Auditing in a CIS Environment

MULTIPLE CHOICES. Read carefully the questions below and choose the best statement among the choices. Write only the letter in CAPITAL
FORM on the answer sheet provided along with this questionnaire. Use of friction pens is strictly not allowed. Erasures or alterations of any kind
will not be given points.

1. This involves actual analysis of the logic of the program’s processing routines.
A. Code review
B. Code analysis
C. Code comparison
D. Logic analysis
E. Program logic review

2. CAATs may be used in performing which of the following?

A. Tests of general controls only.
B. Tests of application controls only.
C. Both tests of general controls and application controls.
D. None of the above.

3. This is a technique in which instruction executed is listed along with control information affecting that instruction.
A. Program tracing
B. Program mapping
C. Program tagging
D. Program execution

4. CAATs may be used in performing which of the following?

I. Tests of details of transactions
II. Tests of balances
III. Sampling
IV. Reperformance

A. I and II only
B. I, II and III only
C. III and IV only
D. I, II and IV only
E. All of the above
F. None of the above

5. Which of the following factors are to be considered if CAATs should be used?

I. Degree of technical competence
II. Practicability of manual tests
III. Timing of test
IV. Availability of CAATs

A. All of the above

B. I, II and III only
C. I, III and IV only
D. I and IV only
E. I and II only

6. SCARFs
A. System control access review files
B. System control audit review files
C. System control audit record files
D. System control access record files

7. This technique attaches additional audit data which would not otherwise be saved to regular historic records and
thereby helps to provide a more complete audit trail.
A. Additional audit records
B. Extended records
C. Historic records
D. Embedded records

8. Which of the following is an inherent characteristic of software package?

A. They are typically used without modifications of the programs.
B. The programs are tailored-made according to the specific needs of the user.
C. They are developed by software manufacturer according to a particular user’s specifications.
D. It takes a longer time of implementation.

9. An auditor would least likely use computer software to:

A. Access client data files.
B. Prepare spreadsheets.
C. Assess EDP controls.
D. Construct parallel simulations.

10. Which of the following is least likely to be tested with generalized audit software? 
A. An aging of accounts receivable.
B. A schedule of inventory.
C. A depreciation schedule.
D. A computer operations manual.

11. When the auditor encounters sophisticated computer-based systems, he or she may need to modify the audit
approach. Of the following conditions, which one is not a valid reason for modifying the audit approach?
A. More advanced computer systems produce less documentation, thus reducing the visibility of the audit trail.
B. In complex computer-based systems, computer verification of data at the point of input replaces the manual
verification found in less sophisticated data processing systems.
C. Integrated data processing has replaced the more traditional separation of duties that existed in manual and batch
processing systems.
D. Real-time processing of transactions has enabled the auditor to concentrate less on the completeness assertion.

12. Auditors often make use of computer programs that perform routine processing functions such as sorting and
merging. These programs are made available by electronic data processing companies and others and are specifically
referred to as:
A. Compiler programs.
B. Supervisory programs.
C. Utility programs.
D. User programs.
13. Audit automation least likely include:
A. Expert systems.
B. Tools to evaluate a client’s risk management procedures.
C. Manual working papers.
D. Corporate and financial modeling programs for use as predictive audit tests.

14. An auditor most likely would introduce test data into a computerized payroll system to test internal controls related to
the
A. Existence of unclaimed payroll checks held by supervisors.
B. Early cashing of payroll checks by employees.
C. Discovery of invalid employee I.D. numbers.
D. Proper approval of overtime by supervisors.

15. Which of the following computer-assisted auditing techniques allows fictitious and real transactions to be processed
together without client operating personnel being aware of the testing process?
A. Integrated test facility.
B. Input controls matrix.
C. Parallel simulation.
D. Data entry monitor.

16. Which of the following methods of testing application controls utilizes a generalized audit software package prepared
by the auditors?
A. Parallel simulation.
B. Integrated testing facility approach.
C. Test data approach.
D. Exception report tests.

17. An auditor who is testing EDP controls in a payroll system would most likely use test data that contain conditions such
as:
A. Deductions not authorized by employees.
B. Overtime not approved by supervisors.
C. Time tickets with invalid job numbers.
D. Payroll checks with unauthorized signatures.

18. Auditing by testing the input and output of an EDP system instead of the computer program itself will:
A. Not detect program errors which do not show up in the output sampled.
B. Detect all program errors, regardless of the nature of the output.
C. Provide the auditor with the same type of evidence.
D. Not provide the auditor with confidence in the results of the auditing procedures.

19. The output of a parallel simulation should always be:

A. Printed on a report.
B. Compared with actual results manually.
C. Compared with actual results using a comparison program.
D. Reconciled to actual processing output.

20. Generalized audit software is a computer-assisted audit technique. It is one of the widely used techniques for auditing
computer application systems. Generalized audit software is most often used to:
A. Verify computer processing.
B. Process data fields under the control of the operation manager.
C. Independently analyze data files.
D. Both A and B.

21. When conducting field work for a physical inventory, an auditor cannot perform which of the following steps using a
generalized audit software package? 
A. Observing inventory.
B. Selecting sample items of inventory.
C. Analyzing data resulting from inventory.
D. Recalculating balances in inventory reports.

22. Auditing through the computer is most likely to be used when: 

A. Input transactions are batched and system logic is straightforward.
B. Processing primarily consists of sorting the input data and updating the master file sequentially.
C. Processing is primarily on line and updating is real-time.
D. Outputs are in hard copy form.

23. An auditor is preparing test data for use in the audit of a computer based accounts receivable application. Which of
the following items would be appropriate to include as an item in the test data?
A. A transaction record which contains an incorrect master file control total.
B. A master file record which contains an invalid customer identification number.
C. A master file record which contains an incorrect master file control total.
D. A transaction record which contains an invalid customer identification number.

24. In auditing through a computer, the test data method is used by auditors to test the:
A. Accuracy of input data.
B. Validity of the output.
C. Procedures contained within the program.
D. Normalcy of distribution of test data.

25. Processing simulated file data provides the auditor with information about the reliability of controls from evidence that
exists in simulated files. One of the techniques involved in this approach makes use of:
A. Controlled reprocessing.
B. Program code checking.
C. Printout reviews.
D. Integrated test facility.

26. When auditing "around" the computer, the independent auditor focuses solely upon the source documents and:
A. Test data.
B. CIS processing.
C. Control techniques.
D. CIS output.

27. An integrated test facility would be appropriate when the auditor needs to:
A. Trace a complex logic path through an application system.
B. Verify processing accuracy concurrently with processing.
C. Monitor transactions in an application system continuously.
D. Verify load module integrity for production programs.

28. Which of the following methods of testing application controls utilizes a generalized audit software package prepared
by the auditors?
A. Parallel simulation.
B. Integrated testing facility approach.
C. Test data approach.
D. Exception report tests.

29. Generalized audit software is of primary interest to the auditor in terms of its capability to:
A. Access information stored on computer files.
B. Select a sample of items for testing.
C. Evaluate sample test results.
D. Test the accuracy of the client's calculations.

30. When testing a computerized accounting system, which of the following is not true of the test data approach?
A. The test data need consist of only those valid and invalid conditions in which the auditor is interested.
B. Only one transaction of each type need be tested.
C. Test data are processed by the client's computer programs under the auditor's control.
D. The test data must consist of all possible valid and invalid conditions.

31. Which of the following is an acknowledged risk of using test data when auditing CIS records?
A. The test data may not include all possible types of transactions.
B. The computer may not process a simulated transaction in the same way it would an identical actual transaction.
C. The method cannot be used with simulated master records.
D. Test data may be useful in verifying the correctness of account balances, but not in determining the presence of
processing controls.

32. Creating simulated transactions that are processed through a system to generate results that are compared with
predetermined results, is an auditing procedure referred to as:
A. Desk checking.
B. Use of test data.
C. Completing outstanding jobs.
D. Parallel simulation.

33. A primary advantage of using generalized audit packages in the audit of an advanced computer system is that it
enables the auditor to:
A. Substantiate the accuracy of data through self-checking digits and hash totals.
B. Utilize the speed and accuracy of the computer.
C. Verify the performance of machine operations which leave visible evidence of occurrence.
D. Gather and store large quantities of supportive evidential matter in machine readable form.
34. An auditor who wishes to capture an entity’s data as transactions are processed and continuously test the entity’s
computerized information system most likely would use which of the following techniques?
A. Snapshot application.
B. Embedded audit module.
C. Integrated data check.
D. Test data generator.

35. Which of the following computer-assisted auditing techniques processes client input data on a controlled program
under the auditor’s control to test controls in the computer system?
A. Test data.
B. Review of program logic.
C. Integrated test facility.
D. Parallel simulation.

36. Which of the following is not among the errors that an auditor might include in the test data when auditing a client’s
computer system?
A. Numeric characters in alphanumeric fields.
B. Authorized code.
C. Differences in description of units of measure.
D. Illogical entries in fields whose logic is tested by programmed consistency checks.

37. Which of the following computer-assisted auditing techniques allows fictitious and real transactions to be processed
together without client operating personnel being aware of the testing process?
A. Integrated test facility.
B. Input controls matrix.
C. Parallel simulation.
D. Data entry monitor.

38. Which of the following methods of testing application controls utilizes a generalized audit software package prepared
by the auditors?
A. Parallel simulation.
B. Integrated testing facility approach.
C. Test data approach.
D. Exception report tests.

39. In creating lead schedules for an audit engagement, a CPA often uses automated work paper software. What client
information is needed to begin this process?
A. Interim financial information such as third quarter sales, net income, and inventory and receivables balances.
B. Specialized journal information such as the invoice and purchase order numbers of the last few sales and purchases
of the year.
C. General ledger information such as account numbers, prior year account balances, and current year unadjusted
information.
D. Adjusting entry information such as deferrals and accruals, and reclassification journal entries.

40. Using microcomputers in auditing may affect the methods used to review the work of staff assistants because:
A. The audit fieldwork standards for supervision may differ.
B. Documenting the supervisory review may require assistance of consulting services personnel.
C. Supervisory personnel may not have an understanding of the capabilities and limitations of microcomputers.
D. Working paper documentation may not contain readily observable details of calculations.

41. A primary advantage of using generalized audit software packages to audit the financial statements of a client that
uses a computer system is that the auditor may:
A. Access information stored on computer files while having a limited understanding of the client’s hardware and
software features.
B. Consider increasing the use of substantive tests of transactions in place of analytical procedures.
C. Substantiate the accuracy of data through self-checking digits and hash totals.
D. Reduce the level of required tests of controls to a relatively small amount.

42. An auditor would least likely use computer software to:

A. Access client data files.
B. Prepare spreadsheets.
C. Assess computer control risk.
D. Construct parallel simulations.

43. An auditor most likely would test for the presence of unauthorized computer program changes by running a:
A. Program with test data.
B. Check digit verification program.
C. Source code comparison program.
D. Program that computes control totals.

44. The primary use of generalized audit software is to:

A. Test controls embedded in programs.
B. Test unauthorized access to data.
C. Extract data of relevance to the audit.
D. Reduce the need for transaction vouching.

45. In auditing an on-line perpetual inventory system, an auditor selected certain file-updating transactions for detailed
testing. The audit technique that will provide a computer trail of all relevant processing steps applied to a specific
transaction is called:
A. Snapshot.
B. Simulation.
C. Tagging and tracing.
D. Code comparison.

46. Auditors have learned that increased computerization has created more opportunities for computer fraud but has also
led to the development of computer audit techniques to detect frauds. A type of fraud that has occurred in the
banking industry is a programming fraud in which the programmer designs a program to calculate daily interest on
savings accounts to four decimal points. The programmer then truncates the last two digits and adds it to his account
balance. Which of the following CAATs would be most effective in detecting this type of fraud?
A. Generalized audit software that selects account balances for confirmation with the depositor.
B. Snapshot.
C. Parallel simulation.
D. Systems control and audit review file (SCARF).

47. These computer programs are enhanced productivity tools that are typically part of a sophisticated operating systems
environment, for example, data retrieval software or code comparison software.
A. Purpose written programs.
B. System management programs.
C. Utility programs.
D. Generalized audit software.

48. The following tasks can be performed by an auditor using CAATs software, except:
A. Identifying missing check numbers.
B. Extracting data files containing only a two-year digit date field and changing it to hold four digits.
C. Matching identical product information in separate data files.
D. Aging accounts receivable.

49. Which of the following represents a limitation on the use of generalized audit software?
A. It requires lengthy detailed instructions in order to accomplish specific tasks.
B. It has limited application without significant modification.
C. It requires substantial programming knowledge to be used effectively.
D. It can only be used on hardware with compatible operating systems.

50. Which of the following may not be a purpose of using computer audit software?
A. Add transactions or balances in the data files for comparison with control account balance.
B. Select accounts or transactions for detailed testing.
C. To evaluate the collectibility of accounts receivable.
D. To examine databases for unusual items.

51. Whether or not a real time program contains adequate controls is most effectively determined by the use of:
A. Audit software.
B. A tracing routine.
C. An integrated test facility.
D. A traditional test deck.

52. Which of the following is an incorrect statement regarding testing strategies related to auditing through the
computer?
A. The test data approach involves processing the client’s data on a test basis to determine the integrity of the system.
B. Test data should include all relevant data conditions that the auditor is interested in testing.
C. When the auditor uses the embedded audit module approach, an audit module is inserted in the client’s system to
capture transactions with certain characteristics.
D. The test data approach involves processing the auditor’s test data on the client’s computer system to determine
whether computer-performed controls are working properly.

53. Which of the following is not a CAAT?

A. Test data.
B. Tagging and lagging.
C. Audit hooks.
D. Program analysis.

54. Which of the following procedures is an example of auditing around the computer?
A. The auditor traces adding machine tapes of sales order batch totals to a computer printout of the sales journal.
B. The auditor develops a set of hypothetical sales transactions and using the client’s computer programs, enters the
transactions into the system and observes the processing flow.
C. The auditor enters hypothetical transactions into the client’s processing system during client processing of live data.
D. The auditor observes client personnel as they process the biweekly payroll. The auditor observes client personnel as
they process the biweekly payroll. The auditor is primarily concerned with computer rejection of data that fails to
meet reasonableness limits.

55. Which of the following is an acknowledged risk of using test data when auditing around computerized records?
A. The test data may not include all possible types of transactions.
B. The computers may not process a simulated transaction in the same way it would an identical actual transaction.
C. The method cannot be used with simulated master records.
D. Test data may be useful in verifying the correctness of account balances but not in determining the presence of
processing controls.

56. An auditor used test data to verify the existence of controls in a certain computer program. Even though the program
performed well on the test, the auditor may still have a concern that:
A. The program tested is the same one used in the regular production runs.
B. Generalized audit software may have been a better tool to use.
C. Data entry procedures may change and render the test useless.
D. No documentation exists for the program.

57. Which of the following indicates the use of parallel simulation audit technique?
A. Live transactions are processed using test programs.
B. Live transactions are processed using live programs.
C. Live transactions are processed with test master file.
D. Test transactions are processed using test programs.

58. In auditing through the computer, actual client data is used with:
A. Integrated test facility.
B. The test data approach.
C. Parallel simulation.
D. An expert system.

59. Assume that an auditor estimated that 10,000 checks were issued during the accounting period. If an application
control that performs a limit check for each check request is to be subjected to the auditor’s test data approach, the
sample should include:
A. Approximately 1,000 test items.
B. A number of test items determined by the auditor to be sufficient under the circumstances.
C. One transaction.
D. A number of test items determined by the auditor’s reference to the appropriate sampling tables.

60. Which of the following best describes the early stages of an IS audit?
A. Observing key organizational facilities.
B. Assessing the IS environment.
C. Understanding the business process and environment applicable to the review.
D. Reviewing prior IS audit reports.

61. While developing a risk based audit program, on which of the following would the IS auditor most likely focus?
A. Business processes.
B. Critical IT applications.
C. Operational controls.
D. Business strategies.

62. The first step in planning an audit is to:

A. Define audit deliverables.
B. Finalize the audit scope and audit objectives.
C. Gain an understanding of the business’ objectives.
D. Develop the audit approach or audit strategy.

63. Which of the following significance and complexity of the CIS activities should an auditor least understand?
A. The organizational structure of the client’s CIS activities.
B. Lack of transaction trails.
C. The significance and complexity of computer processing in each significant accounting application.
D. The use of software packages instead of customized software.
64. The approach an IS auditor should use to plan IS audit coverage should be based on:
A. Risk.
B. Materiality.
C. Professional skepticism.
D. Detective control.

65. Which of the following is not a function of generalized audit software?

A. To aid in the random selection of transactions for substantive testing.
B. To keep an independent log of access to the computer application software.
C. To run in parallel with the client’s application software and compare the output.
D. To test the mathematical accuracy by footing and cross-footing items in the accounting system.

66. A data base management systems ____________________

A. Allows quick retrieval of data but at a cost of inefficient use of file space.
B. Allows quick retrieval of data but it needs to update files continually.
C. Physically stores each element of data only once.
D. Stores data on different files for different purpose, but always knows where they are and how to retrieve them.

67. In comparing the control environment in complex versus non-complex Computerized information system(CIS), the
control environment in complex CIS system is:
A. More critical because there is greater potential for errors and irregularities.
B. More critical because of the high degree of technical competence needed by the programmers and operations,
C. Less critical because the complexity ensures the control will be built into the system.
D. Less critical because non-experts do not have the opportunity to interacts with the systems and mess it up.

68. Auditors usually evaluate the effectiveness of____________________

A. Application control first.
B. Hardware control first.
C. Sales cycle control first.
D. General controls before applications control.

69. The auditor’s computer program approach and the test data approach
A. Are incompatible.
B. Are complementary.
C. Are mutually exclusive.
D. Must be used simultaneously.

70. Internal control is ineffective when computer department personnel

A. Provide physical security for program files.
B. Participate in computer software acquisition decision.
C. Originate changes in master files
D. Design documentation for computerized system.

71. In a computerized information system, automated equipment controls or hardware controls are designed to
A. Arrange data in a logical sequential manner for processing purpose.
B. Correct errors in the computer programs.
C. Monitor and detect errors in source documents.
D. Detect and control errors arising from use equipment.

72. The real-time feature of a Computerized Information System would be least useful when applied to accounting for a
firm’s
A. Costumer account receivable.
B. Merchandise inventory.
C. Property and depreciation.
D. Bank account balances.

73. Computer systems are typically supported by a variety of utility software packages that are important to an auditor
because they ___________________
A. Are very versatile programs that can be used on hardware of many manufacturers.
B. May enable unauthorized changes to data files if not properly controlled.
C. May be significant components of a client’s application programs.
D. Are written specifically to enable auditors to extract and sort data.

74. An author would least likely use computer software to:

A. Assess CIS control risk.
B. Access client data files.
C. Prepare spreadsheets.
D. Construct parallel simulations.
75. Which of the following is a computer test made to ascertain whether a given characteristic belongs to the group?
A. Echo check.
B. Limit check.
C. Parity check.
D. Validity check.

76. Which of the following computer-assisted auditing techniques allows fictitious and real transactions to be processed
together without client operating personnel being aware of the testing process?
A. Integrated test facility.
B. Test data approach.
C. Parallel simulation.
D. Generalized audit software programming.

77. In the conduct of audit under a CIS environment, which Computer-Assisted Audit Techniques (CAATs) would normally
require the use of dummy records?
A. Test data approach and parallel simulation.
B. Test data approach and integrated test facility.
C. Parallel simulation and integrated test facility.
D. Test data approach, parallel simulation and integrated test facility.

78. It is a state implying data has certain attributes: completeness, soundness, purity, and veracity.
A. Data verification.
B. Data statement.
C. Data integration.
D. Data integrity.

79. What are controls that are designed to assure that the information processed by the computer is valid, complete, and
accurate?
A. Processing controls.
B. Output controls.
C. Input controls.
D. General controls.

80. Which of the following is not a characteristic of a batch processed computer system?
A. The collection of like transactions that are sorted and processed sequentially against a master file.
B. The posting of a transaction, as it occurs, to several files, without intermediate printouts.
C. Keypunching of transaction, followed by machine processing.
D. The production of numerous print outs.

81. Error in data processed in a batch computer system may not be detected immediately because
A. Transaction trails in batch system are available only for a limited period of time.
B. Errors in some transactions cause rejection of other transaction in the batch.
C. Random errors are more likely in a batch system than in an on-line system
D. There are time delays in processing transactions in a batch system.

82. Which of the following activities would most likely be performed in the IT department?
A. Conversion of information to machine-readable form.
B. Correction of transactional errors.
C. Initiation of changes to existing application.
D. Initiation of charges to master records.

83. Which of the following characteristics distinguishes computer processing from manual processing?
A. Errors or irregularities in computer processing will be detected soon after their occurrences.
B. Computer processing virtually eliminates the occurrence of computational error normally associated with manual
processing.
C. The potential for systematic error is ordinarily greater in manual processing then in computerized processing.
D. Most computer systems are designed so that transaction trails useful for audit purpose do not exist.

84. Which best describes a fundamental control weakness often associated with computer system?
A. Computer equipment is more subject to system error than manual processing is subject to human error.
B. Computer equipment processes and records similar transactions in a similar manner.
C. Functions that would normally be separated in a manual system are combined in a computer system.
D. Control procedures for detection of invalid and unusual transactions are less effective than manual control
procedures.

85. Which of the following statements most likely represent a disadvantage for an entity that keeps microcomputer-
prepared data files rather than manually prepared files?
A. Random error associated with processing similar transactions in different ways usually greater.
B. It is usually more difficult to compare recorded accountability with physical count of assets.
C. It is usually easier for unauthorized persons to access and alter the files.
D. Attention is focused on the accuracy of the programming process rather than errors in individual transactions.

86. Preventing someone with sufficient technical skill from circumventing security procedures and making changes to
production programs is best accomplished by ____________________
A. Providing suitable segregation of duties.
B. Reviewing reports of jobs completed.
C. Comparing production programs with independently controlled copies.
D. Running test data periodically.

87. Which of the following employees in a company’s computer department should be responsible for designing new or
improved data processing procedure?
A. Control group head.
B. Flowchart editor.
C. System analyst.
D. Programmer.

88. The detection and correction of errors in the of data should be the responsibility of __________
A. The data processing manager.
B. The IT department control group.
C. The operator.
D. The independent public accountant.

89. Which of the following is a general IT control that would most likely assist an entity whose system analysts left the
entity in the middle of a major project?
A. Systems and documentation.
B. Grandfather-father-son record retention.
C. Input and output validation routines.
D. Check digit verification.

90. Which of the following is the auditor’s concern regarding a distributed data processing set-up?
A. Hardware controls.
B. System documentation controls.
C. Organizational controls.
D. Access controls.

91. An auditor anticipates assessing control risk at a low level in a computerized environment. Under these
circumstances, on which of the following procedures would the auditor initially focus?
A. Programmed control procedures.
B. Application control procedure.
C. General control procedures.
D. Output control procedure.

92. Totals of amounts in computer-recorded data fields, which are not usually added but are used only for data
processing control purpose are called__________________
A. Record totals
B. Hash totals
C. Hass-Larzen totals
D. Field totals

93. A mail-order retailer of low-cost novelty items is receiving an increasing number of complaints from customers
about the wrong merchandise being shipped. The order code for items has the format WWXXYYZZ, which has the
following meaning:
WW - major category
XX - minor category
YY – identifies the item
ZZ – identifies the catalog

In many cases, the wrong merchandise was sent because adjacent characters in the order code had been transposed.
The most effective control to prevent this erroneous input is to
A. Use a master file reference for all order codes to verify the existence of items.
B. Separate the parts of the order code with hyphens to make the characters easier to read.
C. Add check digits to the order codes and verify them for each order.
D. Require customers to specify the name for each item they order.

94. Which of the following is the major purpose of the auditor’s study and evaluation of the company’s
computer processing operations?
A. Ensure the exercise of due professional care.
B. Evaluate the reliability and integrity of financial information.
C. Become familiar with the company’s means of identifying, measuring, classifying, and reporting information.
D. Evaluate the competence of computer processing operating personnel.

95. When the auditor chooses to use only the non-IT segment of a client’s control to assess control risk, it is referred to
as auditing around the computer. Which one of the following conditions need not be present to apply this audit
approach?
A. The output must be listed in sufficient detail to enable the auditor to trace individual transactions.
B. The source documents must be filed in a manner that makes it possible to locate them.
C. The source documents must be available in non-machine language.
D. Computer programs must be available in English.

96. The following statements relate to auditor’s assessment of control risk in an entity’s computer environment. Which is
correct?
A. The auditor usually can ignore the computer system if he/she can obtain an understanding of the controls outside the
computer information system.
B. If the general controls are ineffective, the auditor ordinarily can assess control risk at a low level if the application
controls are effective.
C. The auditor’s objectives with respect to the assessment of control risk are the same as in a manual system.
D. The auditor must obtain an understanding of the internal control and test controls in computer environments.

97. When an auditor test a computer information system, which of the following is true of the test data approach?
A. Test data are processed by the client’s computer programs under the auditor’s control.
B. Several transactions of each type must be tested.
C. Test of data must consist of all possible valid and invalid conditions.
D. The program tested is different from the program used throughout the year by the entity.

98. An auditor who is testing IT controls in a payroll system would most likely use test data that contain conditions such
as
A. Payroll checks with unauthorized signatures.
B. Deductions not authorized by employees.
C. Time tickets with invalid job numbers.
D. Overtime not approved by supervisors.

99. Data processing activities may be classified in terms of three states of processes; input, processing and output. Which
of the following activities is not normally associated with the input stage?
A. Recording
B. Batching
C. Reporting
D. Verifying

100. A wholesaler of automotive parts has a computerized billing system. Because of a clerical error while entering
information from the sales order, one of its customers was billed for only three of the five items ordered and
received. Which of the following controls could have prevented or promptly detected this clerical error?
A. periodic comparison of total accounts receivable per accounts receivable master file with total accounts receivable per
accounts receivable control account
B. A completeness check that does not allow a sales invoice to be processed if key fields are blank.
C. Prenumbered shipping documents together with a procedure for follow-up anytime there is not a one-to one
relationship between shipping documents and sales invoices.
D. Making line control counts produced by the computer with predetermined line control counts.