100%(2)100% ont trouvé ce document utile (2 votes)
1K vues19 pages
This document contains multiple choice questions about auditing computer-based information systems. It covers topics like the typical responsibilities of internal auditors, types of audits, audit stages such as planning, evidence collection, evaluation and communication of results. Some key points covered are:
- Internal auditors are typically not involved in preparing financial statements.
- Information systems audits review controls of IT systems to assess compliance and effectiveness.
- Operational/management audits examine the economical use of resources to achieve goals and objectives.
- Audit planning involves considering risk factors and materiality.
This document contains multiple choice questions about auditing computer-based information systems. It covers topics like the typical responsibilities of internal auditors, types of audits, audit stages such as planning, evidence collection, evaluation and communication of results. Some key points covered are:
- Internal auditors are typically not involved in preparing financial statements.
- Information systems audits review controls of IT systems to assess compliance and effectiveness.
- Operational/management audits examine the economical use of resources to achieve goals and objectives.
- Audit planning involves considering risk factors and materiality.
This document contains multiple choice questions about auditing computer-based information systems. It covers topics like the typical responsibilities of internal auditors, types of audits, audit stages such as planning, evidence collection, evaluation and communication of results. Some key points covered are:
- Internal auditors are typically not involved in preparing financial statements.
- Information systems audits review controls of IT systems to assess compliance and effectiveness.
- Operational/management audits examine the economical use of resources to achieve goals and objectives.
- Audit planning involves considering risk factors and materiality.
Accounting Information Systems, 12e (Romney/Steinbart)
Chapter 11 Auditing Computer-Based Information Systems
1) Auditing involves the A) collection, review, and documentation of audit evidence. B) planning and verification of economic events. C) collection of audit evidence and approval of economic events. D) testing, documentation, and certification of audit evidence. Answer: A Page Ref: ! "#$ective: %earning "#$ective 1 Difficult& : 'as& AAC(B: Anal&tic )) *hat is not a t&pical responsi#ilit& of an internal auditor+ A) helping management to improve organi,ational effectiveness B) assisting in the design and implementation of an A-( C) preparation of the compan&.s financial statements D) implementing and monitoring of internal controls Answer: C Page Ref: ! "#$ective: %earning "#$ective 1 Difficult& : /oderate AAC(B: Anal&tic ) *hich t&pe of wor0 listed #elow is not t&pical of internal auditors+ A) operational and management audits B) information s&stem audits C) financial statement audit D) financial audit of accounting records Answer: C Page Ref: ! "#$ective: %earning "#$ective 1 Difficult& : 'as& AAC(B: Anal&tic 1) 2he 33333333 audit e4amines the relia#ilit& and integrit& of accounting records. A) financial B) informational C) information s&stems D) operational Answer: A Page Ref: ! "#$ective: %earning "#$ective 1 Difficult& : 'as& AAC(B: Anal&tic 1 Cop&right 5 )!1) Pearson 'ducation, -nc. pu#lishing as Prentice 6all 7) 2he 33333333 audit reviews the general and application controls of an A-( to assess its compliance with internal control policies and procedures and its effectiveness in safeguarding assets. A) financial B) information s&stems C) management D) internal control Answer: B Page Ref: !1 "#$ective: %earning "#$ective 1 Difficult& : 'as& AAC(B: Anal&tic 8) "ne t&pe of audit that is concerned with the economical and efficient use of resources and the accomplishment of esta#lished goals and o#$ectives is 0nown as a9n) 33333333 audit. A) financial B) information s&stems C) internal control D) operational or management Answer: D Page Ref: !1 "#$ective: %earning "#$ective 1 Difficult& : /oderate AAC(B: Anal&tic :) 2he 33333333 audit is concerned with the economical and efficient use of resources and the accomplishment of esta#lished goals and o#$ectives. A) financial B) informational C) information s&stems D) operational Answer: D Page Ref: !1 "#$ective: %earning "#$ective 1 Difficult& : 'as& AAC(B: Anal&tic ;) 2he purpose of 33333333 is to determine wh&, how, when, and who will perform the audit. A) audit planning B) the collection of audit evidence C) the communication of audit results D) the evaluation of audit evidence Answer: A Page Ref: !1 "#$ective: %earning "#$ective 1 Difficult& : 'as& AAC(B: Anal&tic ) Cop&right 5 )!1) Pearson 'ducation, -nc. pu#lishing as Prentice 6all <) "rgani,ing the audit team and the ph&sical e4amination of assets are components of which two separate audit stages+ A) planning= evaluating audit evidence B) planning= collecting audit evidence C) collecting audit evidence= communicating audit results D) communicating audit results= evaluating audit evidence Answer: B Page Ref: !1>!7 "#$ective: %earning "#$ective 1 Difficult& : /oderate AAC(B: Anal&tic 1!) *ith which stage in the auditing process are the consideration of ris0 factors and materialit& most associated+ A) audit planning B) collection of audit evidence C) communication of audit results D) evaluation of audit evidence Answer: A Page Ref: !1 "#$ective: %earning "#$ective 1 Difficult& : 'as& AAC(B: Anal&tic 11) A s&stem that emplo&s various t&pes of advanced technolog& has more 33333333 ris0 than traditional #atch processing. A) control B) detection C) inherent D) investing Answer: C Page Ref: !1 "#$ective: %earning "#$ective 1 Difficult& : 'as& AAC(B: Anal&tic 1)) Control ris0 is defined as the A) suscepti#ilit& to material ris0 in the a#sence of controls. B) ris0 that a material misstatement will get through the internal control structure and into the financial statements. C) ris0 that auditors and their audit procedures will not detect a material error or misstatement. D) ris0 auditors will not #e given the appropriate documents and records #& management who wants to control audit activities and procedures. Answer: B Page Ref: !1 "#$ective: %earning "#$ective 1 Difficult& : 'as& AAC(B: Anal&tic
Cop&right 5 )!1) Pearson 'ducation, -nc. pu#lishing as Prentice 6all
1) 2he possi#ilit& that a material error will occur even though auditors are following audit procedures and using good $udgment is referred to as A) control ris0. B) detection ris0. C) inherent ris0. D) investigating ris0. Answer: B Page Ref: !7 "#$ective: %earning "#$ective 1 Difficult& : 'as& AAC(B: Anal&tic 11) 2he 33333333 stage of the auditing process involves 9among other things) the auditors o#serving the operating activities and having discussions with emplo&ees. A) audit planning B) collection of audit evidence C) communication of audit results D) evaluation of audit evidence Answer: B Page Ref: !7 "#$ective: %earning "#$ective 1 Difficult& : 'as& AAC(B: Anal&tic 17) ?erif&ing the accurac& of certain information, often through communication with third parties, is 0nown as A) reperformance. B) confirmation. C) su#stantiation. D) documentation. Answer: B Page Ref: !7 "#$ective: %earning "#$ective 1 Difficult& : /oderate AAC(B: Anal&tic 18) 2he evidence collection method that e4amines all supporting documents to determine the validit& of a transaction is called A) review of documentation. B) vouching. C) ph&sical e4amination. D) anal&tical review. Answer: B Page Ref: !8 "#$ective: %earning "#$ective 1 Difficult& : /oderate AAC(B: Anal&tic 1 Cop&right 5 )!1) Pearson 'ducation, -nc. pu#lishing as Prentice 6all 1:) 2he evidence collection method that considers the relationships and trends among information to detect items that should #e investigated further is called A) review of the documentation. B) vouching. C) ph&sical e4amination. D) anal&tical review. Answer: D Page Ref: !8 "#$ective: %earning "#$ective 1 Difficult& : /oderate AAC(B: Anal&tic 1;) Assessing the @ualit& of internal controls, the relia#ilit& of information, and operating performance are all part of which stage of the auditing process+ A) audit planning B) collection of audit evidence C) evaluation of audit evidence D) communication of audit results Answer: C Page Ref: !8 "#$ective: %earning "#$ective 1 Difficult& : 'as& AAC(B: Anal&tic 1<) An auditor must #e willing to accept some degree of ris0 that the audit conclusion is incorrect. Accordingl&, the auditor.s o#$ective is to see0 33333333 that no material error e4ists in the information audited. A) a#solute relia#ilit& B) reasona#le evidence C) reasona#le assurance D) reasona#le o#$ectivit& Answer: C Page Ref: !8 "#$ective: %earning "#$ective 1 Difficult& : /oderate AAC(B: Anal&tic )!) 2he ris0>#ased audit approach is A) a four>step approach to internal control evaluation. B) a four>step approach to financial statement review and recommendations. C) a three>step approach to internal control evaluation. D) a three>step approach to financial statement review and recommendations. Answer: A Page Ref: !8 "#$ective: %earning "#$ective 1 Difficult& : 'as& AAC(B: Anal&tic 7 Cop&right 5 )!1) Pearson 'ducation, -nc. pu#lishing as Prentice 6all )1) *hich of the following is the first step in the ris0>#ased audit approach+ A) -dentif& the control procedures that should #e in place. B) 'valuate the control procedures. C) Determine the threats facing the A-(. D) 'valuate wea0nesses to determine their effect on the audit procedures. Answer: C Page Ref: !8 "#$ective: %earning "#$ective 1 Difficult& : 'as& AAC(B: Anal&tic ))) Determining whether the necessar& control procedures are in place is accomplished #& conducting A) a s&stems overhaul. B) a s&stems review. C) tests of controls. D) #oth B and C Answer: B Page Ref: !8 "#$ective: %earning "#$ective 1 Difficult& : Difficult AAC(B: Anal&tic )) According to the ris0>#ased auditing approach, when a control deficienc& is identified, the auditor should in@uire a#out A) tests of controls. B) the feasi#ilit& of a s&stems review. C) materialit& and inherent ris0 factors. D) compensating controls. Answer: D Page Ref: !8 "#$ective: %earning "#$ective 1 Difficult& : /oderate AAC(B: Anal&tic )1) 2he 33333333 to auditing provides auditors with a clear understanding of possi#le errors and irregularities and the related ris0s and e4posures. A) ris0>#ased approach B) ris0>ad$usted approach C) financial audit approach D) information s&stems approach Answer: A Page Ref: !8 "#$ective: %earning "#$ective 1 Difficult& : 'as& AAC(B: Anal&tic 8 Cop&right 5 )!1) Pearson 'ducation, -nc. pu#lishing as Prentice 6all )7) *hat is the purpose of an information s&stems audit+ A) 2o determine the inherent ris0 factors found in the s&stem B) 2o review and evaluate the internal controls that protect the s&stem C) 2o e4amine the relia#ilit& and integrit& of accounting records D) 2o e4amine whether resources have #een used in an economical and efficient manner in 0eeping with organi,ation goals and o#$ectives Answer: B Page Ref: !: "#$ective: %earning "#$ective ) Difficult& : /oderate AAC(B: Anal&tic )8) 2he information s&stems audit o#$ective that pertains to source data #eing processed into some form of output is 0nown as A) overall securit&. B) program development. C) program modifications. D) processing. Answer: D Page Ref: !: "#$ective: %earning "#$ective ) Difficult& : 'as& AAC(B: Anal&tic ):) 2o maintain the o#$ectivit& necessar& for performing an independent evaluation function, auditors should not #e involved in A) ma0ing recommendations to management for improvement of e4isting internal controls. B) e4amining s&stem access logs. C) e4amining logical access policies and procedures. D) developing the information s&stem. Answer: D Page Ref: !< "#$ective: %earning "#$ective Difficult& : /oderate AAC(B: Anal&tic );) 2he auditor.s role in s&stems development should #e as A) an advisor and developer of internal control specifications. B) a developer of internal controls. C) an independent reviewer onl&. D) A and B a#ove Answer: C Page Ref: !< "#$ective: %earning "#$ective Difficult& : /oderate AAC(B: Anal&tic : Cop&right 5 )!1) Pearson 'ducation, -nc. pu#lishing as Prentice 6all )<) Regarding program modifications, which statement #elow is incorrect+ A) "nl& material program changes should #e thoroughl& tested and documented. B) *hen a program change is su#mitted for approval, a list of all re@uired updates should #e compiled and then approved #& management and program users. C) During the change process, the developmental version of the program must #e 0ept separate from the production version. D) After the modified program has received final approval, the change is implemented #& replacing the developmental version with the production version. Answer: A Page Ref: 11 "#$ective: %earning "#$ective Difficult& : 'as& AAC(B: Anal&tic !) 6ow could auditors determine if unauthori,ed program changes have #een made+ A) B& interviewing and ma0ing in@uiries of the programming staff B) B& e4amining the s&stems design and programming documentation C) B& using a source code comparison program D) B& interviewing and ma0ing in@uiries of recentl& terminated programming staff Answer: C Page Ref: 11 "#$ective: %earning "#$ective Difficult& : /oderate AAC(B: Anal&tic 1) *hich auditing techni@ue will not assist in determining if unauthori,ed programming changes have #een made+ A) Ase of a source code comparison program B) Ase of the reprocessing techni@ue to compare program output C) -nterviewing and ma0ing in@uiries of the programming staff D) Ase of parallel simulation to compare program output Answer: C Page Ref: 11 "#$ective: %earning "#$ective Difficult& : 'as& AAC(B: Anal&tic )) (trong 33333333 controls can partiall& compensate for inade@uate 33333333 controls. A) development= processing B) processing= development C) operational= internal D) internal= operational Answer: B Page Ref: 1! "#$ective: %earning "#$ective Difficult& : /oderate AAC(B: Anal&tic ; Cop&right 5 )!1) Pearson 'ducation, -nc. pu#lishing as Prentice 6all ) 2he 33333333 procedure for auditing computer process controls uses a h&pothetical series of valid and invalid transactions. A) concurrent audit techni@ues B) test data processing C) integrated test facilit& D) dual process Answer: B Page Ref: 1) "#$ective: %earning "#$ective Difficult& : /oderate AAC(B: Anal&tic 1) 2he auditor uses 33333333 to continuousl& monitor the s&stem and collect audit evidence while live data are processed. A) test data processing B) parallel simulation C) concurrent audit techni@ues D) anal&sis of program logic Answer: C Page Ref: 1 "#$ective: %earning "#$ective Difficult& : /oderate AAC(B: Anal&tic 7) Auditors have several techni@ues availa#le to them to test computer>processing controls. An audit techni@ue that immediatel& alerts auditors of suspicious transactions is 0nown as A) a (CARB. B) an audit hoo0. C) an audit sin0er. D) the snapshot techni@ue. Answer: B Page Ref: 1 "#$ective: %earning "#$ective Difficult& : /oderate AAC(B: Anal&tic 8) A t&pe of software that auditors can use to anal&,e program logic and detect une4ecuted program code is A) a mapping program. B) an audit log. C) a scanning routine. D) program tracing. Answer: A Page Ref: 11 "#$ective: %earning "#$ective Difficult& : /oderate AAC(B: Anal&tic < Cop&right 5 )!1) Pearson 'ducation, -nc. pu#lishing as Prentice 6all :) "ne tool used to document the review of source data controls is A) a flowchart generator program. B) a mapping program. C) an input control matri4. D) a program algorithm matri4. Answer: C Page Ref: 11 "#$ective: %earning "#$ective Difficult& : /oderate AAC(B: Anal&tic ;) An audit software program that generates programs that perform certain audit functions, #ased on auditor specifications, is referred to as a9n) A) input controls matri4. B) CAA2(. C) em#edded audit module. D) mapping program. Answer: B Page Ref: 1: "#$ective: %earning "#$ective 1 Difficult& : /oderate AAC(B: Anal&tic <) 2he use of a secure file li#rar& and restrictions on ph&sical access to data files are control procedures used together to prevent A) an emplo&ee or outsider o#taining data a#out an important client. B) a data entr& cler0 from introducing data entr& errors into the s&stem. C) a computer operator from losing or corrupting files or data during transaction processing. D) programmers ma0ing unauthori,ed modifications to programs. Answer: A Page Ref: 18 "#$ective: %earning "#$ective Difficult& : Difficult AAC(B: Anal&tic 1!) An auditor might use which of the following to convert data from several sources into a single common format+ A) computer assisted audit techni@ues software B) *indows /edia Converter C) concurrent audit techni@ue D) Ado#e Professional Answer: A Page Ref: 1: "#$ective: %earning "#$ective 1 Difficult& : 'as& AAC(B: Anal&tic 1! Cop&right 5 )!1) Pearson 'ducation, -nc. pu#lishing as Prentice 6all 11) *hat is the primar& purpose of computer audit software+ A) eliminate auditor $udgment errors B) assist the auditor in retrieving and reviewing information C) detect unauthori,ed modifications to s&stem program code D) rechec0 all mathematical calculations, cross>foot, reprocess financial statements and compare to originals Answer: B Page Ref: 1: "#$ective: %earning "#$ective 1 Difficult& : 'as& AAC(B: Anal&tic 1)) 2he scope of a9n) 33333333 audit encompasses all aspects of s&stems management. A) operational B) information s&stems C) financial D) internal control Answer: A Page Ref: 1; "#$ective: %earning "#$ective 7 Difficult& : /oderate AAC(B: Anal&tic 1) 'valuating effectiveness, efficienc&, and goal achievement are o#$ectives of 33333333 audits. A) financial B) operational C) information s&stems D) all of the a#ove Answer: B Page Ref: 1; "#$ective: %earning "#$ective 7 Difficult& : 'as& AAC(B: Anal&tic 11) -n the 33333333 stage of an operational audit, the auditor measures the actual s&stem against an ideal standard. A) evidence collection B) evidence evaluation C) testing D) internal control Answer: B Page Ref: 1; "#$ective: %earning "#$ective 7 Difficult& : 'as& AAC(B: Anal&tic 11 Cop&right 5 )!1) Pearson 'ducation, -nc. pu#lishing as Prentice 6all 17) An increase in the effectiveness of internal controls would have the greatest effect on A) reducing control ris0. B) reducing detection ris0. C) reducing inherent ris0. D) reducing audit ris0. Answer: A Page Ref: !1 "#$ective: %earning "#$ective 1 Difficult& : Difficult AAC(B: Anal&tic 18) An e4pansion of a firm.s operations to include production in Russia and China will have the effect of A) increasing inherent ris0. B) reducing inherent ris0. C) increasing control ris0. D) reducing control ris0. Answer: A Page Ref: !1 "#$ective: %earning "#$ective 1 Difficult& : 'as& AAC(B: Anal&tic 1:) An increase in the effectiveness of auditing software will have the effect of A) increasing detection ris0. B) reducing detection ris0. C) increasing control ris0. D) reducing control ris0. Answer: B Page Ref: !7 "#$ective: %earning "#$ective 1 Difficult& : /oderate AAC(B: Anal&tic 1;) An auditor e4amines all documents related to the ac@uisition, repair histor&, and disposal of a firm.s deliver& van. 2his is an e4ample of collecting audit evidence #& A) confirmation. B) reperformance. C) vouching. D) anal&tical review. Answer: C Page Ref: !8 "#$ective: %earning "#$ective 1 Difficult& : /oderate AAC(B: Anal&tic 1) Cop&right 5 )!1) Pearson 'ducation, -nc. pu#lishing as Prentice 6all 1<) An auditor manuall& calculates accumulated depreciation on a deliver& van and compares her calculation with accounting records. 2his is an e4ample collecting audit evidence #& A) confirmation. B) reperformance. C) vouching. D) anal&tical review. Answer: B Page Ref: !7 "#$ective: %earning "#$ective 1 Difficult& : 'as& AAC(B: Anal&tic 7!) An auditor finds that emplo&ee a#sentee rates are significantl& higher on /onda&s and Brida&s than on other wor0 da&s. 2his is an e4ample collecting audit evidence #& A) confirmation. B) reperformance. C) vouching. D) anal&tical review. Answer: D Page Ref: !8 "#$ective: %earning "#$ective 1 Difficult& : /oderate AAC(B: Anal&tic 71) An auditor creates a fictitious customer in the s&stem and then creates several fictitious sales to the customer. 2he records are then trac0ed as the& are processed #& the s&stem. 2he auditor is using A) an integrated test facilit&. B) the snapshot techni@ue. C) a s&stem control audit review file. D) continuous and intermittent simulation. Answer: A Page Ref: 1 "#$ective: %earning "#$ective Difficult& : Difficult AAC(B: Anal&tic 7)) An auditor sets an em#edded audit module to flag all credit transactions in e4cess of C1,7!!. 2he flag causes the s&stem state to #e recorded #efore and after each transaction is processed. 2he auditor is using A) an integrated test facilit&. B) the snapshot techni@ue. C) a s&stem control audit review file. D) audit hoo0s. Answer: B Page Ref: 1 "#$ective: %earning "#$ective Difficult& : /oderate AAC(B: Anal&tic 1 Cop&right 5 )!1) Pearson 'ducation, -nc. pu#lishing as Prentice 6all 7) An auditor sets an em#edded audit module to record all credit transactions in e4cess of C1,7!! and store the data in an audit log. 2he auditor is using A) the snapshot techni@ue. B) a s&stem control audit review file. C) audit hoo0s. D) continuous and intermittent simulation. Answer: B Page Ref: 1 "#$ective: %earning "#$ective Difficult& : /oderate AAC(B: Anal&tic 71) An auditor sets an em#edded audit module to flag @uestiona#le online transactions, displa& information a#out the transaction on the auditor.s computer, and send a te4t message to the auditor.s cell phone. 2he auditor is using A) the snapshot techni@ue. B) a s&stem control audit review file. C) audit hoo0s. D) continuous and intermittent simulation. Answer: C Page Ref: 1 "#$ective: %earning "#$ective Difficult& : Difficult AAC(B: Anal&tic 77) An auditor sets an em#edded audit module to selectivel& monitor transactions. (elected transactions are then reprocessed independentl&, and the results are compared with those o#tained #& the normal s&stem processing. 2he auditor is using A) an integrated test facilit&. B) the snapshot techni@ue. C) a s&stem control audit review file. D) continuous and intermittent simulation. Answer: D Page Ref: 1 "#$ective: %earning "#$ective Difficult& : Difficult AAC(B: Anal&tic 78) *hich of the following is not one of the t&pes of internal audits+ A) reviewing corporate organi,ational structure and reporting hierarchies B) e4amining procedures for reporting and disposing of ha,ardous waste C) reviewing source documents and general ledger accounts to determine integrit& of recorded transactions D) comparing estimates and anal&sis made #efore purchase of a ma$or capital asset to actual num#ers and results achieved Answer: A Page Ref: !1 "#$ective: %earning "#$ective 1 Difficult& : /oderate AAC(B: Reflective 2hin0ing 11 Cop&right 5 )!1) Pearson 'ducation, -nc. pu#lishing as Prentice 6all 7:) *hen programmers are wor0ing with program code, the& often emplo& utilities that are also used in auditing. Bor e4ample, as program code evolves, it is often the case that #loc0s of code are superseded #& other #loc0s of code. Bloc0s of code that are not e4ecuted #& the program can #e identified #& A) em#edded audit modules. B) scanning routines. C) mapping programs. D) automated flow charting programs. Answer: C Page Ref: 11 "#$ective: %earning "#$ective Difficult& : /oderate AAC(B: Anal&tic 7;) *hen programmers are wor0ing with program code, the& often emplo& utilities that are also used in auditing. Bor e4ample, as program code evolves, it is often the case that varia#les defined during the earl& part of development #ecome irrelevant. 2he occurrences of varia#les that are not used #& the program can #e found using A) program tracing. B) scanning routines. C) mapping programs. D) em#edded audit modules. Answer: B Page Ref: 11 "#$ective: %earning "#$ective Difficult& : /oderate AAC(B: Anal&tic 7<) '4plain the differences #etween each t&pe of audit ris0. Answer: Inherent risk is the threat faced $ust #& conducting #usiness in a chosen wa&. Bor e4ample, a #usiness with multiple locations in several foreign countries faces more threats than a #usiness with a single location. Control risk is the threat that a compan& has inade@uate, none4istent or unenforced policies and procedures to prevent errors and fraud from getting into the s&stem and #eing reflected in the financial statements. ete!tion risk is the threat that errors or fraud get into the s&stem and audit procedures do not identif& the errors or fraud. Page Ref: !1>!7 "#$ective: %earning "#$ective 1 Difficult& : /oderate AAC(B: Anal&tic 17 Cop&right 5 )!1) Pearson 'ducation, -nc. pu#lishing as Prentice 6all 8!) '4plain wh& the auditor.s role in program development and ac@uisition should #e limited. Answer: 2he auditor.s role in an& organi,ation s&stems development should #e limited onl& to an independent review of s&stems development activities. 2he 0e& to the auditor.s role is independence= the onl& wa& auditors can maintain the o#$ectivit& necessar& for performing an independent evaluation function is #& avoiding an& and all involvement in the development of the s&stem itself. -f auditor independence is impaired, the audit itself ma& #e of little value and its results could easil& #e called into @uestion. 2he auditors could #e #asicall& reviewing their own wor0. Page Ref: !< "#$ective: %earning "#$ective Difficult& : /oderate AAC(B: Anal&tic 81) 6ow and to whom does an auditor communicate the audit results+ Answer: 2he auditor prepares a written report summari,ing the findings and recommendations, with references to supporting evidence in wor0ing papers. 2he report is presented to management, the audit committee, the #oard of directors, and other appropriate parties. 2he auditor then follows up later to determine if recommendations were implemented. Page Ref: !8 "#$ective: %earning "#$ective 1 Difficult& : 'as& AAC(B: Anal&tic 8)) Audit tests and procedures traditionall& have #een performed on a sample #asis. Do options e4ist for auditors to test significantl& more 9or all) transactions+ Answer: Computer assisted audit techni@ues 9CAA2() allow auditors to automate and simplif& the audit process. %arge amounts of data can #e e4amined #& software, created from auditor>supplied specifications. 2wo popular CAA2( pac0ages are Audit Control %anguage 9AC%) and -nteractive Data '4traction and Anal&sis 9-D'A). Auditors can also use concurrent audit techni@ues to identif& and collect information a#out certain t&pes of transactions in real>time. '4amples of concurrent audit techni@ues are em#edded audit modules, integrated test facilit&, s&stem control audit review file 9(CARB), snapshot techni@ue, audit hoo0s and continuous and intermittent simulation 9C-(). Page Ref: 1, 1: "#$ective: %earning "#$ective Difficult& : /oderate AAC(B: Anal&tic 8) *hen doing an information s&stems audit, auditors must review and evaluate the program development process. *hat errors or fraud could occur during the program development process+ Answer: 2here can #e unintentional errors due to misunderstood s&stems specifications, incomplete specifications, or poor programming. Developers could insert unauthori,ed code instructions into the program for fraudulent purposes. Page Ref: !< "#$ective: %earning "#$ective Difficult& : /oderate AAC(B: Anal&tic 18 Cop&right 5 )!1) Pearson 'ducation, -nc. pu#lishing as Prentice 6all 81) Briefl& descri#e tests that can #e used to detect unauthori,ed program modifications. Answer: Re"ie# procedures for re@uesting, approving, programming, and testing changes. Re"ie# or o#serve specific testing and implementation procedures. Compare sour!e !ode from the approved and tested program with the program code currentl& in use. Randoml& and without notice, use the source code from the approved and tested program to repro!ess transa!tions, and compare the results with the operational s&stem results. *rite new code designed to replicate the approved and tested code and use parallel simulation to reprocess transactions, and compare the results with the operational s&stem results. Page Ref: 11 "#$ective: %earning "#$ective Difficult& : Difficult AAC(B: Anal&tic 87) Define and give e4amples of em#edded audit modules. Answer: 'm#edded audit modules are segments of program code that perform audit functions, report test results and store collected evidence for later review. An Integrated $est %a!ility (I$%) processes fictitious records through the operational s&stem in real>time. 2he snapshot te!hni&ue records master file records immediatel& #efore and immediatel& after processing specificall& selected transactions. A System Control Audit Re"ie# %ile (SCAR%) continuousl& monitors transactions and collects transaction data that meet, or fall outside, predetermined criteria. Audit 'ooks immediatel& notif& auditors of suspicious transactions #eing processed, or su#mitted for processing. Continuous and Intermittent Simulation (CIS) identifies specific transactions with audit significance and processes the transactions parallel to the operational s&stem. -f discrepancies result, the C-( can store the evidence for later review or can prevent transaction processing. Page Ref: 1 "#$ective: %earning "#$ective Difficult& : Difficult AAC(B: Anal&tic 88) 6ow is a financial audit different from an information s&stems audit+ Answer: Binancial audits e4amine the relia#ilit& and integrit& of accounting records in terms of financial and operating information. An information s&stems 9-() audit reviews the general and application controls of an A-( to assess its compliance with internal control policies and procedures and its effectiveness in safeguarding assets. Although the A-( ma& generate accounting records and financial information, it is important that the A-( itself #e audited to verif& compliance with internal controls and procedures. Page Ref: !>!1 "#$ective: %earning "#$ective 1 Difficult& : /oderate AAC(B: Anal&tic 1: Cop&right 5 )!1) Pearson 'ducation, -nc. pu#lishing as Prentice 6all 8:) *h& do all audits follow a se@uence of events that can #e divided into four stages, and what are the four stages+ Answer: 2he auditor.s function generall& remains the same no matter what t&pe of audit is #eing conducted. 2he process of auditing can #e #ro0en down into the four stages of planning, collecting evidence, evaluating evidence, and communicating audit results. 2hese stages form a wor0ing template for an& t&pe of financial, information s&stems, or operational or management audits. Page Ref: !7 "#$ective: %earning "#$ective 1 Difficult& : 'as& AAC(B: Anal&tic 8;) Dame and descri#e the different t&pes of audits. Answer: 2he financial audit this audit e4amines the relia#ilit& and integrit& of accounting records 9#oth financial and operating information). 2he information s&stems audit this audit reviews the general and application controls of an A-( and assesses its compliance with internal control policies and procedures and effectiveness in safeguarding assets. 2he operational or management audit this audit conducts an evaluation of the efficient and effective use of resources, as well as an evaluation of the accomplishment of esta#lished goals and o#$ectives. Page Ref: !>!1 "#$ective: %earning "#$ective 1 Difficult& : /oderate AAC(B: Anal&tic 8<) Descri#e the ris0>#ased audit approach. Answer: 2he ris0>#ased audit approach has four steps that evaluate internal controls. 2his approach provides a logical framewor0 for conducting an audit of the internal control structure of a s&stem. 2he first step is to determine the threats facing the A-(. 2hreats here can #e defined as errors and irregularities in the A-(. "nce the threat ris0 has #een esta#lished, the auditor should identif& the control procedures that should #e in place to minimi,e each threat. 2he control procedures identified should either #e a#le to prevent or detect errors and irregularities within the A-(. 2he ne4t step is to evaluate the control procedures. 2his step includes a s&stems review of documentation and also interviewing the appropriate personnel to determine whether the needed procedures are in place within the s&stem. 2he auditor can then use tests of controls to determine if the procedures are #eing satisfactoril& followed. 2he fourth step is to evaluate wea0nesses found in the A-(. *ea0nesses here means errors and irregularities not covered #& the A-( control procedures. *hen such deficiencies are identified, the auditor should see if there are compensating controls that ma& counter#alance the deficienc&. A deficienc& in one area ma& #e neutrali,ed given control strengths in other areas. 2he ultimate goal of the ris0>#ased approach is to provide the auditor with a clear understanding of errors and irregularities that ma& #e in the s&stem along with the related ris0s and e4posures. "nce an understanding has #een o#tained, the auditor ma& provide recommendations to management as to how the A-( control s&stem can #e improved. Page Ref: !8 "#$ective: %earning "#$ective 1 Difficult& : Difficult AAC(B: Anal&tic 1; Cop&right 5 )!1) Pearson 'ducation, -nc. pu#lishing as Prentice 6all :!) a) *hat is test data processing+ #) 6ow is it done+ c) *hat are the sources that an auditor can use to generate test data+ Answer: a) 2est data processing is a techni@ue used to e4amine the integrit& of the computer processing controls. #) 2est data processing involves the creation of a series of h&pothetical valid and invalid transactions and the introduction of those transactions into the s&stem. 2he invalid data ma& include records with missing data, fields containing unreasona#l& large amounts, invalid account num#ers, etc. -f the program controls are wor0ing, then all invalid transactions should #e re$ected. ?alid transactions should all #e properl& processed. c) 2he various wa&s test data can #e generated are: A listing of actual transactions. 2he initial transactions used #& the programmer to test the s&stem. A test data generator program that generates data using program specifications. Page Ref: 1)>1 "#$ective: %earning "#$ective Difficult& : Difficult AAC(B: Anal&tic :1) Descri#e the disadvantages of test data processing. Answer: 2he auditor must spend considera#le time developing an understanding of the s&stem and preparing an ade@uate set of test transactions. Care must #e ta0en to ensure that test data does not affect the compan&.s files and data#ases. 2he auditor can reverse the effects of the test transactions or process the transactions in a separate run using a cop& of the file or data#ase. 6owever, a separate run removes some of the authenticit& o#tained from processing test data with regular transactions. Also, since the reversal procedures ma& reveal the e4istence and nature of the auditor.s test to 0e& personnel, it can #e less effective than a concealed test. Page Ref: 1 "#$ective: %earning "#$ective Difficult& : /oderate AAC(B: Anal&tic :)) Descri#e how audit evidence can #e collected. Answer: (ince the audit effort revolves around the identification, collection, and evaluation of evidence, most audit effort is spent in the collection process. 2o identif&, collect, and evaluate evidence, several methods have #een developed to assist in the effort. 2hese methods include: 1) the o#servation of the activities #eing audited= )) a review of documentation to gain a #etter understanding of the A-(= ) discussions with emplo&ees a#out their $o#s and how procedures are carried out= 1) the creation and administration of @uestionnaires to gather data a#out the s&stem= 7) ph&sical e4amination of tangi#le assets= 8) confirmation of the accurac& of certain information= :) reperformance of selected calculations= ;) vouching for the validit& of a transaction #& e4amination of all supporting documentation= and, <) anal&tical review of relationships and trends among information to detect items that should #e further investigated. -t is important to remem#er that onl& a sample of evidence is collected for audit purposes, as it is not feasi#le to perform audit procedures on the entire set of activities, records, assets, or documents that are under the review process in an audit. Page Ref: !7>!8 "#$ective: %earning "#$ective 1 Difficult& : /oderate AAC(B: Anal&tic 1< Cop&right 5 )!1) Pearson 'ducation, -nc. pu#lishing as Prentice 6all