Vous êtes sur la page 1sur 34

CIA Exam Questions Introduction to Internal Auditing 1. Which of the following best describes the objective of internal auditing?

a. To assist members of the organization in the effective discharge of their responsibilities b. To assist management with the design and implementation of accounting and control systems c. To examine and evaluate an organization's accounting system as a service to management d. To monitor the organization's internal control system for the external auditors 2. According the Statement of Responsibilities of Internal Auditing, which of the following is not included in the scope of the internal audit function? a. Appraising the economy and efficiency with which resources are employed b. Reviewing the strategic management process, assessing the quality of management decision making both quantatively and qualitatively, and reporting the results to the audit committee c. Reviewing the means of safeguarding assets and, as appropriate, verifying the existence of such assets d. Reviewing operations or programs to ascertain whether results are consisten with established objectives and goals and whether the operations or programs are being carried out as planned. 3. Of the following, which is the major objective of The Institue of Internal Auditors? a. Cultivate, promote and disseminate information concerning internal auditing and related subjects b. Oversee the activities of internal auditors c. Promulgate standards that must be followed by all corporations d. Investigate accusations that Certified Internal Auditors have violated The Institute of Internal Auditors Code of Ethics 4. One of the purposes of the Standards for the Professional Practice of Internal Auditing as stated in the Introduction to the Standards is to a. Encourage the professionalization of internal auditing b. Establish the independence of the internal audit department and emphasize the objectivity of internal auditing c. Encourage external auditors to make more extensive use of the work of internal auditors d. Establish the basis for guidance and measurement of internal auditing performance 5. Which of the following statements does not describe one of the purposes of The IIA Code of Ethics? The IIA Code of Ethics a. Sets forth basic principles in the practice of internal auditing b. Charges IIA members to maintain high standards of conduct c. Explains the internal audit profession's responsibility to society at large

d. States that a distinguishing mark of a profession is acceptance by its members of responsibility to those it serves 6. Independence permits internal auditors to render impartial and unbiased judgments. The best way to achieve independence is through a. Individual knowledge and skills b. Organizational status and objectivity c. Supervision within the organization d. Organizational knowledge and skills 7. Which of the following is considered a major reason for establishing an internal audit function? a. To relieve overburdened management of the responsibility for establishing an effective control structure b. To safeguard resources entrusted to the organization c. To ensure the accuracy, reliability and timeliness of financial and operating data used in managment's decision making d. To assist members of the organization in the measurement and evaluation of the effectivenss of the established internal control structure 8. The internal auditor's responsibility for the prevention of fraud includes all of the following except a. Determining if the organizational environment fosters control consciousness b. Ensuring that fraud will not occur c. Being aware of activities in which fraud is likely to occur d. Evaluating the effectiveness of actions taken by management to deter fraud 9. The internal auditing profession is believed to have advanced primarily as a consequence of a. Increased interest by graduating students and experienced auditors b. The limitation of external audit scope c. Job qualification specifications that include added emphasis on background knowledge and skills d. Increased complexity and sophistication of business operations 10. The audit committee can serve several important purposes, some of which directly benefit internal auditing. The most significant benefit provided by the audit committee to the internal auditor is a. Protecting the independence of the internal auditor from undue management influence b. Reviewing annual audit plans and monitoring audit results c. Approving audit plans, scheduling, staffing and meeting with the internal auditor as needed d. Reviewing copies of the procedures manuals for selected company operations and meeting with company officials to discuss them 11. Which of the following best describes and internal auditor's purpose in reviewing the

adequacy of the system of internal control? a. To help determine the nature, timing and extent of tests necessary to achieve audit objectives b. To ensure that material weaknesses in the internal control system are corrected c. To determine whether the internal control system provides reasonable assurance that the organization's objectives and goals are met efficiently and economically d. To determine whether the internal control system ensures that the accounting records are correct and that financial statements are fairly stated Introduction to Internal Auditing 1. A 2. B 3. A 4. D 5. C 6. B 7. D 8. B 9. D 10. A 11. C CIA Exam Questions -- Internal Auditing Standards 1. According to the Statement of Responsibilities, the authority of the internal auditing department is limited to that granted by a. The board of directors and the controller b. Senior management and the Standards c. Management and the board of directors d. The audit committee and the chief financial officer 2. A company's new president meets the director of internal auditing for the first time and asks the director to briefly describe the department's overall responsibility. The director states that internal auditing's overall responsibility is to a. Act an an independent appraisal function to review operations as a service to management by measuring and evaluating the effectiveness of controls b. Review the means of safeguarding assets and, as appropriate, verify the existence of such assets c. Ensure compliance with policies, plans, procedures, laws and regulations that could have a significant impact on operations and reports d. Review the reliability and integrity of financial and operating information and the means used top identify, measure, classify and report such informtion 3. A charter is being drafted for a newly formed internal auditing department. Which of the following best describes the appropriate opganizational status that should be

incorporated into the charter? a. The director of internal auditing should report to the chief executive officer but have access to the board of directors b. The director of internal auditing should be a member of the audit committee of the board of directors c. The director of internal auditing should be a staff officer reporting to the chief financial officer d. The director of internal auditing should report to an administrative vice president 4. Under Standard 110, the purpose, authority and responsibility of the internal audit department should be defined in a formal written document (charter). A written charter, approved by the board of directors, is primarily meant to enhance the department's a. Due professional care b. Stature within the organization c. Relationship with management d. Independence 5. An auditor's objectivity could be compromised in all of the following situations except a. A conflict of interest b. Auditee familiarity with auditor due to lack of rotation in assignments c. Auditor assumption of operational duties on a temporary basis d. Reliance on outside expert opinion when appropriate 6. According to the Standards, internal auditors should review the means of physically safeguarding assets from losses arising from a. Misapplication of accounting principles b. Procedures that are not cost justified c. Exposure to the elements d. Underusage of physical facilities 7. In conducting an appraisal of the economy and efficiency with which resources are employed, an internal auditor is responsible for a. Determining whether operating standards have been established b. Verifying the existence of assets c. Reviewing the reliability of operating information d. Verifying the accuracy of asset valuation 8. According to the Standards, an internal auditor's role with respect to operating objectives and goals includes a. Approving the operating objectives or goals to be met b. Determining whether underlying assumptions are appropriate c. Developing and implementing control procedures d. Accomplishing desired operating program results 9. The Standards require that the internal audit director establish and maintain a quality assurance program to evaluate the operations of the internal audit department. All of the

following are considered elements of a quality assurance program except a. Annual appraisals of individual internal auditors' performance b. Internal reviews of audits completed c. Supervision of audit work d. External reviews to assess compliance with standards 10. As used in the Standards when discussing audit planning or risk assessment, the term risk is best defined as the probability that a. An internal auditor will fail to detect a material error or event that causes financial statements or internal reports to be misstated or misleading b. An event or action my adversely affect the organization c. Management will, either knowingly or unknowingly, make decisions that increase the potential liability of the organization d. Financial statements and/or internal records will contain material error 11. Internal auditing is a dynamic profession. Which of the following best describes the scope of internal auditing as it has developed to date? a. Internal auditing involves appraising the economy and efficiency with which resources are employed b. Internal auditing involves evaluating compliance with policies, plans, procedures, laws and regulations c. Internal auditing has evolved to verifying the existence of assets and reviewing the means of safeguarding assets d. Internal auditing has evolved to more of an operational orientation from a strictly financial orientation CIA Exam Answers -- IIA Standards 1. C 2. A 3. A 4. D 5. D 6. C 7. A 8. B 9. A 10. B 11. D

CIA Exam Questions -- IIA Code of Ethics 1. A primary purpose for establishing a code of conduct within a professional organization is to a. Reduce the likelihood that members of the profession will be sued for substandard work b. Ensure that all members of the profession perform at approximately the same level of competence c. Demonstrate acceptance of responsibility to the interests of those served by the profession d. Require members of the profession to exhibit loyalty in all matters pertaining to the affairs of their organization 2. An accounting association established a code of ethics for all members. Identify the association's primary purpose for establishing the code of ethics. a. To outline criteria for professional behavior to maintain standards of competence, morality, honesty and dignity within the association b. To establish standards to follow for effective accounting practice c. To provide a framework within which accounting policies can be effectively developed and executed d. To outline criteria that can be used in conducting interviews of potential new accountants 3. "Due care implies reasonqble care and competence, not infallibility or extraordinary performance." This statement makes which of the following unnecessary? a. The conduct of examinations and verifications to a reasonable extent b. The conduct of extensive examinations c. The reasonable assurance that compliance does exist d. The consideration of the possibility of material irregularities 4. An internal auditor observes that a receivables clerk has physical access to and control of cash receipts. The auditor worked with the clerk several years before and has a high level of trust in the individual. Accordingly, the auditor notes in the working papers that controls over receipts are adequate. Is the auditor in compliance with the Standards? a. Yes, reasonable care has been taken b. No, irregularities were not noted c. No, alertness to conditions where irregularities are most likely was not shown d. Yes, the working papers were annotated 5. The Code of Ethics requires IIA members to exercise three particular qualities in the performance of their duties. These qualities are a. Honesty, objectivity and dilegence b. Timeliness, sobriety and clarity c. Knowledge, skill and discipline d. Punctuality, loyalty and dignity

6. A Certified Internal Auditor, working for a chemical manufacturer, believed that toxic waste was being dumped in violation of the law. Out of loyalty to the company, no evidence regarding the dumping was collected. The auditor a. Violated the Code of Ethics by knowingly becoming a party to an illegal act b. Violated the Code of Ethics by failing to protect the well-being of the general public c. Did not violate the Code of Ethics. Loyalty to the employer in all matters is required d. Did not violate the Code of Ethics. Conclusive evidence of wrongdoing was not gathered 7. Which of the following concurrent occupations could appear to subvert the ethical behavior of an internal auditor? a. Internal auditor and a well-known charitable organization's local in-house chairperson b. Internal auditor and part-time business insurance broker c. Internal auditor and adjunct faculty member of local business college that educates potential employees d. Internal auditor and landlord of apartment buildings that publicly advertise for tenants in local newspapers listing monthly rental fees 8. Internal auditors should be prudent in their relationships with persons and organizations external to their employers. Which of the following activities is least likely to affect internal auditors' ethical behavior adversely? a. Accepting compensation from professional organizations for consulting work b. Serving as consultants to competitor organizations c. Serving as consultants to suppliers d. Discussing audit plans or results with external parties 9. During the course of an audit, an auditor discovers that a clerk is embezzling company funds. Although this is the first embezzlement ever encountered and the organization has a security department, the auditor decides to personally interrogate the suspect. If the auditor is violating the Code of Ethics, the rule violated is most likely a. Failing to show due diligence b. Lack of loyalty to the organization c. Lack of competence in this area d. Failing to comply with the law 10. An organization has recently placed a former operating manager in the position of director of internal auditing. The new director is not a member of The IIA and is not a CIA. Henceforth, the internal auditing department will be run strictly by the director's standards, not The IIA's. All four staff members are members of The Institute, but they are not CIAs. According to the Code of Ethics, what is the best course of action for the staff members? a. The Code does not apply because the auditors are not CIAs. b. The auditors should adopt suitable means to comply with the Standards c. The auditors must exhibit loyalty to the organization and ignore the Standards d. The auditors must resign their jobs to avoid improper activities

11. During an audit, A CIA learned that certain individuals in the organization were involved in industrial espionage for the benefit of the organization. According to the Code of Ethics, identify the auditor's course of action. a. Report the facts to the appropriate individual within the organization b. No action is required because this condition is not detrimental to the organization c. Note the condition in the working papers but refrain from reporting it because it benefits the organization d. Report the condition to the appropriate government regulatory agency 12. A CIA is found to have committed a very serious violation of the Code of Ethics of The IIA. Which of the following describes the disciplinary action most likely to be imposed by The IIA? The CIA will a. Be required to take up to 40 hours of appropriate continuing professional education courses b. Be required to retake the CIA examination c. Forfeit his or her membership in The Institute d. Be assessed a fine not to exceeed $1,000 CIA Exam Answers -- IIA Code of Ethics 1. C 2. A 3. B 4. C 5. A 6. A 7. B 8. A 9. C 10. B 11. A 12. C CIA Exam Questions -- Information Systems Environment 1. A management information system a. Can only exist with computers b. Primarily processes data and produces reports c. Supports the operations, management and decision making functions in an organization d. Is a single large system in an organization 2. Early decision models used with structured decisions, such as intentory reordering and production scheduling, emphasized finding the structure of the decision and programming as much of it as possible. More recent models have been developed to support unstructured decision process. Models of the latter type are called a. Decision support systems

b. Management information systems c. Systems analysis techniques d. Rational decision models 3. The managemeng of information systems is experiencing a transition from an emphasis on information processing to an emphasis on information resources management. Which of the following choices best describes the scope of information resources management? a. Computer operations, applications development, technical services and corporate database. b. Data communications, voice communications and local area networks. c. External data services, word processing and intelligent workstations d. Data processing, telecommunications and office automation. 4. Who is ultimately responsible for the implementation of cost-effective controls in an automated system? a. The director of internal auditing b. Operating management c. The computer processing audit manager d. The control group in the computer processing department. 5. Management activities can be classified in three levels: strategic planning, management control and operational control. Information requirements vary with the level of management activity. Which of the following best describes the information requirements for strategic planning? a. Frequent use, external, aggregate information b. Future-oriented, outdated, detailed information c. Highly current, accurate, largely internal information d. Wide scope, aggregate, future-oriented information. 6. The most common computer-related problem confronting organizations is a. Hardware malfunction b. Input errors and omissions c. Disruption to computer processing caused by natural disasters d. Fraud 7. Which of the following statements concerning computer controls is false? a. A computer control may reduce exposure by minimizing potentially harmful effects or by reduing the probable frequency of the occurrence b. The use of a computer to process data significantly changes the basic concepts and objectives of control relevant to the organization c. Controls over computerized systems are at least as important as controls over comparable manual systems d. The automation of data processing activities changes the degrees of effectiveness and appropriateness of the controls that were in existence prior to the time of automation

8. A medium-sized firm, experienced in the development and use of accounting information systems (AIS), is planning to develop the firm's first decision support system (DSS). Compared to an AIS, a DSS a. Is essentially the same b. Does not use accounting data c. Is more interactive d. Is used only by top management 9. Expert systems consist of a. Software packages with the ability to make judgment decisions b. A panel of outside consultants c. Hardware designed to make judgment decisions d. Hardware and software used to automate routine tasks CIA Exam Answers -- Information System Environment 1. C 2. A 3. D 4. B 5. D 6. B 7. B 8. C 9. A

CIA Exam Questions -- Hardware Concepts 1. Many organizations are using microcomputers for business purposes. In comparison with large-scale computers, microcomputers a. Are usually more reliable cecause there is less hardware to malfunction b. Use only compiler-based languages, such as COBOL or FORTRAN c. Cannot be connected to large-scale computers d. None of the above 2. Which of the following computer hardware devices allows for an immediate update of merchandise inventory in a retail environment? a. Inventory control terminal b. Cathode ray tube (CRT) terminal c. Video display terminal d. Point-of-sale terminal 3. Some taxpayers complete the tax return forms by hand-writing block style letters and numbers in designated areas on the forms. The characters will most likely be translated

into machine-readable form by a. Keydisk b. MICR c. OCR d. POS 4. Normally, the least expensive and most efficient way to store large amounts of computer data that are accessed only occasionally is a. RAM b. Magnetic disk c. Magnetic tape d. 80-column cards 5. A piece of hardware that takes the computer's digital information and transforms it into signals that can be sent over ordinary telephone lines is called a(n) a. Terminal emulator b. Communications control unit c. Intelligent terminal d. Modem 6. Today many microcomputers have both a floppy disk drive and a hard disk drive. The major difference between the two types of storage is that a hard disk a. Has a much larger storage capacity than a floppy disk and can also access information much more quickly b. Is a direct-access storage medium, whereas a floppy disk is a sequential-access storage medium c. Provides an automatic audit trail, whereas a floppy disk does not d. Is suitable for an online system, whereas a floppy disk is not 7. If a workstation contains a processor, monitor, printer, storage, and communications capabilities, it is said to be a(n) a. Dumb workstation b. Intelligent workstation c. Noninteractive workstation d. Desktop publishing workstation 8. A company experienced a power surge during a recent electrical storm. Lacking adequate surge protection, the company discovered that data in internal memory banks were scrambled beyond recovery. The system component involved in the incident would correctly be described as a. A secondary storage device b. An online workstation c. RAM d. A modem 9. Uninterruptible power supplies are used in computer centers to reduce the likelihood of

a. Failing to control concurrent access to data b. Losing data stored in main memory c. Dropping bits in data transmission d. Crashing disk drive read-write heads 10. Which of the following is a device used in a data communications system to interleave the slow data transmissions of many different terminal devices to fully use the capacity of a medium- or high-speed data communication line? a. Multiplexor b. Modem c. Coaxial cable d. Bus 11. The ability of a computer to call into primary storage only that portion of a program and data needed immediately while storing the remaining portions in an auxiliary storage device is commonly called a. Compiling b. Multiplexor channeling c. Real-time processing d. Virtual storage 12. Which of the following measures would indicate the computational power of a microprocessor? a. Capacity of the hard disk b. Main memory storage capacity c. Number of bits processed per second d. Read only memory CIA Exam Answers -- Hardware Concepts 1. D 2. D 3. C 4. C 5. D 6. A 7. B 8. C 9. B 10. A 11. D 12. C Software Concepts 1. Assemblers, compilers and interpreters are three types of software that perform

essentially the same important task. They are used to a. Assist managers in the decision-making process and are part of most decision support systems b. Prepare reports using data extracted from an organization-wide database c. Convert high-level languages to machine language d. Provide the communication link between computers with different operating systems 2. A computer program produces periodic payrolls and reports. The program is a(n) a. Operating system b. Application program c. Report generator d. Utility program 3. An integrated set of computer programs that facilitate the creation, manipulation and quirying of integrated files is called a(n) a. Compiler b. Operating system c. Assembly language d. Database management system 4. BASIC, FORTRAN and COBOL are all examples of a. Application programs b. Machine languages c. MHigh-level languages d. Operating systems 5. ADABAS, DATACOM/DB, DB2, IDMS and IMS are a. Library systems b. Access control systems c. Programming languages d. Database management systems 6. Fourth-generation computer languages can be distinguished from earlier generations of languages by their a. Efficient use of computer memory b. Nonprocedural coding c. Limited range of application d. Algebra-like mathematical statements Software Concepts 1. C 2. B 3. D 4. C 5. D 6. B

Data Organization 1. Computers understand codes that represent letters of the alphabet, numbers or special characters. These codes require that data be converted into predefined groups of binary digits. Such chains of digits are referred to as a. Registers b. ASCII code c. Input d Bytes 2. In an inventory system on a database management system, one stored record contains part number, part name, part color and part weight. These individual items are called a. Fields b. Stored files c. Bytes d. Occurrences 3. An inventory clerk, using a computer terminal, views the following on screen: part number, part description, quantity-on-hand, quantity-on-order, order quantity and reorder point for a particular inventory item. Collectively, these data make up a a. Field b. File c. Database d. Record 4. An internal auditor, in determining the data elements (logical records) to be used for an audit, must recognize that a. Logical records are defined in terms of the information they contain and portions may be located in more than one physical record b. A logical record and a physical record may be identical c. Database management systems synthesize logical records d. All of the above 5. An internal auditor encounters a batch-processed payroll in which each record contains the same type of data elements, in the same order, with each data element needing the same number of storage spaces. Which file structure would most appropriately be used to support this set of records? a. Single flat file structure b. Hierarchical structure c. Network structure d. Relational structure Data Organization Concepts 1. D 2. A

3. D 4. D 5. A Files and Processing 1. A payroll system's master file is stored on tape. The payroll is processed at night once every 2 weeks. There is relatively little file maintenance required. Which of the following is most likely to be the approprite processing method under the circumstances? a. Parallel b. Online, real-time c. Network d. Batch 2. A company updates the payroll master file at the end of the week. The payroll time cards are transported to the computer center for processing. The sequence of events followed by the computer center in updating its master file should be a. Converting to machine-readable form, batching records of transactions, validating input, updating the master b. Batching records of transactions, converting to machine-readable form, validating input, updating the master c. Validating input, batching records of transactions, converting to machine-readable form, updating the master d. Batching records of transactions, validating input, converting to machine-readable form, updating the master 3. Sequential access means that a. Data are stored on magnetic tape b. The address of the location of data is found through the use of either an algorithm or an index c. Each record can be accessed in the same amount of time d. To read record 500, records 1 through 499 must be read first 4. A new purchasing system for just-in-time production requirements has been proposed. Users want access to current master file information at all times. To satisfy user needs, master file changes should be implemented with a. Periodic entry with subsequent batch processing b. Periodic entry with immediate batch processing c. Online entry with subsequent batch processing d. Online entry with immediate processing 5. Of the following, the greatest advantage of a database architecture is a. Data redundancy can be reduced b. Conversion to a database system is inexpensive and can be accomplished quickly c. Multiple occurrences of data items are useful for consistency checking

d. Backup and recovery procedures are minimized 6. A firm maintains facts and figures on its sales, costs nd personnel in various computer files. Collectively, these files are called the firm's a. MIS b. DSS c. Data schem d. Database 7. To trace data through several application programs, an auditor needs to know what programs use the data, which files contain the data, and which printed reports display the data. If data exist only in a database system, the auditor could probably find all of this information in a a. Data dictionary b. Database schema c. Data encryptor d. Decision table 8. Which of the following would not normally be considered a typical file structure for a database management system? a. Relational structure b. Hierarchical structure c. Network structure d. Batched sequential structure 9. Which of the following database models is considered to be the most versatile? a. Hierarchical model b. Tree model c. Network model d. Relational model 10. A business has decided to use magnetic disks to store accounts receivable information. What data file concepts should be used to provide the ability to answer customer inquiries as they are received? a. Sequential storage and chains b. Sequential storage and indexes c. Record keys, indexes and pointers d. Inverted file structure, indexes, and internal labels File Management 1. D 2. B 3. D 4. D 5. A 6. D

7. A 8. D 9. D 10. C

Controls 1. The significance of hardware controls to auditors is that they a. Ensure correct programming of operating system functions b. Assure the correct execution of machine instructions c. Reduce the incidence of user input errors in online systems d. Ensure that run-to-run totals in application systems are consistent 2. Hardware controls usually are those built into the equipment by the manufacturer. One such control, an echo check, is best described as a. A component that signals the control unit that an operation has been performed b. Two units that provide read-after-write and dual-read capabilities c. Double writing of the CPU and peripheral equipment to prevent malfunctioning d. A device that prevents more than one peripheral unit from communicating with the CPU at the same time 3. You wish to evaluate editing controls in your audit of the computer systems department. Which of the following is not an edit test? a. Batch controls b. Parity check c. Self-checking numbers d. Limit check 4. In a data center, many hardware controls assure the accuracy of data processed. One hardware control used to evaluate stored data by counting the number of on bits in each character and then determining whether the total obtained is odd or even is a a. Programmed check b. Header label check c. Check digit routine d. Parity check 5. Adequate control over access to data processing is required to a. Deter improper use or manipulation of data files and programs b. Ensure that only console operators have access to program documentation c. Minimize the need for backup data files d. Ensure that hardware controls are operating effectively and as designed by the computer manufacturer 6. Which new issues, associated with rapidly advancing computer technology, create new

risk exposures for organizations? a. Changes in organizational reporting requirements and controls over computer abuse b. Controls over library tape procedures c. Complexity of operating systems and controls over privacy of data d. Changes in organizational behavior 7. Data access security related to applications may be enforced through all the following except a. User identification and authentication functions incorporated in the application b. Utility software functions c. User identification and authentication functions in access control software d. Security functions provided by a database management system 8. All administrative and professional staff in a corporate legal department prepare documents on terminals connected to a host LAN file server. The best control over unauthorized access to sensitive documents in the system is a. Required entry of passwords for access to the system b. Physical security for all disks containing document files c. Periodic server backup and storage in a secure area d. Required entry of passwords for access to individual documents 9. Which of the following controls is least effective in preventing unauthorized access to a computer file from a remote, unauthorized terminal or personal computer? a. Call back procedures b. Frequently changed passwords c. Echo checks d. Frequently changed access codes 10. An organization could incur material losses if a competitor gains access to sensitive operating information contained in computer files. The controls most likely to prevent such losses are a. Controlled disposal of documents and encryption of data files b. Encryption of data files and frequent changes of passwords c. Primary and secondary key integrity checks and encryption of data files d. Primary and secondary key integrity checks and frequent changing of passwords 11. The purpose of input controls is to ensure the a. Authorization of access to data files b. Authorization of access to program files c. Completeness, accuracy and validity of updating d. Completeness, accuracy and vality of input 12. Data conversion is the translation of data into a form the computer can accept. What method of data conversion is most difficult to audit? a. Keying data to disk for online processing b. Keying data to disk for batch processing

c. Keying data to source documents for magnetic-ink character recognition d. Reading source data using optical-character recognition 13. Check digits, entry verification and batch totals are examples of controls designed to provide reasonable assurance that a. Data processing has been performed as intended without omission or double counting of transactions b. Only authorized persons have access to files c. Data received for processing have been properly converted d. Coding of data internal to the computer did not change when the data were moved from one internal storage location to another 14. An internal auditor downloads the invoices, payments and payables for goods received for the prior month to an audit workstation. The best approach for verifying the completeness of the data is for the auditor to use audit software on the workstation to a. Match invoices with payments; match payments with invoices b. Match invoices with payables; match payables with invoices c. Match invoices with payments and payables; match payments and payables with invoices d. Match invoices with payments; match payments and payables with invoices 15. A company's labor distribution report requires extensive corrections each month because of labor hours charged to inactive jobs. Which of the following data processing input controls appears to be missing? a. Completeness test b. Validity test c. Limit test d. Control total 16. An online bank teller system permitted withdrawals from inactive accounts. The best control for denying such withdrawals is a a. Proof calculation b. Check-digit verification c. Master file lookup d. Duplicate record check 17. A computer program for processing the weekly payroll contains an instruction that the gross pay field shall not exceed $1,000 for any employee. This instruction constitues a control known as a a. Limit check b. Valid code check c. Parity check d. Record check 18. The last record in an inventory file contains totals of items in the file. Each time the file is updated, the totals are also updated. Periodically, the relevant data fields are

summed and compared with the totals. Unbalanced conditions are reported and corrected. This practice is a(n) a. Input control b. Transmission control c. File management control d. Output distribution control 19. The key verification process associated with keying computer records for input to a computer system is a. Effectively used to detect the erroneous recording of data on source documents b. Inexpensive and therefore widely used c. Used to detect errors introduced by the keying process d. Ordinarily used with a computer program written to check the data 20. The best approach for ensuring that only authorized emplyees receive computer output is a. Place the output in bins early in the day rather than late in the day b. Load the output in a file to print at local workstations c. Hold the output in a secure area until it is picked up by authorized employees d. Make printouts available only at specified times Controls 1. D 2. B 3. D 4. D 5. A 6. D 7. A 8. D 9. D 10. C

Controls 1. The major purpose of the auditor's study and evaluation of the company's computer processing operations is to a. Evaluate the competence of computer processing operating personnel b. Ensure the exercise of due professional care c. Evaluate the reliability and integrity of financial information d. Become familiar with the company's means of identifying, measuring, classifying and reporting information

2. The auditor's primary concern with an auditee programmer's writing a program to age inventory is a. The auditor's programming experience b. Loss of independence c. Saving valuable audit time d. The programmer's access to confidential information 3. When evaluating computerized operating reports, the internal auditor should consider the computer processing department entirely responsible for data a. Completeness b. Accuracy c. Timeliness d. None of the above 4. Which of the following could the internal auditor examine only in online sytems? a. Results of test decks b. Resolution of errors c. Levels of terminal access d. Tests of transactions 5. In a distributed database environment, which of the following is a test of control for access control administration? a. Reconciliation of batch control totals b. Examination of logged activity c. Prohibition of random access d. Analysis of system-generated core dumps 6. Auditing through the computer must be used when a. Input transactions are batched and system logic is straightforward b. Processing primarily consists of sorting the input data and updating the master file sequentially c. Processing is primarily online and updating is real-time d. Generalized audit software is not available 7. Parallel audit simulation (the audit model technique) is an appropriate audit approach for a. Testing for the presence of authorized signatures on documents b. Summarizing the results of accounts receivable confirmation work c. Calculating amounts for declining-balance depreciation charges d. Scanning the general ledger file for unusual transactions 8. When auditing computer security, the internal auditor usually does not a. Perform tests of the effectiveness of controls b. Review contingency procedures and documentation standards c. Perform substantive test

d. Review personnel practices and policies 9. To determine whether any unauthorized program changes have been made since the last authorized program update, the best computer audit technique is for the auditor to conduct a(n) a. Code comparison b. Code review c. Test data run d. Analytical review 10. A primary reason auditors are reluctant to use an ITF (minicompany technique) is that it requires them to a. Reserve specific master file records and process them at regular intervals b. Collect transaction and master file records in a separate file c. Notify user personnel so they can make manual adjustments to output d. Identify and reverse the fictitious entries to avoid contamination of control totals 11. In auditing an online perpetual inventory system, an auditor selected certain fileupdating transactions for detailed testing. The audit technique that will provide a computer trail of all relevant processing steps applied to a specific transaction is described as a. Simulation b. Snapshot c. Code comparison d. Tagging and tracing 12. Different audit procedures may be required because a microcomputer may not be subject to the same degree of controls as larger computers. The best audit approach in a microcomputer environment is to increase a. Tests of controls b. Substantive testing c. Attribute sampling d. Documentation review 13. The audit effort most likely to yield relvant evidence in determining the adequacy of an organization's disaster recovery plan should focus on a. The completeness of the plan as to facilities, operations, communications, security and data processing b. The sufficiency of the list of replacement equipment needed in event of a disaster c. The question of whether the plan is in the planning or developmental stage d. The role of the internal auditing department in developing and testing the plan 14. What information would the auditor expect to find in the data dictionary that would assist in a payroll application audit? a. Programs that access the data b. Type of operating system

c. Online user identification d. System network architecture and flowcharts 15. An audit of the electronic data interchange area of a banking group revealed the facts listed below. Which one indicates the need for improved internal control? a. Employees may only access the computer system via an ID and an encrypted password b. The system employs message sequencing as a way to monitor data transmissions c. Certain types of transactions may only be made at specific terminals d. Branch office employees may access the mainframe with a single call via modem Testing of Controls 1. C 2. B 3. D 4. C 5. B 6. C 7. C 8. C 9. A 10. D 11. D 12. B 13. A 14. A 15. D Computer Assisted Auditing 1. Modern computer technology makes it possible to perform paperless audits. For example, in an audit of computer-processed customer accounts receivable balances, an auditor might use a microcomputer to access the accounts receivable files directly and copy selected customer records into the microcomputer for audit analysis. Which of the following is an advantage of this type of paperless audit of accounts receivable balances? a. It reduces the amount of substantive testing required b. It allows immediate processing of audit data on a spreadsheet working paper c. It increases the amount of technical skill required of the auditor d. It allows direct confirmation of customer account balances 2. Which of the following statements is not true concerning the tasks that generalized audit software is able to perform? a. Provide totals of unusual items b. Check for duplications, missing information or ranges of values c. Specify which data elements will be tested and the criteria to be used d. Verify calculation totals and analyses produced

3. Which of the following represents a limitation on the uae of generalized audit software? a. It requires lengthy detailed instructions in order to accomplish specific tasks b. It has limited application without significant modification c. It requires significant programming knowledge to be used effectively d. It can only be used on hardware with compatible operating systems 4. When an auditor performs test on a computerized inventory file containing over 2o,000 line items, that auditor can maintain independence and perform most efficiently by a. Asking the console operator to print every item that cost more than $100 b. Using a generalized audit software package c. Obtaining a printout of the entire file and then selecting each nth item d. Using the systems department's programmer to write an extraction program 5. Which of the following is not an advantage of using a generalized computer audit program? Such use a. Requires the auditor to have only a minimal knowledge of computer technology while providing the auditor with a high level of programming independence b. Assures compatibility with database management systems c. Eliminates the requirement to develop custom audit software for each type of audit d. Permits greater reliance to be placed on the audit results than could be obtained from manual techniques 6. Which of the following concepts distinguishes the retention of computerized audit working papers from the traditional hard copy form? a. Analyses, conclusions and recommendations are file on electronic media and are therefore subject to computer system controls and security procedures b. Evidential support for all findings is copied and provided to local management during the closing conference and to each person receiving the final report c. Computerized data files can be used in computer audit procedures d. Audit programs can be standardized to eliminate the need for a preliminary survey at each location 7. An internal auditor can use a checkpoint in a computer audit program to avoid complete restarts with a. Random access and sequential files b. Disk operating systems c. Tape operating systems d. All of the above Computer Aided Auditing 1. B 2. C 3. D

4. 5. 6. 7.

B B A D

Sampling Methods 1. The internal auditor suspects that the invoices from a small number of vendors contain serious errors and therefore limits the sample to those vendors only. A major disadvantage of selecting such a directed sample of items to examine is the a. Difficulty in obtaining sample items b. Inability to quantify the sampling error related to the total population of vendor invoices c. Absence of a normal distribution d. Tendency to sample a greater number of units 2. When sampling is used, sufficiency of audit evidence is achieved when a. Each item in the population has a chance of being selected b. The standard deviation in the sample is less than or equal to the corresponding statistic for the population c. The evidence gathered is directly related to the assertion the auditor is attempting to verify d. There is reasonable assurance that the items selected are representative of the sampled population 3. In order to quantify the risk that sample evidence leads to erroneous conclusions about the sampled population, a. Each item in the sampled population must have an equal chance of being selected b. Each item in the sampled population must have a chance of being selected that is proportional to its book value c. Each item in the sampled population must have an equal or known probability of being selected d. The precise number of items in the population must be known 4. Each time an internal auditor draws a conclusion based on evidence from a sample, an additional risk, sampling risk, is introduced. An example of sampling risk is a. Projecting the results of sampling beyond the population tested b. Using an improper audit procedure with a sample c. Incorrectly applying an audit procedure to sample data d. Drawing an erroneous conclusion from sample data 5. Several risks are inherent in the evaluation of audit evidence that has been obtained through the use of statistical sampling. an example of a beta or Type II error related to

sampling risk is the failure to a. Properly define the population to be sampled b. Draw a random sample from the population c. Reject the statistical hypothesis that a book value is not materially misstated when the true book value is materially misstated d. Accept the statistical hypothesis that a book value is not materially misstated when the true book value is not materially misstated 6. A confidence level of 90% means that a. The expected error rate is equal to 10% b. The point estimate obtained is within 10% of the true population value c. There are 90 chances out of 100 that the sample results will not vary from the true characteristics of the population by more than a specified amount d. A larger sample size is required than if the desired confidence level were equal to 95% 7. In statistical sampling, setting the appropriate confidence level and desired sample precision are decisions made by the auditor that will affect sample size for a substantive test. Which of the following should not be a factor in the choice of desired precision? a. The sampling risk b. The size of an account balance misstatement considered material c. The audit resources available for execution of the sampling plan d. The objectives of the audit test being conducted 8. An auditor's statistical sample drawn from a population of invoices indicates a mean value of $150 and sampling precision of +/- $30 at a 95% confidence level. Which of the following statements correctly interprets these sample data? a. In repeated sampling, the point estimate of the true population mean will be $150 about 95% of the time b. The probability is 95% that the true population mean is $150 c. In repeated sampling, intervals with precision +/- $30 around the sample mean will always contain the true population mean d. The probability is 95% that the range $120 to $180 contains the true population mean 9. An auditor draws a random sample of 225 items from a population of 10,000 and calculates the sample standard deviation at $386. Sampling precision is calculated as +/- $50.40 with a confidence level of 95%. If a sample of 900 items had been drawn and if the same sample standard deviation of $386 had been calculated, the sample precision would have been approximately a. $200 b. $100 c. $25 d. $13

10. The accounting department reports the accounts payable balance as $175,000. You are willing to accept that balance if it is within $15,000 of the actual balance. Using a variables sampling plan, you compute a 95% confidence interval of $173,000 to $190,000. You would therefore a. Find it impossible to determine the acceptability of the balance b. Accept the balance but with a lower level of confidence c. Take a larger sample before totally rejecting the balance and requiring adjustments d. Accept the $175,000 balance because the confidence interval is within the materiality limits 11. The measure of variability of a statistical sample that serves as an estimate of the population variability is the a. Basic precision b. Range c. Standard deviation d. Confidence interval 12. The variability of a population, as measured by the standard deviation, is the a. Extent to which the individual values of the items in the population are spread about the mean b. Degree of asymmetry of a distribution c. Tendency of the means of large samples (at least 30 items) to be normally distributed d. Measure of the closeness of a sample estimate to a corresponding population characteristic 13. The auditor can change the standard error of the mean for a statistical sample by a. Stratifying the population b. Increasing the size of the sample c. Decreasing the size of the sample d. All of the above 14. An auditor draws a random sample of invoices and computes the mean invoice amount. The auditor then computes the standard error of the mean. This information can be used to a. Measure the variability of a specific item within the sample b. Determine the standard deviation of the sample c. Measure the variability that exists among all possible invoice samples of the same size d. Perform difference estimation and avoid a large sample 15. In conducting a substantive test of an account balance, an auditor hypothesizes that no material misstatement exists. The risk that sample results will support the hypothesis when a material misstatement actually does exist is the risk of a. Incorrect rejection b. Alpha error c. Incorrect acceptance d. Type I error

16. In appraising the results of a statistical sample, the finite population correction factor a. Can be greater than one b. Has less effect as the sample becomes a larger proportion of the population c. Is needed when sampling is performed with replacement d. Is applied to reduce the size of the sample 17. An internal auditor of a manufacturing company analyzes cost variances incurred in the manufacturing process to determine their statistical significance. Which of the following techniques is most likely to be used for this purpose? a. Markov chains b. Monte Carlo method c. Application of probability theory d. Sensitivity analysis 18. In the audit of a health insureance claims processing department, a sample is taken to test for the presence of fictitious payees, though none are suspected. The most appropriate sampling plan is a. Attiribute sampling b. Discovery sampling c. Variables sampling d. Stop or go sampling 19. An auditor for the state highway and safety department needs to estimate the average highway weight of tractor trailer trucks using the state's highway system. Which estimation method must be used? a. Mean per unit b. Difference c. Ratio d. Probability proportional to size 20. When would difference estimation of ratio estimation methods be inappropriate? a. If differences between the book values and audit values of a population are rare b. If the average difference between the audit value and book value of a population is small c. If differences between the book value and audit value of a population are numerous d. If the average difference between the audit value and book value of a population is large 21. An internal auditor is preparing to sample accounts receivable for overstatement. A statistical sampling method that automatically provides stratification when using systematic selection is a. Attribute sampling b. Ratio-estimation sampling c. Dollar-unit sampling

d. Mean-per-unit sampling 22. Which of the following best describes an inherent limitation of the probability proportional to size sampling method? a. It can only be used for substantive testing of asset accounts b. It is complicated and always requires the use of a computer system to perform the calculations c. Misstatement rates must be large and the misstatements must be overstatements d. Misstatement rates must be small and the misstatements must be overstatements 23. An internal auditor plans to test the accuracy of recorded quantities on hand in an inventory file against the actual quantities on hand. Under which of the following conditions would the auditor be least likely to use a stop or go sampling plan? a. The population to be sampled is very large b. The auditor expects the population to contain a high rate of deviations c. The auditor plans to draw a relatively small sample size d. The auditor plans to determine an upper precision limit for the estimated percentage of deviations contained in the population 24. A statistical sampling technique that will minimize sample size whenever a low rate of noncompliance is expected is a. Ratio estimation sampling b. Difference estimation sampling c. Stratified mean per unit sampling d. Stop or go sampling 25. An auditor planning an attribute sample from a large number of invoice items intends to estimate the actual rate of deviations. Which factor below is the most important for the auditor to consider? a. Audit objective b. Population size c. Desired confidence level d. Population variance 26. When planning an attribute sampling application, the difference between the expected deviation rate and the maximum tolerable rate is the planned a. Precision b. Reliability c. Dispersion d. Skewness 27. A test of 200 invoices randomly selected by the auditor revealed that 35 had not been approved for payment. At the 95% confidence level, what precision can be assigned? a. 6.9% b. 5.3%

c. 9.1% d. 3.5% 28. Very small random samples (fewer than 30) should normally be avoided when using a variables sampling plan because a. The estimated standard deviation of the population will increase disproportionately b. The skew of the distribution of sample means cannot be determined c. The estimated population mean value will increase disproportionately d. The size of the sampling risk will increase disproportionately 29. In applying variables sampling, an auditor attempts to a. Estimate a qualitative charactristic of interest b. Determine various rates of occurrence for specified attributes c. Discover at least one instance of a critical deviation d. Predict a monetary population value within a range of precision 30. An internal auditor is using variables estimation as the statistical sampling technique to estimate the monetary value of a large inventory of parts. Given a sample standard deviation of $400, a sample size of 400, and a 95% two-tail confidence interval, what precision can the auditor assign to the estimate of the mean dollar value of a part? a. +/- $39 b. +/- $2 c +/- $52 d. +/- $20 31. In an application of mean per unit sampling, the following information has been obtained: reported book value: $600,000 point estimate (estimated total value): $591,000 allowance for sampling risk (precision): +/- 22,000 tolerable misstatement: +/- 45,000 The appropriate conclusion would be that the reported book value is a. Acceptable only if the risk of incorrect rejection is at least twice the risk of incorrect acceptance b. Acceptable c. Not acceptable d. Acceptable only if the risk of incorrect acceptance is at least twice the risk of incorrect rejection. 32. A statistical sample from an inventory containing a total of 10,000 items produced a sample mean equal to $25 and a standard error of the mean equal to $1. What is the interval estimate of the total value of the inventory at the 95.5% confidence level (C=2.0)? a. $230,000 to $270,000

b. $240,000 to $260,000 c. $240,450 to $259, 550 d. $250,000 to $270,000 33. An auditor's finding was stated as follows: "Twenty of one hundred randomly selected items tested revealed that $200 of cash discounts on purchases were lost." This variables sampling finding is deficient because the a. Recommendation specifies no action b. Sampling methodology is not defined c. Amount is not material d. Probable effect on the entire population is not provided 34. Sample selection using dollar unit sampling for inventory valuation will most likely result in selectgion of a sample with characteristics roughly equivalent to one provided by a. Mean per unit or direct extenstion unstratified sampling plans b. Variables sampling plans with substantial stratification by dollar amount c. Selection of inventory records using a random starting point for the record selection d. Difference or ratio estimation plans applied on an unstratified basis 35. When an internal auditor uses dollar unit statistical sampling to examine the total value of invoices, each invoice a. Has an equal probability of being selected b. Can be represented by no more than one dollar unit c. Has an unknown probability of being selected d. Has a probability proportional to its dollar value of being selected 36. Which of the following would be an improper technique when using dollar unit statistical sampling in an audit of accounts receivable? a. Combining negative and positive dollar error item amounts in the appraisal of a sample b. Using a sampling technique in which the same account balance could be selected more than once c. Selecting a random starting point and then sampling every nth dollar unit (systematic sampling) d. Defining the sampling unit in the population as an individual dollar value and not as an individual account balance 37. The use of probability proportional to size sampling is inefficient if a. Bank accounts are being audited b. Statistical inferences are to be made c. Each account is of equal importance d. The number of sampling units is large Sampling 1. B

2. D 3. C 4. D 5. C 6. C 7. C 8. D 9. C 10. D 11. C 12. A 13. D 14. C 15. C 16. D 17. C 18. B 19. A 20. A 21. C 22. D 23. B 24. D 25. A 26. A 27. B 28. D 29. D 30. A 31. B 32. A 33. D 34. B 35. D 36. A 37. C

Sample Selection 1. A simple random sample requires that a. The population be unbiased b. Every item in the population have an equal chance of being selected c. The distribution or original data be approximately normal

d. The expected deviation rate be low (less than 5%) 2. An auditor wishes to sample 200 sales receipts from a population of 5,000 receipts issued during the last year. The receipts have preprinted serial numbers and are arranged in chronological (and the serial number) order. The auditor randomly chooses a receipt from the first 25 receipts and then selects every 25th receipt thereafter. Ths ampling procedure described here is called a. Systematic random sampling b. Dollar unit sampling c. Judgment interval sampling d. Variables sampling 3. Internal auditing is conducting an operational audit of the organization's mailroom activities to determine whether the use of express mail service is limited to cases of necessity. To test cost-effectiveness, the auditor selects the 100 most recent express mial transactions for review. A major limitation of such a sampling technique is that it a. Does not allow a statistical generalization about all express mail transactions b. Results in a sample size that is too small to project to the population c. Does not evaluate existing controls in this area d. Does not describe the population from which it was drawn 4. To use stratified sampling to evaluate a large, heterogeneous inventory, which of the following would least likely be used as a criterion to classify inventory items into strata? a. Dollar value b. Number of items c. Turnover volume d. Storage locations 5. Which of the following is not a criterion for a good stratified random sampling plan? a. Every item must belong to one and only one stratum b. The original population of items must be normally distributed c. An identifiable means of subdividing a heterogeneous population into groups with more homogeneous characteristics must be available d. The number of items in each group must be known or determinable 6. In a regional survey of suburban households to obtain data on television viewing habits, a statistical sample of suburban areas is first selected. Within the chosen areas, statistical samples of whole blocks are selected, and within the selected blocks, random samples of households are selected. This type of sample selection can best be described as a. Attribute sampling b. Stratified sampling c. Cluster sampling

d. Interval sampling 7. You seek to determine the misstatements made in recording sales invoices. Which of the following factors will usually be most significant in determining the number of sales invoices to select for testing? a. The total number of invoices for the period b. The estimated loss being incurred by the division c. The dollars of sales considered to be material d. The precision desired 8. In an audit of a governmental agency, you are searching for expenditures that are improperly classified. Assuming a statistical sampling plan is adopted, which of the factors listed below most directly affects the number of items that you seek to review? a. Magnitude of the dollar budget for the agency b. Number of items you found misclassified in last year's audit c. Quality of the internal control structure d. Estimated deviation rate Sample Selection and Sample Size 1. B 2. A 3. A 4. B 5. B 6. C 7. D 8. D