Vous êtes sur la page 1sur 5

Quiz 5: Audit in CIS Environment and Internal Control

1. Which statement is incorrect when auditing in a CIS environment?


a. A CIS environment exists when a computer of any type or size is involved in the processing
by the entity of financial information of significance to the audit, whether that computer is
operated by the entity or by a third party.
b. The auditor should consider how a CIS environment affects the audit.
c. The use of a computer changes the processing, storage and communication of financial
information and may affect the accounting and internal control systems employed by the
entity.
d. A CIS environment changes the overall objective and scope of an audit.

2. The nature of the risks and the internal characteristics in CIS environment that the auditors
are mostly concerned include the following except:
a. Lack of segregation of functions. c. Lack of transaction trails.
b. Dependence of other control over computer processing. d. Cost-benefit ratio.

3. Which of the following is not normally a removable storage media?


a. Compact disk c. Tapes
b. Diskettes d. Hard disk

4. Personal computers are susceptible to theft, physical damage, unauthorized access or


misuse of equipment. Which of the following is least likely a physical security to restrict access
to personal computers when not in use?
a. Using door locks or other security protection during non-business hours.
b. Fastening the personal computer to a table using security cables.
c. Locking the personal computer in a protective cabinet or shell.
d. Using anti-virus software programs.

5. Due to data sharing, data independence and other characteristics of database systems
a. General CIS controls normally have a greater influence than CIS application controls on
database systems.
b. CIS application controls normally have a greater influence than general CIS controls on
database systems.
c. General CIS controls normally have an equal influence with CIS application controls on
database systems.
d. CIS application controls normally have no influence on database systems.

6. The applications of auditing procedures using the computer as an audit tool refer to
a. Integrated test facility c. Auditing through the computer
b. Data-based management system d. Computer assisted audit techniques

7. A control procedure that could be used in an on-line system to provide an immediate check
on whether an account number has been entered on a terminal accurately is a
a. Compatibility test c. Record count
b. Hash total d. Self-checking digit

8. Which of the following computer-assisted auditing techniques allows fictitious and real
transactions to be processed together without client operating personnel being aware of the
testing process?
a. Integrated test facility c. Parallel simulation
b. Input controls matrix d. Data entry monitor
Quiz 5: Audit in CIS Environment and Internal Control

9. For control purposes, which of the following should be organizationally segregated from the
computer operations function?
a. Data conversion c. Systems development
b. Surveillance of CRT messages d. Minor maintenance according to a schedule

10. Which of the following functions would have the least effect on an audit if it was not properly
segregated?
a. The systems analyst and the programmer functions.
b. The computer operator and programmer functions.
c. The computer operator and the user functions.
d. The applications programmer and the systems programmer.

11. To obtain evidence that user identification and password control procedures are functioning
as designed, an auditor would most likely
a. Attempt to sign on to the system using invalid user identifications and passwords.
b. Write a computer program that simulates the logic of the clients access control software.
c. Extract a random sample of processed transactions and ensure that the transactions were
appropriately authorized.
d. Examine statements signed by employees stating that they have not divulged their user
identifications and passwords to any other person.

12. Which of the following tasks could not be performed when using a generalized audit
software package?
a. Selecting inventory items for observations.
b. Physical count of inventories.
c. Comparison of inventory test counts with perpetual records.
d. Summarizing inventory turnover statistics for obsolescence analysis.

13. Test data, integrated test data and parallel simulation each require an auditor to prepare
data and computer programs. CPAs who lack either the technical expertise or time to prepare
programs should request from the manufacturers or EDP consultants for
a. The program Code c. Generalized audit software
b. Flowchart checks d. Application controls

14. Which of the following methods of testing application controls utilizes a generalized audit
software package prepared by the auditors?
a. Parallel simulation c. Test data approach
b. Integrated testing facility approach d. Exception report tests

15. Which of the following computer-assisted auditing techniques allows fictitious and real
transactions to be processed together without client operating personnel being aware of the
testing process?
a. Integrated test facility c. Parallel simulation
b. Input controls matrix d. Data entry monitor

16. According to PSA 400, which of the following is correct regarding internal control system?
a. Internal control system refers to all the policies and procedures adopted by the auditor to
assist in achieving managements objective.
Quiz 5: Audit in CIS Environment and Internal Control

b. A strong environment, by itself, ensure the effectiveness of the internal control system.
c. In the audit of financial statements, the auditor is only concerned with those policies and
procedures within the accounting and internal control systems that are relevant to the financial
statements.
d. The internal control system is confined to those matters which relate directly to the functions
of the accounting system.

17. Which of the following is correct about internal control?


a. Accounting and internal control systems provide management with conclusive evidence that
objectives are reached.
b. One of the inherent limitations of accounting and internal control systems is the possibility
that the procedures may become inadequate due to changes in conditions, and compliance with
procedures may deteriorate.
c. Most internal controls tend to be directed at non-routine transactions.
d. Management does not consider costs of the accounting and internal control systems.

18. Which of the following best describe the interrelated components of internal control?
a. Organizational structure, management philosophy, and planning.
b. Control environment, risk assessment, control activities, information and communication
systems, and monitoring.
c. Risk assessment, backup facilities, responsibility accounting and natural laws.
d. Legal environment of the firm, management philosophy, and organizational structure.

19. In an audit of financial statements, an auditors primary consideration regarding a control is


whether it
a. Reflects managements philosophy and operating style.
b. Affects managements financial statement assertions.
c. Provides adequate safeguards over access to assets.
d. Enhances managements decision-making processes.

20. Which of the following statements about internal control is correct?


a. Properly maintained internal controls reasonably assure that collusion among employees
cannot occur.
b. Establishing and maintaining internal control is the internal auditors responsibility.
c. Exceptionally strong control allows the auditor to eliminate substantive tests.
d. The cost-benefit relationship should be considered in designing internal control.

21. The ultimate purpose of assessing control risk is to contribute to the auditors evaluation of
the risk that
a. Tests of controls may fail to identify controls relevant to assertions.
b. Material misstatements may exist in the financial statements.
c. Specified controls requiring segregation of duties may be circumvented by collusion.
d. Entity policies may be overridden by senior management.

22. Which of the following statements about preliminary assessment of control risks is correct?
a. After obtaining an understanding of the accounting and internal control systems, the auditor
should make a preliminary assessment of control risks, at the assertion level, for all accounts
or transaction classes.
b. The preliminary assessment of control risk can be done only after completing tests of
controls.
c. The preliminary assessment of control risk for a financial assertion is normally low, unless the
Quiz 5: Audit in CIS Environment and Internal Control

auditor is able to identify weaknesses that may indicate ineffectiveness of accounting and
internal control system.
d. The auditor ordinarily assesses control risk at high level for some or all assertions when it is
not cost efficient to do tests of controls.

23. Which of the following statements concerning control risk is correct?


a. When control risk is at the maximum level, an auditor is required to document the basis for
that assessment.
b. Control risk may be assessed sufficiently low to eliminate substantive testing for significant
transaction classes.
c. When assessing control risk, an auditor should not consider evidence obtained in prior audits
about the operation of controls.
d. Assessing control risk and obtaining an understanding of an entitys internal control may be
performed concurrently.

24. Internal control should provide reasonable (but not necessarily absolute) assurance which
means that:
a. The cost of control activities should not exceed the benefits.
b. Internal control is managements, not auditors, responsibility.
c. An attestation engagement about managements internal control assertions may not
necessarily detect all reportable conditions.
d. There is always a risk that reportable conditions may result in material misstatements.

25. Proper segregation of functional responsibilities calls for separation of the functions of
a. Authorization, execution, and recording. c. Custody, execution, and reporting.
b. Authorization, execution, and payment. d. Authorization, payment, and recording

26. Which of the following is the correct order for performing the auditing procedures A through
C below
A = Tests of Controls
B = Preparation of a flowchart depicting the clients internal control structure
C = Substantive tests
a. ABC b. BAC c. ACB d. BCA

27. To obtain an understanding of the relevant policies and procedures of internal control, the
auditor performs all of the following except:
a. Make inquiries c. Make observations
b. Design substantive tests d. Inspect documents and records

28. After obtaining an understanding of a clients controls, an auditor may decide to omit tests of
the controls. Which of the following in not appropriate reason to omit tests of controls?
a. The controls duplicate other controls.
b. The controls appear adequate.
c. Reportable conditions preclude assessing control risk below the maximum.
d. The effort to test controls exceeds the effort saved by not performing substantive tests.

29. When obtaining an understanding of the accounting and internal control system the auditor
may trace a few transactions through the accounting system. This technique is:
a. Reperformance test c. Walk-through test
b. Test of transactions d. Validity test
Quiz 5: Audit in CIS Environment and Internal Control

30. Tests of controls may include the following, except:


a. Reperformance of internal control procedures
b. Inquiries about, and observation of, internal controls which leave no audit trail.
c. Inspection of documentary support for transactions evidencing authorization
d. Analytical procedures involving comparison of operating expenses with budgeted amount.