1. An advantage of using systems flowcharts to document
information about internal control instead of using internal
control
questionnaires is that systems flowcharts
a. Identify internal control weaknesses more
prominently.
b. Provide a visual depiction of clients’
activities.
c. Indicate whether control procedures are operating
effectively.
d. Reduce the need to observe clients’ employees performing
routine tasks. 1. (b) The requirement is to identify an advantage of using
systems flowcharts to document information about internal
control
instead of using internal control
questionnaires.
Answer (b) is correct because flowcharts provide a visual
depiction of clients’ activities which make it possible for
auditors to quickly understand
the design of the system.
Answer (a) is incorrect because while the flow of operations
is visually depicted, internal control weaknesses are not as
obvious. Answer (c) is incorrect because while a flowchart
describes a system, the flowchart alone does not indicate
whether that system is operating
effectively. Answer (d) is
incorrect because auditors still need to determine whether the
system has been placed in operation and therefore the need to
observe employees performing routine tasks remains. 2. A flowchart is most frequently used by an auditor in
connection
with the
a. Preparation of generalized computer audit plans.
b. Review of the
client’s internal control.
c. Use of statistical sampling in performing an audit.
d. Performance of analytical procedures of account
balances. 2. (b) The requirement is to determine when a flowchart
is most frequently used by an auditor. Answer (b) is correct
because
flowcharts are suggested as being appropriate
for
documenting
the auditor’s consideration of internal control.
Answer
(a) is incorrect because auditors do not frequently
write their own generalized computer audit programs, the most
likely time a flowchart would be used with respect to such
software. Answers (c) and (d) are incorrect because statistical
sampling and analytical procedures do not in general require
the use of flowcharts. 3. Matthews Corp. has changed from a system of recording
time worked on clock cards to a computerized payroll system
in which employees record time in and out with magnetic
cards. The computer system automatically updates all payroll
records. Because of this change
a. A generalized computer audit program must be used.
b. Part of the audit trail is altered.
c. The potential for payroll-related fraud
is diminished.
d. Transactions must be processed in batches.
3. (b) The requirement is to identify the correct statement
with respect to a computerized, automatically updating payroll
system in which magnetic cards are used instead of a manual
payroll system with clock cards. Answer (b) is correct because
the automatic updating of
payroll records alters the audit
trail which, in the past, included steps pertaining to manual
updating. Answer (a) is incorrect because although an auditor
may choose to use a generalized computer audit program, it is
not required. Answer (c) is incorrect because no information
is presented that would necessarily indicate a change in the
likelihood of fraud. Answer (d) is incorrect because given
automatic updating, a large portion of the transactions are not
processed in
batches.
4. Which of the following is correct concerning batch processing
of transactions?
a. Transactions are processed in the order they occur, regardless
of type.
b. It has largely been replaced by online real-time processing
in all but legacy systems.
c. It is more likely to result in an easy-to-follow audit
trail than is online transaction
processing.
d. It is used only in non-database applications.
4. (c) The requirement is to identify the correct statement
concerning the batch processing of transactions. Batch processing
involves processing transactions through the system
in groups of like transactions (batches). Answer (c) is correct
because
the similar nature of
transactions involved with batch
processing
ordinarily makes it relatively easy to follow the
transactions
throughout the system. Answer (a) is incorrect because transactions are processed by type, not in the order
they occur regardless of type. Answer (b) is incorrect because
many batch applications still exist and might be expected to
exist well into the future. Answer (d) is incorrect because
batch processing may be used for database applications
5. An auditor would be most likely to assess control risk
at the maximum level in an electronic environment with
automated system-generated information when
a. Sales orders are initiated using predetermined, automated
decision rules.
b. Payables are based on many transactions and large in
dollar amount.
c. Fixed asset transactions are few in number, but large
in dollar
amount.
d. Accounts receivable records are based on many
transactions
and are large in dollar amount.
5. (c) The requirement is to determine when an auditor
would be most likely to assess control risk at the maximum
level in an electronic environment with automated systemgenerated
information. Answer (c) is correct because the
few
transactions involved in fixed assets make it most likely to be
one in which a substantive approach of restricting detection
risk is most likely to be effective and efficient. Answer (a)
is incorrect because an auditor might be expected to perform
tests of controls to assess control risk below the maximum
when automated decision rules are involved for an account
(sales) which ordinarily has many transactions. Answers (b)
and (d) are incorrect because the numerous
transactions in
payables and receivables make it likely that control risk will be
assessed below the maximum.
6. In a highly automated information processing system tests
of control
a. Must be performed in all circumstances.
b. May be required in some circumstances.
c. Are never required.
d. Are required in first year audits.
6. (b) The requirement is to identify the most accurate
statement with respect to tests of controls of a highly
automated information processing system. Answer (b) is
correct because in some such circumstances substantive
tests alone will not be sufficient
to restrict detection risk to
an acceptable level. Answer (a) is incorrect because tests
of
controls need not be performed in all such circumstances.
Answer (c) is incorrect because such tests are sometimes
required. Answer (d) is incorrect because tests of controls are
not in such circumstances in all first year audits.
7. Which of the following is least likely to be considered
by an auditor considering engagement of an information
technology
(IT) specialist on an audit?
a. Complexity of client’s systems and IT controls.
b. Requirements to assess going concern status.
c. Client’s use of emerging technologies.
d. Extent of entity’s participation in electronic
commerce.
7. (b) The requirement is to identify the least likely
circumstance in which an auditor would consider
engagements
of an IT specialist on an audit. Answer (b) is correct because
the requirement to assess going concern status remains the
same on all audits, and thus does not directly affect engagement
of an IT specialist. Answers (a), (c), and (d) are all incorrect
because complexity, the use of emerging technologies, and
participation in electronic commerce are all factors which make
it more likely that an IT specialist will be engaged.
8. Which of the following strategies would a CPA most
likely consider in auditing an entity that processes most of
its financial data only in electronic form, such as a paperless
system?
a. Continuous monitoring and analysis of
transaction processing with an embedded audit
module.
b. Increased reliance on internal control activities that
emphasize the segregation of duties.
c.
Verification of encrypted digital certificates used to
monitor the authorization of transactions.
d. Extensive testing of firewall boundaries that restrict
the recording of outside network traffic.
8. (a) The requirement is to identify a strategy that a CPA
most likely would consider in auditing an entity that processes
most of its
financial data only in electronic form. Answer
(a) is correct because continuous monitoring and analysis
of transaction
processing with an embedded audit module might provide an effective way of auditing these processes—
although some question exists as to how many embedded audit
modules CPAs have actually used in practice. Answer (b) is
incorrect because there may well be a decrease in reliance on
internal control activities
that emphasize this segregation of
duties
since so many controls
are in the hardware and software
of the application. Answer (c) is incorrect because digital
certificates deal with electronic commerce between companies,
a topic not directly addressed by this question, and because
such certificates provide limited evidence
on authorization.
Answer (d) is incorrect because while firewalls do control
network traffic, this is not the most significant factor in the
audit of electronic form financial data.