Seatwork Auditing in a CIS Environment

1. An auditor is preparing test data for use in the audit of

a computer based accounts receivable application.
Which of the following items would be appropriate to
include as an item in the test data?
a. A transaction record which contains an incorrect
master file control total.
b. A master file record which contains an invalid
customer identification number.
c. A master file record which contains an incorrect
master file control total.
d. A transaction record which contains an invalid
customer identification number.

2. Unauthorized alteration of on-line records can be prevented

by employing:
a. Key verification.
b. Computer sequence checks.
c. Computer matching.
d. Data base access controls.

3. In auditing through a computer, the test data method is

used by auditors to test the
a. Accuracy of input data.
b. Validity of the output.
c. Procedures contained within the program.
d. Normalcy of distribution of test data.

4. The primary reason for internal auditing's involvement in

the development of new computer-based sysstems is to:
a. Plan post-implementation reviews.
b. Promote adequate controls.
c. Train auditors in CBIS techniques.
d. Reduce overall audit effort.

5. Processing simulated file data provides the auditor with

information about the reliability of controls from
evidence that exists in simulated files. One of the
techniques involved in this approach makes use of
a. Controlled reprocessing.
b. Program code checking.
c. Printout reviews.
d. Integrated test facility.

120
 121

6. The possibility of losing a large amount of information

stored in computer files most likely would be reduced by
the use of
a. Back-up files
b. Check digits
c. Completeness tests
d. Conversion verification.

7. An integrated test facility (ITF) would be appropriate when

the auditor needs to
a. Trace a complex logic path through an application
system.
b. Verify processing accuracy concurrently with
processing.
c. Monitor transactions in an application system
continuously.
d. Verify load module integrity for production programs.

8. Where computer processing is used in significant accounting

applications, internal accounting control procedures
may be defined by classifying control procedures into
two types: general and
a. Administrative.
b. Specific.
c. Application.
d. Authorization.

9. The increased presence of the microcomputer in the

workplace has resulted in an increasing number of
persons having access to the computer. A control
that is often used to prevent unauthorized access
to sensitive programs is:
a. Backup copies of the diskettes.
b. Passwords for each of the users.
c. Disaster-recovery procedures.
d. Record counts of the number of input transactions in a
batch being processed.

10. Checklists, systems development methodology, and staff

hiring are examples of what type of controls?
a. Detective.
b. Preventive.
c. Subjective.
d. Corrective.
122

11. When an on-line, real-time (OLRT) computer-based

processing system is in use, internal control can be
strengthened by
a. Providing for the separation of duties between
keypunching and error listing operations.
b. Attaching plastic file protection rings to reels of
magnetic tape before new data can be entered on the
file.
c. Making a validity check of an identification number
before a user can obtain access to the computer files.
d. Preparing batch totals to provide assurance that file
updates are made for the entire input.

12. When auditing "around" the computer, the independent

auditor focuses solely upon the source documents and
a. Test data.
b. CBIS processing.
c. Control techniques.
d. CBIS output.

13. One of the features that distinguishes computer

processing from manual processing is
a. Computer processing virtually eliminates the
occurrence of computational error normally associated
with manual processing.
b. Errors or fraud in computer processing will be
detected soon after their occurrences.
c. The potential for systematic error is ordinarily
greater in manual processing than in computerized
processing.
d. Most computer systems are designed so that transaction
trails useful for audit purposes do not exist.

14. Company A has recently converted its manual payroll to

a computer-based system. Under the old system, employees
who had resigned or been terminated were occasionally kept
on the payroll and their checks were claimed and cashed by
other employees, in collusion with shop foremen. The
controller is concerned that this practice not be allowed
to continue under the new system. The best control for
preventing this form of "payroll padding" would be to
a. Conduct exit interviews with all employees leaving the
company, regardless of reason.
b. Require foremen to obtain a signed receipt from each
employee claiming a payroll check.
c. Require the human resources department to authorize
all hires and terminations, and to forward a current
 123

computerized list of active employee numbers to

payroll prior to processing. Program the computer to
reject inactive employee numbers.
d. Install time clocks for use by all hourly employees.

15. Compared to a manual system, a CBIS generally

1. Reduces segregation of duties.
2. Increases segregation of duties.
3. Decreases manual inspection of processing results.
4. Increases manual inspection of processing results.
a. 1 and 3.
b. 1 and 4
c. 2 and 3
d. 2 and 4.

16. One of the major problems in a CBIS is that

incompatible functions may be performed by the same
individual. One compensating control for this is
the use of
a. Echo checks.
b. A self-checking digit system.
c. Computer generated hash totals.
d. A computer log.

17. Which of the following methods of testing application

controls utilizes a generalized audit software
package prepared by the auditors?
a. Parallel simulation.
b. Integrated testing facility approach.
c. Test data approach.
d. Exception report tests.

18. An unauthorized employee took computer printouts from

output bins accessible to all employees. A control
which would have prevented this occurrence is
a. A storage/retention control.
b. A spooler file control.
c. An output review control.
d. A report distribution control.

19. Which of the following is a disadvantage of the

integrated test facility approach?

a. In establishing fictitious entities, the auditor may

be compromising audit independence.
124

b. Removing the fictitious transactions from the system

is somewhat difficult and, if not done carefully, may
contaminate the client's files.
c. ITF is simply an automated version of auditing
"around" the computer.
d. The auditor may not always have a current copy of the
authorized version of the client's program.

20. Totals of amounts in computer-record data fields which

are not usually added for other purposes but are used
only for data processing control purposes are called
a. Record totals.
b. Hash totals.
c. Processing data totals.
d. Field totals.

21. A hash total of employee numbers is part of the input

to a payroll master file update program. The
program compares the hash total to the total
computed for transactions applied to the
master file. The purpose of this procedure is to:
a. Verify that employee numbers are valid.
b. Verify that only authorized employees are paid.
c. Detect errors in payroll calculations.
d. Detect the omission of transaction processing.

22. Generalized audit software is of primary interest to

the auditor in terms of its capability to
a. Access information stored on computer files.
b. Select a sample of items for testing.
c. Evaluate sample test results.
d. Test the accuracy of the client's calculations.

ANSWER: A

23. In a computerized sales processing system, which of

the following controls is most effective in preventing
sales invoice pricing errors?
a. Sales invoices are reviewed by the product managers
before being mailed to customers.
b. Current sales prices are stored in the computer, and,
as stock numbers are entered from sales orders, the
computer automatically prices the orders.
c. Sales prices, as well as product numbers, are entered
as sales orders are entered at remote terminal
locations.
 125

d. Sales prices are reviewed and updated on a quarterly

basis.

24. Which of the following is likely to be of least

importance to an auditor in reviewing the internal
control in a company with a CBIS?
a. The segregation of duties within the data processing
center.
b. The control over source documents.
c. The documentation maintained for accounting
applications.
d. The cost/benefit ratio of data processing operations.

25. For the accounting system of Acme Company, the amounts

of cash disbursements entered into an CBIS terminal
are transmitted to the computer that immediately
transmits the amounts back to the terminal for
display on the terminal screen. This display enables
the operator to
a. Establish the validity of the account number.
b. Verify the amount was entered accurately.
c. Verify the authorization of the disbursement.
d. Prevent the overpayment of the account.

26. Which of the following audit techniques most likely

would provide an auditor with the most assurance
about the effectiveness of the operation of
an internal control procedure?
a. Inquiry of client personnel.
b. Recomputation of account balance amounts.
c. Observation of client personnel.
d. Confirmation with outside parties.

27. Adequate technical training and proficiency as an

auditor encompasses an ability to understand a CBIS
sufficiently to identify and evaluate
a. The processing and imparting of information.
b. Essential accounting control features.
c. All accounting control features.
d. The degree to which programming conforms with
application of generally accepted accounting
principles.
126

28. Adequate control over access to data processing is

required to
a. Prevent improper use or manipulation of data files
and programs.
b. Ensure that only console operators have access to
program documentation.
c. Minimize the need for backup data files.
d. Ensure that hardware controls are operating
effectively and as designed by the computer
manufacturer.

ANSWER: A

29. When testing a computerized accounting system, which

of the following is not true of the test data
approach?
a. The test data need consist of only those valid and
invalid conditions in which the auditor is interested.
b. Only one transaction of each type need be tested.
c. Test data are processed by the client's computer
programs under the auditor's control.
d. The test data must consist of all possible valid and
invalid conditions.

30. Which of the following procedures is an example of

auditing "around" the computer?
a. The auditor traces adding machine tapes of sales order
batch totals to a computer printout of the sales
journal.
b. The auditor develops a set of hypothetical sales
transactions and, using the client's computer program,
enters the transactions into the system and observes
the processing flow.
c. The auditor enters hypothetical transactions into the
client's processing system during client processing of
live" data.
d. The auditor observes client personnel as they process
the biweekly payroll. The auditor is primarily
concerned with computer rejection of data that fails
to meet reasonableness limits.

31. Auditing by testing the input and output of a

computer-based system instead of the computer program
itself will
 127

a. Not detect program errors which do not show up in the

output sampled.
b. Detect all program errors, regardless of the nature of
the output.
c. Provide the auditor with the same type of evidence.
d. Not provide the auditor with confidence in the results
of the auditing procedures.

32. Which of the following is an acknowledged risk of

using test data when auditing CBIS records?
a. The test data may not include all possible types of
transactions.
b. The computer may not process a simulated transaction
in the same way it would an identical actual transaction.
c. The method cannot be used with simulated master
records.
d. Test data may be useful in verifying the correctness
of account balances, but not in determining the presence
of processing controls.

33. When the auditor encounters sophisticated computer-

based systems, he or she may need to modify the audit
approach. Of the following conditions, which one is not a
valid reason for modifying the audit approach?
a. More advanced computer systems produce less
documentation, thus reducing the visibility of the
audit trail.
b. In complex comuter-based systems, computer
verification of data at the point of input replaces
the manual verification found in less sophisticated
data processing systems.
c. Integrated data processing has replaced the more
traditional separation of duties that existed in
manual and batch processing systems.
d. Real-time processing of transactions has enabled the
auditor to concentrate less on the completeness
assertion.

34. The program flowcharting symbol representing a

decision is a
a. Triangle.
b. Circle.
c. Rectangle.
d. Diamond.
128

35. CBIS controls are frequently classified as to general

controls and application controls. Which of the following
is an example of an application control?
a. Programmers may access the computer only for testing
and "debugging" programs.
b. All program changes must be fully documented and
approved by the information systems manager and the
user department authorizing the change.
c. A separate data control group is responsible for
distributing output, and also compares input and
output on a test basis.
d. In processing sales orders, the computer compares
customer and product numbers with internally stored
lists.

36. After a preliminary phase of the review of a client's

CBIS controls, an auditor may decide not to
perform further tests related to the control
procedures within the CBIS portion of the client's
internal control system. Which of the following
would not be a valid reason for choosing to omit
further testing?
a. The auditor wishes to further reduce assessed risk.
b. The controls duplicate operative controls existing
elsewhere in the system.
c. There appear to be major weaknesses that would
preclude reliance on the stated procedures.
d. The time and dollar costs of testing exceed the time
and dollar savings in substantive testing if the
controls are tested for compliance.

37. Which of the following would lessen internal control

in a CBIS?
a. The computer librarian maintains custody of computer
program instructions and detailed listings.
b. Computer operators have access to operator
instructions and detailed program listings.
c. The control group is solely responsible for the
distribution of all computer output.
d. Computer programmers write and debug programs which
perform routines designed by the systems analyst.

38. While entering data into a cash receipts transaction

file, an employee transposed two numbers in a
 129

customer code. Which of the following controls

could prevent input of this type of error?
a. Sequence check.
b. Record check.
c. Self-checking digit.
d. Field-size check.

39. Creating simulated transactions that are processed

through a system to generate results that are compared
with predetermined results, is an auditing
procedure referred to as
a. Desk checking.
b. Use of test data.
c. Completing outstanding jobs.
d. Parallel simulation.

40. Which of the following is a computer test made to

ascertain whether a given characteristic belongs
to the group?
a. Parity check.
b. Validity check.
c. Echo check.
d. Limit check.