A computer program will not generate month-end balances if transactions are missing. This is an example of a:
Preventive control.
Which of the following is not a benefit of using information technology in solving audit problems?
d. It improves the auditor's judgment.
The greatest impact information technology has had on the audit process is:
c. Its use to conduct audits utilizing various computer-assisted techniques.
Generalized Audit Software (GAS) is designed to allow auditors to:
c. Select sample data from files and check computations.
principle disadvantage of auditing around rather than through the computer is:
c. The integrity of the audit trail through the computer is not tested.
Computer output from a large mainframe system should be distributed in accordance with current processing instructions and only after a review of the processing results by the:
b. Control section.
The major purpose of the internal auditor's study and evaluation of the company's EDP operations is to:
c. Evaluate the reliability and integrity of financial and operating information.
An unauthorized employee picked up a printout of salary data from the computer center after the last payroll update. The best control for ensuring that only authorized employees receive sensitive printouts is logging and
b. Signed confirmation by recipients.
An internal auditor suspected that a master file had been updated twice from the same set of daily transaction data. A technique for determining whether the master file had been updated twice in one day is:
a. Job accounting data analysis.
10. Inefficient usage of excess computer equipment can be controlled by:
c. Capacity planning.
12. To secure communication networks against wiretapping, the most effective control is:
d. Use of encryption methods
In addition to controls over access, processing, program changes and other functions, a computerized system needs to establish an audit trail of information. Which of the following information would generally not be included in an audit trail log designed
a. A list of authorized users.
In order to ensure the proper addition/deletion of authorizations in an operational audit of data access security, an internal auditor would verify that:
Access privileges are activated promptly after they are authorized.
You are called upon to audit the security of your firm's online computer system. The system is protected by an internal user-to-data access control program. The program is properly installed and is operative. Which of the following statements regarding yo
Security will be dependent upon the controls over the issuance of user ID's and user authentication.
The audit effort most likely to yield relevant evidence in determining the adequacy of an organization's ?disaster recovery plan? should focus on:
The completeness of the plan as to facilities, operations, communications, security and data processing.
Which of the following would an internal auditor review to evaluate the recovery capabilities of a database management system?
Data journalizing procedures.
To determine whether there have been any unauthorized program changes since the last authorized program update, the best EDP audit technique is for the auditor to conduct:
Code comparison.
In some audits of computer applications, it is appropriate to review the program code to determine whether it satisfies its processing objective. The code reviewed is the:
Source code.
An internal auditor is preparing procedures to verify the integrity of data in a database application. The best source of information for the auditor to determine the data field definition is the:
b. Data dictionary.
An activity appropriately performed by internal auditing is:
c. Reviewing systems of control before implementation.
The major reason for the internal auditor's involvement in EDP system development is for the internal auditor to:
b. Help assure that systems have adequate control procedures.
Which of the following techniques is the most practical one to detect unauthorized changes to programs?
Comparing production programs with independently controlled copies on a regular basis.
24. Unauthorized alteration of on-line records can be prevented by employing:
Database access controls.
25. A role of internal auditing during evaluation of a new system is to:
b. Determine whether adequate control has been implemented.
26. Passwords for microcomputer software programs are designed to prevent:
d. Unauthorized use of the software.
An internal auditor is reviewing the adequacy of existing policies and procedures concerning end-user computing activities. The auditor is testing:
b. An organizational control.
The total interruption of processing throughout a distributed EDP system is minimized by a control or concept referred to as:
b. Fail-soft protection.
Which of the following controls would assist in detecting an error when the data input clerk records a sales invoice as $12.99 when the actual amount is $122.99?
a. Batch control totals.
Which of the following would be the most important control objective in the audit of an on-line order entry system that maintains information critical to management decisions?
a. Data integrity.
Of the techniques available to an auditor, which is the most valuable in providing a summary outline and overall description of the process of transactions in an information system?
a. Flowcharts.
To identify lost or incomplete sales accounting record updates using the computer, the most appropriate approach is:
c. Controlled reprocessing.
To test that all inventory shipments are billed to customers, an audit would compare computer generated:
b. Shipping records with detailed sales invoices.
Which of the following best describes the operation of an integrated test facility?
a. Establishing a dummy entity against which test data is processed and stored.
Rejection of unauthorized modifications to application systems could be accomplished through the use of:
c. Implementation controls.
The best control for detecting processed data totals that do not agree with input totals is:
a. Run-to-run checking.
Which of the following controls would be most efficient in reducing common data errors?
b. A set of well defined edit checks.
To ensure that a computer file is accurately updated in total for a particular field, the best control is:
d. Run-to-run totals.
To ensure that a particular data field is properly maintained, manual postings of batch total for that field to a control account:
Should be periodically compared to the computer master file.
40. Expert systems consist of:
a. Software packages with the ability to make judgement decisions.
Most organizations are concerned about the potential compromise of passwords. Which of the following procedures would be the most effective in controlling against a perpetrator obtaining someone else's password?
Implement the use of ?see-through? authentication techniques whereby the user uses a card to generate a password and verifies both the key and the generated password to the system.
An organization uses a database management system as a repository of data. The DBMS in turn supports a number of end-user developed applications, which were created using fourth generation programming languages. Some of the applications update the databas
b. Concurrency update controls are in place.
A catalog company has been experiencing an increasing incidence of problems where the wrong products have been shipped to the customer. Most of the customer orders come in over the telephone and an operator enters the data into the order system immediatel
c. II and III.
Internal auditors and management have become increasingly concerned about computer fraud. Which of the following control procedures would be least important in preventing computer fraud?
Testing of new applications by users during the systems development process.
45. The purpose of check digit verification of an account number on an update transaction is to:
Prevent an incorrect, but valid, match of the update transaction to the master file.
A company has recently installed a new account payable system that is PC based. Six PCs are networked and have access to the mainframe accounts payable database system. After signing on to the system, a portion of the database can be downloaded to the net
b. Data encryption should be utilized at the PC level.
47. Computer program libraries should be kept secure by:
c. Restricting physical and logical access.
A firm has a computer-based inventory control system. The organization's internal auditor wishes to have reasonable assurance that inventory data received at the terminals are accurately entered into the system. Which of the following application controls
c. Limit checking.
49. A computer programmer fraudulently altered the accounts payable program to have certain valid vendor checks mailed to a personal address. At that point, they were deposited to a fraudulent account. The control to prevent this misappropriation would be
Compare all dollar totals on the check run to the accounts payable postings.
A clerk in a retailer's buying department watched a merchandise buyer use the on-line purchasing system and subsequently accessed the same system with the clerk's user number to read confidential sales forecasts. The clerk sold the information to a compet
b. Restricting access to authorized individuals.
A clerk's duties include comparing goods received with vendor shipping documents, authorizing payment for goods received, and updating on-line inventory totals. From time to time, the clerk removed small valuable items from goods received and authorized p
a. Separating the incompatible functions of access to goods received and authorizations of payment vouchers
An organization could incur material losses if a competitor gains access to sensitive operating information contained in the computer files. The controls most likely to prevent such losses are:
b. Encryption of data files and frequently changed passwords.
An updated program for bank account balances calculates check digits for account numbers. This is an example of:
a. Input control.
An on-line bank teller system permitted withdrawals from inactive accounts. The best control for denying such withdrawals is a:
c. Master file lookup.
55. Data access security related to applications may be enforced through all the following except:
b. Utility software functions.
For internal control over computer program changes, a policy should be established requiring that:
d. All proposed changes be approved by a responsible individual and logged.
The payroll computer system automatically initiates scheduled pay raises for some employees for whom functional management had intended to withhold the raises. To prevent this situation in the future:
Scheduled pay raises should be delayed pending explicit approval by the functional departments.
The last record in an inventory file contains totals of all items in the file. Each time the file is updated the totals are also updated. Periodically the relevant data fields are summed and compared to the totals. Unbalanced conditions are reported and c
c. File management control.
The purpose of a cycle processing control, based on the preparation and comparison of control totals before and after processing, is to mitigate the risk of:
a. Missing or improper transactions.
To reduce security exposure when transmitting proprietary data over communication lines, a company should select:
d. Cryptographic devices.
To prevent unauthorized access to specific data elements, the database management system should contain which of the following controls?
b. Password specifications for each data file or element.