New Semester
Started
Get
50% OFF
Study Help!
--h --m --s
Claim Now
Question Answers
Textbooks
Find textbooks, questions and answers
Oops, something went wrong!
Change your search query and then try again
S
Books
FREE
Study Help
Expert Questions
Accounting
General Management
Mathematics
Finance
Organizational Behaviour
Law
Physics
Operating System
Management Leadership
Sociology
Programming
Marketing
Database
Computer Network
Economics
Textbooks Solutions
Accounting
Managerial Accounting
Management Leadership
Cost Accounting
Statistics
Business Law
Corporate Finance
Finance
Economics
Auditing
Tutors
Online Tutors
Find a Tutor
Hire a Tutor
Become a Tutor
AI Tutor
AI Study Planner
NEW
Sell Books
Search
Search
Sign In
Register
study help
business
auditing assurance services
Information Systems Control And Audit 1st Edition Ron Weber - Solutions
Which of the following types of standards is most likely to act as a preventive control?a. Performance standardsb. Post-audit standardsc. Methods standardsd. Documentation standards
An advantage of using ZBB as a means of controlling users of computer services is:a. It is easy to useb. It allows control of day-to-day resource consumptionc. It is more likely to gain acceptance among user managers than a transfer pricing schemed. It highlights applications that have outlived
Dual prices are unlikely to be used as a transfer pricing scheme for information systems services where the information systems function is regarded as a:a. Cost centerb. Investment centerc. Hybrid centerd. Profit center
Which of the following means of controlling the users of information systems services is unlikely to work well in an organization where users assume substantial responsibility for their use of computing resources?a. Standard costsb. Allocated costsc. Negotiated pricesd. Market prices
Innovation, Inc. is a company specializing in research and development. It accepts short-term research and development projects from other companies and aims to obtain results quickly. It has been very successful at achieving this objective (current sales \(\$ 100\) million).You are a field auditor
Public Funds Transfer Services (PUFTS) Ltd. is a new, rapidly expanding organization that offers public electronic funds transfer facilities to financial institutions. For example, it provides a public data communications network that enables its customers to share automatic teller machines (ATMs)
Harrison University is a large university with about 30,000 students offering a wide range of courses in the humanities and the physical, social, behavioral, health, agricultural, biological, and engineering sciences. The existing computing facilities are divided between two groups: an academic
Autotool Ltd. is a medium-size company that designs and manufactures a range of industrial robots. The company was started 11 years ago by two young entrepreneurial engineers. One had a background in computer engineering. She had a flair for research and design work. The other had a background in
Clayton University is a medium-size, tertiary institution that seeks to offer high-quality graduate education, especially in the professional disciplines. Many of its staff have distinguished research records, and its senior administrative staff continue to emphasize research as a primary goal of
Consider the personal identification numbers (PINs) that many financial institutions use to control customer access to accounts-for example, withdrawal of funds by customers from their accounts using automatic teller machines (ATMs).Required. List all the major functions you can identify that must
As discussed in the chapter, many audit organizations now follow the "cycles" approach when evaluating an internal control system. This approach involves classifying transactions by cycles, converting the broad objectives of internal control into specific objectives for these classifications of
You are on the staff of an external audit firm that audits a small to medium-size financial institution. One day you receive a copy of a letter from the president of the financial institution to the partner in charge of the audit. The letter indicates the client is considering replacing its
The accounting department of a small company is responsible for payment of creditors. It receives a copy of each purchase order issued, a receiving document when the goods arrive, and the vendor's invoice. All documents are date-stamped upon receipt and filed securely. When the receiving document
You are a staff information systems auditor in a public accounting firm. The firm has just acquired a new client-a small manufacturing organization. The client uses a minicomputer for its data processing.All application systems are straightforward batch systems with well-defined input and output.
You have just been engaged as the external auditor for a medium-sized automotive servicing organization. The organization obtains most of its revenue in three ways:(a) it services motor-vehicle fleets,(b) it sells spare parts, and(c) it converts vehicles from petroleum to liquified petroleum gas
Equity Funding Corporation In 1973, one of the largest single company frauds ever committed was discovered in California. The collapse of the Equity Funding Corporation of America involved an estimated \(\$ 2\) billion fraud. The case was extremely complex, and it took several years before the
Jerry Schneider One of the more famous cases of computer abuse involves a young man named Jerry Schneider. Schneider had a flair for electronics. By the time he left high school, he had already formed his own firm to market his inventions. His firm also sold refurbished Western Electric telephone
Union Dime Savings Bank Banks seem especially prone to computer abuse. Roswell Steffen used a computer to embezzle \(\$ 1.5\) million of funds at the Union Dime Savings Bank in New York City. In an interview with Miller (1974) after he was discovered, he claimed, "Anyone with a head on his
Rifkin was a freelance computer consultant who had been employed by a firm that did consulting work for Security Pacific Bank in California. In early October 1978, he visited a diamond broker in Los Angeles and placed an order for about 42,000 carats of polished gemstones. The retail value of the
Define the concept of a control.
Why must auditors focus on controls as a system?
Briefly explain the differences between a preventive control, a detective control, and a corrective control. Give an example of each.
Briefly describe the different types of unlawful events that can occur in a system.
How do controls reduce expected losses?
What is meant by "subsystem factoring"? Why do auditors factor a system into subsystems? On what basis should auditors factor a system into subsystems?
What is meant by "loose coupling" and "strong internal cohesion" of subsystems? Why are these desirable goals to achieve in the factoring process?
Briefly explain the difference between management controls and application controls. Give an example of each type of control, and explain why it is either a management control or an application control.
For each of the following activities, identify the level of management that has primary responsibility for performing the activity:a. Control and use of the organization's databaseb. Maintenance of old application systemsc. Provision of general systems support softwared. Implementation of long-run
Classify each of the following controls by application subsystem (e.g., input, communications, processing):a. A control to prevent unauthorized access to computing resourcesb. A control to ensure that erroneous data is corrected and reentered into an application systemc. A control to ensure data
Briefly explain the cycles approach to conducting an information systems audit.
When auditors evaluate application systems, why do they focus on controls over classes of transactions rather than on individual transactions?
Briefly explain the notion of materiality in auditing. Be sure to explain it in the context of traditional attest objectives and effectiveness and efficiency objectives.
Identify four types of risk that auditors face. Briefly explain the nature of each.
At the outset of an audit, why do we try to assess the risk we are facing?
List the five types of audit procedures you can use to collect evidence during an audit. Give two examples of each-one that you would use if your concern was asset safeguarding and data integrity objectives, and one that you would use if your concern was effectiveness and efficiency objectives.
Briefly describe the five components of internal control that should be established in an organization.
In what phase of an audit do you evaluate internal controls? Why do you evaluate internal controls during this phase?
Briefly describe two types of evidence collection procedures you might use to obtain an understanding of internal controls.
Briefly explain the nature of and importance of management assertions during the conduct of an audit. Be sure to explain them in the context of your four information systems audit objectives: asset safeguarding, data integrity, system effectiveness, and system efficiency.
What is the purpose of undertaking tests of controls? What is the relationship between tests of controls and control risk?
Briefly describe two tests of controls you are likely to perform during the conduct of an information systems audit.
What is the purpose of undertaking tests of transactions? What type of audit risk is affected by the evidence collected from tests of transactions?
What is the purpose of undertaking tests of balances or overall results? What is the relationship between tests of transactions and tests of balances or overall results?
Briefly describe two types of tests of balances or overall results you might use-one for asset safeguarding and data integrity objectives; the other for system effectiveness and system efficiency objectives.
Briefly describe the four types of opinion that an external auditor might give after completing an information systems audit.
Briefly describe the nature of the report auditors should issue if they conduct an audit of systems effectiveness and systems efficiency.
Give an example of a system for which auditing around the computer would be appropriate and an example for which auditing through the computer would be necessary. Explain why the approaches are appropriate for the examples you give.
Which of the following statements about controls is false?a. The primary focus of controls is unlawful eventsb. Controls are systems of interacting componentsc. Controls cover all unlawful events in a systemd. An unlawful event in a system can be covered by more than one control
Which of the following is unlikely to be an objective of a control?a. Reduce expected losses from irregularitiesb. Reduce the probability of an error occurringc. Reduce the amount of loss if an error occursd. Reduce the normality of the loss distribution
Expected losses are defined as:a. Losses anticipated in the normal course of businessb. The losses that arise when an error or irregularity occursc. The losses that arise when an error or irregularity occurs multiplied by the probability of the error or irregularity occurringd. The losses
A program check that ensures data entered by a data-entry operator is complete is an example of a:a. Detective controlb. Corrective controlc. Preventive controld. Redundancy control
Factoring is the process of:a. Identifying the physical components of a systemb. Identifying the interfaces between subsystemsc. Decomposing a system into physical component activitiesd. Decomposing a system into subsystems
Which of the following is not a guideline for the factoring process?a. Focus on functions rather than activitiesb. Ensure subsystems are tightly coupledc. Proceed in an hierarchical mannerd. Ensure subsystems are internally cohesive
Which of the following is not a management subsystem?a. Audit trail subsystemb. Data administration subsystemc. Security administration subsystemd. System development management subsystem
Which of the following is not an application subsystem?a. Hardware subsystemb. Boundary subsystemc. Input subsystemd. Database subsystem
When auditors attempt to understand data-processing systems, which order of decomposition are they most likely to follow:a. Applications, cycles, transactions, controlsb. Cycles, applications, controls, transactionsc. Cycles, applications, transactions, controlsd. Transactions, applications,
Which of the following is unlikely to be a reason for placing a control in a higher-level system?a. Controls in lower-level subsystems could malfunctionb. Controls in higher-level systems are easier to put in placec. Controls in higher-level systems might be more cost-effectived. Some unlawful
Under which circumstance will the level of achieved audit risk decrease?a. An increase in inherent riskb. A decrease in detection riskc. An increase in control riskd. A decrease in desired audit risk
Over which type of risk does the auditor have greatest control?a. Desired audit riskb. Inherent riskc. Control riskd. Detection risk
Which of the following factors is unlikely to affect the level of inherent risk associated with an application system?a. The system is strategicb. Controls over the system appear reliablec. The system is not a critical operational systemd. The system uses high technology
If auditors use generalized audit software to recalculate the extensions (price multiplied by quantity) on invoices, they are conducting:a. Analytical review proceduresb. Procedures to understand internal controlsc. Tests of details of transactionsd. Tests of controls
Which of the following elements is unlikely to be considered part of the control environment when auditors review internal controls?a. A requirement for a manager to approve customer orders before they are keyed into an application systemb. The existence of an audit committeec. The management style
The primary objective of tests of controls is to:a. Determine whether controls are operating effectivelyb. Identify any material errors that have occurred in major classes of transactionsc. Understand whether a control is in placed. Identify major patterns of errors or irregularities that might
Auditors are most likely to undertake tests of controls if, after their evaluation of internal controls, they conclude:a. A substantive approach to the audit will be more cost-effectiveb. Control risk is less than the maximum levelc. The control environment is poord. Inherent risk is low
Which of the following is not a substantive test?a. A test to compare data with a physical countb. A test to assess the quality of datac. A test to compare data with an outside sourced. A test to determine whether source documents have been authorized
Which of the following statements about the tests of controls phase of an information systems audit is false?a. Management controls are usually tested before application controlsb. At the conclusion of the tests of controls phase, auditors reassess control riskc. The auditor focuses on material
Which of the following statements about the tests of balances/overall results phase is false?a. The primary objective of the tests of balances/overall results phase is to obtain sufficient evidence to make a final audit judgmentb. Substantive tests are the most common tests used in the tests of
If external auditors concluded no material losses or account misstatements had occurred as a result of a client's information systems activities but that significant potential existed for material losses or account misstatements to occur as a result of control weaknesses that existed, they would
Auditing around the computer might be used when:a. There are significant gaps in the audit trail in the computer systemb. The internal controls in the computer system cannot be relied uponc. Processing consists primarily of sorting the input file and updating the master file sequentiallyd. The
Why is there a need for control and audit of computer systems?
For each of the following groups, give a specific example of how incorrect data processing by a company's computer system might lead to incorrect decisions being made:a. Management b. Shareholders c. Labor unions d. Environmentalists e. Tax department f. Affirmative action group
What are the implications of a company losing its:a. Personnel master file b. Inventory master file
How can inadequate controls in a computer system lead to incorrect decision making?
Should we be any more concerned about computer fraud and embezzlement versus other forms of business fraud and embezzlement?
In general, how adequate is the law in terms of being able to prosecute someone who undertakes computer abuse?
Why are controls still needed to protect hardware, software, and personnel, even though substantial insurance coverage might have been taken out by an organization?
What characteristics of computer systems often lead to high costs being incurred because of computer-system errors?
Why does the computer cause us to have increased concerns about the privacy of individuals?
Give an example of the computer being used for data processing where you consider it to be:a. Socially desirableb. Socially undesirable
What are the four major objectives of information systems auditing? Briefly explain the meaning of each one of them.
What are the major assets in an information systems facility?
Define data integrity. What factors affect the importance of data integrity to an organization?
What is the difference between system effectiveness and system efficiency? Why is the information systems auditor concerned with both system effectiveness and system efficiency?
Briefly explain the nature of the impact of using computers on the overall objectives of internal control.
What problems arise for ensuring that incompatible functions are separated in an information systems facility?
How does resource sharing in a computer system affect the internal control objective of having clear lines of authority and responsibility? Give an example.
How does the growth of end-user computing affect the internal control objective of having clear lines of authority and responsibility?
Why is the need for competent and trustworthy personnel even more important when an organization uses computers for its data processing?
When computer systems are used, how does the auditor evaluate the system of authorizations used by an organization?
How does the use of computers affect the audit trail within an information system?
With the increasing use of computers for data processing, is the audit trail disappearing? Explain.
Briefly explain how assets could be lost by a person having unauthorized access to a payroll program.
How does a computer system affect the concentration of assets within an organization? What implication does the effect have for internal controls?
Relative to a manual system, is it easier or harder to implement adequate management supervision of employees using a computer system? Explain.
How do independent checks on employee performance differ between a manual system and a computer system?
How does an organization compare recorded accountability with assets when computer systems are used? What controls must be exercised to ensure the veracity of this process?
How does the continuing evolution of computer hardware and software technology affect an auditor's ability to (a) understand controls, and (b) collect evidence on the reliability of controls?
What impact does the use of computers have on the nature and conduct of the evidence evaluation function carried out by auditors?
Briefly explain the contribution of the following areas to information systems auditing:a. Traditional auditingb. Information systems managementc. Behavioral scienced. Computer science
Incorrect data in a computer system is likely to have more serious consequences for a(an):a. Strategic planning systemb. Expert systemc. Personal decision support systemd. Management control system
Showing 1400 - 1500
of 2689
First
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
Last
Step by Step Answers
Get 50% OFF
Claim Now
