?
A. Computer equipment is more subject to a systems error than manual processing is
subject to human error.
B. Computer equipment processes and records similar transactions in a similar manner.
C. Control activities for detecting invalid and unusual transactions are less effective than
manual control activities.
D. Functions that would normally be separated in a manual system are combined in a
computer system.
5. How have Electronic Data Interchange (EDI) systems affected audits?
A. Since orders and billing transactions are done over the computer, source documents
cannot be obtained.
B. Auditor often need to plan ahead to capture information about selected transactions
over the EDI.
C. There is no audit trail in an EDI system, so controls are typically assessed as weak.
D. Since all transactions occur over the computer, reliability is high and little substantive
testing is needed.
6. Since the computer can do many jobs simultaneously, segregation is not as defined as it is in a
manual system. How can a computer system be modified to compensate for the lack of
segregation of duties?
A. The computer system should be under the direction of the internal audit department.
B. The computer system should be accessible to various competent parties so they can
check on each other’s work.
C. Strong controls should be built into both the computer software and hardware to limit
access and manipulation.
D. Many companies run complete parallel manual and automated accounting system for a
cross check on input and output.
7. Internal control is ineffective when the computer personnel
A. participates in computer software acquisition decisions.
B. designs documentation for computerized systems.
C. originates changes in master files.
D. provides physical security for program files.
8. An auditor’s consideration of a computer’s control activities has disclosed the following four
circumstances. Which circumstance constitutes a significant deficiency in internal control?
A. Computer operators do not have access to the complete software support
documentation.
B. Computer operators are closely supervised by the programmers.
C. Programmers are not authorized to operate computers.
D. Only one generation of backup files is stored in an off-premises location.
9. Matthews Corp. has changed from a system of recording time worked on time cards to a
computerized payroll system in which employee’s record time in and out with magnetic cards.
The IT system automatically updates all payroll records for the time worked. Because of this
change,
A. generalized audit software must be used.
B. part of the audit trail is altered.
C. the potential for payroll-related fraud is diminished.
D. transactions must be processed in batches.
10. The increased presence of the microcomputer in the workplace has resulted in an increasing
number of persons having access to the computer. A control that is often used to prevent
unauthorized access to sensitive program is:
A. backup copies of the diskettes.
B. passwords for each of the users.
C. disaster-recovery procedures.
D. record counts of the number of input transactions in a batch being processed.
11. Checklists, system development methodology, and staff hiring are examples of what type of
controls?
A. Detective
B. Preventive
C. Subjective
 D. Corrective

12. When an on—line, real—time (OLRT) computer-based processing system is used, internal
control can be strengthened by
A. providing for the separation of duties between keypunching and error listing operations
B. attaching plastic file protection rings to reels of magnetic tape before new data can be
entered on the file.
C. making a validity check of an identification number before a user can have access to
the computer files.
D. preparing batch totals to provide assurance that file updates are made for the entire
input.
13. One of the features that distinguishes computer processing from manual processing is
A. Computer processing virtually eliminates the occurrence of computational error
normally associated with manual processing.
B. Errors of fraud in computer processing will be detected soon after their occurrences.
C. The potential for systematic error is ordinarily greater in manual processing than in a
computerized processing.
D. Most computer systems are designed so that transaction trails useful for audit purposes
do not exist.
14. What type of computer-based system is characterized by data that are assembled from more
than one location and records that are updated immediately?
A. Microcomputer system
B. Minicomputer system
C. Batch processing system
D. Online real-time system
15. For the accounting system of Acme Company, the amounts of cash disbursements entered into
an CBIS terminal are transmitted to the computer that immediately transmits the amounts back
to the terminal tor display on the terminal screen. This display enables the operator to
A. Establish the validity of the account number.
B. Verify that the amount was entered accurately.
C. Verify the authorization of the disbursement.
D. Prevent the overpayment of the account
16. The technique that lends an effective control for protecting confidential information from
unauthorized access by transforming programs and information into an unintelligible form:
A. defragmentation.
B. cryptography.
C. trojan horse.
D. recycle.
17. Which of the following is not a major reason why an accounting audit trail should be maintained
for a computer system?
A. Query answering
B. Deterrent to fraud
 C. Monitoring purposes
D. Analytical review
18. Adequate control over access to data processing is required to
A. Prevent improper use or manipulation of data files and programs.
B. Ensure that only console operations have access to program documentation.
C. Minimize the need for backup data files.
D. Ensure that hardware controls are operating effectively and as designed by the
computer manufacturer.
19. In studying a client’s internal controls, an auditor must be able to distinguish between
prevention controls and detection controls. Of the following data processing controls, which is
the best detection control?
A. Use of data encryption techniques
B. Review of machine utilization logs
C. Policy requiring password security
D. Backup and recovery procedure
20. Which of the following is classified as general computerized information system controls that
relates to segregation of duties?
A. Reconciliation of record counts.
B. Authorization of modifying the operating system.
C. A system of transaction logs.
D. Follow up all errors detected during processing.
21. For good internal control over computer program changes, a policy should be established
requiring that
A. The programmer designing the change adequately test the revised program.
B. All program changes be supervised by the CBIS control group.
C. Superseded portions of programs be deleted from the program run manual avoid
confusion.
D. All proposed changes should be approved in writing by a responsible individual.
22. Which of the following would result to an ineffective control in a computer-based information
system?
A. The computer librarian maintains custody of computer program instructions and
detailed listings.
B. Computer operators have access to operator instructions and detailed program
listings.
C. The control group is solely responsible for the distribution of all computer output.
D. Computer programmers write and debug programs which perform routines designed by
the systems analyst.
23. What is the computer process called when data processing is performed concurrently with a
particular activity and the results are available soon enough to influence the particular course of
action being taken or the decision being made?
A. Batch processing
B. Real time processing
 C. Integrated data processing
D. Random access processing
24. On-line real—time systems and electronic data interchange systems have the advantages of
providing more timely information and reducing the quantity of documents associated with less
automated systems. The advantages, however, may create some problems for the auditor.
Which of the following characteristics of these systems does not create an audit problem?
A. The lack of traditional documentation of transactions creates a need for greater
attention to programmed controls at the point of transaction input.
B. Hard copy may not be retained by the client for long periods of time, thereby
necessitating more frequent visits by the auditor.
C. Control testing may be more difficult given the increased vulnerability of the client’s files
to destruction during the testing process.
D. Consistent on-line processing of recurring data increases the incidence of errors.
25. To ensure that good received are the same as those shown on the purchase invoice, a
computerized system should:
A. Match selected fields of the purchase invoice to goods received.
B. Maintain control totals of inventory value.
C. Calculate batch totals for each input.
D. Use check digits in account numbers.
26. Errors in data processed in a batch computer system may not be detected immediately because
A. Transaction trails in a batch system are available only for a limited period of time.
B. There are time delays in processing transactions in a batch system.
C. Errors in some transactions cause rejection of other transactions in the batch.
D. Random errors are more likely in a batch system than in an on-line system.
27. An integrated group of programs that supervises and support the operations of a computer
system as it executes users’ application program is called a(n)
A. Operating system
B. Utility programs
C. Data base management system
D. Language program
28. A compiler is
A. A procedure oriented language.
B. A machine that translates the assemble program to machine language.
C. A program that converts procedure oriented language to machine language.
D. A program that translates symbolic language to machine language.
29. An operating system is
A. The assembler program including the source and object program.
B. All hardware and software needed to operate the computer system.
C. The programs that manage the processing operations of the computer.
D. Only the hardware of the computer system.
30. Computer systems are becoming more vulnerable to unauthorized access because
A. Hardware design consideration have declined.
 B. Software cannot be readily written to control access.
C. System documentation must be available to all users.
D. Access can be gained electronically without physical entry to the facilities.
31. A partial set of standard characteristics of a real-time system is
A. Batched input, on-line files, and an extensive communication network.
B. Reliance upon sequential files, prompt input from users, and interactive programs.
C. On-line files prompt input users, and an extensive communication network.
D. The use of high-level language and the major need being for historical reports.
32. A system flowchart
A. Is synonymous with a program flowchart.
B. Is necessary for only computer processes.
C. Shows general flow and sequence but not processing details.
D. Is necessary for only manual processes.
33. An advantage of decentralizing data processing facilities is
A. Economy of scale obtainable through the use of microcomputer.
B. That all similar activities are better handled at a local level.
C. That system failure is of lesser significance.
D. The virtual elimination of the need for communication capability.
34. Which of the following may not be a purpose of using computer-audit software?
A. Add transactions or balances in the data files for comparison with control account
balances.
B. Select accounts or transactions for detailed testing.
C. To evaluate the collectability of accounts receivable.
D. To examine data bases for unusual items.
35. While systems analysis focuses on information needs and objectives, system designs
concentrates on
A. Writing programs.
B. Providing for controls.
C. Testing completed modules.
D. What to do and how to do it.
36. All activities related to a particular application in a manual system are recorded in a journal. That
name of the corresponding item in a computerized system is a
A. Master file.
B. Transaction file.
C. Year-to-date file.
D. Current balance file.
37. The most important factor in planning for system change is
A. Having an auditor as member of the design team.
B. Using state-of-the-art techniques.
C. Involving top management and people who use the system.
D. Selecting the user to lead the design team.
38. Specialized programs that are made available to users of computer systems to perform routine
and repetitive functions are referred to as
A. Operating system.
B. Utility programs.
C. Database management system.
D. Language program.
39. An interactive system environment is best characterized by
A. Data files with records that are arranged sequentially.
B. Sorting the transaction file before processing.
C. Processing data immediately upon input.
D. The overlapping of input/output and processing operations.
40. Mainframe computer system include several advanced processing procedures. Two of the most
common processing procedures are multiprocessing and multiprogramming. Which one of the
following statements about these processing procedures is false?
A. Multiprogramming allows multiple programs to be executed at exactly the same time.
B. Multiprogramming switched back and forth between programs during processing.
C. Multiprocessing allows the sharing of a central memory during processing.
D. Multiprocessing allows multiple programs to be executed at exactly the same time.
41. A system with several computers that are connected for communication and data transmission
purposes, but where each computer can also process its own data, is known as
A. Distributed data processing network.
B. Multidrop network.
C. Centralized network.
D. Decentralized network.
42. Which one of the following represents a lack of internal control in a computer-based
information system?
A. The design and implementation is performed in accordance with management’s specific
authorization.
B. Any and all changes in application programs have the authorization and approval of
management.
C. Provisions exist to ensure the accuracy and integrity of computer processing of all files
and reports.
D. Both computer operators and programmers have unlimited access to the programs
and data files.
43. The most critical aspect regarding separation of duties within the information systems is
between
A. Project leaders and programmers.
B. Programmers and computer operators.
C. Data control and file librarians.
D. Management and users.
44. Which of the following most likely represents a significant deficiency in the internal control
structure?
 A. The systems analyst review applications of data processing and maintains systems
documentation.
B. The systems programmer designs systems for computerized applications and
maintains output controls.
C. The control clerk establishes control over data received by the EDP department and
reconciles control totals after processing.
D. The accounts payable clerk prepared data for computer processing and enters the data
into the computer.
45. Which of the following activities would most likely be performed in the EDP department?
A. Initiation of changes to master records.
B. Conversion of information to machine-readable form.
C. Correction of transactional errors.
D. Initiation of changes to existing applications.
46. An arrangement where two or more personal computer are linked together through the use of
special software and communication lines.
A. A stand-alone work station.
B. Extension.
C. Local area network.
D. Internet.
47. Which of the following controls most likely would assure that an entity can reconstruct its
financial records?
A. Hardware controls are built into the computer by the computer manufacturer.
B. Backup diskettes or tapes of files are stored away from originals.
C. Personnel who are independent of data input perform parallel simulations.
D. System flowcharts provide accurate descriptions of input and output operations.
48. Mill Co. uses a batch processing method to process its sales transactions. Data on Mill’s sales
transaction tape are electronically sorted by customer number and are subject to programmed
edit checks in preparing its invoices, sales journals, and updated customer account balances.
One of the direct outputs of the creation of this tape most likely would be a
A. Report showing exceptions and control-totals.
B. Printout of the updated inventory records.
C. Report showing overdue accounts receivable.
D. Printout of the sales price master file.
49. An auditor anticipates assessing control risk at a low level in a computerized environment.
Under these circumstances, on which of the following procedures would the auditor initially
focus?
A. Programmed control procedures.
B. Application control procedures.
C. Output control procedures.
D. General control procedures.
50. A computer system that enables users to access data and programs directly through
workstations.
 A. On-line computer systems.
B. Data-base system.
C. Flat-tile system.
D. Computer line system.
51. Which of the following client electronic data processing (EDP) systems generally can be audited
without examining or directly testing the EDP computer programs of the system?
A. A system that performs relatively uncomplicated processes and produces detailed
output.
B. A system that affects a number of essential master files and produces a limited output.
C. A system that updates a few essential master tiles and produces no printed output other
than final balances.
D. A system that performs relatively complicated processing and produces very little
detailed output.
52. Computer systems are typically supported by a variety of utility software packages that are
important to an auditor because they
A. may enable unauthorized changes to data files if not properly controlled.
B. are very versatile programs that can be used on hardware of many manufacturers.
C. may be significant components of a client's application programs.
D. are written specifically to enable auditors to extract and sort data.
53. To obtain evidence that online access controls are properly functioning an auditor most likely
would
A. create checkpoints at periodic intervals after live data processing to test for
unauthorized use of the system.
B. examine the transaction log to discover whether any transactions were lost or entered
twice due to a system malfunction.
C. enter invalid identification numbers or passwords to ascertain whether the system
rejects them.
D. vouch a random sample of processed transactions to assure proper authorization.
54. Whether or not a real time program contains adequate control is most effectively determined by
the use of
A. Audit software.
B. A tracing routine.
C. An integrated test facility.
D. A traditional test check.
55. An auditor would least likely use computer software to:
A. Access client data files.
B. Prepare spreadsheets.
C. Assess EDP controls.
D. Construct parallel simulations.
56. Which of the following is not a basis of classifying an on-line computer system?
A. How information is processed
B. How information is entered into the system
 C. When the results are available to the user
D. The type of information to be processed.
57. Which of the following is not a characteristic of a batch processed computer system?
A. The collection of like transactions which are sorted and processed sequentially against a
master file.
B. Keypunching of transactions, followed by machine processing.
C. The production of numerous printouts.
D. The posting of a transaction, as it occurs, to several files, without immediate printouts.
58. In a computerized system, procedure or problem-oriented language is coverted to machine
language through a(an):
A. Interpreter.
B. Verifier.
C. Compiler.
D. Converter.
59. Adequate technical training and proficiency as an auditor encompasses an ability to understand
an IT system sufficiently to identify and evaluate:
A. The processing and imparting of information.
B. All accounting control features.
C. The degree to which programming conforms with application of generally accepted
accounting principles.
D. Essential control procedures.
60. The computer process whereby data processing is performed concurrently with a particular
activity and the results are available soon enough to influence the course of action being taken
or the decision being made is called:
A. Random access sampling.
B. Integrated data sampling.
C. On-line, real-time system.
D. On-line, shadow update system.
61. A type of computer system whereby individual transactions are entered on line and are added
to a transaction file that contains other transactions entered during the period. Later, this
transaction file, on a periodic basis, updates the master file.
A. On-line, batch system.
B. On-line, real-time system.
C. On-line, memo update system.
D. On-line, shadow update system.
62. When a database administrator's position exists within a client organization, the auditor must
be aware of the.
A. Output effectiveness/efficiency considerations.
B. Need for coded program files.
C. Use of encrypted dialog in a two-way authentication process.
D. Inherent violation of the principle of separation of duties.
63. Which of the following functions would have the least effect on an audit it they are not properly
segregated?
A. The systems analyst and the programmer functions.
B. The computer operator and programmer functions.
C. The computer operator and the user functions.
D. The applications programmer and the systems programmer.
64. Which of the following is the least significant characteristic of an on-line computer system?
A. Adequately visible transaction trail.
B. Potential access to the system by the programmer.
C. On-line access to the system by the users.
D. On-line data entry and validation.
65. When software or files can be assessed from on-line servers, users should be required to enter
a(n)
A. Parity check.
B. Self-diagnosis test.
C. Personal identification code.
D. Echo check.
66. Controls which are designed to assur that the information processed y the computer is valid,
complete, and accurate are called
A. Input controls.
B. Output controls.
C. Processing controls.
D. General controls.
67. Input controls include control over:
A. Conversion of input data to machine-readable form.
B. Visual scanning.
C. Comparison to source documents.
D. Processing tracing data.
68. Which of the following is mostly a potential threat to an on-line computer system?
A. A user may have the potential ability to make unauthorized changes to the data and
program.
B. Validation check of data entered is usually ignored.
C. Most of transactions may be omitted because of the absence of adequate audit trail.
D. Most of documents that will be processed may lack proper authorization.
69. In a computer system hardware controls are designed to
A. arrange data in a logical sequence for processing.
B. correct errors in software.
C. monitor and detect errors in source documents.
D. detect and control errors from use of equipment.
70. Which of the following represent examples of general, application and user control activities,
respectively, in the computer environment?
 A. Control over access to programs, computer exception reports, and manual checks of
computer output.
B. Manual checks of computer output control over access to programs, and computer
exception reports.
C. Computer exception reports, control over access to programs, and manual checks of
computer output.
D. Manual checks of computer output, computer exceptions reports, and control over
access to programs.
71. Which of the following is not a type of general information technology controls?
A. Processing controls.
B. Systems development.
C. Physical and on-line security.
D. Segregation of IT duties.
72. Suppose that the computer operators are also programmers and have access to computer
programs and data files. in which of the following general controls will the auditor most likely
conclude to have a weakness?
A. Processing controls.
B. Back-up and contingency planning.
C. Systems development.
D. Segregation of computer professionals’ duties.
73. The possibility of losing a large amount of information stored in computer files most likely would
be reduced by the use of
A. Back-up files.
B. Check digits.
C. Completeness tests.
D. Conversion verification.
74. In considering a client's internal control structure in a computer environment, the auditor will
encounter general controls and application controls. Which of the following is an application
control?
A. Organization charts.
B. Systems flowcharts.
C. Hash total.
D. Control over program changes.
75. Which of the following control policies would potentially prevent the programmer to make
unauthorized changes to programs?
A. An unscheduled rotation of duties of the different programmers.
B. Having a system programmer a person different form an application programmer.
C. A thorough checking and testing of the application program before they fire finally
installed.
D. A strict implementation of a policy that prevents the programmer to have access to
program used in the computer operations.
76. Totals of amounts in the computer-record data fields which are not usually added for other
purposes but are used only for data’ processing control purposes are called
A. record totals.
B. hash totals.
C. processing data totals.
D. field totals.
77. A hash total of employee numbers is part of the input to a payroll master file update program.
The program compares the hash total to the total computed for transactions applied to the
master tile. The purpose of this procedure is to:
A. Verify that employee number are valid.
B. Verify that only authorized employees are paid.
C. Detect errors in payroll calculations.
D. Detect the omission of transaction processing.
78. An accounts payable program posted a payable to a vendor that is not included in the on-|ine
vendor master file. A control which would prevent this error is a
A. Validity check.
B. Range check.
C. Reasonableness test.
D. Parity check.
79. In a computerized sales processing system, which at the following controls is most effective in
preventing sales invoice pricing errors?
A. Sales invoices are reviewed by the product managers before being mailed to customers.
B. Current sales prices are stored in the computer, and. as stock numbers are entered from
sales orders, the computer automatically prices the orders.
C. Sales prices, as well as product numbers, are entered as sales orders are entered at
remote terminal locations.
D. Sales prices are reviewed and updated on a quarterly basis.
80. A computer report which is designed to create an audit trail for each on-line transaction.
A. Transaction file.
B. Master file.
C. Transaction edit report.
D. Transaction log.
81. If a control total were to be computed on each of the following data items, which would best be
identified as a hash total for a payroll computerized application? .
A. Net pay.
B. Department numbers.
C. Hours worked.
D. Total debits and total credits.
82. A control to verify whether the peso amounts for all debits and credits for incoming transactions
are posted to a receivables master file is
A. Generation number check.
B. Master reference check.
 C. Hash total.
D. Control total.
83. Which of the following would not be an appropriate procedure for testing the general control
activities of an information system?
A. Inquiries of client personnel.
B. Inspecting computer logs.
C. Testing for the serial sequence of source documents.
D. Examination of the organizational chart to determine the segregation of duties.
84. While entering data into a cash receipts transaction file, an employee transposed two numbers
in a customer code. Which of the following controls could prevent input of this type of error?
A. Sequence check.
B. Record check.
C. Self-checking digit.
D. Filed-size check.
85. Reconciling the processing control totals is an example of
A. An input control.
B. An output control.
C. A processing control.
D. A file management control.
86. The completeness of computer-generated sales figures can be tested by comparing the number
of items listed on the daily sales report with the number of items billed on the actual invoices.
This process uses
A. Check digits.
B. Control totals.
C. Validity tests.
D. Process tracing data.
87. If an auditor is using test data in a client's computer system to test the integrity of the systems
output, which of the following types of controls is the auditor testing?
A. General controls.
B. User controls.
C. Quantitative test controls.
D. Application controls.
88. Which of following controls would be most efficient in reducing common data input errors?
A. Keystroke verification.
B. A set of well-designed edit checks.
C. Balancing and reconciliation.
D. Batch totals.
89. EDP accounting control procedures are referred to as general or application controls. The
primary objective of application controls in a computer environment is to
A. ensure that the computer system operates efficiently.
B. maintain the accuracy of the inputs, files, and outputs for specific applications.
C. ensure the separation of incompatible functions in the data processing departments.
 D. plan for. the protection of the facilities and backup for the systems.
90. Which of the following is an incorrect statement regarding testing strategies related to auditing
through the computer?
A. The test data approach involves processing the client's data on a test basis to
determine the integrity of the system.
B. The test data approach involves processing the auditor's test data on the client’s
computer system to determine whether computer performed controls are working
properly.
C. Test data should include all relevant data conditions that the auditor is interested in
testing.
D. When the auditor uses the embedded audit module approach, an audit module is
inserted in the client's system to capture transactions with certain characteristics.
91. An internal auditor noted the following points when conducting a preliminary survey in
connection with the audit of an EDP department. Which of the following would be considered a
safeguard in the control system on which the auditor might rely?
A. Programmers and computer operators correct daily processing problems as they arise.
B. The control group works with user organizations to correct rejected input.
C. New systems are documented as as possible after they begin processing live data.
D. The average tenure of employees working in the EDP department in ten months.
92. The employees a manufacturing area made many errors as they wrote their clock numbers on
time sheets and cost distribution forms. An effective control technique would have been the use
of
A. Batch totals.
B. Turn around documents.
C. Hash totals.
D. Record counts.
93. An on-line access control that checks whether the user's code number is authorized to initiate a
specific type of transaction or inquiry is referred to as
A. Password
B. Compatibility test
C. Limit check
D. Reasonableness test.
94. A control procedure that could be used in an on-line system to provide an immediate check on
whether an account number has been entered on a terminal accurately is a
A. Compatibility test.
B. Self-checking digit.
C. Hash total.
D. Sequence check.
95. When erroneous data are detected by computer program controls, such data may be excluded
from processing and printed on an error report. The error report should most probably be
reviewed and followed up by the
A. IT control group.
 B. supervisor of computer operations.
C. systems analyst.
D. computer programmer.
96. An advantage of having a computer maintain an automated error log in conjunction with
computer edit process is that
A. Reports can be developed that summarize the errors by type, cause, and person
responsible.
B. Less manual work is required to determine how to correct errors.
C. Better editing techniques will result.
D. The audit trail is maintained.
97. Program documentation is a control designed primarily to ensure that
A. Programmers have access to the tape library or information on disk files.
B. Programs do not make mathematical errors.
C. Programs are kept up to date and perform as intended.
D. No one has made use of the computer hardware for personal reasons.
98. In order to control purchasing and accounts payable on information system must include
A. Purchase order, receiving reports, and vendor invoices.
B. Receiving reports and vendor invoices.
C. Purchase requisitions, purchase orders, receiving reports of goods needed, and vendor
invoices.
D. Purchase orders, receiving reports, and inventory reports of goods needed.
99. Which of the following is not an inherent characteristic of customized application software?
A. They are typically used without modifications of the programs.
B. The programs are tailored-made according to the specific needs of the user.
C. They are developed by software manufacturer according to a particular user’s
specifications.
D. It takes a longer time of implementation.
100. Payroll systems should have elaborate controls to prevent, detect, andcorrect errors
and authorized tampering. The best set of controls for a payroll system includes
A. batch and hash totals, record counts of each run, proper separation of duties, special
control over unclaimed checks, and backup copies of activities and master files.
B. passwords and user codes, batch totals, employee supervision and record count of each
run.
C. sign tests, limit tests, passwords and user codes, on-line edit check, and payments by
check.
D. batch totals, record counts, user codes, proper separation of duties, and on-line edit
checks.
101. Some of the more important controls that relate to automated accounting information
systems are validity checks, limit checks, field checks, and sign tests. These are classified as
A. Control total validation routines.
B. Output controls.
C. Input validation routines.
 D. Data access validation routines.
102. In an automated payroll processing environment, a department manager substituted
the time card for a terminated employee with a time card fora fictitious employee. The fictitious
employee had the same pay rate and hours worked as the terminated employee. The best
control technique to detect this action using employee identification numbers would be a
A. Batch total.
B. Hash total.
C. Record count.
D. Subsequent check.
103. An employee in the receiving department keyed in a shipment from a remote terminal
and inadvertently omitted the purchase order number. The best systems control to detect this
error would be
A. Batch total
B. Sequence check
C. Compatibility test
D. Completeness test
104. The reporting of accounting information plays a central role in the regulation of business
operations. Preventive controls are an integral part of virtually all accounting processing
systems, and much of the information generated by the accounting system is used for
preventive control purposes. Which one of the following is not an essential element of a sound
preventive control system?
A. Separation of responsibilities for the recording, custodial, and authorization functions.
B. Sound personnel policies.
C. Documentation of policies and procedures.
D. Implementation of state-of-the-art software and hardware.
105. Which one of the following input validation routines is not likely to be appropriate in a
real time operation?
A. Filed check
B. Sequence check
C. Redundant data check
D. Reasonableness check
106. Which of the following controls is a processing control designed to ensure the reliability
and accuracy of data processing?
Limit Test Validity Check Test
A. Yes Yes
B. No No
C. No Yes
D. Yes No
107. For control purposes, which of the following should be organizationally segregated from
the computer operations function?
A. Data conversion
B. Surveillance of CRT messages
 C. Systems development
D. Minor maintenance according to a schedule
108. When EDP programs or files can be accessed from terminals, users should be required
to enter a (an)
A. Parity check
B. Personal identification code
C. Self-diagnostic test
D. Echo check
109. An auditor would most likely be concerned with which of the following controls in a
distributed data processing system?
A. Hardware controls
B. System documentation controls
C. Access controls
D. Disaster recovery controls
110. Which of the following standards or group of standards is (are) mostly affected by a
computerized information system environment?
A. General standards
B. Standards of fieldwork
C. Reporting standards
D. All of these are equally affected
111. A control feature in an electronic data processing system requires the central processing
unit (CPU) to send signal to the printer to activate the print mechanism for each character. The
print mechanism, just prior to printing, sends a signal back to the CPU verifying that the proper
print position has been activated. This type of hardware control is referred to as
A. Echo check.
B. Validity control.
C. Signal control.
D. Check digit control.
112. Which of the following is an example of a check digit?
A. An agreement of the total number of employees to the total number of check printed by
the computer.
B. An algebraically determined number produced by the other digits of the employee
number.
C. A logic test that ensures all employee numbers are nine digits.
D. A limit check that an employee’s hours do not exceed 50 hours per work week.
113. A customer erroneously ordered Item No.86321 rather than Item No. 83621. When this
order is processed, the vendor’s EDP department would identify the error with what type of
control?
A. Key verifying
B. Self-checking digit
C. Batch total
D. Item inspection
114. In an automated payroll system, all employees in the finishing department were paid at
the rate of P75 per hour when the authorized rate was P70 per hour. Which of the following
controls would have been most effective in preventing such error?
A. Access controls which would restrict the personnel department’s access to the payroll
master file data.
B. A review of all authorized pay rate changes by the personnel department.
C. The use of batch control totals by department.
D. A limit test that compares the pay rates per department with the maximum rate for all
employees.
115. Which of the following errors would be detected by batch controls?
A. A fictitious employee as added to the processing of the weekly time cards by the
computer operator.
B. An employee who worked 5 hours in the week was paid for 50 hours.
C. The time cad for one employee was not processed because it was lost in transit between
the payroll department and the data entry function.
D. All of the above.
116. After the preliminary phase of the review of a client’s EDP controls, an auditor may
decide not to perform tests of controls (compliance tests) related to the control procedures
within the EDP portion of the client’s internal control structure. Which of the following would
not be a valid reason for choosing to omit such tests?
A. The controls duplicate operative controls existing elsewhere in the structure.
B. There appear to be major weaknesses that would preclude reliance on the stated
procedure.
C. The time and costs of testing exceed the time and costs in substantive testing if the tests
of controls show the controls to be operative.
D. The controls appear adequate.
117. To obtain evidence that user identification and password control procedures are
functioning as designed, an auditor would most likely
A. Attempt to sign on the system using valid user identifications and passwords.
B. Write a computer program that simulates the logic of the client’s access control
software.
C. Extract a random sample of processed transactions and ensure that the transactions
were appropriately authorized.
D. Examine statements signed by employees stating that they have not divulged their user
identifications and passwords to any other person.
118. A well prepared flowchart should make it easier for the auditor to
A. Prepare audit procedure manuals.
B. Prepare detailed job descriptions.
C. Trace the origin and disposition of documents.
D. Assess the degree of accuracy of financial data.
119. Testing controls without the use of the computer is possible when the:
A. Computer generates visible evidence of compliance with the control.
 B. Auditor does not fully understand the computer system.
C. Controls appear to be adequate.
D. Input/output is done in batches.
120. Which of the following audit techniques most likely would provide an auditor with the
most assurance about the effectiveness of the operation of an internal control procedure?
A. Inquiry of client personnel
B. Recomputation of account balance amounts
C. Observation of client personnel
D. Confirmation with outside parties
121. Creating simulated transactions that are processed through a system to generate results
that are compared with predetermined results, is an auditing procedure referred to as:
A. desk checking.
B. use of test data.
C. completing outstanding jobs.
D. parallel simulation.
122. Which of the following is least likely a risk characteristic associated with CIS
environment?
A. Error embedded in an application's program logic maybe difficult to manually detect on
a timely basis.
B. The separation of functional responsibilities diminishes in a computerized environment.
C. Initiation of changes in the master file is exclusively handled by respective users.
D. The potential unauthorized access to data or to alter them without visible evidence
maybe greater.
123. Which of the following is an incorrect statement regarding testing strategies related to
auditing through the computer?
A. The test data approach involves processing the client's data on a test basis to
determine the integrity of the system.
B. The test data approach involves processing the auditor's test data on the client's
computer system to determine whether computer performed controls are working
properly.
C. Test data should include all relevant data conditions that the auditor is interested in
testing.
D. When the auditor uses the embedded audit module approach, an audit module is
inserted in the client‘s system to capture transactions with certain characteristics.
124. Which of the following is not one of the auditor's major concerns when he has to make
a documentation of the internal control in a computerized environment?
A. The organizational structure of the client's CIS activities.
B. The access controls.
C. The significance and complexity of computer processing in each significant accounting
application.
D. The use of software packages instead of customized software.
125. An auditor is preparing test data for use in the audit of a computer- based accounts
receivable application. Which of the following items would be appropriate to include as an item
in the test data?
A. A transaction record which contains an incorrect master file control total.
B. A master file record which contains an invalid customer identification number.
C. A master file record which contains an incorrect master file control total.
D. A transaction record which contains an invalid customer identification number.
126. If an auditor is using test data in a client's computer system to test the integrity of the
systems output, which of the following types of controls is the auditor testing?]
A. General controls
B. User controls
C. Quantitative test controls
D. Application controls
127. Which of the following is not a function of generalized audit software?
A. To aid in the random selection of transactions tor substantive testing.
B. To run in parallel with the clients application software and compare the output.
C. To test the mathematical accuracy by footing and cross—foot ‘items in the accounting
system.
D. To keep an independent log of access to the computer application software.
128. Which of the following is not a computer—assisted audit technique?
A. Test data
B. Tagging and lagging
C. Integrated test facility
D. Program analysis
129. When auditing around the computer the auditor performs tests of
A. general computer controls but does not test application computer controls.
B. application computer controls but does not test general computer controls.
C. neither general nor application computer controls.
D. both general and application computer controls.
130. A common difficulty in auditing a computerized accounting system is:
A. data can be erased from the computer, with no visible evidence.
B. because of the lack of an audit trail, computer systems have weaker controls and more
substantive testing is required.
C. because of the uniform nature of transaction processing computer systems have strong
controls and less substantive testing is required.
D. the large dissemination of entry points into the computer system leads to weak overall
reliance on information generated by a computer.
131. In auditing through a computer, the test data method is used by auditors to test the
A. accuracy of input data.
B. validity of the output.
C. procedures contained within the program.
D. normalcy of distribution of test data.
132. An integrated test facility (ITF) would be appropriate when the auditor needs to
A. trace a complex logic path through an application system.
B. verify processing accuracy concurrently with processing.
C. monitor transactions in an application system continuously.
D. verify load module integrity for production programs.
133. The auditor's objective to determine. whether the client’s computer programs can
correctly handle valid and invalid transactions as they arise is accomplished through the:
A. test data approach.
B. generalized audit software approach
C. microcomputer-aided auditing approach.
D. generally accepted auditing standards.
134. Which of the following is a disadvantage of the integrated test facility approach?
A. In establishing fictitious entities, the auditor may be compromising audit independence.
B. Removing the fictitious transactions from the system is somewhat difficult and, if not
done carefully, may contaminate the client's files.
C. ITF is simply an automated version of auditing "around" the computer.
D. The auditor may not always have a current copy of the authorized version of the client's
program.
135. When testing a computerized accounting system, which of the following is not true of
the test data approach?
A. The test data need consist of only those valid and invalid conditions in which the auditor
is interested.
B. Only one transaction of each type need be tested.
C. Test data are processed by the client's computer programs under the auditor's control.
D. The test data-must consist of all possible valid and invalid conditions.
136. Which of the following procedures is an example of auditing "around" the computer?
A. The auditor traces adding machine tapes of sales order batch totals to a computer
printout of the sales journal.
B. The auditor develops a set of hypothetical sales transactions and, using the client's
computer program, enters the transactions into the system and observes the processing
flow.
C. The auditor enters hypothetical transactions into the client‘s processing system during
client processing of live data.
D. The auditor observes client personnel as they process the biweekly payroll. The auditor
is primarily concerned with computer rejection of data that fails to meet reasonableness
limits.
137. Auditing by testing the input and output of a computer-based system instead of the
computer program itself will
A. not detect program errors which do not show up in the output sampled.
B. detect all program errors regardless of the nature of the output.
C. provide the auditor with the same type of evidence.
D. not provide the auditor with confidence in the results of the auditing procedures.
138. Which of the following is an acknowledged risk of using test data when auditing
computerized records?
A. The test data may not include all possible types of transactions.
B. The computer may not process a simulated transaction in the same way it would an
identical actual transaction.
C. The method cannot be used with simulated master records.
D. Test data may be useful in verifying the correctness of account balances, but not in
determining the presence of processing controls.
139. An auditor used test data to verify the existence of controls in a certain computer
program. Even though the program performed well on the test, the auditor may still have a
concern that
A. the program tested is the same one used in the regular production runs.
B. generalized audit software may have been a better tool to use.
C. data entry procedures may change and render the test useless.
D. no documentation exists for the program.
140. An auditor most likely would introduce test data into a computerized payroll system to
test internal controls related to the
A. existence of unclaimed payroll checks held by supervisors.
B. early cashing of payroll checks by employees.
C. discovery of invalid employee lD numbers.
D. proper approval of overtime by supervisors.
141. When an auditor tests a computerized accounting system, which of the following is true
of the test data approach?
A. Test data must consist of all possible valid and invalid conditions.
B. The program tested is different from the program used throughout the year by the
client.
C. Several transactions of each type must be tested.
D. Test data are processed by the client's computer programs under the auditor's control.
142. Which of the following is not among the errors that an auditor might include in the test
data when auditing a client’s EDP system?
A. Numeric characters in alphanumeric fields
B. Authorized code
C. Differences in description of units of measure
D. Illogical entries in fields whose logic is tested by programmed consistency checks
143. An auditor who is testing EDP controls in a payroll system would most likely use test
data that contain conditions such as
A. deductions not authorized by employees.
B. overtime not approved by supervisors
C. time tickets with invalid job numbers.
D. payroll checks with unauthorized signatures.
144. Which of the following computer-assisted auditing techniques allows fictitious and real
transactions to be processed together without client operating personnel being aware of the
testing process?
A. Integrated test facility
B. Input controls matrix
C. Parallel simulation
D. Data entry monitor
145. Which of the following methods of testing application controls utilizes a generalized
audit software package prepared by the auditors?
A. Parallel simulation
B. Integrated testing facility approach
C. Test data approach
D. Exception report tests
146. Test data, integrated test data and parallel simulation each require an auditor to
prepare data and computer programs. CPA‘s who lack either the technical expertise or time to
prepare programs should request from the manufacturers or EDP consultants for
A. the program Code.
B. flowchart checks.
C. generalized audit software.
D. application controls.
147. Parallel simulation is an audit technique employed to verify processing logic by making
use of audit test programs. These audit test programs '‘simulate‘‘ the processing logic of an
application program or programs under review. Which statement indicates the use of parallel
simulation audit technique?
A. Live transactions are processed using live programs.
B. Live transactions are processed with test master file.
C. Test transactions are processed using test programs.
D. Live transactions are processed using test programs.
148. The output at a parallel simulation should always be
A. printed on a report.
B. compared with actual results manually
C. compared with actual results using a comparison program.
D. reconciled to actual processing output.
149. In auditing through the computer, actual client data is used with:
A. integrated test facility.
B. the test data approach.
C. parallel simulation.
D. an expert system.
150. Assume that an auditor estimated that 10,000 checks were issued during the accounting
period. If an application control that performs a limit for each check request is to be subjected
to the auditor's test-data approach, the sample should include
A. approximately 1,009 test items.
B. a number of test items determined by the auditor to be sufficient under the
circumstances.
C. a number of test items determined by the auditor's reference to the appropriate
sampling tables.
D. one transaction
 Suggested Answer
Module 7
Computerized Environment

1. D 39. C 77. D 115. D

2. A 40. A 78. A 116. D
3. C 41. A 79. B 117. A
4. D 42. D 80. D 118. C
5. B 43. B 81. B 119. A
6. C 44. B 82. D 120. C
7. C 45. B 83. C 121. B
8. B 46. C 84. C 122. C
9. B 47. B 85. B 123. A
10. B 48. A 86. B 124. D
11. B 49. D 87. D 125. D
12. C 50. A 88. B 126. D
13. A 51. A 89. B 127. D
14. D 52. A 90. A 128. B
15. B 53. C 91. B 129. C
16. B 54. C 92. B 130. A
17. D 55. C 93. B 131. C
18. A 56. D 94. B 132. B
19. B 57. D 95. A 133. A
20. B 58. C 96. A 134. B
21. D 59. D 97. C 135. D
22. B 60. C 98. C 136. A
23. B 61. A 99. A 137. A
24. D 62. D 100. A 138. A
25. A 63. D 101. C 139. A
26. B 64. A 102. B 140. C
27. A 65. C 103. D 141. D
28. C 66. A 104. D 142. A
29. C 67. A 105. B 143. C
30. D 68. A 106. A 144. A
31. C 69. D 107. C 145. A
32. C 70. A 108. B 146. C
33. C 71. A 109. C 147. D
34. C 72. D 110. B 148. B
35. D 73. A 111. A 149. C
36. B 74. C 112. B 150. D
37. C 75. D 113. B
38. B 76. B 114. D