Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
59 Cards in this Set
- Front
- Back
- 3rd side (hint)
|
Which statement is incorrect when auditing in a CIS environment?
|
a. A CIS environment exists when a computer of any type or size is involved in the processing by the entity of financial information of significance to the audit, whether that computer is operated by the entity or by a third party.
b. The auditor should consider how a CIS environment affects the audit. c. The use of a computer changes the processing, storage and communication of financial information and may affect the accounting and internal control systems employed by the entity. d. A CIS environment changes the overall objective and scope of an audit. |
d
|
|
|
Which of the following standards or group of standards is mostly affected by a computerized information system environment?
|
a. General standards
b. Reporting standards c. Second standard of field work d. Standards of fieldwork |
d
|
|
|
Which of the following is least considered if the auditor has to determine whether specialized CIS skills are needed in an audit?
|
a. The auditor needs to obtain a sufficient understanding of the accounting and internal control system affected by the CIS environment.
b. The auditor needs to determine the effect of the CIS environment on the assessment of overall risk and of risk at the account balance and class of transactions level. c. Design and perform appropriate tests of controls and substantive procedures. d. The need of the auditor to make analytical procedures during the completion stage of audit. |
d
|
|
|
Which of the following least likely indicates a complexity of computer processing?
|
a. Transactions are exchanged electronically with other organizations without manual review of their propriety.
b. The volume of the transactions is such that users would find it difficult to identify and correct errors in processing. c. The computer automatically generates material transactions or entries directly to another applications. d. The system generates a daily exception report. |
d
|
|
|
It relates to materiality of the financial statement assertions affected by the computer processing.
|
Significance
|
|
|
|
The nature of the risks and the internal characteristics in CIS environment that the auditors are mostly concerned include the following except:
|
a. Lack of segregation of functions.
b. Lack of transaction trails. c. Dependence of other control over computer processing. d. Cost-benefit ratio. |
d
|
|
|
Which of the following is least likely a risk characteristic associated with CIS environment?
|
a. Errors embedded in an application’s program logic maybe difficult to manually detect on a timely basis.
b. Many control procedures that would ordinarily be performed by separate individuals in manual system maybe concentrated in CIS. c. The potential unauthorized access to data or to alter them without visible evidence maybe greater. d. Initiation of changes in the master file is exclusively handled by respective users. |
d
|
|
|
Which of the following significance and complexity of the CIS activities should an auditor least understand?
|
a. The organizational structure of the client’s CIS activities.
b. Lack of transaction trails. c. The significance and complexity of computer processing in each significant accounting application. d. The use of software packages instead of customized software. |
d
|
|
|
Which statement is correct regarding personal computer systems?
|
a. Personal computers or PCs are economical yet powerful self-contained general purpose computers consisting typically of a central processing unit (CPU), memory, monitor, disk drives, printer cables and modems.
b. Programs and data are stored only on non-removable storage media. c. Personal computers cannot be used to process accounting transactions and produce reports that are essential to the preparation of financial statements. d. Generally, CIS environments in which personal computers are used are the same with other CIS environments. |
a
|
|
|
A personal computer can be used in various configurations, including
|
a. A stand-alone workstation operated by a single user or a number of users at different times.
b. A workstation which is part of a local area network of personal computers. c. A workstation connected to a server. d. All of the above |
d
|
|
|
Which statement is incorrect regarding personal computer configurations?
|
a. The stand-alone workstation can be operated by a single user or a number of users at different times accessing the same or different programs.
b. A stand-alone workstation may be referred to as a distributed system. c. A local area network is an arrangement where two or more personal computers are linked together through the use of special software and communication lines. d. Personal computers can be linked to servers and used as part of such systems, for example, as an intelligent on-line workstation or as part of a distributed accounting system. |
b
|
|
|
Which of the following is the least likely characteristic of personal computers?
|
a. They are small enough to be transportable.
b. They are relatively expensive. c. They can be placed in operation quickly. d. The operating system software is less comprehensive than that found in larger computer environments |
b
|
|
|
Which of the following is an inherent characteristic of software package?
|
a. They are typically used without modifications of the programs.
b. The programs are tailored-made according to the specific needs of the user. c. They are developed by software manufacturer according to a particular user’s specifications. d. It takes a longer time of implementation. |
a
|
|
|
Which of the following is not normally a removable storage media?
|
a. Compact disk
b. Tapes c. Diskettes d. Hard disk |
d
|
|
|
It is a computer program (a block of executable code) that attaches itself to a legitimate program or data file and uses its as a transport mechanism to reproduce itself without the knowledge of the user.
|
Virus
|
|
|
|
Which statement is incorrect regarding internal control in personal computer environment?
|
a. Generally, the CIS environment in which personal computers are used is less structured than a centrally-controlled CIS environment.
b. Controls over the system development process and operations may not be viewed by the developer, the user or management as being as important or cost-effective. c. In almost all commercially available operating systems, the built-in security provided has gradually increased over the years. d. In a typical personal computer environment, the distinction between general CIS controls and CIS application controls is easily ascertained. |
d
|
|
|
Personal computers are susceptible to theft, physical damage, unauthorized access or misuse of equipment. Which of the following is least likely a physical security to restrict access to personal computers when not in use?
|
a. Using door locks or other security protection during non-business hours.
b. Fastening the personal computer to a table using security cables. c. Locking the personal computer in a protective cabinet or shell. d. Using anti-virus software programs. |
d
|
|
|
Which of the following is not likely a control over removable storage media to prevent misplacement, alteration without authorization or destruction?
|
a. Using cryptography, which is the process of transforming programs and information into an unintelligible form.
b. Placing responsibility for such media under personnel whose responsibilities include duties of software custodians or librarians. c. Using a program and data file check-in and check-out system and locking the designated storage locations. d. Keeping current copies of diskettes, compact disks or back-up tapes and hard disks in a fireproof container, either on-site, off-site or both. |
a
|
|
|
Which of the following least likely protects critical and sensitive information from unauthorized access in a personal computer environment?
|
a.
Using secret file names and hiding the files. b. Keeping of back up copies offsite. c. Employing passwords. d. Segregating data into files organized under separate file directories. |
b
|
|
|
It refers to plans made by the entity to obtain access to comparable hardware, software and data in the event of their failure, loss or destruction.
|
Back-up
|
|
|
|
The effect of personal computers on the accounting system and the associated risks will least likely depend on
|
a. The extent to which the personal computer is being used to process accounting applications.
b. The type and significance of financial transactions being processed. c. The nature of files and programs utilized in the applications. d. The cost of personal computers. |
d
|
|
|
The auditor may often assume that control risk is high in personal computer systems since , it may not be practicable or cost-effective for management to implement sufficient controls to reduce the risks of undetected errors to a minimum level. This least likely entail
|
a. More physical examination and confirmation of assets.
b. More analytical procedures than tests of details. c. Larger sample sizes. d. Greater use of computer-assisted audit techniques, where appropriate. |
b
|
|
|
computer system that enable users to access data and programs directly through workstations are referred to as
|
On-line computer systems
|
|
|
|
On-line systems allow users to initiate various functions directly. Such functions include:
I. Entering transactions III. Requesting report II. Making inquiries IV. Updating master files |
a. I, II, III and IV b. I and II c. I, II and III d. I and IV |
a
|
|
|
Many different types of workstations may be used in on-line computer systems. The functions performed by these workstations least likely depend on their
|
a. Logic
b. Transmission c. Storage d. Cost |
d
|
|
|
Types of workstations include General Purpose Terminals and Special Purpose Terminals. Special Purpose Terminals include
|
Point of sale devices
|
|
|
|
Special Purpose Terminal used to initiate, validate, record, transmit and complete various banking transactions
|
Automated teller machines
|
|
|
|
Which statement is incorrect regarding workstations?
|
a. Workstations may be located either locally or at remote sites.
b. Local workstations are connected directly to the computer through cables. c. Remote workstations require the use of telecommunications to link them to the computer. d. Workstations cannot be used by many users, for different purposes, in different locations, all at the same time. |
d
|
|
|
On-line computer systems may be classified according to
|
a. How information is entered into the system.
b. How it is processed. c. When the results are available to the user. d. All of the above. |
d
|
|
|
In an on-line/real time processing system
|
Individual transactions are entered at workstations, validated and used to update related computer files immediately.
|
|
|
|
It combines on-line/real time processing and on-line/batch processing.
|
On-Line/Memo Update (and Subsequent Processing)
|
|
|
|
It is a communication system that enables computer users to share computer equipment, application software, data and voice and video transmissions.
|
Network
|
|
|
|
A type of network that multiple buildings are close enough to create a campus, but the space between the buildings is not under the control of the company is
|
Metropolitan Area Network (MAN)
|
|
|
|
Which of the following is least likely a characteristic of Wide Area Network (WAN)?
|
a. Created to connect two or more geographically separated LANs.
b. Typically involves one or more long-distance providers, such as a telephone company to provide the connections. c. WAN connections tend to be faster than LAN. d. Usually more expensive than LAN. |
c
|
|
|
Gateway is
|
A hardware and software solution that enables communications between two dissimilar networking systems or protocols.
|
|
|
|
A device that works to control the flow of data between two or more network segments
|
Router
|
|
|
|
The undesirable characteristics of on-line computer systems least likely include
|
a. Data are usually subjected to immediate validation checks. b. Unlimited access of users to all of the functions in a particular application. c. Possible lack of visible transaction trail. d. Potential programmer access to the system. |
a
|
|
|
Certain general CIS controls that are particularly important to on-line processing least likely include
|
a. Access controls.
b. System development and maintenance controls. c. Edit, reasonableness and other validation tests. d. Use of anti-virus software program. |
c
|
|
|
Certain CIS application controls that are particularly important to on-line processing least likely include
|
a. Pre-processing authorization.
c. Transaction logs. b. Cut-off procedures. d. Balancing. |
c
|
|
|
Risk of fraud or error in on-line systems may be reduced in the following circumstances, except
|
a. If on-line data entry is performed at or near the point where transactions originate, there is less risk that the transactions will not be recorded.
b. If invalid transactions are corrected and re-entered immediately, there is less risk that such transactions will not be corrected and re-submitted on a timely basis. c. If data entry is performed on-line by individuals who understand the nature of the transactions involved, the data entry process may be less prone to errors than when it is performed by individuals unfamiliar with the nature of the transactions. d. On-line access to data and programs through telecommunications may provide greater opportunity for access to data and programs by unauthorized persons. |
d
|
|
|
The following matters are of particular importance to the auditor in an on-line computer system, except
|
a. Authorization, completeness and accuracy of on-line transactions.
b. Integrity of records and processing, due to on-line access to the system by many users and programmers. c. Changes in the performance of audit procedures including the use of CAAT's. d. Cost-benefit ratio of installing on-line computer system. |
d
|
|
|
A collection of data that is shared and used by a number of different users for different purposes
|
Database
|
|
|
|
Which of the following is least likely a characteristic of a database system?
|
a. Individual applications share the data in the database for different purposes. b. Separate data files are maintained for each application and similar data used by several applications may be repeated on several different files. c. A software facility is required to keep track of the location of the data in the database. d. Coordination is usually performed by a group of individuals whose responsibility is typically referred to as "database administration." |
b
|
|
|
Database administration tasks typically include
I. Defining the database structure. II. Maintaining data integrity, security and completeness. III. Coordinating computer operations related to the database. IV. Monitoring system performance. V. Providing administrative support. |
a. All of the above
b. All except I c. II and V only d. II, III and V only |
a
|
|
|
Due to data sharing, data independence and other characteristics of database systems
|
General CIS controls normally have a greater influence than CIS application controls on database systems. |
|
|
|
Which statement is incorrect regarding the general CIS controls of particular importance in a database environment?
|
a. Since data are shared by many users, control may be enhanced when a standard approach is used for developing each new application program and for application program modification.
b. Several data owners should be assigned responsibility for defining access and security rules, such as who can use the data (access) and what functions they can perform (security). c. User access to the database can be restricted through the use of passwords. d. Responsibilities for performing the various activities required to design, implement and operate a database are divided among technical, design, administrative and user personnel. |
b
|
|
|
These require a database administrator to assign security attributes to data that cannot be changed by database users.
|
Mandatory access controls |
|
|
|
A discretionary access control wherein users are permitted or denied access to data resource depending on the time series of accesses to and actions they have undertaken on data resources.
|
History-dependent restriction
|
|
|
|
The effect of a database system on the accounting system and the associated risks will least likely depend on:
|
a. The extent to which databases are being used by accounting applications. b. The type and significance of financial transactions being processed. c. The nature of the database, the DBMS, the database administration tasks and the applications. d. The CIS application controls. |
d
|
|
|
Audit procedures in a database environment will be affected principally by
|
a. The extent to which the data in the database are used by the accounting system.
b. The type and significance of financial transactions being processed. c. The nature of the database, the DBMS, the database administration tasks and the applications. d. The general CIS controls which are particularly important in a database environment. |
a
|
|
|
Which statement is incorrect regarding the characteristics of a CIS organizational structure?
|
a. Certain data processing personnel may be the only ones with a detailed knowledge of the interrelationship between the source of data, how it is processed and the distribution and use of the output.
b. Many conventional controls based on adequate segregation of incompatible functions may not exist, or in the absence of access and other controls, may be less effective. c. Transaction and master file data are often concentrated, usually in machine-readable form, either in one computer installation located centrally or in a number of installations distributed throughout an entity. d. Systems employing CIS methods do not include manual operations since the number of persons involved in the processing of financial information is significantly reduced. |
d
|
|
|
System characteristics that may result from the nature of CIS processing include, except
|
a. Absence of input documents. b. Lack of visible transaction trail. c. Lack of visible output. d. Difficulty of access to data and computer programs. |
d
|
|
|
The development of CIS will generally result in design and procedural characteristics that are different from those found in manual systems. These different design and procedural aspects of CIS include, except:
|
a. Consistency of performance.
b. Programmed control procedures. c. Vulnerability of data and program storage media d. Multiple transaction update of multiple computer files or databases. |
d
|
|
|
Which statement is incorrect regarding internal controls in a CIS environment?
|
a. Manual and computer control procedures comprise the overall controls affecting the CIS environment (general CIS controls) and the specific controls over the accounting applications (CIS application controls).
b. The purpose of general CIS controls is to establish a framework of overall control over the CIS activities and to provide a reasonable level of assurance that the overall objectives of internal control are achieved. c. The purpose of CIS application controls is to establish specific control procedures over the application systems in order to provide reasonable assurance that all transactions are authorized and recorded, and are processed completely, accurately and on a timely basis. d. The internal controls over computer processing, which help to achieve the overall objectives of internal control, include only the procedures designed into computer programs. |
d
|
|
|
General CIS controls may include, except:
|
a. Organization and management controls. c. Delivery and support controls. b. Development and maintenance controls. d. Controls over computer data files. |
d
|
|
|
CIS application controls include, except
|
a. Controls over input.
b. Controls over processing and computer data files. c. Controls over output. d. Monitoring controls. |
d
|
|
|
Which statement is incorrect regarding the review of general CIS controls and CIS application controls?
|
a. The auditor should consider how these general CIS controls affect the CIS applications significant to the audit.
b. General CIS controls that relate to some or all applications are typically interdependent controls in that their operation is often essential to the effectiveness of CIS application controls. c. Control over input, processing, data files and output may be carried out by CIS personnel, by users of the system, by a separate control group, or may be programmed into application software. d. It may be more efficient to review the design of the application controls before reviewing the general controls. |
d
|
|
|
Which statement is incorrect regarding the evaluation of general CIS controls and CIS application controls?
|
a. The general CIS controls may have a pervasive effect on the processing of transactions in application systems.
b. If general CIS controls are not effective, there may be a risk that misstatements might occur and go undetected in the application systems. c. Manual procedures exercised by users may provide effective control at the application level. d. Weaknesses in general CIS controls cannot preclude testing certain CIS application controls. |
d
|
|
|
The applications of auditing procedures using the computer as an audit tool refer to
|
a. Integrated test facility c. Auditing through the computer
b. Data-based management system d. Computer assisted audit techniques |
d
|
