New Semester
Started
Get
50% OFF
Study Help!
--h --m --s
Claim Now
Question Answers
Textbooks
Find textbooks, questions and answers
Oops, something went wrong!
Change your search query and then try again
S
Books
FREE
Study Help
Expert Questions
Accounting
General Management
Mathematics
Finance
Organizational Behaviour
Law
Physics
Operating System
Management Leadership
Sociology
Programming
Marketing
Database
Computer Network
Economics
Textbooks Solutions
Accounting
Managerial Accounting
Management Leadership
Cost Accounting
Statistics
Business Law
Corporate Finance
Finance
Economics
Auditing
Tutors
Online Tutors
Find a Tutor
Hire a Tutor
Become a Tutor
AI Tutor
AI Study Planner
NEW
Sell Books
Search
Search
Sign In
Register
study help
business
auditing assurance services
Information Systems Control And Audit 1st Edition Ron Weber - Solutions
Based on a limited number of empirical studies of where problems occur in programs, which of the following statements is false?a. Requirements specification and design errors are just as prominent as coding errorsb. Coding errors seem to relate primarily to incorrect indexing, incorrect
Which of the following is most likely to be the motivation for auditors to use program source-code review?a. Generalized audit software is unavailable as an evidence-collection toolb. The auditor believes the program to be reviewed contains inefficient codec. The program processes only small
When using risk assessment techniques to assess the materiality of source code, a software reliability model can be used primarily to:a. Determine the hazards that are associated with each moduleb. Estimate the expected losses associated with the occurrence of each hazardc. Estimate the exposures
Which of the following is most likely to be the auditor's purpose in reviewing an organization's programming standards during the conduct of code review?a. To develop expectations about the characteristics of the code that will be reviewedb. To better understand the program's specifications when
During the conduct of code review, which of the following strategies is most likely to identify defects in the program's specifications?a. Evaluating the code for compliance with the organization's coding standardsb. Evaluating the documented program specifications in light of interviews conducted
Which of the following is unlikely to be a reason for auditors to review the programming language used to implement the code they are reviewing?a. To determine whether they must have someone else undertake the code review on their behalfb. To evaluate whether the program's specifications are likely
Which of the following COBOL computational verbs is likely to be the most error-prone?a. MULTIPLYb. SUBTRACTc. COMPUTEd. DIVIDE
For which of the following COBOL reserved words are coding errors most likely to be made?a. INSPECTb. ON SIZE ERRORc. PERFORM... UNTILd. FILE STATUS
A reliable set of test data is one that:a. Reveals an error in a program whenever the program contains an errorb. Traverses all conditional execution paths in the program that it testsc. Requires no change even when modifications are made to the program that it testsd. Produces consistent results
Which of the following statements best describes the difference between the black-box and the white-box approaches to test-data design?a. The black-box approach relies on knowledge of the functional specifications of the program to be tested, whereas the white-box approach relies on knowledge of
Which of the following statements about equivalence partitioning as a testdata design method is false?a. One test data element should be selected that falls within each equivalence class, and one should be selected that falls outside each equivalence classb. The primary basis for the test-data
The purpose of the results stub in a decision table used for test-data design purposes is to:a. Document the conditions that lead to a particular actionb. Shows the expected and actual outcomes for the test data associated with each rulec. Shows the rules for different conditional valuesd. Shows
Which of the following statements about boundary value analysis is true?a. It cannot be used to design test data to test the boundaries of output valuesb. It leads to smaller amounts of test data being designed than equivalence partitioningc. It is easier to undertake if decision trees rather than
Achieving full statement coverage during testing of a program means that:a. Every branching statement in the program is traversed at least once during the test runb. All execution paths in the program are traversed at least once by the test datac. For any statement that is traversed by test data,
Which of the following statements about basis path testing is false?a. The number of paths in the basis set can be calculated using McCabe's cyclomatic complexity numberb. Basis path testing is an approach to achieving full branch coverage of the code auditors are seeking to testc. Basis path
Which of the following statements about McCabe's cyclomatic complexity number is false?a. It is equal to the number of predicate nodes in a flowgraph plus oneb. It sets a lower limit on the complexity of program code that is suitable for basis path testingc. It defines the number of independent
Which of the following statements about loop testing is false?a. It supplements basis path testing because loops will not be traversed with test data designed using basis path testingb. With nested loops, testing should commence with the innermost loop and work outwards to the outermost loopc. With
Which of the following statements about creating test data is true?a. Test data should never be created using live production datab. The approach used to create test data will affect the approach used to design test datac. Test data to exercise the paths executed most frequently in a program should
Which of the following pairs of automated testing tools identify sections of code that cannot be reached during execution of a program?a. Test output comparators and test data generatorsb. Execution path monitors and static analyzersc. Test harnesses and output comparatorsd. Static analyzers and
Which of the following statements about the costs and benefits of using test data as an audit evidence-collection tool is true?a. Black-box testing tends to be a more effective test-data design strategy than white-box testingb. A major advantage of using test data to collect evidence is that
Which of the following is least likely to be a reason for audit use of code comparison software?a. To identify production object code that is ineffective or inefficientb. To identify unauthorized changes that have been made to production source codec. To determine whether reliance can be placed on
Which of the following should not cause a discrepancy to be identified when object-code comparison is undertaken between an audit blueprint of a program and a production version of the program?a. The wrong version of the source code has been used to compile the production object codeb. A block of
As the auditor responsible for examining the accounts receivable system within an information systems facility, you decide to undertake code review of a COBOL program that prints out a list of customers who have exceeded their allowed credit limit. Because the source code is stored in a library and
You are the auditor in charge of the audit of the payroll system for an organization. One of your staff performs a code review of the input validation program for timecard data. She brings the following section of COBOL code to you because she is unable to understand the purpose of the code:INSPECT
Yatalee Yoghurt Ltd. is a major Brisbane-based firm that sells dairy foods throughout Australia. It is also a major exporter of dairy foods to the Southeast Asian region.Your audit firm has just taken over the external audit of Yatalee. As the partner in charge for the first-time audit of Yatalee,
You are the auditor responsible for evaluating an organization's invoicing program. You decide to use test data to test that section of the program relating to sales discounts. During an interview with the sales manager, you make the following notes about how the program is supposed to
The specifications for a fixed-assets program include the following paragraph.Straight-line depreciation is to be charged on fixed assets at the following rates:If the fixed asset is located in Alice Springs, however, a further 5 percent is to be added to the depreciation rate to allow for the
Boon Lay Trading (Pte) Ltd. is a medium-sized import-export business based in Singapore. As the information systems auditor working on the audit team that is undertaking an audit of Boon Lay, you conclude that you cannot rely on controls over the programming function within Boon Lay. Accordingly,
You are a partner with information systems audit expertise in a firm of external auditors. Because of your scintillating personality, you win the audit of a medium-size manufacturing firm that has just gone public.Subsequent to the controls review and during the planning of the substantive tests,
You are the senior information systems auditor in a public accounting firm. At the start of this financial year, your firm took over the audit of a major bank that has a full range of wholesale and retail banking services. Your firm was successful in winning the tender for the provision of external
Which of the following was not a motivation for developing generalized audit software?a. Need to develop an audit capability quickly in light of changing audit objectivesb. Provide an audit capability for auditors relatively unskilled in the use of computersc. Provide certain functional
What type of functional capabilities of generalized audit software do auditors use when they instruct the software to read a zoned field?a. Arithmetic capabilitiesb. File reorganization capabilitiesc. File access capabilitiesd. File creation and updating capabilities
The expression PRICE LE 20 OR (PRICE GT 50 AND DISCOUNT LE 5) OR PRICE EQ ZEROS would extract products from a file that have a price:a. Less than or equal to 20 , or a price greater than 50 and at the same time a discount less than or a price equal to zerob. Less than 20 or greater than 50 and in
A functional capability that is likely to exist in generalized audit software but is unlikely to exist in many other generalized interrogation languages is a:a. Boolean expression capabilityb. Statistical sampling capabilityc. File reorganization capabilityd. Merge capability
Parallel simulation involves the auditor:a. Writing a program to completely replicate the processing logic of an application programb. Using the random number capabilities of generalized audit software to simulate financial transactions for a periodc. Writing a program to replicate those
Which of the following functional capabilities in generalized audit software are auditors most likely to use to examine whether the entities that the data purports to represent do, in fact, exist?a. Statistical sampling capabilityb. Stratification and frequency analysis capabilityc. Analytical
Which of the following is not a functional limitation of generalized audit software?a. Permits ex post auditing only and not concurrent auditingb. Difficult to determine an application system's propensity for error using generalized audit softwarec. Limited capabilities for verifying processing
Which of the following is most likely to be a reason for wanting to transfer a file from a mainframe computer to a microcomputer on which generalized audit software resides?a. Auditors can process the file faster on the microcomputer and thereby achieve audit objectives more efficientlyb. Auditors
During the feasibility analysis and planning stage of a generalized audit software application, which of the following factors is least likely to affect the decision on whether to proceed with the application?a. The application system to be audited is large and complexb. The application system to
Compared with generalized audit software, which of the following is unlikely to be true of industry-specific audit software?a. It will be most useful for external auditors who perform a small number of audits within a particular industryb. It will perform its functions more efficiently than
Which of the following is least likely to be a reason why auditors use highlevel languages instead of generalized audit software to perform evidencegathering functions?a. They contain more functions that are useful to auditors than generalized audit softwareb. They provide a more user-friendly
Which of the following is most likely to be a reason for using utility software rather than generalized audit software during the conduct of an audit?a. Independence will be breached if both external auditors and internal auditors use the same generalized audit software packageb. There are
Which of the following functions is performed by a dial-up access risk analyzer?a. Analyzes how well dial-up access controls have been implemented within an access control packageb. Counts the number of times incorrect passwords have been submitted at dial-up nodesc. Detects the existence of
Which of the following tasks probably would be most difficult to perform using utility software?a. Merging data on two filesb. Dumping several records in a database to check their formatc. Selecting a dollar unit sample for confirmationd. Converting one data format to another data format
A hierarchy charter primarily would be useful in helping auditors to:a. Assess data quality in an application systemb. Evaluate the efficiency of an application systemc. Understand an application systemd. Develop and implement specialized audit software
Which of the following utilities can be used to directly examine the quality of data in a database?a. Tidy facilityb. Test manager/driverc. Traced. Pointer validation utility
Which of the following utilities can be used to directly examine the authenticity, accuracy, and completeness of program logic?a. Transaction profile analyzerb. Output analyzerc. Prompterd. Text manager
Which of the following is least likely to be an outcome of auditors' use of expert systems?a. Increased consensus in evaluation judgmentsb. Better dissemination of expertise in relation to new technologyc. Better documentation in support of audit judgments maded. Improved efficiency in the conduct
The component in an expert system that provides information to auditors about the line of reasoning used to reach a conclusion is the:a. Inference engineb. Knowledge acquirerc. Knowledge based. Tutor
Which of the following is not true about the production rules that are used in expert systems developed to assist auditors?a. They are used to represent the heuristics sometimes employed by auditors to make judgmentsb. They are the only technique currently available for storing the knowledge that
Which of the following components of a neural network designed to assist auditors to detect fraud will be altered during its training period?a. Input componentsb. Output componentsc. Hidden componentsd. Connection weight components
Which of the following is not a reason for having client personnel instead of auditors develop and implement specialized audit software?a. Auditors might lack the expertise to write effective and efficient softwareb. The software might also be useful to client personnelc. Communications between
Which of the following is least likely to be a reason for auditors wanting to exercise control over any audit software that they use?a. To ensure excessive resources are not consumed when executing the softwareb. To prevent intentional compromise of the softwarec. To try to avoid mistakes being
Livalife Insurance is a large insurance company with offices scattered throughout the United States and more than 1,000 independent agents. You are a member of the external audit team. During the year-end work, you are called to a meeting with your manager. He explains that he is concerned about
The following data items are maintained in a company's database for each inventory item that it holds in stock:part number part name part description bin location unit price unit cost unit measure quantity on hand quantity on order item activity special prices allowed Required: List the audit
The following data items are maintained in a company's database for each fixed asset item that it owns:fixed asset number fixed asset description fixed asset classification location responsible manager maintenance schedule purchase price purchase date vendor information depreciation method current
The following data items are used to submit payroll time data to a payroll system:employee number regular hours overtime hours expenses commission payments sick time vacation time leave time without pay Required: List the audit objectives that you could accomplish by using generalized audit
This exercise requires that you have a knowledge of the high-level language called SQL. SQL has been implemented in many database management systems as a means of defining, creating, updating, and querying data. If you are not familiar with the language, you are likely to find a description
You are an information systems auditor in an external audit firm that undertakes a large number of audits of financial institutions, especially banks and credit unions. One day your partner requests a meeting with you to discuss ways in which information technology might be used to improve the
You are the manager of internal audit for a large bank. Over the past few years, you have become increasingly concerned about the extent of bad commercial loans that have had to be written off the bank's books. Competition in the marketplace for commercial loans has been intense. As a result, the
Briefly explain the nature of the code review, test data, and code comparison evidence-collection techniques. Explain how they can be used as an interrelated set of techniques to examine the quality of a program.
Briefly outline the findings of the limited empirical research that has been undertaken on where errors occur in programs. What implications do these findings have for auditors' use of various audit evidence-collection techniques?
Briefly explain how code review can be used to identify ineffective code and nonstandard code in a program.
On what criteria should auditors select the source code to be examined during program source code review?
What are the purposes of examining an organization's programming standards in preparation for reviewing a program's source code?
What are the purposes of examining the choice of programming language used when undertaking a review of program source code?
Briefly explain the purpose of auditors first reviewing input/output instructions when undertaking code review of a program.
What concerns arise when auditors encounter a CALL statement during code review of a COBOL program?
Give three COBOL verbs that can be used to violate the privacy of data. Explain briefly how they can be used. How would auditors go about detecting the use of these verbs?
In a COBOL program, what verbs would auditors review to check any computations performed in the program? What verbs do you think would be the most error-prone?
Give one strength and one limitation of program code review as an audit evidence-collection technique.
What is meant by reliable test data? Practically, is it possible to establish whether a set of test data is reliable? Why or why not?
Briefly explain the difference between the black-box approach to test-data design and the white-box approach to test-data design.
Briefly explain the nature of equivalence partitioning as a black-box test-data design method.
How can decision tables and decision trees help auditors to undertake the equivalence-partitioning approach to test-data design?
What factors affect whether auditors use a reduced form or an unreduced form of a decision table to design test data for audit evidence-collection purposes? If auditors base their test-data design on the reduced form of a decision table, why is it then important to use an execution path monitor in
Briefly explain the nature of boundary value analysis as a test-data design method. Why was boundary value analysis developed?
If a white-box approach to test-data design is used, briefly explain the difference between the objectives of full statement coverage, full branch coverage, and full path coverage. In practice, which objective do you think auditors will usually have when they design test data?
Briefly explain the nature of basis path testing as a test-data design method. What type of program coverage does basis path testing assist auditors to achieve?
Briefly explain the nature of McCabe's cyclomatic complexity number. How is it useful to auditors in their work?
Briefly explain the nature of loop testing as a test-data design method. List the steps auditors should undertake to test whether there are errors in a simple loop.
Briefly explain how auditors can use production data to create test data. Is production data sometimes still useful even though it does not meet exactly the test-data design specifications?
How would a test driver/harness help auditors to undertake testing of a program for audit purposes?
Briefly explain the difference between an execution path monitor and a static analyzer. Which type of tool is likely to be more useful to auditors? Why?
"Auditors require limited technical knowledge to use test data effectively as an evidence-gathering tool." Discuss briefly.
Why might auditors use program code comparison when evaluating the quality of a program?
Briefly explain the difference between program source-code comparison and program object-code comparison. What are the relative advantages and disadvantages of each type of code comparison?
List two reasons why differences can arise between two object-code versions of a program.
Briefly explain one strength and one limitation of code comparison as an audit evidence-collection technique.
Briefly describe the functions of the output subsystem.
Briefly describe the nature of inference controls. What are the four types of compromises of statistical databases that inference controls seek to prevent?
What is a characteristic formula? Why are auditors often interested in the size of the query set that satisfies the characteristic formula?
Briefly describe the nature of restriction controls. Why is a restriction on the minimum size of the query set an inadequate means of preventing a compromise of privacy in the database?
Briefly describe the nature of a "tracker." What is the distinction between an individual tracker and a general tracker?
Briefly describe the nature of each of the following types of restriction controls:a. Order controlb. Relative table size controlc. Query set overlap controld. Cell suppressione. Grouping or rolling upf. Partitioning
Briefly describe the nature of perturbation controls. How do perturbation controls differ from restriction controls?
Briefly distinguish between record-based perturbation controls and resultsbased perturbation controls. What are the relative strengths and limitations of record-based perturbation controls versus results-based perturbation controls?
Briefly describe the nature of each of the following types of record-based perturbation controls:a. Query set samplingb. Data perturbationc. Data swapping
What are the purposes of batch output production and distribution controls? What factors affect the choice of the batch output production and distribution controls used in an application system?
Briefly describe the major elements of an inventory system for preprinted computer stationery. Give three advantages that will accrue from having the inventory system you describe.
Showing 500 - 600
of 2689
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
Last
Step by Step Answers
Get 50% OFF
Claim Now
