Case 1:

CPAs may audit around or through computers in the examination of financial statements

of client who utilize computer to process accounting data.

Required:

a. Describe the auditing approach referred to as auditing around the computer.

b. Under what condition does the CPA decide to audit through the computer instead

of around the computer?

1. Computer programs and data that an auditor may use as part of the audit procedures

to process data of audit significance contained in an entity's information systems are

called

a. Computer assisted audit technique

b. SCARF

c. Generalized audit software

d. Application programs

2. Auditing through the computer must be used when

a. Generalized audit software is not available

b. Processing is primarily online and updating in real-time

c. Input transactions are batched and system logic is straightforward

d. Processing primarily consists of sorting the input data and updating the

master file sequentially.

3. It is the vital resource for an organization and is the heart of CIS activities.

a. Audit software

b. Computer assisted audit technique

c. Database system

d. Data

4. An entity has recently converted its purchasing cycle from a manual process to an

online computer system. Which of the following is a probable result associated with

conversion to the new IT system?

a. Traditional duties are less separated

b. Increased processing time

c. Reduction in the entity's risk exposure

d. Increased processing error.

5. A redundant digit added to a code that enables the accuracy of other characters in

the code to be checked.

a. Validation check

b. Check digit

c. Redundancy check

d. Test data approach

6. Which of the following controls would most likely provide protection against

unauthorized changes in production programs?

a. Restricting programmer access to the computer room.

b. Requiring two operators to be present during equipment operation.

c. Limiting program access solely to operator

d. Implementing management review of daily run logs.

7. Which of the following best describe the process called authentication?

a. The system verifies the identity of the user

b. The user in identifies himself/herself to the system

c. The user indicates to the system that the transaction was processed

correctly.

d. The system verifies that the user is entitled to enter the transactions

requested.

8. Which of the following provides the most valuable information for detecting

unauthorized input from a terminal?

a. User error report

b. Transaction log

c. Error file

d. Console log printout

9. Many customer, managers, employees and suppliers blamed the computer for

making errors. In reality, computer make very few mechanical errors. Which f the

following is the most likely source of errors in a fully operational computer-based

system?

a. Systems analysis and programming

b. Operational error

c. Processing

d. Input

10. The following statements relate to the auditor's assessment of control risk in an

entity's computer environment. Which is correct?

a. The auditor usually can ignore the computer system if he/she obtain an

understanding of the control outside the computer information system.

b. If the general control is ineffective, the auditor ordinarily can assess control

risk at a low level if the application controls are effective

c. The auditor's objectives with respect to the assessment of control risk are the

same as in a manual system.

d. The auditor must obtain an understanding of the internal control and test

controls in computer environment.

11. The possibility of losing a large amount of information stored in computer files most

likely would be reduced by the use of

a. Back-up file

b. Check digits

c. Completeness test/ control

d. Conversion verification

12. Which statement is not correct? The goal of batch controls is to endure that during

processing

a. Transactions are not omitted

b. Transactions are processed more than once

c. Transactions are not added

d. An audit trial is created

13. This type of control attempt to ensure that no data is missing and that all processing

is carried through to its proper conclusion

a. Check digit

b. Validity check

c. Completeness control

d. Accuracy control

14. It is the transfer of electronic data from one organization computer system to

another's, the data being structured in a commonly agreed format so that it is directly

usable by the receiving organization computer system

a. Distribution data processing

b. Metropolitan area network

c. Local area network

d. Electronic data interchange

15. A computerized information system that allows non-experts to make decision

comparable to that of an expert.

a. Expert opinion

b. Expert system

c. Auditing around the computer

d. Decision support system

16. The software used to control input processing and output is called

a. Generalized audit software

b. Computer assisted audit technique

c. Service bureau

d. Data base management system

17. The following are the benefit of COBIT for internal stakeholders, except

a. Provides guidance on how best to build and structure the IT department,

manage performance of IT, run an efficient and effective IT operation, control

IT costs, align IT strategy to business priorities, etc.

b. Helps to ensure the enterprise is compliant with applicable rules and

regulations and has the right governance system in place to manage and

sustain compliance

c. Provides guidance on how to organize and monitor performance of I&T

across the enterprise

d. Helps to ensure the identification and management of all IT-related risk

18. These are the factors that can influence the design of an enterprise's governance

system and position it for success in the use of I&T.

a. Design factors

b. Computer factors

c. Enterprise goals

d. Enterprise strategy

19. An essential part of a governance and management system which is also refer to a

general term for all activities and methods.

a. Performance appraisal

b. Performance feedback

c. Performance management

d. Performance output

20. The following are the components of governance system, except

a. Organizational structure

b. Design factor

c. Information

d. Processes