loader  Loading... Please wait...

Question(s) / Instruction(s):


1) Generalised audit software can be used to perform many different kinds of tests — which is not

one of them?

A) Inquiry of management policy on aged debtors.

B) Comparing creditor statements with accounts payable files.

C) Totaling the clients accounts receivable balances.

D) Random sampling of all other receivables.


2) A well-controlled IT system offers greater potential for reducing misstatements because:

A) Computers handle tremendous volumes of complex business transactions effectively.

B) Computers process information consistently.

C) Computers reduce the human error that is likely to occur in traditional manual environments.

D) All of the above.


3) Which of the following is not a general control?

A) Hardware controls

B) Processing controls

C) The plan of organization and operation of IT activity

D) Procedures for documenting, reviewing and approving systems and payments


4) The accumulation of source documents and records that allows the organization to trace

accounting entries back to their initiation is the:

A) out-sourcing code.

B) initialization procedure.

C) substantiation record.

D) audit trail.


5) Which one of the following computer-assisted auditing techniques allows fictitious and real

transactions to be processed together without client operating personnel being aware of the testing


A) Test data approach

B) Parallel simulation

C) Integrated test facility

D) Generalized audit software programming


6) A control which relates to all parts of the IT system is called:

A) a systems control.

B) a general control.

C) an applications control.

D) a universal control.


7) If a control total were to be computed on each of the following data items, which would best be

identified as a hash total for a payroll IT application?

A) Hours worked

 B) Net pay

C) Total debits and total credits

 D) Department numbers


8) Which of the following is not an application control?

A) Separation of duties between computer programmer and operators

B) Reasonableness test for unit selling price of sale

C) Preprocessing authorization of sales transactions

D) Post-processing review of sales transactions by the sales department



9) Auditing standards describe which two broad control groupings for IT systems?

1. General controls.

2. Application controls.

3. Information controls.

4. Performance controls.

A) 1 and 2

 B) 3 and 4

C) 2 and 3

D) 1 and 3


10) The use of encryption techniques protect the security of electronic communication during the:

A) transmission process.

 B) data output process.

C) recording process.

 D) data backup process.


11) The audit procedure which is least useful in gathering evidence on significant computer processes


A) tracing.

B) test data.

C) observation.

D) generalized audit software.


12) The audit approach in which the auditor runs his or her own program on a controlled basis in

order to verify the clients data recorded in a machine language is:

A) the microcomputer-aided auditing approach.

B) the generalized audit software approach.

C) called auditing around the computer.

D) the test data approach.


13) Should the auditor feel, after obtaining an understanding of IT internal control, that control risk

cannot be reduced, he or she will:

A) issue an adverse opinion.

B) increase the sample size for tests of controls.

C) issue a disclaimer.

D) expand the substantive testing portion of the audit.


14) The auditors objective to determine whether the clients computer programs can correctly handle

valid and invalid transactions as they arise is accomplished through the:

A) generally accepted auditing standards.

B) microcomputer-aided auditing approach.

C) test data approach.

D) generalized audit software approach.


15) When the auditor considers only the non-IT controls in assessing control risk, it is commonly

referred to as:

A) the single-stage audit.

B) auditing around the computer.

C) generalized audit software (GAS).

D) the test deck approach.


16) Program-oriented CAATs:

A) allow the auditor to select records for further testing.

B) may be applied regardless of the level of assessed control risk in an application.

C) are useful primarily for substantive procedures.

D) none of the above.



17) Well-controlled organizations segregate key duties within IT. Ideally, this means the following

responsibilities should be separated:

A) IT management separate from operations.

B) IT management separate from data control.

C) IT management separate from systems development.

D) All of the above.


18) Internal control is ineffective when computer programmers:

A) have access to actual programs used to produce accounting information.

B) design documentation for computerized systems.

C) participate in computer software acquisition decisions.

D) request physical security be provided for program files.


19) Pre-designed formats for audit working papers and letters can be created and saved using both

electronic spreadsheets and word processors. These are called:

A) macros.

B) desktop publishing.

C) audit software.

D) templates.


20) Auditors usually evaluate the effectiveness of:

A) sales-cycle controls first.

B) general controls before applications controls.

C) hardware controls first.

D) applications controls first.

Find Similar Answers by Subject

Student Reviews

Rate and review your solution! (Please rate on a Scale of 1 - 5. Top Rating is 5.)

Expert's Answer
Download Solution:

This solution includes:

  • Plain text
  • Cited sources when necessary
  • Attached file(s)
  • Solution Document(s)

You Recently Viewed...

Reach Us