Accountancy Department

NAME :
PROFESSOR :

GENERAL INSTRUCTIONS. (Points will be deducted for any violation.)

1. Write your name on the test questionnaire and the scannable form.
2. Use black or blue pen only. Pencils are not allowed.
3. Do not detach any portion of the questionnaire.
4. Anyone caught cheating will have a grade of 0.0 in the course.
5. IPods, cellular phone, laptops and other similar gadgets and communication devices are not allowed
during the quiz.
6. Read the instructions carefully before you start.
7. Any question regarding the quiz shall be addressed directly to the proctor only.

I. Multiple Matching Type (30 pts). Match the idea or situation expressed in group 2 to the
most appropriate term found in the five columns of group 1. Shade the column letter
of your choice on your scannable answer sheet.

Group 1

A B C D E
CAATs Step 1 CAATs Step 2 CAATs Step 3 CAATs Step 4 CAATs Step 5
CAATs Step 6 CAATs Step 7 CAATs Step 8 CAATs Step 9 CAATs Step 10
Transaction Approach Integrated Test Generalized Electronic Data
Log Facility Audit Software Interchange
Entered Passwords User Controls Input Editing White-box test
Tracing Run-to-run Total Program Testing Control Risk Validity check
Black-box Simultaneously Application Complex Audit
Approach Productivity
Software

Group 2

1. Although computerized data processing does not affect audit objectives, the auditor may need to
modify the audit ____ , given complex CBIS applications. EXAMPLE ANSWER:
APPROACH (B)

2. In a batch processing system transactions are processed in groups, whereas in a real-time system
transactions are entered as they occur and are processed as they are ______________.

3. Although powerful in terms of information capability, real- time systems are more ___________ than
batch processing systems.

4. A distinguishing feature of integrated data base systems is that many files are updated ____________
as transactions are processed.

5. ____________________ systems, by eliminating the need to reenter data into the accounting system,
reduce the incidence of processing errors; but, by reducing transaction documentation, these systems
also require greater attention to proper controls over the input of transactions.

6. Input controls, processing controls, and output controls are categories of ____________controls.
7. Some entities require completing a _______________ prior to transaction input, in order to ensure
consistency and completeness of recurring inputs.
8. ___________________ are manual control procedures applied by organizational units whose data are
processed by data processing.

9. In on-line real-time systems the most effective means for assuring limited access to data bases is by
the use of properly controlled _____________.

10. Programmed controls for testing the validity of customer numbers, product numbers, employee
numbers, and vendor numbers, as well as tests for reasonableness, are collectively referred to as
controls.

11. This processes simulated file data that provides the auditor with information about the reliability of
controls from evidence that exists in simulated files
12. The auditor performs the specific CAATs that the audit team earlier identified for risk assessment.
13. The auditor identifies which specific CAATs will provide sufficient, relevant, useful evidence to
achieve key audit objectives.
14. The auditor investigates and reconciles any exceptions uncovered in the execution of the CAATs.

15. The auditor sets key objectives based on risk assessment.

16. The auditor imports the data into the ACL.

17. The auditor identifies which files, records and fields are needed from the client.

18. The auditor requests control totals such as record counts, key field totals, hash totals and other similar
controls in order to verify the integrity of the data import process.

19. The auditor documents the CAATs performed and the exceptions reconciled.

20. The auditor determines which method of data extraction is most convenient for both parties.
21. The auditor verifies the integrity of the data import process using ACL commands to ensure the data
were not compromised during the importing process.

22. The most widely used CAATT for IT auditing.

23. The advantage of this approach is that the application need not be removed from service and tested
directly. This approach is feasible for testing applications that are relatively simple.
24. Any software that facilitates the auditor’s personal productivity.

25. A program control that is also known as auditing through the computer.

26. This is a method used to verify the logical operations executed by a computer application.

27. It requires creation of meaningful test data.

28. An input control check would detect a payment made to a nonexistent vendor.

29. A control device to ensure that no records are lost, unprocessed, or processed more than once for each
of the computer runs (processes) that the records must flow through.

30. This is defined as the risk that a material misstatement will get through the internal control structure
and into the financial statements.

II. MULTIPLE CHOICE (30 pts.) From the choices, shade your best answer.

31. An auditor is preparing test data for use in the audit of a computer based accounts receivable
application. Which of the following items would be appropriate to include as an item in the test data?
a. A transaction record which contains an incorrect master file control total.
 b. A master file record which contains an invalid customer identification number.
c. A master file record which contains an incorrect master file control total.
d. A transaction record which contains an invalid customer identification number.

32. Unauthorized alteration of on-line records can be prevented by employing:

a. Key verification.
b. Computer sequence checks.
c. Computer matching.
d. Data base access controls.

33. In auditing through a computer, the test data method is used by auditors to test the
a. Accuracy of input data.
b. Validity of the output.
c. Procedures contained within the program.
d. Normalcy of distribution of test data.

34. The primary reason for internal auditing's involvement in the development of new computer-based
systems is to:
a. Plan post-implementation reviews.
b. Promote adequate controls.
c. Train auditors in CBIS techniques.
d. Reduce overall audit effort.

35. Which of the following is an advantage of generalized computer audit packages?

a. They are all written in one identical computer language.
b. They can be used for audits of clients that use differing CBIS equipment and file formats.
c. They have reduced the need for the auditor to study input controls for CBIS related
procedures.
d. Their use can be substituted for a relatively large part of the required control testing.

36. Which of the following statements most likely represents a disadvantage for an entity that keeps
microcomputer-prepared data files rather than manually prepared files?
a. It is usually more difficult to detect transposition errors.
b. Transactions are usually authorized before they are executed and recorded.
c. It is usually easier for unauthorized persons to access and alter the files.
d. Random error associated with processing similar transactions in different ways is usually
greater.

37. The possibility of losing a large amount of information stored in computer files most likely would be
reduced by the use of
a. Back-up files
b. Check digits
c. Completeness tests
d. Conversion verification.

38. An integrated test facility (ITF) would be appropriate when the auditor needs to
a. Trace a complex logic path through an application system.
b. Verify processing accuracy concurrently with processing.
c. Monitor transactions in an application system continuously.
d. Verify load module integrity for production programs.
39. Where computer processing is used in significant accounting applications, internal accounting
control procedures may be defined by classifying control procedures into two types: general and
a. Administrative.
b. Specific.
c. Application.
d. Authorization.

40. The increased presence of the microcomputer in the workplace has resulted in an increasing
number of persons having access to the computer. A control that is often used to prevent
unauthorized access to sensitive programs is:
a. Backup copies of the diskettes.
b. Passwords for each of the users.
c. Disaster-recovery procedures.
d. Record counts of the number of input transactions in a batch being processed.
41. Checklists, systems development methodology, and staff hiring are examples of what type of
controls?
a. Detective.
b. Preventive.
c. Subjective.
d. Corrective.

42. When an on-line, real-time (OLRT) computer-based processing system is in use, internal control can
be strengthened by:
a. Providing for the separation of duties between keypunching and error listing operations.
b. Attaching plastic file protection rings to reels of magnetic tape before new data can be
entered on the file.
c. Making a validity check of an identification number before a user can obtain access to the
computer files.
d. Preparing batch totals to provide assurance that file updates are made for the entire input.

43. When auditing "around" the computer, the independent auditor focuses solely upon the source
documents and ______________.
a. Test data.
b. CBIS processing.
c. Control techniques.
d. CBIS output.

44. One of the features that distinguishes computer processing from manual processing is
a. Computer processing virtually eliminates the occurrence of computational error normally
associated with manual processing.
b. Errors or fraud in computer processing will be detected soon after their occurrences.
c. The potential for systematic error is ordinarily greater in manual processing than in
computerized processing.
d. Most computer systems are designed so that transaction trails useful for audit purposes do
not exist.

45. Given the increasing use of microcomputers as a means for accessing data bases, along with on-line
real-time processing, companies face a serious challenge relating to data security. Which of the
following is not an appropriate means for meeting this challenge?
 a. Institute a policy of strict identification and password controls housed in the computer
software that permit only specified individuals to access the computer files and perform
a given function.
b. Limit terminals to perform only certain transactions.
c. Program software to produce a log of transactions showing date, time, type of transaction,
and operator.
d. Prohibit the networking of microcomputers and do not permit users to access centralized
data bases.

46. What type of computer-based system is characterized by data that are assembled from more than
one location and records that are updated immediately?
a. Microcomputer system.
b. Minicomputer system.
c. Batch processing system.
d. Online real-time system.

47. Company A has recently converted its manual payroll to a computer-based system. Under the old
system, employees who had resigned or been terminated were occasionally kept on the payroll and
their checks were claimed and cashed by other employees, in collusion with shop foremen. The
controller is concerned that this practice not be allowed to continue under the new system. The
best control for preventing this form of "payroll padding" would be to
a. Conduct exit interviews with all employees leaving the company, regardless of reason.
b. Require foremen to obtain a signed receipt from each employee claiming a payroll check.
c. Require the human resources department to authorize all hires and terminations, and to
forward a current computerized list of active employee numbers to payroll prior to
processing. Program the computer to reject inactive employee numbers.
d. Install time clocks for use by all hourly employees.

48. Compared to a manual system, a CBIS generally

1. Reduces segregation of duties.
2. Increases segregation of duties.
3. Decreases manual inspection of processing results.
4. Increases manual inspection of processing results.
a. 1 and 3.
b. 1 and 4
c. 2 and 3
d. 2 and 4.

49. One of the major problems in a CBIS is that incompatible functions may be performed by the same
individual. One compensating control for this is the use of
a. Echo checks.
b. A self-checking digit system.
c. Computer generated hash totals.
d. A computer log.

50. Which of the following processing controls would be most effective in assisting a store manager to
ascertain whether the payroll transaction data were processed in their entirety?
a. Payroll file header record.
b. Transaction identification codes.
c. Processing control totals.
d. Programmed exception reporting.
51. An organizational control over CBIS operations is
a. Run-to-run balancing of control totals.
b. Check digit verification of unique identifiers.
c. Separation of operating and programming functions.
d. Maintenance of output distribution logs.

52. Which of the following methods of testing application controls utilizes a generalized audit software
package prepared by the auditors?
a. Parallel simulation.
b. Integrated testing facility approach.
c. Test data approach.
d. Exception report tests.

53. An unauthorized employee took computer printouts from output bins accessible to all employees. A
control which would have prevented this occurrence is
a. A storage/retention control.
b. A spooler file control.
c. An output review control.
d. A report distribution control.

54. Which of the following is a disadvantage of the integrated test facility approach?
a. In establishing fictitious entities, the auditor may be compromising audit independence.
b. Removing the fictitious transactions from the system is somewhat difficult and, if not
done carefully, may contaminate the client's files.
c. ITF is simply an automated version of auditing "around" the computer.
d. The auditor may not always have a current copy of the authorized version of the client's
program.

55. Totals of amounts in computer-record data fields which are not usually added for other purposes
but are used only for data processing control purposes are called
a. Record totals.
b. Hash totals.
c. Processing data totals.
d. Field totals.

56. A hash total of employee numbers is part of the input to a payroll master file update program. The
program compares the hash total to the total computed for transactions applied to the master file.
The purpose of this procedure is to:
a. Verify that employee numbers are valid.
b. Verify that only authorized employees are paid.
c. Detect errors in payroll calculations.
d. Detect the omission of transaction processing.

57. Generalized audit software is of primary interest to the auditor in terms of its capability to
a. Access information stored on computer files.
b. Select a sample of items for testing.
c. Evaluate sample test results.
d. Test the accuracy of the client's calculations.
58. An accounts payable program posted a payable to a vendor not included in the on-line vendor
master file. A control which would prevent this error is a
a. Validity check.
b. Range check.
c. Reasonableness test.
d. Parity check.

59. In a computerized sales processing system, which of the following controls is most effective in
preventing sales invoice pricing errors?
a. Sales invoices are reviewed by the product managers before being mailed to customers.
b. Current sales prices are stored in the computer, and, as stock numbers are entered from
sales orders, the computer automatically prices the orders.
c. Sales prices, as well as product numbers, are entered as sales orders are entered at remote
terminal locations.
d. Sales prices are reviewed and updated on a quarterly basis.

60. Which of the following is likely to be of least importance to an auditor in reviewing the internal
control in a company with a CBIS?
a. The segregation of duties within the data processing center.
b. The control over source documents.
c. The documentation maintained for accounting applications.
d. The cost/benefit ratio of data processing operations.