Sunteți pe pagina 1din 28

To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.

com

ACCOUNTING INFORMATION SYSTEMS


CONTROLS AND PROCESSES
TURNER / WEICKGENANNT

CHAPTER 7: Auditing Information Technology-Bases Processes

TEST BANK - CHAPTER 7 - TRUE / FALSE

1. All users of financial data - business managers, investors, creditors, and government agencies
- have an enormous amount of data to use to make decisions. Due to the use of IT systems,
it is easy to verify the accuracy and completeness of the information.

2. In order to properly carry out an audit, accountants collect and evaluate proof of procedures,
transactions, and / or account balances, and compare the information with established criteria.

3. The only person who can perform a financial statement audit of a publicly traded company is a
government auditor who has extensive knowledge of generally accepted accounting principles.

4. Any professionally trained accountant is able to perform an operational audit.

5. An important requirement for CPA firms is that they must be personally involved with the
management of the firm that is being audited.

6. The most common type of audit service is the operating audit performed by internal auditors.

7. All types of auditors should have knowledge about technology-based systems so that they can
properly audit IT systems.

8. A financial statement audit is part of the IT audit.

9. Auditors do not need to be experts on the intricacies of computer systems but they do need to
understand the impact of IT on their clients’ accounting systems and internal controls.

10. A financial statement audit is conducted in order for an opinion to be expressed on the fair
presentation of financial statements in accordance with GAAP. This goal is affected by the
presence or absence of IT accounting systems.

11. The remoteness of information, one of the causes of information risk, can relate to geographic
distance or organizational layers.

12. The most common method for decision makers to reduce information risk is to rely on
information that has been audited by an independent party.

13. Auditors have the primary responsibility to make sure that they comply with international
standards in all cases.

14. There is not much room for professional judgment when performing audits, as a result of the
detailed guidance provided by organizations, such as the PCAOB.
To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com

15. The responsibility for the preparation of the financial statements lies with the auditors.

16. The role of the auditor is to analyze the financial statements to decide whether they are fairly
presented in accordance with GAAP.

17. Management assertions relate to the actual existence and proper valuation of transactions and
account balances.

18. The same audit tests would test for completeness of a liability or an asset.

19. Auditing testing for any single general auditing objective would involve the same testing
techniques even though there are different types of information collected to support different
accounts and transactions.

20. Auditors must think about how the features of their client’s IT systems influence its
management assertions and the general audit objectives even though these matters have little
or no impact on the choice of audit methodologies used.

21. Risk can be inherent in the client’s business, due to things such as the nature of operations, or
may be caused by weak internal controls.

22. Auditors do not need to concern themselves with risks unless there is an indication that there
is an internal control weakness.

23. The auditor’s understanding of internal controls provides the basis for designing appropriate
audit tests to be used in the remaining phases of the audit.

24. The process of evaluating internal controls and designing meaningful audit tests is more
complex for manual systems than for automated systems.

25. Computer-assisted audit techniques are useful audit tools because they make it possible for
auditors to use computers to audit large amounts of evidence in less time.

26. Substantive tests are also referred to as compliance tests.

27. General controls relate to specific software and application controls relate to all aspects of the
IT environment.

28. General controls must be tested before application controls.

29. Systems operators and users should not have access to the IT documentation containing
details about the internal logic of computer systems.

30. Control tests verify whether financial information is accurate, where substantive tests
determine whether the financial information is managed under a system that promotes
accuracy.
To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com

31. Regardless of the results of the control testing, some level of substantive testing must take
place.

32. The use of generalized audit software is especially useful when there are large volumes of
data and when there is a need for accurate information.

33. All of the risks and audit procedures that apply to a PC environment may also exist in
networks, but the risk of less of much lower.

34. Network operations typically involve a large number of computers, many users, and a high
volume of data transfers, so any lack of network controls could cause widespread damage.
Because of this, it is necessary for auditors to apply strict tests to a representative sample of
the network.

35. When audit clients use a database system, the relating data is organized in a consistent
manner which tends to make it easier for auditors to select items for testing.

36. When a client company is using IT outsourcing, and that service center has its own
independent auditors who report on internal control, the third-party report (from the
independent auditors) cannot be used as audit evidence without the auditor performing an
adequate amount of compliance testing.

37. When a client changes the type of hardware or software used or in other ways modifies its IT
environment, the auditors need to test only the new system in order to determine the
effectiveness of the controls.

38. When a client plans to implement new computerized systems, auditors will find it
advantageous to review the new system before it is placed in use.

39. A sample is random when each item in the population has an equal chance of being chosen.

40. Of all the principles and related rules within the AICPA Code of Professional Conduct, the one
that generally receives the most attention is integrity.

41. The Sarbanes-Oxley Act has placed greater restrictions on CPAs by prohibiting certain types of
services historically performed by CPAs for their audit clients.

42. The Sarbanes-Oxley Act decreased management’s responsibilities regarding the fair
presentation of the financial statements.

43. The responsibility of the auditor to search for fraud is less than the responsibility to search for
errors.

44. Even with a good system of internal controls, employee fraud, the theft of assets, may occur
due to collusion of two or more employees to carry out the fraud.

45. Management fraud is the intentional misstatement of financial information and may be difficult
for auditors to find because the perpetrator will attempt to hide the fraud.
To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com

46. The AICPA Code of Professional Conduct is made up of two sections. One section, the rules, is
the foundation for the honorable behavior expected of CPAs while performing professional
duties.

ANSWERS TO TEST BANK – CHAPTER 7 – TRUE / FALSE:

1. F 11. T 21. T 31. T 41. T


2. T 12. T 22. F 32. T 42. F
3. F 13. F 23. T 33. F 43. F
4. T 14. F 24. F 34. F 44. T
5. F 15. F 25. T 35. T 45. T
6. F 16. T 26. F 36. F 46. F
7. T 17. T 27. F 37. F
8. F 18. F 28. T 38. T
9. T 19. F 29. T 39. T
10. F 20. F 30. F 40. F

TEST BANK - CHAPTER 7 - MULTIPLE CHOICE

47. Accounting services that improve the quality of information provided to the decision maker, an
audit being the most common type of this service, is called:
A. Compliance Services
B. Assurance Services
C. Substantive Services
D. Operational Services

48. A type of assurance services that involves accumulating and analyzing support for the
information provided by management is called an:
A. Audit
B. Investigation
C. Financial Statement Examination
D. Control Test

49. The main purpose of an audit is to assure users of the financial information about the:
A. Effectiveness of the internal controls of the company.
B. Selection of the proper GAAP when preparing financial statements.
C. Proper application of GAAS during the examination.
D. Accuracy and completeness of the information.

50. Which of the following is not one of the three primary types of audits?
A. Compliance Audits
B. Financial Statement Audits
C. IT Audits
D. Operational Audits
To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com

51.This type of audit is completed in order to determine whether a client has adhered to the
regulations and policies established by contractual agreements, governmental agencies, or some
other high authority.
A. Compliance Audit
B. Operational Audit
C. Information Audit
D. Financial Statement Audit

52. This type of audit is completed to assess the operating policies and procedures of a client for
efficiency and effectiveness.
A. Efficiency Audit
B. Effectiveness Audit
C. Compliance Audit
D. Operational Audit

53. This type of audit is completed to determine whether or not the client has prepared and
presented its financial statements fairly, in accordance with generally accepted accounting
principles.
A. GAAP Audit
B. Financial Statement Audit
C. Compliance Audit
D. Fair Application Audit

54. This type of auditor is an employee of the company he / she audits.


A. IT Auditor
B. Government Auditor
C. Certified Public Accountant
D. Internal Auditor

55. This type of auditor specializes in the information systems assurance, control, and security.
A. IT Auditor
B. Government Auditor
C. Certified Public Accountant
D. Internal Auditor

56. This type of auditor conducts audits of government agencies or income tax returns.
A. IT Auditor
B. Government Auditor
C. Certified Public Accountant
D. Internal Auditor

57. This type of audit is performed by independent auditors who are objective and neutral with
respect to the company and the information being audited.
A. Compliance Audit
B. Operational Audit
C. Internal Audit
D. External Audit
To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com

58.The independence of a CPA could be impaired by:


A. Having no knowledge of the company or the company management
B. By owning stock of a similar company
C. Having the ability to influence the client’s decisions
D. Being married to a stockbroker

59. The IT environment plays a key role in how auditors conduct their work in all but which of the
following areas:
A. Consideration of Risk
B. Consideration of Information Fairness
C. Design and Performance of Audit Tests
D. Audit Procedures Used

60. The chance that information used by decision makers may be inaccurate is referred to as:
A. Sample Risk
B. Data Risk
C. Audit Trail Risk
D. Information Risk

61. Which of the following is not one of the identified causes of information risk?
A. Audited information
B. Remote information
C. Complexity of data
D. Preparer motive

62. The main reasons that it is necessary to study information-based processing and the related
audit function include:
A. Information users often do not have the time or ability to verify information themselves.
B. It may be difficult for decision makers to verify information contained in a computerized
accounting system.
C. Both of the above.
D. Neither of the above.

63. The existence of IT-based business processes often result in details of transactions being
entered directly into the computer system, results in a lack of physical evidence to visibly view.
This situation is referred to as:
A. Physical Evidence Risk
B. Loss of Audit Trail Visibility
C. Transaction Summary Chart
D. Lack of Evidence View

64. The existence of IT-based business processes, that result in the details of the transactions being
entered directly into the computer system, increases the likelihood of the loss or alternation of
data due to all of the following, except:
A. System Failure
B. Database Destruction
C. Programmer Incompetence
D. Environmental Damage
To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com

65. The advantages of using IT-based accounting systems, where the details of transactions are
entered directly into the computer include:
A. Computer controls can compensate for the lack of manual controls
B. Loss of audit trail view
C. Increased internal controls risks
D. Fewer opportunities to authorize and review transactions

66. The ten standards that provide broad guidelines for an auditor’s professional responsibilities are
referred to as:
A. Generally accepted accounting standards
B. General accounting and auditing practices
C. Generally accepted auditing practices
D. Generally accepted auditing standards

67. The generally accepted auditing standards are divided into three groups. Which of the following
is not one of those groups?
A. General Standards
B. Basic Standards
C. Standards of Fieldwork
D. Standards of Reporting

68. GAAS, generally accepted auditing standards, provide a general framework for conducting
quality audits, but the specific standards - or detailed guidance - are provided by all of the
following groups, except:
A. Public Company Accounting Oversight Board
B. Auditing Standards Board
C. Certified Fraud Examiners
D. International Audit Practices Committee

69. This organization, established by the Sarbanes-Oxley Act, was organized in 2003 for the
purpose of establishing auditing standards for public companies.
A. Auditing Standards Board
B. Public Company Accounting Oversight Board
C. International Audit Practices Committee
D. Information Systems Audit and Control Association

70. This organization is part of the AICPA and was the group responsible for issuing Statements on
Auditing Standards which were historically widely used in practice.
A. Auditing Standards Board
B. Public Company Accounting Oversight Board
C. International Audit Practices Committee
D. Information Systems Audit and Control Association

71. This organization was established by the IFA to set International Standards on Auditing that
contribute to the uniform application of auditing practices on a worldwide basis.
A. International Systems Audit and Control Association
B. Auditing Standards Board
C. Public Company Accounting Oversight Board
D. International Audit Practices Committee
To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com

72. This organization issues guidelines for conducting the IT audit. The standards issued address
practices related to control and security of the IT system.
A. Auditing Standards Board
B. Public Company Accounting Oversight Board
C. International Audit Practices Committee
D. Information Systems Audit and Control Association

73. The audit is to be performed by a person or persons having adequate technical training and
proficiency as an auditor. This is one of the generally accepted auditing standards that is part of
the:
A. General Standards
B. Operating Standards
C. Fieldwork Standards
D. Reporting Standards

74. Independence in mental attitude is to be maintained in all matters related to the audit
engagement. This is one of the generally accepted auditing standards that is part of the:
A. General Standards
B. Operating Standards
C. Fieldwork Standards
D. Reporting Standards

75. The general guidelines, known as the generally accepted auditing standards, which include the
concepts of adequate planning and supervision, internal control, and evidence relate to the:
A. General Standards
B. Operating Standards
C. Fieldwork Standards
D. Reporting Standards

76. The general guidelines, known as the generally accepted auditing standards, which include the
concepts of presentation in accordance with GAAP, the consistent application of GAAP, adequate
disclosure, and the expression of an opinion, relate to the:
A. General Standards
B. Operating Standards
C. Fieldwork Standards
D. Reporting Standards

77. Although there a number of organizations that provide detailed guidance, it is still necessary for
auditors to rely on other direction regarding the types of audit tests to use and the manner in
which the conclusions are drawn. These sources of information include:
A. Industry Guidelines
B. PCAOB
C. ASB
D. ASACA
To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com

78. Claims regarding the financial condition of the business organization and results of its operations
are referred to as:
A. Financial Statements
B. Management Assertions
C. External Audit
D. Presentation and Disclosure

79. Audit tests developed for an audit client are documented in a(n):
A. Audit Program
B. Audit Objective
C. Management Assertion
D. General Objectives

80. The management assertion related to valuation of transactions and account balances would
include all of the following, except:
A. Accurate in terms of dollar amounts and quantities
B. Classified properly
C. Real
D. Correctly summarized

81. There are four primary phases of the IT audit. Which of the following is not one of those
phases?
A. Planning
B. Evidence Audit
C. Tests of Controls
D. Substantive Tests

82. The proof of the fairness of the financial information is:


A. Tests of Controls
B. Substantive Tests
C. Audit Completion
D. Evidence

83. Techniques used for gathering evidence include all of the following, except:
A. Physical examination of assets or supporting documentation
B. Observing activities
C. Adequate planning and supervision
D. Analyzing financial relations relationship

84. During this phase of the audit, the auditor must gain a thorough understanding of the client’s
business and financial reporting systems. When completing this phase, the auditors review and
assess the risks and controls related to the business.
A. Tests of Controls
B. Substantive Tests
C. Audit Completion / Reporting
D. Audit Planning
To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com

85. During the planning phase of the audit, auditors estimate the monetary amounts that are large
enough to make a difference in decision making. This amount is referred to as:
A. Risk
B. Materiality
C. Substantive
D. Sampling

86. The likelihood that errors or fraud may occur is referred to as:
A. Risk
B. Materiality
C. Control Tests
D. Sampling

87. A large part of the work performed by an auditor in the audit planning process is the gathering
of evidence about the company’s internal controls. This can be completed in any of the
following ways, except:
A. Interviewing key members of the accounting and IT staff.
B. Observing policies and procedures
C. Review IT user manuals and systems
D. Preparing memos to summarize their findings

88. The Accounting Standards Board issued the following SAS in recognition of the fact that
accounting records and files often exist in electronic form. The statement was issued in 2001 to
expand the historical concept of audit evidence to include electronic evidence.
A. SAS 82
B. SAS 86
C. SAS 94
D. SAS 101

89. The Accounting Standard Board issued an SAS, called “The Effect of Information Technology on
the Auditor’s Consideration of Internal Control in a Financial Statement Audit”, to describe the
importance of understanding both the automated and manual procedures that make up an
organization’s internal controls and considers how misstatements may occur, including all of the
following, except:
A. How transactions are entered into the computer
B. How financial statement are printed from the computer
C. How nonstandard journal entries and adjusting entries are initiated, recorded, and
processed.
D. How standard journal entries are initiated, recorded, and processed.

90. As the result of the guidance provided in SAS 94, the auditors may decide that IT auditors may
need to be called in to:
A. Consider the effects of computer processing on the audit.
B. To assist in testing the automated processes.
C. Both of the above.
D. None of the above.
To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com

91. Many companies design their IT system so that all documents and reports can be retrieved from
the system in readable form. Auditors can then compare the documents used to input the data
into the system with reports generated from the system, without gaining any extensive
knowledge of the computer system and does not require the evaluation of computer controls.
This process is referred to as:
A. Auditing through the system
B. Auditing around the system
C. Computer assisted audit techniques
D. Auditing with the computer

92. This approach, referred to as the whitebox approach, requires auditors to evaluate IT controls
and processing so that they can determine whether the information generated from the system
is reliable.
A. Auditing through the system
B. Auditing around the system
C. Computer assisted audit techniques
D. Auditing with the computer

93. The IT auditing approach referred to as “Auditing through the system” is necessary under which
of the following conditions?
A. Supporting documents are available in both electronic and paper form.
B. The auditor does not require evaluation of computer controls.
C. The auditor wants to test computer controls as a basis for evaluating risk and reducing the
amount of audit testing required.
D. The use of the IT system has a low impact on the conduct of the audit.

94. Audit procedures designed to evaluate both general controls and application controls are
referred to as:
A. Substantive Tests
B. Audit Planning
C. IT Auditing
D. Test of Controls

95. The automated controls that affect all computer applications are referred to as:
A. General Controls
B. Specific Controls
C. Input Controls
D. Application Controls

96. The two broad categories of general controls that relate to IT systems include which of the
following:
A. IT systems documentation
B. IT administration and the related operating systems development and maintenance
processes
C. Authenticity table
D. Computer security and virus protection
To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com

97. Related audit tests to review the existence and communication of company policies regarding
important aspects of IT administrative control include all of the following, except:
A. Personal accountability and segregation of incompatible responsibilities
B. Job description and clear lines of authority
C. Prevention of unauthorized access
D. IT systems documentation

98. Controls meant to prevent the destruction of information as the result of unauthorized access to
the IT system are referred to as:
A. IT administration
B. System controls
C. Information administration
D. Security controls

99. Auditors should perform this type of test to determine the valid use of the client’s computer
system, according to the authority tables.
A. Authenticity tests
B. Penetration tests
C. Vulnerability assessments
D. IT systems documentation

100. These tests of the security controls involve various methods of entering the client’s system to
determine whether controls are working as intended.
A. Authenticity tests
B. Penetration tests
C. Vulnerability assessments
D. IT systems documentation

101. These tests of security controls analyze a company’s control environment for possible
weaknesses. Special software programs are available to help auditors identify weak points in
their client’s security measures.
A. Authenticity tests
B. Penetration tests
C. Vulnerability assessments
D. IT systems documentation

102. One of the most effective ways a client can protect its computer system is to place physical
controls in the computer center. Physical controls include all of the following, except:
A. Proper temperature control
B. Locks
C. Security guards
D. Cameras

103. One of the most effect ways a client can protect its computer system is to place environmental
controls in the computer center. Environmental controls include:
A. Card keys
B. Emergency power supply
C. Alarms
D. Security guards
To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com

104. This type of application control is performed to verify the accuracy and completeness of
information entered into software programs. Auditors are concerned about whether errors are
being prevented and detected during this stage of data processing.
A. Security controls
B. Processing controls
C. Input controls
D. Output controls

105. IT audit procedures typically include a combination of data accuracy tests where the data
processed by computer applications are reviewed for correct dollar amounts or other numerical
values. These procedures are referred to as:
A. Security controls
B. Processing controls
C. Input controls
D. Output controls

106. This type of processing control test involves a comparison of different items that are expected to
have the same values, such as comparing two batches or comparing actual data against a
predetermined control total.
A. Validation Checks
B. Batch Totals
C. Run-to-Run Totals
D. Balancing Tests

107. This is one of the computer-assisted audit techniques, related to processing controls, that
involves processing client data through a controlled program designed to resemble the client’s
application. This test is run to find out whether the same results are achieved under different
systems.
A. Integrated Test Facility
B. Embedded Audit Module
C. Parallel Simulation
D. Test Data Method

108. Regardless of whether the results are printed or retained electronically, auditors may perform all
of the following procedures to test application outputs, except:
A. Integrated Tests
B. Reasonableness Tests
C. Audit Trail Tests
D. Rounding Errors Tests

109. The auditor’s test of the accuracy of monetary amounts of transactions and account balances is
known as:
A. Testing of controls
B. Substantive tests
C. Compliance tests
D. Application tests
To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com

110. Real-time financial reporting has created the need for this type of auditing, where auditors
constantly analyze audit evidence and provide assurance on the related financial information as
soon as it occurs or shortly thereafter.
A. Real-time auditing
B. Virtual auditing
C. E-auditing
D. Continuous auditing

111. This phase of auditing occurs when the auditors evaluate all the evidence that has been
accumulated and makes a conclusion based on that evidence.
A. Tests of Controls
B. Audit Planning
C. Audit Completion / Reporting
D. Substantive Testing

112. This piece of audit evidence is often considered to be the most important because it is a signed
acknowledgment of management’s responsibility for the fair presentation of the financial
statements and a declaration that they have provided complete and accurate information to the
auditors during all phases of the audit.
A. Letter of Representation
B. Audit Report
C. Encounter Statement
D. Auditors Contract

113. Which of the following is a proper description of an auditor report?


A. Unqualified opinion - identifies certain exceptions to the clean opinion.
B. Adverse opinion - notes that there are material misstatements presented.
C. Qualified opinion - states that the auditors believe the financial statements are fairly and
consistently presented in accordance with GAAP.
D. Unqualified opinion - states that the auditors were not able to reach a conclusion.

114. When PCs are used for accounting instead of mainframes or client-server system, they face a
greater risk of loss due to which of the following:
A. Authorized access
B. Segregation of duties
C. Lack of backup control
D. All of the above

115. When client companies rely on external, independent computer service centers to handle all or
part of their IT needs it is referred to as:
A. External Processing
B. WAN Processing
C. Database Management System
D. IT Outsourcing
To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com

116. Because it is not possible to test all transactions and balances, auditors rely on this to choose
and test a limited number of items and transactions and then make conclusions about the
balance as a whole.
A. Sampling
B. Materiality
C. Compliance
D. Substance

117. The AICPA Code of Professional Conduct, commonly called the Code of Ethics, is made up of
two sections. Which of the following correctly states the two sections?
A. Integrity and responsibility
B. Principles and rules
C. Objectivity and independence
D. Scope and nature

118. The rule in the AICPA Code of Professional Conduct that is referred to as Responsibilities, can be
stated as:
A. CPAs should act in a way that will serve the public interest, honor the public trust, and
demonstrate commitment to professionalism.
B. To maintain and broaden public confidence, CPAs should perform their professional duties
with the highest sense of integrity.
C. In carrying out their professional duties, CPAs should exercise sensitive professional and
moral judgments in all their activities.
D. CPAs in public practice should observe the principles of the Code of Professional Conduct in
determining the scope and nature of services to be provided.

119. This concept means that the auditors should not automatically assume that their clients are
honest, but that they (the auditors) must have a questioning mind and a persistent approach to
evaluating evidence for possible misstatements.
A. Independence
B. Integrity
C. Due Care
D. Professional Skepticism
To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com

ANSWERS TO TEST BANK – CHAPTER 7 – MULTIPLE CHOICE:

47. B 62. C 77. A 92. A 107. C


48. A 63. B 78. B 93. C 108. A
49. D 64. C 79. A 94. D 109. B
50. C 65. A 80. C 95. A 110. D
51. A 66. D 81. B 96. B 111. C
52. D 67. B 82. D 97. C 112. A
53. B 68. C 83. C 98. D 113. B
54. D 69. B 84. D 99. A 114. C
55. A 70. A 85. B 100. B 115. D
56. B 71. D 86. A 101. C 116. A
57. D 72. D 87. D 102. A 117. B
58. C 73. A 88. C 103. B 118. C
59. B 74. A 89. B 104. C 119. D
60. D 75. C 90. C 105. B
61. A 76. D 91. B 106. D

TEST BANK - CHAPTER 7 – END OF CHAPTER QUESTIONS:

120. Which of the following types of audits is most likely to be conducted for the purpose of
identifying areas for cost savings?
A. Financial Statement Audits
B. Operational Audits
C. Regulatory Audits
D. Compliance Audits

121. Financial statement audits are required to be performed by:


A. Governmental Auditors
B. CPAs
C. Internal Auditors
D. IT Auditors

122. Which of the following is not considered a cause for information risk?
A. Management’s geographic location is far from the source of the information needed to
make effective decisions.
B. The information is collected and prepared by persons who use the information for very
different purposes.
C. The information relates to business activities that are not well understood by those who
collect and summarize the information for decision makers.
D. The information has been tested by internal auditors and a CPA firm.
To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com

123. Which of the following is not a part of general accepted auditing standards?
A. General Standards
B. Standards of Fieldwork
C. Standards of Information Systems
D. Standards of Reporting

124. Which of the following best describes what is meant by the term “generally accepted auditing
standards”?
A. Procedures used to gather evidence to support the accuracy of a client’s financial
statements.
B. Measures of the quality of an auditor’s conduct.
C. Professional pronouncements issued by the Auditing Standards Board.
D. Rules acknowledged by the accounting profession because of their widespread application.

125. In an audit of financial statement in accordance with generally accepted auditing standards, an
auditor is required to:
A. Document the auditor’s understanding of the client company’s internal controls.
B. Search for weaknesses in the operation of the client company’s internal controls.
C. Perform tests of controls to evaluate the effectiveness of the client company’s internal
controls.
D. Determine whether controls are appropriately designed to prevent or detect material
misstatements.

126. Auditors should design a written audit program so that:


A. All material transactions will be included in substantive testing.
B. Substantive testing performed prior to year end will be minimized.
C. The procedures will achieve specific audit objectives related to specific management
assertions.
D. Each account balance will be tested under either a substantive test or a test of controls.

127. Which of the following audit objectives relates to the management assertion of existence?
A. A transaction is recorded in the proper period.
B. A transaction actually occurred (i.e., it is real)
C. A transaction is properly presented in the financial statements.
D. A transaction is supported by detailed evidence.

128. Which of the following statements regarding an audit program is true?


A. A standard audit program should be developed for use on any client engagement.
B. The audit program should be completed by the client company before the audit planning
stage begins.
C. An audit program should be developed by the internal auditor before audit testing begins.
D. An audit program establishes responsibility for each audit test by requiring the signature or
initials of the auditor who performed the test.
To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com

129. Risk assessment is a process designed to:


A. Identify possible events that may affect the business.
B. Establish policies and procedures to carry out internal controls.
C. Identify and capture information in a timely manner.
D. Review the quality of internal controls throughout the year.

130. Which of the following audit procedures is most likely to be performed during the planning
phase of the audit?
A. Obtain an understanding of the client’s risk assessment process.
B. Identify specific internal control activities that are designed to prevent fraud.
C. Evaluate the reasonableness of the client’s accounting estimates.
D. Test the timely cutoff of cash payments and collections.

131. Which of the following is the most significant disadvantage of auditing around the computer
rather than through the computer?
A. The time involved in testing processing controls is significant.
B. The cost involved in testing processing controls is significant.
C. A portion of the audit trail is not tested.
D. The technical expertise required to test processing controls is extensive.

132. The primary objective of compliance testing in a financial statement audit is to determine
whether:
A. Procedures have been updated regularly.
B. Financial statement amounts are accurately stated.
C. Internal controls are functioning as designed.
D. Collusion is taking place.

133. Which of the following computer assisted auditing techniques processes actual client input data
(or a copy of the real data) on a controlled program under the auditor’s control to periodically
test controls in the client’s computer system?
A. Test data method
B. Embedded audit module
C. Integrated test facility
D. Parallel simulation

134. Which of the following computer assisted auditing techniques allows fictitious and real
transactions to be processed together without client personnel being aware of the testing
process?
A. Test data method
B. Embedded audit module
C. Integrated test facility
D. Parallel simulation
To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com

135. Which of the following is a general control to test for external access to a client’s computerized
systems?
A. Penetration tests
B. Hash totals
C. Field checks
D. Program tracing

136. Suppose that during the planning phase of an audit, the auditor determines that weaknesses
exist in the client’s computerized systems. These weaknesses make the client company
susceptible to the risk of an unauthorized break-in. Which type of audit procedures should be
emphasized in the remaining phases of this audit?
A. Tests of controls
B. Penetration tests
C. Substantive tests
D. Rounding errors tests

137. Generalized audit software can be used to:


A. Examine the consistency of data maintained on computer files.
B. Perform audit tests of multiple computer files concurrently.
C. Verify the processing logic of operating system software.
D. Process test data against master files that contain both real and fictitious data.

138. Independent auditors are generally actively involved in each of the following tasks except:
A. Preparation of a client’s financial statements and accompanying notes.
B. Advising client management as to the applicability of a new accounting standard.
C. Proposing adjustments to a client’s financial statements.
D. Advising client management about the presentation of the financial statements.

139. Which of the following is most likely to be an attribute unique to the audit work of CPAs,
compared with work performed by attorneys or practitioners of other business professions?
A. Due professional care
B. Competence
C. Independence
D. A complex underlying body of professional knowledge

140. Which of the following terms in not associated with the auditor’s requirement to maintain
independence?
A. Objectivity
B. Neutrality
C. Professional Skepticism
D. Competence
To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com

ANSWERS TO TEST BANK - CHAPTER 7 – END OF CHAPTER QUESTIONS

120. B 126. C 132. C 138. A


121. B 127. B 133. D 139. C
122. D 128. D 134. C 140. D
123. C 129. A 135. A
124. B 130. A 136. C
125. A 131. C 137. A

TEST BANK - CHAPTER 7 – SHORT ANSWER QUESTIONS

141. What are assurance services? What value do assurance services provide?
Answer: Assurance services are accounting services that improve the quality of information. Many
services performed by accountants are valued because they lend credibility to financial
information.

142. Differentiate between a compliance audit and an operational audit.


Answer: A compliance audit is a form of assurance service that involves accumulating and
analyzing information to determine whether a company has complied with regulations and policies
established by contractual agreements, governmental agencies, company management, or other
high authority. Operational audits assess operating policies and procedures for efficiency and
effectiveness.

143. Which type of audit is most likely to be performed by government auditors? Which type of audit
is most likely to be performed by internal auditors?
Answer: Governmental auditors are most likely to perform compliance audits, and internal
auditors are most likely to perform operational audits.

144. Identify the three areas of an auditor’s work that are significantly impacted by the presence of
IT accounting systems.
Answer: The IT environment plays a key role in how auditors conduct their work in the following
areas:
• consideration of risk
• determination of audit procedures to be used to obtain knowledge of the accounting and
internal control systems
• design and performance of audit tests.

145. Describe the three causes of information risk.


Answer: Information risk is caused by:
• Remote information; for instance, when the source of information is removed from the
decision maker, it stands a greater chance of being misstated.
• Large volumes of information or complex information.
• Variations in viewpoints or incentives of the preparer.
To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com

146. Explain how an audit trail might get “lost” within a computerized system.
Answer: Loss of an audit trail occurs when there is a lack of physical evidence to view in support
of a transaction. This may occur when the details of accounting transactions are entered directly
into the computer system, with no supporting paper documents. If there is a system failure,
database destruction, unauthorized access, or environmental damage, the information processed
under such a system may be lost or altered.

147. Explain how the presence of IT processes can improve the quality of information that
management uses for decision making.
Answer: IT processes tend to provide information in a timely and efficient manner. This enhances
management’s ability to make effective decisions, which is the essence of quality of information.

148. Distinguish among the focuses of the GAAS standards of fieldwork and standards of reporting.
Answer: The standards of fieldwork provide general guidelines for performing the audit. They
address the importance of planning and supervision, understanding internal controls, and
evidence accumulation. The standards of reporting address the auditor’s requirements for
communicating the audit results in writing, including the reference to GAAP, consistency,
adequate disclosures, and the expression of an overall opinion on the fairness of the financial
statements.

149. Which professional standard-setting organization provides guidance on the conduct of an IT


audit?
Answer: The Information Systems Audit and Control Association (ISACA) is responsible for issuing
Information Systems Auditing Standards (ISASs), which provide guidelines for conducting an IT
audit.

150. If management is responsible for its own financial statements, why are auditors important?
Answer: Auditors are important because they are responsible for analyzing financial statements to
decide whether they are fairly stated and presented in accordance with GAAP. Since the financial
statements are prepared by managers of the company, the role of auditors is to reduce
information risk associated with those financial statements. To accomplish this, auditors design
tests to analyze information supporting the financial statements in order to determine whether
management’s assertions are valid.

151. List the techniques used for gathering evidence.


Answer: The techniques used for gathering evidence include the following:
• physically examining or inspecting assets or supporting documentation
• obtaining written confirmation from an independent source
• rechecking or recalculating information
• observing activities
• making inquiries of company personnel
• analyzing financial relationships and making comparisons to determine reasonableness

152. During which phase of an audit would an auditor consider risk assessment and materiality?
Answer: Risk assessment and materiality are considered during the planning phase of an audit.
To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com

153. What is the significance of Statement on Auditing Standards No. 94?


Answer: SAS 94, “The Effect of Information Technology on the Auditor’s Consideration of Internal
Control in a Financial Statement Audit”, is significant because it describes the importance of
understanding both the automated and manual procedures that make up a company’s internal
controls. It also provides guidance to assist an auditor in determining whether an IT audit
specialist may be needed for the audit.

154. Distinguish between auditing through the computer and auditing with the computer.
Answer: When are auditors required to audit through the computer as opposed to auditing around
the computer? Auditing through the computer involves directly testing internal controls within the
IT system, which requires the auditors to understand the computer system logic. Auditing through
the computer is necessary when the auditor wants to test computer controls as a basis for
evaluating risk and reducing the amount of audit testing required, and when supporting
documents are available only in electronic form. Auditing with the computer involves auditors
using their own systems, software, and computer-assisted audit techniques to help conduct an
audit

155. Explain why it is customary to complete the testing of general controls before testing application
controls.
Answer: Since general controls are the automated controls that affect all computer applications,
the reliability of general controls must be established before application controls are tested. The
effectiveness of general controls is considered the foundation for the IT control environment. If
there are problems with the effectiveness of general controls, auditors will not devote attention to
the testing of application controls; rather, they will reevaluate the audit approach with reduced
reliance on controls.

156. Identify four important aspects of administrative control in an IT environment.


Answer: Four important aspects of administrative control include:
• personal accountability and segregation of incompatible responsibilities
• job descriptions and clear lines of authority
• computer security and virus protection
• IT systems documentation

157. Think about a place you have worked where computers were present. What are some physical
and environmental controls that you have observed in the workplace? Provide at least two
examples of each from your personal experience.
Answer: Student’s responses are likely to vary greatly. Examples of physical controls may include
card keys and configuration tables, as well as other physical security features such as locked
doors, etc. Environmental controls may include temperature and humidity controls, fire, flood,
earthquake controls, or measures to ensure a consistent power supply.

158. Batch totals and hash totals are common input controls. Considering the fact that hash totals
can be used with batch processing, differentiate between these two types of controls.
Answer: Both batch totals and hash totals are mathematical sums of data that can be used to
determine whether there may be missing data. However, batch totals are meaningful because
they provide summations of dollar amounts or item counts for a journal entry used in the financial
accounting system, whereas hash totals are not relevant to the financial accounting system (i.e.,
the hash totals are used only for their control purpose and have no other numerical significance).
To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com

159. The test data method and an integrated test facility are similar in that they are both tests of
applications controls and they both rely on the use of test data. Explain the difference between
these two audit techniques.
Answer: The test data method tests the processing accuracy of software applications by using the
company’s own computer system to process fictitious information developed by the auditors. The
results of the test must be compared with predicted results. An integrated test facility also tests
processing applications, but can accomplish this without disrupting the company’s operations. An
integrated test facility inputs fictitious data along with the company’s actual data, and tests it
using the client’s own computer system. The testing occurs simultaneously with the company’s
actual transaction processing.

160. Explain the necessity for performing substantive testing even for audit clients with strong
internal controls and sophisticated IT systems.
Answer: Since substantive testing determines whether financial information is accurate, it is
necessary for all financial statement audits. Control testing establishes whether the system
promotes accuracy, while substantive testing verifies the monetary amounts of transactions and
account balances. Even if controls are found to be effective, there still needs to be some testing
to make sure that the amounts of transactions and account balances have actually been recorded
fairly.

161. What kinds of audit tools are used to perform routine tests on electronic data files taken from
databases? List the types of tests that can be performed with these tools.
Answer: CPA firms use generalized audit software (GAS) or data analysis software (DAS) to
perform audit tests on electronic data files taken from commonly used database systems. These
tools help auditors perform routine testing in an efficient manner. The types of tests that can be
performed using GAS or DAS include:
• mathematical and statistical calculations
• data queries
• identification of missing items in a sequence
• stratification and comparison of data items
• selection of items of interest from the data files
• summarization of testing results into a useful format for decision making

162. Which of the four types of audit reports is the most favorable for an audit client? Which is the
least favorable?
Answer: An unqualified audit report is the most favorable because it expresses reasonable
assurance that the underlying financial statements are fairly stated in all material respects. On the
other hand, an adverse opinion is the least favorable report because it indicates the presence of
material misstatements in the underlying financial statements.

163. Why is it so important to obtain a letter of representations from an audit client?


Answer: The letter of representations is so important because it is management’s
acknowledgement of its primary responsibility for the fair presentation of the financial statements.
In this letter, management must declare that it has provided complete and accurate information
to its auditors during all phases of the audit. This serves as a significant piece of audit evidence.
To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com

164. How can auditors evaluate internal controls when their clients use IT outsourcing?
Answer: When a company uses IT outsourcing, auditors must still evaluate internal controls. This
may be accomplished by relying upon a third-party report from the independent auditor of the
outsourcing center, or it can audit around the computer, or it can test controls at the outsourcing
center.

165. An auditor’s characteristic of professional skepticism is most closely associated with which
ethical principle of the AICPA Code of Professional Conduct?
Answer: Professional skepticism is most closely associated with the principle of Objectivity and
Independence. Professional skepticism means that auditors should have a questioning mind and a
persistent approach for evaluating financial information for the possibility of misstatements. This is
closely related to the notion of objectivity and independence in its requirements for being free of
conflicts of interest.

TEST BANK - CHAPTER 7 – SHORT ESSAY

166. Why is it necessary for a CPA to be prohibited from having financial or personal connections
with a client? Provide an example of how a financial connection to a company would impair an
auditor’s objectivity. Provide an example of how a personal relationship might impair an
auditor’s objectivity.
Answer: An auditor should not have any financial or personal connections with a client company
because they could impair his/her objectivity. It would be difficult for an auditor to be free of bias
if he/she were to have a financial or personal relationship with the company or one of its
associates. For example, if an auditor owned stock in a client company, the auditor would stand
to benefit financially if the company’s financial statements included and unqualified audit report,
as this favorable opinion could lead to favorable results for the company such as paying a
dividend, obtaining financing, etc. Additionally, if an auditor had a family member or other close
personal relationship with someone who works for the company, the auditor’s independence may
be impaired due to the knowledge that the family member or other person may be financially
dependent upon the company or may have played a significant role in the preparation of the
financial statements.

167. From an internal control perspective, discuss the advantages and disadvantages of using IT-
based accounting systems.
Answer: The advantages of using IT-based accounting systems are the improvements in internal
control due to the reduction of human error and increase in speed. The disadvantages include the
loss of audit trail visibility, increased likelihood of lost or altered data, lack of segregation of
duties, and fewer opportunities for authorization and review of transactions.

168. Explain why standards of fieldwork for GAAS are not particularly helpful to an auditor who is
trying to determine the types of testing to be used on an audit engagement.
Answer: GAAS provides a general framework that is not specific enough to provide specific
guidance in the actual performance of an audit. For detailed guidance, auditors rely upon
standards issued by the PCAOB, the ASB, the IAPC, and ISACA.
To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com

169. Tyrone and Tyson are assigned to perform the audit of Tylen Company. During the audit, it was
discovered that the amount of sales reported on Tylen’s income statement was understated
because one week’s sales transactions were not recorded due to a computer glitch. Tyrone
claims that this problem represents a violation of the management assertion regarding
existence, because the reported account balance was not real. Tyson argues that the
completeness assertion was violated, because relevant data was omitted from the records.
Which auditor is correct? Explain your answer.
Answer: The completeness assertion is concerned with possible omissions from the accounting
records and the related understatements of financial information; in other words, it asserts that all
valid transactions have been recorded. Accordingly, Tyson’s argument is correct. Tyrone’s
argument is not correct because the existence assertion is concerned with the possibility of
fictitious transactions and the related overstatements of financial information.

170. One of the most important tasks of the planning phase is for the auditor to gain an
understanding of internal controls. How does this differ from the tasks performed during the
tests of controls phase?
Answer: During the planning phase of an audit, auditors must gain an understanding of internal
controls in order to determine whether the controls can be relied upon as a basis for reducing the
extent of substantive testing to be performed. Understanding of internal controls is the basis for
the fundamental decision regarding the strategy of the audit. It also impacts the auditor’s risk
assessment and establishment of materiality. During the tests of controls phase, the auditor goes
beyond the understanding of the internal controls and actually evaluates the effectiveness of
those controls.

171. How is it possible that a review of computer logs can be used to test for both internal access
controls and external access controls?
Answer: Other than reviewing the computer logs, identify and describe two types of audit
procedures performed to test internal access controls, and two types of audit procedures
performed to test external access controls. Internal access controls can be evaluated by
reviewing computer logs for the existence of login failures or unusual activity, and to gauge
access times for reasonableness in light of the types of tasks performed. Internal access controls
can also be tested by reviewing the company’s policies regarding segregation of IT duties and
other IT controls, and can test those controls to determine whether access is being limited in
accordance with the company’s policies. In addition, auditors may perform authenticity testing to
evaluate the authority tables and determine whether only authorized employees are provided
access to IT systems.
Computer logs can also be reviewed to evaluate external access controls, as the logs may
identify unauthorized users and failed access attempts. External access controls may also be
tested through authenticity tests, penetrations tests, and vulnerability assessments. Authenticity
tests, as described above, determine whether access has been limited to those included in the
company’s authority tables. Penetration tests involve the auditor trying to gain unauthorized
access to the client’s system, by attempting to penetrate its firewall. Vulnerability assessments are
tests aimed at identifying weak points in the company’s IT systems where unauthorized access
may occur, such as through a firewall or due to problems in the encryption techniques.
To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com

172. Explain why continuous auditing is growing in popularity. Identify and describe a computer-
assisted audit technique useful for continuous auditing.
Answer: Continuous auditing has increased in popularity due to the increase in e-commerce. Real-
time financial reporting has created the need for continuous auditing, whereby auditors
continuously analyze evidence and provide assurance on the related financial information as soon
as it occurs or shortly thereafter. The embedded audit module is a computer-assisted audit
technique that accomplishes continuous auditing. The embedded audit module approach involves
placing special audit testing programs within a company’s operating system These test modules
search the data and analyze transactions or account balances that meet specified conditions of
interest to the auditor.

173. Each of the principles of the AICPA Code of Professional Conduct relates to the trustworthiness
of the CPA. Distinguish between the third principle (integrity) and the fourth principle (objectivity
and independence).
Answer: Integrity related closely to honesty and performing duties with a high sense of due care.
Objectivity and independence are more concerned with the attitude of skepticism in approaching
duties. This involves being unbiased and free of any conflicts of interest.

TEST BANK - CHAPTER 7 – PROBLEMS

174. Match the standard-setting bodies with their purpose.


Answer:
I. c.
II. a.
III. d.
IV. b.

175. Identify whether the following audit tests are used to evaluate internal access controls (I),
external access controls (E), or both (B): authenticity, penetration, vulnerability assessments,
review of access logs, and review of policies concerning the issuance of passwords and security
tokens.
Answer:
• Authenticity tests (B)
• Penetration tests (E)
• Vulnerability assessments (E)
• Review of access logs (B)
• Review of policies concerning the issuance of passwords and security tokens (I)

176. Refer to the notes payable audit program excerpt presented in Exhibit 7-3. If an auditor had a
copy of his client’s data file for its notes receivable, how could a general audit software or data
analysis software package be used to assist with these audit tests?
Answer: GAS and DAS could assist auditors in testing notes payable by performing mathematical
calculations of interest amounts, stratification of amounts into current and long-term categories
according to maturity dates, and performing ratio calculations as may be needed to assess
compliance with restrictions.
To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com

177. In order to preserve auditor independence, the Sarbanes-Oxley Act of 2002 restricts the types of
nonaudit services that auditors can perform for their public-company audit clients.
Answer: The list includes nine types of services that are prohibited because they are deemed to
impair an auditor’s independence. Included in the list are the following:
• financial information systems design and implementation
• internal audit outsourcing
Describe how an auditor’s independence could be impaired if she performed IT design and
implementation functions for her audit client. Likewise, how could an auditor’s involvement with
internal audit outsourcing impair her independence with respect to auditing the same company?
Both of these scenarios would place the auditor in a position of auditing his/her own work.
Auditors could not maintain independence if they are involved in both the IT design and
implementation as well as the financial statement audit. To the extent that the IT system impacts
financial reporting, an auditor could not possibly be unbiased with respect to a system that he/she
had designed and implemented. Likewise, auditors are not likely to be unbiased with respect to
performing a financial statement audit for the same company as he/she performed internal audit
work. Any evaluations performed during the internal audit engagement are likely to have a
bearing on the auditor’s professional attitude while performing the financial statement audit.

178. Visit the AICPA website at www.aicpa.org and click on Becoming a CPA/Academic Resources.
Use the Careers in Accounting tab to locate information on audit careers.
Answer: The AICPA website presents information on various career paths, including public
accounting (audit, taxation, financial planning, etc.), business and industry, governmental
accounting, not-for-profit accounting, education, and entrepreneurship. Some specialty areas
include forensic accounting, environmental accounting, and showbiz accounting.
To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com

179. Visit the ISACA website at www.isaca.org and click the Students and Educators tab and then the
IT Audit Basics tab to find articles covering topics concerning the audit process. Locate an article
on each of the following topics and answer the related question: a) Identify and briefly describe
the four categories of CAATs, b) List the factors that contribute to the formation of due care in
an auditor.
Answer:
a. Identify and briefly describe the four categories of CAATs. The four categories include1:
• data analysis software, including GAS and DAS
• Network security evaluation software/utilities
• OS and DBMS security evaluation software/utilities
• Software and code testing tools
b. List the factors that contribute to the formation of due care in an auditor include2:
• peer review
• auditor conduct
• communication
• technical competence
• judgment
• business knowledge
• training
• certification
• standards
• independence
• continuous reassessment
• high ethical standards

180. Refer to the example presented in this chapter describing frauds perpetrated by top managers
in large companies like Enron, Xerox, and WorldCom. Perform an Internet search to determine
the nature of Xerox’s management fraud scheme and to find out what happened to the
company after the problems were discovered.
Answer: Xerox’s fraud involved earnings management or manipulation of the financial statements
in order to boost earnings. This occurred at Xerox to the tune of hundreds of millions of dollars
and involved various accounting tricks to hide the company’s true financial performance so that it
would meet or beat Wall Street expectations. The most significant trick was the premature
recording of revenues. Upon discovery of the fraud, the SEC filed a $10 million civil suit against
Xerox, the largest fine in SEC history. In addition, Xerox had to restate its earnings from 1997
through 2001.

1
“Using CAATs to Support IS Audit” by S. Anantha Sayana for Information Systems Control Journal, Vol. 1, 2003.
2
“Due Professional Care” by Frederick Gallegos for Information Systems Control Journal, Vol, 2, 2002.

S-ar putea să vă placă și