Chapter 08 Consideration of Internal Control in an Information Technology Environment

Chapter 08 - Consideration of Internal Control in an Information Technology Environment

Chapter 08

Consideration of Internal Control in an Information Technology Environment

True / False Questions

1.Magnetic tape drives have the advantage of direct access to stored data.TrueFalse

2.The operating system is an example of system software.TrueFalse

3.For good internal control, programmers should not be given access to complete program documentation for the programs they work on.TrueFalse

4.Data encryption is an example of data transmission control.TrueFalse

5.Internal file labels are designed to prevent errors by programmers.TrueFalse

6.For auxiliary storage when the computer is operating, personal computers use hard disk drives.TrueFalse

7.Distributive data processing eliminates the need for data security.TrueFalse

8.Most advanced computer systems do not have audit trails.TrueFalse

9.Auditors usually begin their consideration of IT systems with tests of application controls.TrueFalse

10.Generalized audit software may be used for substantive tests or for tests of controls.TrueFalse

Multiple Choice Questions

11.Which of the following procedures would an entity most likely include in its disaster recovery plan?A.Convert all data from external formats to an internal company format.B.Maintain a program to prevent illegal activity.C.Develop an auxiliary power supply to provide uninterrupted electricity.D.Store duplicate copies of files in a location away from the computer center.

12.A service auditor's report on a service center should include a(n):A.Detailed description of the service center's internal control.B.Statement that the user of the report may assess control risk at the minimum level.C.Indication that no assurance is provided.D.Opinion on the operating effectiveness of the service center's internal control.

13.The report of a service auditor may provide assurance on whether:

A.Option AB.Option BC.Option CD.Option D

14.Which of the following is a password security problem?A.Users are assigned passwords when accounts are created, but do not change them.B.Users have accounts on several systems with different passwords.C.Users copy their passwords on note paper, which is kept in their wallets.D.Users select passwords that are not listed in any online dictionary.

15.Which of the following is a software component of a computer system?A.The operating system.B.The storage unit.C.The display monitorD.The optical scanner.

16.Which of the following is least likely to be a general control over computer activities?A.Procedures for developing new programs and systems.B.Requirements for system documentation.C.A change request log.D.A control total.

17.Which of the following computer related employees should not be allowed access to program listings of application programs?A.The systems analyst.B.The programmer.C.The operator.D.The librarian.

18.The advent of personal computers has resulted in a(n):A.Decentralization of data processing activities.B.Increased concern over the accuracy of computerized processing.C.Decrease in the number of local area networks.D.Increase for general computer control activities.

19.Which of the following is most likely to include user group development and execution of certain computer applications?A.Telecommunication transmission systems.B.Database administration.C.End user computing.D.Electronic data interchange systems.

20.Which of the following is not a data transmission control?A.Echo checks.B.Data encryption.C.File labels.D.Parity checks.

21.Which of the following is an example of general computer control?A.Input validation checks.B.Control total.C.Operations manual.D.Generalized audit software.

22.Which of the following would the auditors consider to be a weakness in an IT system?A.Operators have access to terminals.B.Programmers are allowed access to the file library.C.Reprocessing of exceptions detected by the computer is handled by a data control group.D.More than one employee is present when the computer facility is in use.

23.Which of the following is least likely to be tested with generalized audit software?A.An aging of accounts receivable.B.A schedule of inventory.C.A depreciation schedule.D.A computer operations manual.

24.Which of the following would be least likely to be considered a desirable attribute of a database management system?A.Data redundancy.B.Quick response to users' request for information.C.Control of users' identification numbers and passwords.D.Logging of terminal activity.

25.A problem for a CPA associated with advanced IT systems is that:A.The audit trail normally does not exist.B.The audit trail is sometimes generated only in machine readable form.C.The client's internal auditors may have been involved at the design stage.D.Tests of controls are not possible.

26.Which of the following testing techniques is more commonly used by internal auditors than by independent auditors?A.Integrated test facilities.B.Test data.C.Controlled programs.D.Tagging and tracing transactions.

27.General controls over IT systems are typically tested using:A.Generalized audit software.B.Observation, inspection, and inquiry.C.Program analysis techniques.D.Test data.

28.When conducting field work for a physical inventory, an auditor cannot perform which of the following steps using a generalized audit software package?A.Observing inventory.B.Selecting sample items of inventory.C.Analyzing data resulting from inventory.D.Recalculating balances in inventory reports.

29.Which of the following personnel is responsible for determining the computer processing needs of the various users?A.The application programmer.B.The computer operator.C.The systems analyst.D.The systems programmer.

30.Which of the following testing techniques minimizes the possibility that the auditors will contaminate a client's financial records?A.Test data.B.Integrated test facilities.C.Controlled programs.D.Tagging and tracing transactions.

31.Which of the following is not a distinctive characteristic of advanced IT systems?A.Data communication.B.Integrated database.C.Batch processing of transactions.D.Distributive data processing.

32.The best method of achieving internal control over advanced IT systems is through the use of:A.Batch controls.B.Controls written into the computer system.C.Equipment controls.D.Documentation controls.

33.Which of the following personnel is responsible for the proper functioning of the security features built into the operating system?A.The systems programmer.B.The application programmer.C.The computer operator.D.The telecommunications specialist.

34.Which of the following is not a data transmission control?A.Data encryption.B.Parity check.C.Message acknowledgment techniques.D.Distributed data processing.

35.Which of the following is not a programmed control?A.Private lines.B.Validity tests.C.Self-checking numbers.D.Limit tests.

36.A system in which the end user is responsible for the development and execution of the computer application that he or she uses is referred to as:A.Laptop computing.B.End-user computing.C.Distributed computing.D.Decentralized computing.

37.In a client/server environment, the "client" is most likely to be the:A.Supplier of the computer system.B.Computers of various users.C.Computer that contains the networks software and provides services to a server.D.Database administrator.

38.When designing the physical layout of a data processing center, which of the following would be least likely to be a necessary control that is considered?A.Design of controls to restrict access.B.Adequate physical layout space for the operating system.C.Inclusions of an adequate power supply system with surge protection.D.Consideration of risks related to other uses of electricity in the area.

39.A data warehouse is an example of:A.On-line analytical processing.B.On-line transaction processing.C.Essential information batch processing.D.Decentralized processing.

40.An example of an access control is a:A.Check digit.B.Password.C.Test facility.D.Read only memory.

41.End-user computing is most likely to occur on which of the following types of computers?A.Mainframe.B.Macrocomputers.C.Personal computers.D.Personal reference assistants.

42.Auditing through the computer is most likely to be used when:A.Input transactions are batched and system logic is straightforward.B.Processing primarily consists of sorting the input data and updating the master file sequentially.C.Processing is primarily on line and updating is real-time.D.Outputs are in hard copy form.

43.Which of the following computer system risks would be increased by the installation of a database system?A.Programming errors.B.Data entry errors.C.Improper data access.D.Loss of power.

44.Parallel simulation programs used by the auditors for testing programs:A.Must simulate all functions of the production computer-application system.B.Cannot be developed with the aid of generalized audit software.C.Can use live data or test data.D.Is generally restricted to data base environments.

45.Auditing by testing the input and output of a computer system instead of the computer program itself will:A.Not detect program errors which do not show up in the output sampled.B.Detect all program errors, regardless of the nature of the output.C.Provide the auditors with the same type of evidence.D.Not provide the auditors with the confidence in the results of the auditing procedures.

46.If a control total were to be computed on each of the following data items, which would best be identified as a hash total for a payroll computer application?A.Net pay.B.Department numbers.C.Hours worked.D.Total debits and total credits.

47.Smith Corporation has numerous customers. A customer file is kept on disk storage. Each account in the customer file contains name, address, credit limit, and account balance. The auditor wishes to test this file to determine whether credit limits are being exceeded. The best procedure for the auditor to follow would be to:A.Develop test data that would cause some account balance to exceed the credit limit and determine if the system properly detects such situations.B.Develop a program to compare credit limits with account balances and print out the details of any account with a balance exceeding its credit limit.C.Require a printout of all account balances so they can be manually checked against the credit limits.D.Request a printout of a sample of account balances so they can be individually checked against the credit limits.

48.In their consideration of a client's IT controls, the auditors will encounter general controls and application controls. Which of the following is an application control?A.The operations manual.B.Hash total.C.Systems documentation.D.Control over program changes.

49.When erroneous data are detected by computer program controls, such data may be excluded from processing and printed on an exception report. The exception report should most probably be reviewed and followed up on by the:A.Supervisor of computer operations.B.Systems analyst.C.Data control group.D.Computer programmer.

50.The purpose of using generalized computer programs is to test and analyze a client's computer:A.Systems.B.Equipment.C.Records.D.Processing logic.

51.An auditor may decide not to perform tests of controls related to the control activities within the computer portion of the client's internal control. Which of the following would not be a valid reason for choosing to omit such test?A.The controls duplicate operative controls existing elsewhere.B.There appear to be major weaknesses that would preclude reliance on the stated procedure.C.The time and dollar costs of testing exceed the time and dollar savings in substantive testing if the tests show the controls to be operative.D.The controls appear adequate.

52.A control feature in a computer system requires the central processing unit (CPU) to send signals to the printer to activate the print mechanism for each character. The print mechanism, just prior to printing, sends a signal back to the CPU verifying that the proper print position has been activated. This type of data transmission is referred to as:A.Echo control.B.Validity control.C.Signal control.D.Check digit control.

53.Which of the following constitutes a weakness in the internal control of a computer system?A.One generation of backup files is stored in an off-premises location.B.Machine operators distribute error messages to the control group.C.Machine operators do not have access to the complete systems manual.D.Machine operators are supervised by the programmer.

54.The completeness of computer-generated sales figures can be tested by comparing the number of items listed on the daily sales report with the number of items billed on the actual invoices. This process uses:A.Self-checking numbers.B.Control totals.C.Validity tests.D.Process tracing data.

55.Internal control is ineffective when computer department personnel:A.Participate in computer software acquisition decisions.B.Design documentation for computerized systems.C.Originate changes in master files.D.Provide physical security for program files.

56.Which of the following is likely to be of least importance to an auditor in considering the internal control in a company with computer processing?A.The segregation of duties within the computer center.B.The control over source documents.C.The documentation maintained for accounting applications.D.The cost/benefit of data processing operations.

57.In the weekly computer run to prepare payroll checks, a check was printed for an employee who had been terminated the previous week. Which of the following controls, if properly utilized, would have been most effective in preventing the error or ensuing its prompt detection?A.A control total for hours worked, prepared from time cards collected by the timekeeping department.B.Requiring the treasurer's office to account for the numbers of the prenumbered checks issued to the computer department for the processing of the payroll.C.Use of a check digit for employee numbers.D.Use of a header label for the payroll input sheet.

58.A company's labor distribution report requires extensive corrections each month because of labor hours charged to inactive jobs. Which of the following data processing input controls appears to be missing?A.Completeness test.B.Validity test.C.Limit test.D.Control total.

59.Passwords for microcomputer software programs are designed to prevent:A.Inaccurate processing of data.B.Unauthorized access to the computer.C.Incomplete updating of data files.D.Unauthorized use of the software.

60.The capability for computers to communicate with physically remote terminals is an important feature in the design of modern business information systems. Which of the following risks associated with the use of telecommunications systems is minimized through the use of a password control system?A.Unauthorized access to system program and data files.B.Unauthorized physical availability of remote terminals.C.Physical destruction of system program and data files.D.Physical destruction of remote terminals.

61.Consider the following computer applications:

(1) At a catalog sales firm, as phone orders are entered into their computer, both inventory and credit are immediately checked.2) A manufacturer's computer sends the coming week's production schedule and parts orders to a supplier's computer.

Which statement below is true for these applications?A.Both applications are examples of EDI.B.Both applications are examples of on-line real-time processing.C.The first application is an example of EDI and the second is an example of on-line real-time.D.The first application is an example of on-line real-time and the second is an example of EDI.

Matching Questions

62.State whether each of the following statements is correct or incorrect.

1.Parallel simulation involves the use of audit software to process functions essentially equivalent to those of the client's program and to determine whether auditor and client results are equivalent.Incorrect.____

2.A client's access to a "Type 1" service auditor's report for a company that processes its payroll may be sued to reduce the auditor's tests of controls for that client.Correct.____

3.Computer assisted audit techniques, while helpful for tests of controls, are seldom helpful for substantive procedures.Incorrect.____

4.The nature of the IT-based system may affect the specific procedures employed by the auditors in testing the controls.Correct.____

5.Specialists with specialized skills in IT processing are seldom used on audits since each audit team member is expected to have the necessary skills.E. Incorrect.____

Essay Questions

63.Many auditors use generalized audit software to assist them in the examination of clients' computer records.

a. Describe what is meant by generalized audit software.b. List two advantages of the use of generalized audit software.c. List three functions that may be performed with this type of software.

64.Auditors are now faced with examining clients that have database systems.

a. Describe a database system, including its major advantage.b. Identify policies and procedures that may be established to provide control over that aspect over a database system.

65.Various characteristics of IT systems can present special audit risks. Explain each of the following characteristics of an IT system and the special audit risks that they present.

a. Data base system.b. Distributive data processing.c. End user computing.

Chapter 08 Consideration of Internal Control in an Information Technology Environment Answer Key

True / False Questions

1.Magnetic tape drives have the advantage of direct access to stored data.FALSE

AACSB: AnalyticAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyBloom's: UnderstandDifficulty: MediumLearning Objective: 08-01 Contrast the characteristics of an information technology-based system with those of a less sophisticated system.Topic: IT-Based Systems2.The operating system is an example of system software.TRUE

AACSB: AnalyticAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyBloom's: UnderstandDifficulty: MediumLearning Objective: 08-01 Contrast the characteristics of an information technology-based system with those of a less sophisticated system.Topic: IT-Based Systems3.For good internal control, programmers should not be given access to complete program documentation for the programs they work on.FALSE

AACSB: AnalyticAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyBloom's: UnderstandDifficulty: MediumLearning Objective: 08-04 Distinguish among general control activities; application control activities; and user control activities in an information technology-based system.Topic: Internal Control in an IT Environment4.Data encryption is an example of data transmission control.TRUE

AACSB: AnalyticAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyBloom's: UnderstandDifficulty: MediumLearning Objective: 08-04 Distinguish among general control activities; application control activities; and user control activities in an information technology-based system.Topic: Internal Control in an IT Environment5.Internal file labels are designed to prevent errors by programmers.FALSE

AACSB: AnalyticAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyBloom's: UnderstandDifficulty: MediumLearning Objective: 08-04 Distinguish among general control activities; application control activities; and user control activities in an information technology-based system.Topic: Internal Control in an IT Environment6.For auxiliary storage when the computer is operating, personal computers use hard disk drives.TRUE

AACSB: AnalyticAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyBloom's: UnderstandDifficulty: MediumLearning Objective: 08-04 Distinguish among general control activities; application control activities; and user control activities in an information technology-based system.Topic: Internal Control in an IT Environment7.Distributive data processing eliminates the need for data security.FALSE

AACSB: AnalyticAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyBloom's: RememberDifficulty: EasyLearning Objective: 08-02 Describe the nature of various types of information technology-based systems.Topic: IT-Based Systems8.Most advanced computer systems do not have audit trails.FALSE

AACSB: AnalyticAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyBloom's: UnderstandDifficulty: MediumLearning Objective: 08-02 Describe the nature of various types of information technology-based systems.Topic: IT-Based Systems9.Auditors usually begin their consideration of IT systems with tests of application controls.FALSE

AACSB: AnalyticAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyAICPA FN: MeasurementBloom's: ApplyDifficulty: HardLearning Objective: 08-06 Discuss the ways in which the auditors may test controls in an information technology environment.Topic: Auditors' Consideration of Internal Control in an IT Environment10.Generalized audit software may be used for substantive tests or for tests of controls.TRUE

AACSB: AnalyticAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyAICPA FN: MeasurementBloom's: UnderstandDifficulty: MediumLearning Objective: 08-07 Describe the nature of generalized audit software programs and the ways that they are used by the auditors.Topic: Substantive Procedures with Computers

Multiple Choice Questions

11.Which of the following procedures would an entity most likely include in its disaster recovery plan?A.Convert all data from external formats to an internal company format.B.Maintain a program to prevent illegal activity.C.Develop an auxiliary power supply to provide uninterrupted electricity.D.Store duplicate copies of files in a location away from the computer center.

AACSB: AnalyticAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyBloom's: UnderstandDifficulty: MediumLearning Objective: 08-04 Distinguish among general control activities; application control activities; and user control activities in an information technology-based system.Source: AICPATopic: Internal Control in an IT Environment12.A service auditor's report on a service center should include a(n):A.Detailed description of the service center's internal control.B.Statement that the user of the report may assess control risk at the minimum level.C.Indication that no assurance is provided.D.Opinion on the operating effectiveness of the service center's internal control.

AACSB: AnalyticAACSB: CommunicationAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyAICPA FN: MeasurementAICPA FN: ReportingBloom's: ApplyDifficulty: HardLearning Objective: 08-07 Describe the nature of generalized audit software programs and the ways that they are used by the auditors.Topic: Computer Service Centers13.The report of a service auditor may provide assurance on whether:

A.Option AB.Option BC.Option CD.Option D

AACSB: AnalyticAACSB: CommunicationAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyAICPA FN: MeasurementAICPA FN: ReportingBloom's: ApplyDifficulty: HardLearning Objective: 08-07 Describe the nature of generalized audit software programs and the ways that they are used by the auditors.Topic: Computer Service Centers14.Which of the following is a password security problem?A.Users are assigned passwords when accounts are created, but do not change them.B.Users have accounts on several systems with different passwords.C.Users copy their passwords on note paper, which is kept in their wallets.D.Users select passwords that are not listed in any online dictionary.

AACSB: AnalyticAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyBloom's: RememberDifficulty: EasyLearning Objective: 08-04 Distinguish among general control activities; application control activities; and user control activities in an information technology-based system.Source: AICPATopic: Internal Control in an IT Environment15.Which of the following is a software component of a computer system?A.The operating system.B.The storage unit.C.The display monitorD.The optical scanner.

AACSB: AnalyticAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyBloom's: RememberDifficulty: EasyLearning Objective: 08-01 Contrast the characteristics of an information technology-based system with those of a less sophisticated system.Topic: IT-Based Systems16.Which of the following is least likely to be a general control over computer activities?A.Procedures for developing new programs and systems.B.Requirements for system documentation.C.A change request log.D.A control total.

AACSB: AnalyticAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyBloom's: UnderstandDifficulty: MediumLearning Objective: 08-04 Distinguish among general control activities; application control activities; and user control activities in an information technology-based system.Topic: Internal Control in an IT Environment17.Which of the following computer related employees should not be allowed access to program listings of application programs?A.The systems analyst.B.The programmer.C.The operator.D.The librarian.

AACSB: AnalyticAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyBloom's: ApplyDifficulty: HardLearning Objective: 08-03 Describe the appropriate organizational structure in an information technology environment.Topic: Internal Control in an IT Environment18.The advent of personal computers has resulted in a(n):A.Decentralization of data processing activities.B.Increased concern over the accuracy of computerized processing.C.Decrease in the number of local area networks.D.Increase for general computer control activities.

AACSB: AnalyticAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyBloom's: UnderstandDifficulty: MediumLearning Objective: 08-02 Describe the nature of various types of information technology-based systems.Topic: IT-Based Systems19.Which of the following is most likely to include user group development and execution of certain computer applications?A.Telecommunication transmission systems.B.Database administration.C.End user computing.D.Electronic data interchange systems.

AACSB: AnalyticAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyBloom's: UnderstandDifficulty: MediumLearning Objective: 08-02 Describe the nature of various types of information technology-based systems.Topic: IT-Based Systems20.Which of the following is not a data transmission control?A.Echo checks.B.Data encryption.C.File labels.D.Parity checks.

AACSB: AnalyticAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyBloom's: UnderstandDifficulty: MediumLearning Objective: 08-04 Distinguish among general control activities; application control activities; and user control activities in an information technology-based system.Topic: Internal Control in an IT Environment21.Which of the following is an example of general computer control?A.Input validation checks.B.Control total.C.Operations manual.D.Generalized audit software.

AACSB: AnalyticAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyBloom's: UnderstandDifficulty: MediumLearning Objective: 08-04 Distinguish among general control activities; application control activities; and user control activities in an information technology-based system.Topic: Internal Control in an IT Environment22.Which of the following would the auditors consider to be a weakness in an IT system?A.Operators have access to terminals.B.Programmers are allowed access to the file library.C.Reprocessing of exceptions detected by the computer is handled by a data control group.D.More than one employee is present when the computer facility is in use.

AACSB: AnalyticAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyBloom's: UnderstandDifficulty: MediumLearning Objective: 08-04 Distinguish among general control activities; application control activities; and user control activities in an information technology-based system.Topic: Internal Control in an IT Environment23.Which of the following is least likely to be tested with generalized audit software?A.An aging of accounts receivable.B.A schedule of inventory.C.A depreciation schedule.D.A computer operations manual.

AACSB: AnalyticAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyAICPA FN: MeasurementBloom's: RememberDifficulty: EasyLearning Objective: 08-06 Discuss the ways in which the auditors may test controls in an information technology environment.Topic: Auditors' Consideration of Internal Control in an IT Environment24.Which of the following would be least likely to be considered a desirable attribute of a database management system?A.Data redundancy.B.Quick response to users' request for information.C.Control of users' identification numbers and passwords.D.Logging of terminal activity.

AACSB: AnalyticAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyBloom's: UnderstandDifficulty: MediumLearning Objective: 08-02 Describe the nature of various types of information technology-based systems.Topic: IT-Based Systems25.A problem for a CPA associated with advanced IT systems is that:A.The audit trail normally does not exist.B.The audit trail is sometimes generated only in machine readable form.C.The client's internal auditors may have been involved at the design stage.D.Tests of controls are not possible.

AACSB: AnalyticAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyBloom's: RememberDifficulty: EasyLearning Objective: 08-02 Describe the nature of various types of information technology-based systems.Topic: IT-Based Systems26.Which of the following testing techniques is more commonly used by internal auditors than by independent auditors?A.Integrated test facilities.B.Test data.C.Controlled programs.D.Tagging and tracing transactions.

AACSB: AnalyticAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyAICPA FN: MeasurementBloom's: UnderstandDifficulty: MediumLearning Objective: 08-06 Discuss the ways in which the auditors may test controls in an information technology environment.Topic: Auditors' Consideration of Internal Control in an IT Environment27.General controls over IT systems are typically tested using:A.Generalized audit software.B.Observation, inspection, and inquiry.C.Program analysis techniques.D.Test data.

AACSB: AnalyticAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyAICPA FN: MeasurementBloom's: UnderstandDifficulty: MediumLearning Objective: 08-06 Discuss the ways in which the auditors may test controls in an information technology environment.Topic: Auditors' Consideration of Internal Control in an IT Environment28.When conducting field work for a physical inventory, an auditor cannot perform which of the following steps using a generalized audit software package?A.Observing inventory.B.Selecting sample items of inventory.C.Analyzing data resulting from inventory.D.Recalculating balances in inventory reports.

AACSB: AnalyticAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyAICPA FN: MeasurementBloom's: UnderstandDifficulty: MediumLearning Objective: 08-06 Discuss the ways in which the auditors may test controls in an information technology environment.Source: AICPATopic: Auditors' Consideration of Internal Control in an IT Environment29.Which of the following personnel is responsible for determining the computer processing needs of the various users?A.The application programmer.B.The computer operator.C.The systems analyst.D.The systems programmer.

AACSB: AnalyticAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyBloom's: UnderstandDifficulty: MediumLearning Objective: 08-03 Describe the appropriate organizational structure in an information technology environment.Topic: Internal Control in an IT Environment30.Which of the following testing techniques minimizes the possibility that the auditors will contaminate a client's financial records?A.Test data.B.Integrated test facilities.C.Controlled programs.D.Tagging and tracing transactions.

AACSB: AnalyticAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyAICPA FN: MeasurementBloom's: ApplyDifficulty: HardLearning Objective: 08-06 Discuss the ways in which the auditors may test controls in an information technology environment.Topic: Auditors' Consideration of Internal Control in an IT Environment31.Which of the following is not a distinctive characteristic of advanced IT systems?A.Data communication.B.Integrated database.C.Batch processing of transactions.D.Distributive data processing.

AACSB: AnalyticAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyBloom's: UnderstandDifficulty: MediumLearning Objective: 08-02 Describe the nature of various types of information technology-based systems.Topic: IT-Based Systems32.The best method of achieving internal control over advanced IT systems is through the use of:A.Batch controls.B.Controls written into the computer system.C.Equipment controls.D.Documentation controls.

AACSB: AnalyticAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyBloom's: ApplyDifficulty: HardLearning Objective: 08-04 Distinguish among general control activities; application control activities; and user control activities in an information technology-based system.Topic: Internal Control in an IT Environment33.Which of the following personnel is responsible for the proper functioning of the security features built into the operating system?A.The systems programmer.B.The application programmer.C.The computer operator.D.The telecommunications specialist.

AACSB: AnalyticAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyBloom's: ApplyDifficulty: HardLearning Objective: 08-03 Describe the appropriate organizational structure in an information technology environment.Topic: Internal Control in an IT Environment34.Which of the following is not a data transmission control?A.Data encryption.B.Parity check.C.Message acknowledgment techniques.D.Distributed data processing.

AACSB: AnalyticAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyBloom's: UnderstandDifficulty: MediumLearning Objective: 08-04 Distinguish among general control activities; application control activities; and user control activities in an information technology-based system.Topic: Internal Control in an IT Environment35.Which of the following is not a programmed control?A.Private lines.B.Validity tests.C.Self-checking numbers.D.Limit tests.

AACSB: AnalyticAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyBloom's: UnderstandDifficulty: MediumLearning Objective: 08-04 Distinguish among general control activities; application control activities; and user control activities in an information technology-based system.Topic: Internal Control in an IT Environment36.A system in which the end user is responsible for the development and execution of the computer application that he or she uses is referred to as:A.Laptop computing.B.End-user computing.C.Distributed computing.D.Decentralized computing.

AACSB: AnalyticAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyBloom's: RememberDifficulty: EasyLearning Objective: 08-02 Describe the nature of various types of information technology-based systems.Topic: IT-Based Systems37.In a client/server environment, the "client" is most likely to be the:A.Supplier of the computer system.B.Computers of various users.C.Computer that contains the networks software and provides services to a server.D.Database administrator.

AACSB: AnalyticAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyBloom's: UnderstandDifficulty: MediumLearning Objective: 08-01 Contrast the characteristics of an information technology-based system with those of a less sophisticated system.Topic: IT-Based Systems38.When designing the physical layout of a data processing center, which of the following would be least likely to be a necessary control that is considered?A.Design of controls to restrict access.B.Adequate physical layout space for the operating system.C.Inclusions of an adequate power supply system with surge protection.D.Consideration of risks related to other uses of electricity in the area.

AACSB: AnalyticAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyBloom's: UnderstandDifficulty: MediumLearning Objective: 08-04 Distinguish among general control activities; application control activities; and user control activities in an information technology-based system.Topic: Internal Control in an IT Environment39.A data warehouse is an example of:A.On-line analytical processing.B.On-line transaction processing.C.Essential information batch processing.D.Decentralized processing.

AACSB: AnalyticAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyBloom's: ApplyDifficulty: HardLearning Objective: 08-02 Describe the nature of various types of information technology-based systems.Topic: IT-Based Systems40.An example of an access control is a:A.Check digit.B.Password.C.Test facility.D.Read only memory.

AACSB: AnalyticAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyBloom's: UnderstandDifficulty: MediumLearning Objective: 08-04 Distinguish among general control activities; application control activities; and user control activities in an information technology-based system.Topic: Internal Control in an IT Environment41.End-user computing is most likely to occur on which of the following types of computers?A.Mainframe.B.Macrocomputers.C.Personal computers.D.Personal reference assistants.

AACSB: AnalyticAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyBloom's: UnderstandDifficulty: MediumLearning Objective: 08-02 Describe the nature of various types of information technology-based systems.Topic: IT-Based Systems42.Auditing through the computer is most likely to be used when:A.Input transactions are batched and system logic is straightforward.B.Processing primarily consists of sorting the input data and updating the master file sequentially.C.Processing is primarily on line and updating is real-time.D.Outputs are in hard copy form.

AACSB: AnalyticAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyAICPA FN: MeasurementBloom's: UnderstandDifficulty: MediumLearning Objective: 08-06 Discuss the ways in which the auditors may test controls in an information technology environment.Source: IIATopic: Auditors' Consideration of Internal Control in an IT Environment43.Which of the following computer system risks would be increased by the installation of a database system?A.Programming errors.B.Data entry errors.C.Improper data access.D.Loss of power.

AACSB: AnalyticAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyBloom's: ApplyDifficulty: HardLearning Objective: 08-02 Describe the nature of various types of information technology-based systems.Source: IIATopic: IT-Based Systems44.Parallel simulation programs used by the auditors for testing programs:A.Must simulate all functions of the production computer-application system.B.Cannot be developed with the aid of generalized audit software.C.Can use live data or test data.D.Is generally restricted to data base environments.

AACSB: AnalyticAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyAICPA FN: MeasurementBloom's: UnderstandDifficulty: MediumLearning Objective: 08-06 Discuss the ways in which the auditors may test controls in an information technology environment.Source: IIATopic: Auditors' Consideration of Internal Control in an IT Environment45.Auditing by testing the input and output of a computer system instead of the computer program itself will:A.Not detect program errors which do not show up in the output sampled.B.Detect all program errors, regardless of the nature of the output.C.Provide the auditors with the same type of evidence.D.Not provide the auditors with the confidence in the results of the auditing procedures.

AACSB: AnalyticAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyBloom's: UnderstandDifficulty: MediumLearning Objective: 08-03 Describe the appropriate organizational structure in an information technology environment.Source: AICPATopic: Internal Control in an IT Environment46.If a control total were to be computed on each of the following data items, which would best be identified as a hash total for a payroll computer application?A.Net pay.B.Department numbers.C.Hours worked.D.Total debits and total credits.

AACSB: AnalyticAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyBloom's: UnderstandDifficulty: MediumLearning Objective: 08-04 Distinguish among general control activities; application control activities; and user control activities in an information technology-based system.Source: AICPATopic: Internal Control in an IT Environment47.Smith Corporation has numerous customers. A customer file is kept on disk storage. Each account in the customer file contains name, address, credit limit, and account balance. The auditor wishes to test this file to determine whether credit limits are being exceeded. The best procedure for the auditor to follow would be to:A.Develop test data that would cause some account balance to exceed the credit limit and determine if the system properly detects such situations.B.Develop a program to compare credit limits with account balances and print out the details of any account with a balance exceeding its credit limit.C.Require a printout of all account balances so they can be manually checked against the credit limits.D.Request a printout of a sample of account balances so they can be individually checked against the credit limits.

AACSB: AnalyticAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyAICPA FN: MeasurementBloom's: UnderstandDifficulty: MediumLearning Objective: 08-06 Discuss the ways in which the auditors may test controls in an information technology environment.Source: AICPATopic: Auditors' Consideration of Internal Control in an IT Environment48.In their consideration of a client's IT controls, the auditors will encounter general controls and application controls. Which of the following is an application control?A.The operations manual.B.Hash total.C.Systems documentation.D.Control over program changes.

AACSB: AnalyticAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyBloom's: ApplyDifficulty: HardLearning Objective: 08-04 Distinguish among general control activities; application control activities; and user control activities in an information technology-based system.Source: AICPATopic: Internal Control in an IT Environment49.When erroneous data are detected by computer program controls, such data may be excluded from processing and printed on an exception report. The exception report should most probably be reviewed and followed up on by the:A.Supervisor of computer operations.B.Systems analyst.C.Data control group.D.Computer programmer.

AACSB: AnalyticAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyBloom's: UnderstandDifficulty: MediumLearning Objective: 08-03 Describe the appropriate organizational structure in an information technology environment.Source: AICPATopic: Internal Control in an IT Environment50.The purpose of using generalized computer programs is to test and analyze a client's computer:A.Systems.B.Equipment.C.Records.D.Processing logic.

AACSB: AnalyticAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyAICPA FN: MeasurementBloom's: ApplyDifficulty: HardLearning Objective: 08-06 Discuss the ways in which the auditors may test controls in an information technology environment.Source: AICPATopic: Auditors' Consideration of Internal Control in an IT Environment51.An auditor may decide not to perform tests of controls related to the control activities within the computer portion of the client's internal control. Which of the following would not be a valid reason for choosing to omit such test?A.The controls duplicate operative controls existing elsewhere.B.There appear to be major weaknesses that would preclude reliance on the stated procedure.C.The time and dollar costs of testing exceed the time and dollar savings in substantive testing if the tests show the controls to be operative.D.The controls appear adequate.

AACSB: AnalyticAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyAICPA FN: Risk AnalysisBloom's: UnderstandDifficulty: MediumLearning Objective: 08-05 Explain the manner in which the auditors obtain an understanding of internal control in an information technology environment.Source: AICPATopic: Auditors' Consideration of Internal Control in an IT Environment52.A control feature in a computer system requires the central processing unit (CPU) to send signals to the printer to activate the print mechanism for each character. The print mechanism, just prior to printing, sends a signal back to the CPU verifying that the proper print position has been activated. This type of data transmission is referred to as:A.Echo control.B.Validity control.C.Signal control.D.Check digit control.

AACSB: AnalyticAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyBloom's: RememberDifficulty: EasyLearning Objective: 08-04 Distinguish among general control activities; application control activities; and user control activities in an information technology-based system.Source: AICPATopic: Internal Control in an IT Environment53.Which of the following constitutes a weakness in the internal control of a computer system?A.One generation of backup files is stored in an off-premises location.B.Machine operators distribute error messages to the control group.C.Machine operators do not have access to the complete systems manual.D.Machine operators are supervised by the programmer.

AACSB: AnalyticAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyAICPA FN: Risk AnalysisBloom's: UnderstandDifficulty: MediumLearning Objective: 08-05 Explain the manner in which the auditors obtain an understanding of internal control in an information technology environment.Source: AICPATopic: Auditors' Consideration of Internal Control in an IT Environment54.The completeness of computer-generated sales figures can be tested by comparing the number of items listed on the daily sales report with the number of items billed on the actual invoices. This process uses:A.Self-checking numbers.B.Control totals.C.Validity tests.D.Process tracing data.

AACSB: AnalyticAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyBloom's: UnderstandDifficulty: MediumLearning Objective: 08-04 Distinguish among general control activities; application control activities; and user control activities in an information technology-based system.Source: AICPATopic: Internal Control in an IT Environment55.Internal control is ineffective when computer department personnel:A.Participate in computer software acquisition decisions.B.Design documentation for computerized systems.C.Originate changes in master files.D.Provide physical security for program files.

AACSB: AnalyticAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyBloom's: UnderstandDifficulty: MediumLearning Objective: 08-03 Describe the appropriate organizational structure in an information technology environment.Source: AICPATopic: Internal Control in an IT Environment56.Which of the following is likely to be of least importance to an auditor in considering the internal control in a company with computer processing?A.The segregation of duties within the computer center.B.The control over source documents.C.The documentation maintained for accounting applications.D.The cost/benefit of data processing operations.

AACSB: AnalyticAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyAICPA FN: Risk AnalysisBloom's: RememberDifficulty: EasyLearning Objective: 08-05 Explain the manner in which the auditors obtain an understanding of internal control in an information technology environment.Source: AICPATopic: Auditors' Consideration of Internal Control in an IT Environment57.In the weekly computer run to prepare payroll checks, a check was printed for an employee who had been terminated the previous week. Which of the following controls, if properly utilized, would have been most effective in preventing the error or ensuing its prompt detection?A.A control total for hours worked, prepared from time cards collected by the timekeeping department.B.Requiring the treasurer's office to account for the numbers of the prenumbered checks issued to the computer department for the processing of the payroll.C.Use of a check digit for employee numbers.D.Use of a header label for the payroll input sheet.

AACSB: AnalyticAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyBloom's: UnderstandDifficulty: MediumLearning Objective: 08-04 Distinguish among general control activities; application control activities; and user control activities in an information technology-based system.Source: AICPATopic: Internal Control in an IT Environment58.A company's labor distribution report requires extensive corrections each month because of labor hours charged to inactive jobs. Which of the following data processing input controls appears to be missing?A.Completeness test.B.Validity test.C.Limit test.D.Control total.

AACSB: AnalyticAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyBloom's: UnderstandDifficulty: MediumLearning Objective: 08-04 Distinguish among general control activities; application control activities; and user control activities in an information technology-based system.Source: IIATopic: Internal Control in an IT Environment59.Passwords for microcomputer software programs are designed to prevent:A.Inaccurate processing of data.B.Unauthorized access to the computer.C.Incomplete updating of data files.D.Unauthorized use of the software.

AACSB: AnalyticAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyBloom's: UnderstandDifficulty: MediumLearning Objective: 08-04 Distinguish among general control activities; application control activities; and user control activities in an information technology-based system.Source: IIATopic: Internal Control in an IT Environment60.The capability for computers to communicate with physically remote terminals is an important feature in the design of modern business information systems. Which of the following risks associated with the use of telecommunications systems is minimized through the use of a password control system?A.Unauthorized access to system program and data files.B.Unauthorized physical availability of remote terminals.C.Physical destruction of system program and data files.D.Physical destruction of remote terminals.

AACSB: AnalyticAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyBloom's: UnderstandDifficulty: MediumLearning Objective: 08-04 Distinguish among general control activities; application control activities; and user control activities in an information technology-based system.Source: IIATopic: Internal Control in an IT Environment61.Consider the following computer applications:

(1) At a catalog sales firm, as phone orders are entered into their computer, both inventory and credit are immediately checked.2) A manufacturer's computer sends the coming week's production schedule and parts orders to a supplier's computer.

Which statement below is true for these applications?A.Both applications are examples of EDI.B.Both applications are examples of on-line real-time processing.C.The first application is an example of EDI and the second is an example of on-line real-time.D.The first application is an example of on-line real-time and the second is an example of EDI.

AACSB: AnalyticAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyBloom's: ApplyDifficulty: HardLearning Objective: 08-02 Describe the nature of various types of information technology-based systems.Source: IIATopic: IT-Based Systems Matching Questions

62.State whether each of the following statements is correct or incorrect.

1.Parallel simulation involves the use of audit software to process functions essentially equivalent to those of the client's program and to determine whether auditor and client results are equivalent.Incorrect.5

2.A client's access to a "Type 1" service auditor's report for a company that processes its payroll may be sued to reduce the auditor's tests of controls for that client.Correct.4

3.Computer assisted audit techniques, while helpful for tests of controls, are seldom helpful for substantive procedures.Incorrect.3

4.The nature of the IT-based system may affect the specific procedures employed by the auditors in testing the controls.Correct.1

5.Specialists with specialized skills in IT processing are seldom used on audits since each audit team member is expected to have the necessary skills.E. Incorrect.2

AACSB: AnalyticAACSB: CommunicationAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyAICPA FN: MeasurementAICPA FN: ReportingAICPA FN: Risk AnalysisBloom's: UnderstandDifficulty: MediumLearning Objective: 08-05 Explain the manner in which the auditors obtain an understanding of internal control in an information technology environment.Learning Objective: 08-06 Discuss the ways in which the auditors may test controls in an information technology environment.Learning Objective: 08-07 Describe the nature of generalized audit software programs and the ways that they are used by the auditors.Topic: Auditors' Consideration of Internal Control in an IT EnvironmentTopic: Computer Service Centers Essay Questions

63.Many auditors use generalized audit software to assist them in the examination of clients' computer records.

a. Describe what is meant by generalized audit software.b. List two advantages of the use of generalized audit software.c. List three functions that may be performed with this type of software.

a. Generalized audit software packages are simple programming languages that assist in the audit of clients' computer records.b. Advantages of the use of generalized audit software include (only two required):

( Auditors are able to directly test computerized records.( Auditors are able to test items more efficiently than manually.( Auditors do not need extensive training to use the packages.

c. Functions that may be performed by generalized audit software packages include (only three required):

( Examine records for overall quality, completeness, and valid conditions.( Rearrange data and perform analyses.( Select audit samples.( Compare data on separate files.( Compare the results of audit procedures with the client's records.

AACSB: AnalyticAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyAICPA FN: MeasurementBloom's: ApplyDifficulty: HardLearning Objective: 08-04 Distinguish among general control activities; application control activities; and user control activities in an information technology-based system.Learning Objective: 08-06 Discuss the ways in which the auditors may test controls in an information technology environment.Topic: Auditors' Consideration of Internal Control in an IT EnvironmentTopic: Internal Control in an IT Environment64.Auditors are now faced with examining clients that have database systems.

a. Describe a database system, including its major advantage.b. Identify policies and procedures that may be established to provide control over that aspect over a database system.

a. In a data-base system separate files are replaced with an integrated data-base that is shared by many application programs.b. Controls over data-base systems include:

( A system of user identification numbers and passwords should be used to restrict specific data to authorized personnel.( Terminal activity should be logged by the operating system for subsequent review for unauthorized access to data.( The responsibility for updating specific data should be assigned to a specific department.

AACSB: AnalyticAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyBloom's: UnderstandDifficulty: MediumLearning Objective: 08-02 Describe the nature of various types of information technology-based systems.Topic: IT-Based Systems65.Various characteristics of IT systems can present special audit risks. Explain each of the following characteristics of an IT system and the special audit risks that they present.

a. Data base system.b. Distributive data processing.c. End user computing.

a. A system that eliminates data redundancy by storing data for two or more applications in an integrated data-base.Special risks include:

( Improper access to data.( Improper alteration of data.

b. A system in which information and programs are shared by a number of users.Special risks include:

( Improper access to data.( Improper alteration of data.

c. A system in which user departments are responsible for developing and executing computer applications that generate information for the same users.Special risks include:

( Improper access to data.( Unreliable user developed programs.

AACSB: AnalyticAACSB: TechnologyAICPA BB: IndustryAICPA BB: Leveraging TechnologyAICPA FN: Decision MakingAICPA FN: Leveraging TechnologyAICPA FN: MeasurementAICPA FN: Risk AnalysisBloom's: UnderstandDifficulty: MediumLearning Objective: 08-02 Describe the nature of various types of information technology-based systems.Learning Objective: 08-05 Explain the manner in which the auditors obtain an understanding of internal control in an information technology environment.Learning Objective: 08-06 Discuss the ways in which the auditors may test controls in an information technology environment.Topic: Auditors' Consideration of Internal Control in an IT EnvironmentTopic: IT-Based Systems8-1