Information Technology Audit1. Which is not the purpose of Risk analysis?A. It supports risk based audit decisionsB. Assists the Auditor in determining Audit objectivesC.Ensures absolute safety during the AuditD. Assists the Auditor in identifying risks and threatsMCQ-AddaSUBSCRIBE 2. Which term best describes the di±erence between the sample and thepopulation in the sampling process? Get answer to your question and much more 3. Name one of the purposes of creating Business Continuity Plan Get answer to your question and much more 4. Failing to prevent or detect a material error would represent whichtype of risk? Get answer to your question and much more 5. Which is one of the bigger concerns regarding asset disposal?A. Residual Asset ValueB. Employees taking disposed property homeC. Standing dataD.Environmental Regulations394SHARES
Assessing control risk at less than high involves all of the following except:
concluding that controls are ineffective.
Obtaining an understanding of the internal control and assessing control risk:
may be performed concurrently in an audit.
The conclusion reached as a result of assessing control risk is referred to as the:
assessed level of control risk.
An auditor assesses the level of control risk to:
determine the extent of substantive tests to be performed.
How does the extent of substantive tests required to constitute sufficient appropriate audit evidence vary with the auditor’s assessment of control risk?
The ultimate purpose of assessing control risk is to contribute to the auditor’s evaluation of the:
risk that material misstatements exist in the financial report.
Assessing control risk at less than high would most likely involve:
Identifying specific internal controls relevant to specific assertions.
A primary purpose of internal controls is to:
meet objectives of maintaining sound documents and records and accurate financial reporting.
When obtaining an understanding of the entity and its environment, the auditor should obtain an understanding of internal controls primarily to:
assess the risk of material misstatement and plan the audit.
Which of the following would be least likely to suggest to an auditor that the client’s management may have overridden the internal control?
Differences are always disclosed on a computer exception report.
In assessing control risk, the auditor is basically concerned that the system provides reasonable assurance that:
misstatements have been prevented or detected.
T or F
T or F
What is one of the overriding principles of internal control?
Responsibility for the performance of each duty must be fixed.
Virginia Samuels, the purchasing officer of Handyman Wholesalers Pty Ltd (Handyman), has a relative who owns a retail hardware store. Virginia arranged for hardware to be delivered by manufacturers to the retail store on a COD basis, thereby enabling her relative to buy at ’wholesale prices in Handyman’s name. Virginia was probably able to accomplish this because of Handyman’s poor internal control for:
A company policy should clearly indicate that defective merchandise returned by customers is to be delivered to the:
An effective internal control for the payroll function would generally include which of the following?
Total time spent on jobs should be compared with total time indicated on time-clock cards
An auditor reviews a client’s payroll procedures. The auditor would consider the internal control to be less than effective if a payroll department supervisor was assigned the responsibility for:
distributing payroll cheques to employees.
Management’s attitude toward aggressive financial reporting and its emphasis on meeting projected profit goals most likely would significantly influence an entity’s control environment when:
management is dominated by one individual.
The control environment component of internal controls includes all of the following except:
access to computer programs.
The risk assessment component of internal controls refers to:
the entity’s identification and analysis of risks relevant to achievement of its objectives.
Which of the following is not one of the five elements of internal control?
The internal control environment includes all of the following except:
A well-prepared flowchart should make it easier for the auditor to:
A flowchart is most frequently used by an auditor in connection with the:
review of the client’s internal accounting controls.
Emerald Ltd maintains a large, full-time internal audit staff that reports directly to the chief accountant. Audit reports prepared by the internal auditors indicate that the structure is functioning as it should be and that the accounting records are reliable. The external auditor will probably:
place limited reliance on the work performed by the internal audit staff.
To provide for the greatest degree of independence in performing internal auditing functions, an internal auditor most likely should report to the:
When an independent auditor decides that the work performed by internal auditors may have a bearing on the nature, timing and extent of contemplated audit procedures, the independent auditor should plan to evaluate the objectivity of the internal auditors. Relative to objectivity, the independent auditor should:
consider the organisation level to which internal auditors report the results of their work
In which of the following situations would an auditor most likely use a strategy of reliance on internal control?
No paper trail is generated, as the entity receives sales orders, bills customers and receives payment based only on information generated from IT.
One of the major problems with IT systems is that incompatible functions may be performed by the same individual. One compensating control for this is the use of:
If a control total were to be calculated on each of the following data items, which would best be identified as a hash total for a payroll IT application?
If a control total were to be computed on each of the following data items, which would best be identified as a hash total for a payroll IT application?
Employee’s identification number.
The completeness of IT-generated sales figures can be tested by comparing the number of items listed on the daily sales report with the number of items billed on the actual invoices. This process uses:
Gift Stores Ltd has a fully integrated IT accounting system and is planning to issue credit cards to creditworthy customers. To strengthen the internal control by making it difficult for one to fraudulently create a customer account number, a check digit should be placed:
consistently in any position.
An input control is designed to ensure that:
data received for processing are properly authorised and converted to machine-readable form.
An advantage of using systems flowcharts to document information about internal control instead of using internal control questionnaires is that systems flowcharts:
provide a visual depiction of clients’ activities.
For a complex system, auditors are least likely to use which of the following when documenting their understanding of internal controls?
Walk-throughs usually involve all of the following audit procedures except:
Which of the following situations is not a reason to assess control risk as high?
The auditor has assessed detection risk as high.
In obtaining an understanding of the internal control policies and procedures that are relevant to audit planning, the auditor should perform procedures to provide sufficient knowledge of:
design of the relevant policies, procedures and records and whether they have been placed in operation.
Which of the following is not a medium that can normally be used by an auditor to record information concerning a client’s internal control?
When the auditor has assessed the level of control risk at less than high, the auditor should document:
The understanding of the entity’s internal control elements obtained to plan the audit.The conclusion and the basis for that conclusion.The implications for the overall audit strategy.
Procedures directed towards obtaining evidence concerning the effectiveness of the design or operation of an internal control policy or procedure are referred to as:
The auditor observes client employees in obtaining an understanding of the internal control in order to:
corroborate the information obtained during the initial phases of obtaining an understanding of the internal control.
The following are steps in the audit process:I. prepare flowchart.II. gather exhibits of all documents.III. interview personnel.The most logical sequence of steps is:
The auditor’s understanding of the client’s internal control is documented to substantiate:
compliance with the auditing standards.
After the auditor has prepared a flowchart of the accounting system and control procedures surrounding sales, and assessed the design of the system, the auditor would perform tests of controls for all control procedures:
considered to be strengths that the auditor plans to use as a basis for an assessed level of control risk less than high.
Which of the following internal control features would an auditor be least likely to review?
Classification of sales and cost records by products.
When considering the internal control for inventory with respect to segregation of duties, an auditor would be least likely to:
In the weekly computer run to prepare payroll cheques, a cheque was printed for an employee whose employment was terminated the previous week. Which of the following controls, if properly used, would have been most effective in preventing this error or ensuring its prompt detection?
A control total for hours worked, prepared from time-cards collected by the timekeeping department and compared to the payroll sheets.
The auditor obtains evidence supporting the notion that proper segregation of duties exists by:
personally observing the employees who apply the control procedures.
Which of the following procedures is essential to determine whether effective internal control policies and procedures have been prescribed and are being followed?
Understanding the internal control and performing tests of controls.
Which of the following input controls is a numeric value computed to provide assurance that the original input value does not contain a transcription error?
test to ensure that a numerical value does not exceed some predetermined value.
An IT input control is designed to ensure that:
data received for processing are properly authorised and converted to machine readable form.
For good internal control, which of the following functions should not be the responsibility of the cashier?
In updating a computerised accounts receivable file, which one of the following would be used as a batch control to verify the accuracy of the postings of cash receipts remittances?
The sum of the cash deposits, plus the discounts taken by customers.
After obtaining an initial understanding of a client’s IT controls, an auditor may decide not to perform tests of controls related to the control procedures within the IT section of the client’s internal control. Which of the following justifications would not be a valid reason for choosing to omit tests of controls?
The controls appear adequate.
Which of the following computer documentation would an auditor most likely utilise in obtaining an understanding of internal control?
Which of the following situations most likely represents a weakness in IT internal control?
The systems analyst reviews output and controls the distribution of output from the IT department.
Which of the following would lessen the effectiveness of the internal control in a computer system?
Computer operators have access to detailed program documentation.
Which of the following information is likely to be least important to an auditor who is reviewing the internal control of the data processing function?
Which of the following information is likely to be of least importance to an auditor in obtaining an understanding of the internal control?
The cost-benefit ratio of data processing operations.
A procedural control used in the management of a computer centre to minimise the possibility of data or program file destruction through operator error includes:
The use of a header label is most likely to prevent errors by the:
When erroneous data are detected by computer program controls, such data may be excluded from processing and printed on an error report. The error report should most probably be reviewed and followed up by the:
Internal control procedures within the IT activity may leave no visible evidence indicating that the procedures were performed. In such instances, the auditor should test these controls by:
reviewing transactions submitted for processing and comparing them to related output.
Totals of amounts in computer-record data fields that are not usually added, but are used only for data-processing control purposes, are called:
Which of the following activities would most likely be performed in the IT department?
Conversion of information to machine-readable form.
Which of the following is an example of a check digit?
An algebraically determined number produced by the other digits of the employee number
After obtaining an understanding of internal control and assessing control risk of an entity, an auditor decided not to perform tests of controls. The auditor most likely decided that:
the evidence that could be obtained through tests of controls would not support an assessment of control risk as less than high.
Assessing control risk at a level below high most likely would involve:
identifying internal controls relevant to specific assertions.
An auditor may decide to assess control risk at high for certain assertions because the auditor believes:
evaluating the effectiveness of control policies and procedures is inefficient.
After obtaining an understanding of an entity’s internal control system, an auditor may assess control risk at a high level for some account balances because he or she:
believes the internal controls are unlikely to be operating effectively.
Test of controls must be performed:
to ensure that controls that are to be relied upon are operating effectively throughout the entire year.
A procedure that would most likely be used by an auditor in performing tests of controls that involve segregation of functions and that leave no transaction trail is:
Which of the following audit tests would be regarded as a test of controls?
Tests of the signatures on sales orders to a list of approved signatories.
Which of the following procedures most likely would not be included as part of an auditor’s tests of controls?
Evidence about which aspect(s) of internal control is usually gained when the auditor is assessing control risk?
Based on a study and evaluation completed at an interim date, the auditor concludes that no significant internal accounting control weaknesses exist. The records and procedures would most likely be tested again at year-end if:
enquiries and observations lead the auditor to believe that conditions have changed.
An auditor wishes to perform tests of controls on a ABC Ltd’s cash disbursements procedures. If the control procedures leave no audit trail of documentary evidence, the auditor most likely will test the procedures by:
When undertaking tests of controls which are related to controls built around a major transaction flow, which assertion would be of least interest to the auditor?
Valuation and allocation.
While auditing at Bandana Ltd and undertaking tests of controls which are related to controls built around their integrated sales and purchases system, which assertion would be of least interest to you as auditor?
In the examination of which of the following general ledger accounts will tests of controls be particularly appropriate?
Tests designed to detect credit sales made before the end of the year that have been recorded in the subsequent year provide assurance about management’s assertion of:
Which of the following tests of control most likely would help assure an auditor that goods shipped are properly billed? Checking that the client has:
examined shipping documents for matching sales invoices.
While auditing Georgie Ltd you have identified as a risk whether all sales have occurred. The procedure that will be most effective in verifying this assertion is:
selecting a sample of invoices and vouching them to delivery dockets.
To determine whether internal control structure policies and procedures operated effectively to minimise errors of failure to invoice a shipment, the auditor would select a sample of transactions from the population represented by the:
For effective internal control, the billing function should be performed by the:
Tracing shipping documents to pre-numbered sales invoices provides evidence that:
shipments to customers were properly invoiced.
Tracing bills of lading to sales invoices provides evidence that:
shipments to customers were recorded as sales.
Which is not a key segregation of duties for the revenue process? Different parties should:
prepare shipping orders and prepare bills of landing.
All of the following are important controls over credit memos except:
proper segregation of duties to ensure that sales discounts taken were earned.
When undertaking tests of controls for revenues, auditors are more concerned with controls associated with the occurrence assertion than they are with the completeness assertion because:
clients are more likely to overstate than understate revenues.
An auditor selects a sample from the file of shipping documents to determine whether invoices were prepared. This test is performed to assess which assertion for sales?
While auditing the sales system of Candle Pty Ltd you have determined that there is a risk of sales being misstated, and that this potential misstatement is associated with the completeness assertion. Which of the following would be an appropriate audit response to this assessed risk?
Select a sample of shipping documents test to related sales invoices and the sales journal.
Which of the following is a test of controls for the control assertion of completeness for revenue?
Trace shipping documents to sales invoices and the sales journal.
An auditor most likely would limit substantive audit tests of sales transactions when control risk is assessed as low for the occurrence assertion concerning sales transactions and the auditor has already gathered evidence supporting:
cash receipts and accounts receivable.
Beta Pty Ltd posts to its perpetual inventory records directly from its sales invoices. Inadequate control procedures over the invoicing function allow goods to be invoiced that are not shipped. The inadequate control procedures could cause an:
overstatement of revenues and receivables, and an understatement of inventory.
Beta Pty Ltd posts to its perpetual inventory records directly from its sales invoices Inadequate control procedures over the invoicing function allow goods to be shipped that are not invoiced. The inadequate control procedures could cause an:
understatement of revenues and receivables and an overstatement of inventory.
Which of the following internal controls would be most likely to deter the lapping of collections from customers?
Segregation of duties between receiving cash and posting the accounts receivable ledger.
Purchase cut-off procedures should be designed to test whether all inventory:
purchased and received before the year-end was recorded at year-end.
The cut-off assertion for accounts payable involves testing whether all accounts payable are:
recorded in the proper period.
Which of the following is a primary function of the purchasing department?
Ensuring the acquisition of goods of a specified quality.
To ensure the completeness of purchases made during the year, the auditor should:
select a sample of invoices received before the year-end and ensure that they are appropriately recorded in the accounts payable master file.
While undertaking the audit of the payables and disbursements system at Broil Ltd, you find that the internal control questionnaire indicates that an approved receiving report is required to accompany every cheque request for payment of merchandise. Which of the following tests of control would provide you with the greatest assurance that this control is operating effectively?
Select and examine voucher documents and ascertain that the related receiving reports are dated no later than the date of payment.
An audit client erroneously recorded a large purchase twice. Which of the following tests of control would be most likely to detect this error in a timely and efficient manner?
Reconciling suppliers’ monthly statements with subsidiary payable ledger accounts.
When goods are received, the receiving clerk should match the goods with:
the supplier shipping document and the purchase order.
In a properly-designed accounts payable system, a voucher is prepared after the invoice, purchase order, requisition and receiving report are verified. The next step in the system is:
entering of the voucher into the voucher register.
In auditing the purchases system, an auditor vouches a sample of entries in the voucher register (accounting records) to the supporting documents. Which assertion would this test of controls most likely support?
Tests of controls for the occurrence assertion for purchases include all of the following except:
tracing a sample of vouchers to the purchases journal.
Which of the following is the most effective test of control to detect vouchers prepared for the payment of goods that were not received?
Matching of purchase order, receiving report and supplier invoice for each voucher in the accounts payable department.
Which of the following internal control activities is not usually performed in the accounts payable department?
Accounting for unused pre-numbered purchase orders and receiving reports.
In a properly-designed purchasing process, the same employee most likely would match suppliers’ invoices with receiving reports and also:
recompute the calculations on suppliers’ invoices.
Tests designed to detect payroll payments made after the end of the year that have been incurred in the current year provide assurance about management’s assertion of:
To check the accuracy of the accounting records with regards to the recorded hours worked, an auditor would ordinarily compare time sheets with:
time recorded in the payroll register.
Selected employee time cards that have been approved by supervisory personnel during the year are compared to the payroll register to ensure that they have been recorded. Which of the following assertions for payroll expense does this test?
Which of the following procedures would be most likely to be considered a weakness in an entity’s internal controls over payroll?
The employee who distributes payroll cheques is responsible for later distributing unclaimed payroll cheques to the employees absent at time of payroll distribution.
Selected items from the payroll register are compared to employee time-cards that have been approved by supervisory personnel. Which of the following assertions for payroll expense does this test?
Possible misstatements related to the occurrence assertion for payroll transactions include all of the following except
payments to valid employees at a rate in excess of the authorised amount.
When reviewing the audit working papers of Coffee Ltd you find the following audit populations were used as the basis from which to select a random sample in response to an account balance, assertion at risk and an appropriate audit procedure. Which of these populations would be of most concern to you as being an inappropriate audit population, given the assertion at risk and the audit procedure selected?
Completeness of payroll—population from which sample was selected was payroll recorded in the payroll file, and the procedure was to ensure that the hours worked were matched with the details contained on the employee’s time sheet.
Auditing by testing the input and output of an IT system instead of the computer program itself will:
not detect program errors that do not show up in the output sampled.
An auditor will use test data to gain certain assurances with respect to the:
controls contained within the program.
Which of the following is a significant difference between the test data (test deck) approach and an integrated test facility (ITF)?
ITFs are processed on a live run basis while test data (test deck) can only be processed on a ‘test run’ basis.
When testing a computerised accounting system, which of the following is not true of the test data approach?
The test data must consist of all possible valid and invalid conditions.
Which of the following is not among the errors that an auditor might include in the test data when auditing a client’s IT system?
Differences in description of units of measure.
An auditor who is testing IT controls in a payroll system would most likely use test data that contain conditions such as:
time cards with invalid job numbers.
An approach to testing real-time processing of a computer-based information system is known as the integrated test facility (ITF) technique. This approach involves:
setting up a small set of records for a fictitious entity in the master files and then processing dummy transactions against the fictitious entity.
Jones Ltd has numerous customers. Each customer file contains name, address, credit limit and account balance. The auditor wishes to undertake a test of the automated control that does not allow account balance to exceed credit limit. The best procedure for the auditor to follow would be to: A. develop a program to compare credit limits with account balances and print out the details of any account with a balance exceeding its credit limit.
ANSB. develop test data that would cause some account balances to exceed the credit limit and determine if the system properly detects such situations.
In a daily computer run to update cheque account balances and to print out basic details on any customer account that was overdrawn, the overdrawn account of the computer programmer was never printed. Which of the following control procedures would have been most effective in detecting this irregularity?
Periodic recompiling of programs from approved and documented source code, and comparison with programs currently in use. |
Which of the following is least important when auditors review internal controls
Postagens relacionadas
direito autoral © 2024 mesadeestudo Inc.
