ST. MARY’S COLLEGE OF TAGUM, INC.

HIGHER EDUCATION DEPARTMENT

PrE 5 – AUDITING IN CIS ENVIRONMENT Quennie Sandra N. Dosdos, CPA

SY 2020-2021 Midterm Exam

NAME: SCORE:
_________________________________________________________________________________________
GENERAL INSTRUCTION: AVOID ERASURES AND PROVIDE THE ANSWERS AS REQUIRED BY THE
PROBLEMS.

TEST I. IDENTIFICATION. Identify the correct answers to the following questions, write your
answers on the answer sheet provided. (2 points each)
Topic: Internal controls n CIS Environment and Approach to AUditinf CIS Envi
1. It is an essential prerequisite for efficient and effective management of any organozation/ (Internal
control)
2. It is said to be a set of activities designed to prevent, detect, or correct errors or irregularities that
affect the reliability of the components.. -Control
3. They attempt to ensure the ongoing availability of all system resources. Existence controls
4. Exercised tp verify the identity of the individuals or process involved in a system. Authenticity Controls
5. These are designed to control the operation of the system and to provide reasonable assurance that
the systems are used for authorized purposes only. Computer operation controls
6. Ensure traceability of all events occurred in a system. Audit trail controls
7. The approach to auditing in a CIS environment where it states that the auditor must have sufficient
knowledge of the computer information systems to plan, direct, and supervise control and review of
the work performed. -Skill and competence
8. It states that the auditor should obtain an understanding of the significance and compkexity of the CIS
Acitivities and the availability of the data for the use in the audit. -PLanning
9. It is a process where the auditor should make an assessment of inherent and control risk for material
financial statement assertions. Risk Assessment
10. Ensure the correctness of data and processes in a system. Accuracy control

TEST II. MULTIPLE CHOICE. WRITE THE LETTER OF THE CORRECT ANSWER.
1-10 CAATS

1. The applications of auditing procedures using the computer as an audit tool refer to
a. Integrated test facility c. Auditing through the computer
b. Data-based management system d. Computer assisted audit techniques
2. Which statement is incorrect regarding CAATs?
a. CAATs are often an efficient means of testing a large number of transactions or controls over large
populations.
b. To ensure appropriate control procedures, the presence of the auditor is not necessarily required at the
computer facility during the running of a CAAT.
c. The general principles outlined in PAPS 1009 apply in small entity IT environments.
d. Where smaller volumes of data are processed, the use of CAATs is more cost effective.
3. Consists of generalized computer programs designed to perform common audit tasks or standardized data
processing functions.
a. Package or generalized audit software c. Utility programs
b. Customized or purpose-written programs d. System management programs
4. Audit automation least likely include
a. Expert systems.
b. Tools to evaluate a client’s risk management procedures.
c. Manual working papers.
d. Corporate and financial modeling programs for use as predictive audit tests.

5. Compatibility tests are sometimes employed to determine whether an acceptable user is allowed to proceed. In
order to perform compatibility tests, the system must maintain an access control matrix. The one item that is not
part of an access control matrix is a
a. List of all authorized user code numbers and passwords.
b. List of all files maintained on the system.
c. Record of the type of access to which each user is entitled.
 d. Limit on the number of transaction inquiries that can be made by each user in a specified time period.
6. Which of the following characteristics distinguishes computer processing from manual processing?
a. Computer processing virtually eliminates the occurrence of computational error normally associated with
manual processing.
b. Errors or irregularities in computer processing will be detected soon after their occurrences.
c. The potential for systematic error is ordinarily greater in manual processing than in computerized processing.
d. Most computer systems are designed so that transaction trails useful for audit do not exist.
7. In an automated payroll system, all employees in the finishing department were paid the rate of P75 per hour
when the authorized rate was P70 per hour. Which of the following controls would have been most effective in
preventing such an error?
a. Access controls which would restrict the personnel department’s access to the payroll master file data.
b. A review of all authorized pay rate changes by the personnel department.
c. The use of batch control totals by department.
d. A limit test that compares the pay rates per department with the maximum rate for all employees.
8. Which of the following controls most likely would assure that an entity can reconstruct its financial records?
a. Hardware controls are built into the computer by the computer manufacturer.
b. Backup diskettes or tapes of files are stored away from originals.
c. Personnel who are independent of data input perform parallel simulations.
d. System flowcharts provide accurate descriptions of input and output operations.
9. Which of the following statements most likely represents a disadvantage for an entity that keeps microcomputer-
prepared data files rather than manually prepared files?
a. Attention is focused on the accuracy of the programming process rather than errors in individual
transactions.
b. It is usually easier for unauthorized persons to access and alter the files.
c. Random error associated with processing similar transactions in different ways is usually greater.
d. It is usually more difficult to compare recorded accountability with physical count of assets.
10. The use of generalized audit software package
a. Relieves an auditor of the typical tasks of investigating exceptions, verifying sources of information, and
evaluating reports.
b. Is a major aid in retrieving information from computerized files.
c. Overcomes the need for an auditor to learn much about computers.
d. Is a form of auditing around the computer.
11. When an auditor tests a computerized accounting system, which of the following is true of the test data
approach?
a. Test data must consist of all possible valid and invalid conditions.
b. The program tested is different from the program used throughout the year by the client.
c. Several transactions of each type must be tested.
d. Test data are processed by the client’s computer programs under the auditor’s control.
12. Which of the following is not a characteristic of a batch processed computer system?
a. The collection of like transactions which are sorted and processed sequentially against a master file.
b. Keypunching of transactions, followed by machine processing.
c. The production of numerous printouts.
d. The posting of a transaction, as it occurs, to several files, without immediate printouts.
13. Internal control is ineffective when computer department personnel
a. Participate in computer software acquisition decisions.
b. Design documentation for computerized systems.
c. Originate changes in master file.
d. Provide physical security for program files.
14. In a computerized system, procedure or problem-oriented language is converted to machine language through
a(an)
a. Interpreter b. Verifier c. Compiler d. Converter
15. A customer erroneously ordered Item No. 86321 rather than item No. 83621. When this order is processed, the
vendor’s EDP department would identify the error with what type of control?
a. Key verifying c. Batch total
b. Self-checking digit d. Item inspection
16-20 Database Systems
16. Generalized audit software is a computer-assisted audit technique. It is one of the widely used technique for
auditing computer application systems. Generalized audit software is most often used to
a. Verify computer processing.
 b. Process data fields under the control of the operation manager.
c. Independently analyze data files.
d. Both a and b.
17. From an audit viewpoint, which of the following represents a potential disadvantage associated with the
widespread use of microcomputers?
a. Their portability.
b. Their ease of access by novice users.
c. Their easily developed programs using spreadsheets which do not have to be documented.
d. All of the above.
18. Which of the following functions would have the least effect on an audit if it was not properly segregated?
a. The systems analyst and the programmer functions.
b. The computer operator and programmer functions.
c. The computer operator and the user functions.
d. The applications programmer and the systems programmer.
19. To obtain evidence that user identification and password control procedures are functioning as designed, an
auditor would most likely
a. Attempt to sign on to the system using invalid user identifications and passwords.
b. Write a computer program that simulates the logic of the client’s access control software.
c. Extract a random sample of processed transactions and ensure that the transactions were appropriately
authorized.
d. Examine statements signed by employees stating that they have not divulged their user identifications and
passwords to any other person.
20. Database administration tasks typically include
I. Defining the database structure.
II. Maintaining data integrity, security and completeness.
III. Coordinating computer operations related to the database.
IV. Monitoring system performance.
V. Providing administrative support.
a. All of the above b. All except I c. II and V only d. II, III and V only

TEST III. Enumeration

1. Give the (9) effects of computers on Internal Controls

a. Separation of duties
b. Delegation of Authority and Responsibility
c. Competent and Trustworthy Personnel
d. System of Authorization
e. Adequate documents and records
f. Physical control over assets and records
g. Adequate Management Supervision
h. Independent Checks on Performance
i. Comparing recorded Accountability with Assets
2. Enumerate the (2) Effects of Computers on Auditing
a. Changes to evidence collection
b. Changes to evidence evaluation

3. The (4) basic components that can be identified in a CIS environment are:
a. Hardware
b. Software
c. People
d. Transmission media

4. In a computer system, many different types of controls are used to enhance component reliability.
What are the (10) Major classes of control that the auditor must evaluate?
a. Authenticity controls
b. Accuracy controls
c. Completeness controls
d. Redundancy control
e. Privacy controls
f. Audit trail controls
g. Existence controls
h. Asset safeguarding controls
 i. Effectiveness controls
j. Efficiency controls
TEST IV. ESSAY

Part 1. Explain the use of CAATs in the CIS Envvironment. (10 pts)

Part 2. Differentiate efficiency vs. effectiveness. (5 pts)

In using CAATs, how was it effective? (5 pts) How was it efficient? (5 pts)

“You were born to win. But to be a winner, you must plan to

win,prepare to win and expect to win.”

ANSWER SHEET
Name: Date: Score:

TEST
TESTI III
1.
1a
2.
1b
3.
1c
4.
1d
5.
6.
1e
7.
1f
8.
1g
9.
1h
10.
1i
2a
2b
3a
3b
3c TEST II
1.
3d
2.
4a
3.
4b
4.
4c
5.
4d
6.
7.
4e
8.
4f
9.
4g
10.
4h
11.
4i
12.
13.
4j
14.
15.
16.
17.
18.
19.
20.
TEST IV.

Part 1.

Part 2.