Info
Warning
Danger

Study Resources (Accounting)

6.What are the three categories of processing control? 7.What control issue is related to reentering corrected error records into a batch processing system? What are the two methods for doing this? 8.Output controls ensure that output is not lost, misdirected, or corrupted and that privacy is not violated. What are some output.
5 Views
View Answer
9.What is the purpose of the auditor's review of SDLC documentation? 10.Microcomputers have traditionally been difficult to control, leaving auditors with special problems in verifying physical controls. Discuss what an auditor's objectives might be in testing microcomputer controls. 11.Contrast the "black box" approach to IT auditing and the "white box" approach. Which.
5 Views
View Answer
Chapter 16—IT Controls Part II: Security and Access TRUE/FALSE 1.In a computerized environment, the audit trail log must be printed onto paper documents. 2.Disguising message packets to look as if they came from another user and to gain access to the host’s network is called spooling. 3.Access controls take on increased importance in a.
12 Views
View Answer
11.Describe the components of a disaster recovery plan. 12.What is a mirrored data center? 13.Why is supervisory control more elaborate in the CBIS environment than in the manual environment? 14.What are some control implications of the distributed data processing model? 15.What is program fraud? .
10 Views
View Answer
6.Describe two ways that passwords are used to authorize and validate messages in the electronic data interchange environment. 7.Explain how transactions are audited in an electronic data interchange environment. 8.Describe are some typical problems with passwords? 9.Discuss the key features of the one-time password technique: 10.Describe two tests of controls that would provide evidence.
4 Views
View Answer
11.List three characteristics that should be considered when designing a hardcopy input form. 12.List two techniques of forms design that encourage efficient and effective data collection. 13.What is the importance of the base case? 14.Describe a risk associated with the phased cutover procedure for data conversion. 15.List the attributes of output views. .
8 Views
View Answer
21.Describe two tests that an auditor would perform to ensure that the disaster recovery plan is adequate. 22.Distinguish between inherent risk and control risk. How do internal controls and detection risk fit in? 23.Contrast internal and external auditing. 24.What are the components of audit risk? 25.How do the tests of controls affect substantive tests? .
5 Views
View Answer
3.The presence of an audit trail is critical to the integrity of the accounting information system. Discuss three of the techniques used to preserve the audit trail. 4.Define each of the following input controls and give an example of how they may be used: a.  Missing data check b.  Numeric/alphabetic data check c.  Limit.
8 Views
View Answer
11.Describe a test of controls that would provide evidence that only authorized program maintenance is occurring. 12.Auditors do not rely on detailed knowledge of the application's internal logic when they use the __________________________ approach to auditing computer applications. 13.Describe parallel simulation. 14.What is meant by auditing around the computer versus auditing through the.
7 Views
View Answer
21.The fundamental difference between internal and external auditing is that a.internal auditors represent the interests of management and external auditors represent outsiders b.internal auditors perform IT audits and external auditors perform financial statement audits c.internal auditors focus on financial statement audits and external auditors focus on operational audits and financial statement audits d.external auditors.
6 Views
View Answer
26.What is an auditor looking for when testing computer center controls? 27.Define and contrast attestation services and assurance services. 28.What is IT Governance? 29.Why should the tasks of systems development and maintenance be segregated from operations? 30.Why should new systems development activities be segregated from the program change (maintenance) function. .
5 Views
View Answer
11.The most frequent victims of program viruses are microcomputers. 12.Access controls protect databases against destruction, loss or misuse through unauthorized access. 13.Operating system integrity is not of concern to accountants because only hardware risks are involved. 14.Audit trails in computerized systems are comprised of two types of audit logs: detailed logs of individual.
9 Views
View Answer
11.A second site backup agreement between two or more firms with compatible computer facilities to assist each other with data processing needs in an emergency is called a.internally provided backup b.recovery operations center c.empty shell d.mutual aid pact 12.The major disadvantage of an empty shell solution as a second site backup is a.the host site may.
6 Views
View Answer
21.All of the following tests of controls will provide evidence that adequate computer virus control techniques are in place and functioning except a.verifying that only authorized software is used on company computers b.reviewing system maintenance records c.confirming that antivirus software is in use d.examining the password policy including a review of the authority table 22.Audit.
4 Views
View Answer
4.Prior to SOX, external auditors were required to be familiar with the client organization’s internal controls, but not test them. Explain. 5.Does a qualified opinion on managements assessment of internal controls over the financial reporting system necessitate a qualified opinion on the financial statements? Explain. 6.The PCAOB’s standard No. 2 specifically requires.
8 Views
View Answer
6.What issues must be considered in designing hardcopy documents? 7.What is the role of test data? What is a base case? 8.Correctly designed modules possess two attributes. Name and explain each. ANS: Coupling measures the degree of interaction or exchange of data between modules. A loosely coupled module is independent of the others. Modules.
15 Views
View Answer
11.An example of a hash total is a.total payroll checks–$12,315 b.total number of employees–10 c.sum of the social security numbers–12,555,437,251 d.none of the above 12.Which statement is not true? A batch control record a.contains a transaction code b.records the record count c.contains a hash total d.control figures in the record may be adjusted during processing e.All the above are true 13.Which.
4 Views
View Answer
MULTIPLE CHOICE 1.Which statement is not correct? The audit trail in a computerized environment a.consists of records that are stored sequentially in an audit file b.traces transactions from their source to their final disposition c.is a function of the quality and integrity of the application programs d.may take the form of pointers, indexes, and embedded.
10 Views
View Answer
SHORT ANSWER 1.Contrast the source program library (SPL) management system to the database management system (DBMS). 2.Describe two methods used to control the source program library. 3.New system development activity controls must focus on the authorization, development, and implementation of new systems and its maintenance. Discuss at least five control activities that are.
3 Views
View Answer
16.What are embedded instructions? Why do they matter? 17.What are the two methods of electronic input? How do they differ? 18.Describe the Cold Turkey (or Big Bang) approach to system cutover. 19.Discuss the advantage of the parallel operation cutover approach. 20.What is the objective of a post-implementation review? .
7 Views
View Answer
ESSAY 1.Discuss the key features of Section 404 of the Sarbanes-Oxley Act 2.Section 404 requires management to make a statement identifying the control framework used to conduct their assessment of internal controls. Discuss the options in selecting a control framework. 3.Explain how general controls impact transaction integrity and the financial reporting process. .
9 Views
View Answer
SHORT ANSWER 1.Which of the following statements is true? a.Both the SEC and the PCAOB requires the use of the COSO framework b.Both the SEC and the PCAOB requires the COBIT framework c.The SEC recommends COBIT and the PCAOB recommends COSO d.Any framework can be used that encompass all of COSO’s general themes 2.COSO identifies two.
6 Views
View Answer
13.Compare and contrast the following disaster recovery options: mutual aid pact, empty shell, recovery operations center, and internally provided backup. Rank them from most risky to least risky, as well as most costly to least costly. 14.What is a disaster recovery plan? What are the key features? .
8 Views
View Answer
6.Define general controls. 7.Discuss the key features of Section 302 of the Sarbanes-Oxley Act. 8.What the three primary CBIS functions that must be separated? 9.List three pairs of system functions that should be separated in the centralized computer services organization. Describe a risk exposure if the functions are not separated. Functions to SeparateRisk Exposure ____________________________________________________ ____________________________________________________ ____________________________________________________ 10.For.
5 Views
View Answer
11.Which is not a biometric device? a.password b.retina prints c.voice prints d.signature characteristics 12.Which of the following is not a basic database backup and recovery feature? a.checkpoint b.backup database c.transaction log d.database authority table 13.All of the following are objectives of operating system control except a.protecting the OS from users b.protesting users from each other c.protecting users from themselves d.protecting the environment from users 14.Passwords.
5 Views
View Answer
MULTIPLE CHOICE 1.Which of the following is NOT an implication of section 302 of the Sarbanes-Oxley Act? a.Auditors must determine, whether changes in internal control has, or is likely to, materially affect internal control over financial reporting. b.Auditors must interview management regarding significant changes in the design or operation of internal control that.
8 Views
View Answer
16.The distributed data processing approach carries some control implications of which accountants should be aware. Discuss two. 17.__________________________ are intentional mistakes while __________________________ are unintentional mistakes. 18.Explain the relationship between internal controls and substantive testing. 19.Discuss the interrelationship of tests of controls, audit objectives, exposures, and existing controls. 20.Distinguish between errors and irregularities. Which.
7 Views
View Answer
MULTIPLE CHOICE 1.The operating system performs all of the following tasks except a.translates third-generation languages into machine language b.assigns memory to applications c.authorizes user access d.schedules job processing 2.Which of the following is considered an unintentional threat to the integrity of the operating system? a.a hacker gaining access to the system because of a security flaw b.a hardware.
21 Views
View Answer
21.Run-to-run control totals can be used for all of the following except a.to ensure that all data input is validated b.to ensure that only transactions of a similar type are being processed c.to ensure the records are in sequence and are not missing d.to ensure that no transaction is omitted 22.Methods used to maintain an.
6 Views
View Answer
Chapter 15—IT Controls Part I: Sarbanes-Oxley and IT Governance TRUE/FALSE 1.Corporate management (including the CEO) must certify monthly and annually their organization’s internal controls over financial reporting. 2.Both the SEC and the PCAOB requires management to use the COBIT framework for assessing internal control adequacy. 3.Both the SEC and the PCAOB requires management to.
21 Views
View Answer
SHORT ANSWER 1.Briefly define an operating system. 2.What is a virus? 3.Describe one benefit of using a call-back device. 4.Contrast the Private Encryption Standard approach with the Public Key Encryption approach to controlling access to telecommunication messages. 5.List three methods of controlling unauthorized access to telecommunication messages. .
11 Views
View Answer
31.All of the following concepts are associated with the black box approach to auditing computer applications except a.the application need not be removed from service and tested directly b.auditors do not rely on a detailed knowledge of the application's internal logic c.the auditor reconciles previously produced output results with production input transactions d.this approach.
6 Views
View Answer
10.Internal control in a computerized environment can be divided into two broad categories. What are they? Explain each. 11.Auditors examine the physical environment of the computer center as part of their audit. Many characteristics of computer centers are of interest to auditors. What are they? Discuss. 12.Explain why certain duties that are.
5 Views
View Answer
11.Achieving batch control objectives requires grouping similar types of input transactions (such as sales orders) together in batches and then controlling the batches throughout data processing. 12.The "white box" tests of program controls are also known as auditing through the computer. 13.The presence of a SPLMS effectively guarantees program integrity. 14.When using the.
6 Views
View Answer
11.A disaster recovery plan is a comprehensive statement of all actions to be taken after a disaster. 12.IT auditing is a small part of most external and internal audits. 13.Assurance services is an emerging field that goes beyond the auditor’s traditional attestation function. 14.An IT auditor expresses an opinion on the fairness of.
9 Views
View Answer
16.What are the audit’s objectives relating to systems development? ) systems development activities are applied consistently and in accordance with management’s policies to all systems development projects; (2) the system as originally implemented was free from material errors and fraud; (3) the system was judged necessary and justified at various checkpoints.
5 Views
View Answer
31.In an electronic data interchange environment, the audit trail a.is a printout of all incoming and outgoing transactions b.is an electronic log of all transactions received, translated, and processed by the system c.is a computer resource authority table d.consists of pointers and indexes within the database 32.All of the following are designed to control exposures.
4 Views
View Answer
Chapter 17—IT Controls Part III: Systems Development, Program Changes, and Application Controls TRUE/FALSE 1.Programs in their compiled state are very susceptible to the threat of unauthorized modification. 2.Maintenance access to systems increases the risk that logic will be corrupted either by the accident or intent to defraud. 3.Source program library controls should prevent and.
13 Views
View Answer
3.Discuss the appropriate steps to take when selecting a commercial software package. 4.The Studebaker Company is evaluating two proposals for a commercial software package. Three relevant factors were identified and weighted. Then the evaluation team assigned raw scores from 1 to 5 to each factor for each vendor. Proposal One will.
8 Views
View Answer