Which of the following computer related employee should not be allowed access to program listing of application programs?

Chapter 08 - Consideration of Internal Control in an Information Technology Environment

Chapter 08

Consideration of Internal Control in an Information Technology

Environment

True / False Questions

1. Magnetic tape drives have the advantage of direct access to stored data.

True False

2. The operating system is an example of system software.

True False

3. For good internal control, programmers should not be given access to complete program

documentation for the programs they work on.

True False

4. Data encryption is an example of data transmission control.

True False

5. Internal file labels are designed to prevent errors by programmers.

True False

6. For auxiliary storage when the computer is operating, personal computers use hard disk

drives.

True False

7. Distributive data processing eliminates the need for data security.

True False

8-1

Chapter 08 - Consideration of Internal Control in an Information Technology Environment

Chapter 08

Consideration of Internal Control in an Information Technology

Environment

True / False Questions

1. Magnetic tape drives have the advantage of direct access to stored data.

True False

2. The operating system is an example of system software.

True False

3. For good internal control, programmers should not be given access to complete program

documentation for the programs they work on.

True False

4. Data encryption is an example of data transmission control.

True False

5. Internal file labels are designed to prevent errors by programmers.

True False

6. For auxiliary storage when the computer is operating, personal computers use hard disk

drives.

True False

8-1

Chapter 08 Consideration of Internal Control in an Information Technology Environment

Chapter 08 - Consideration of Internal Control in an Information Technology Environment

Chapter 08

Consideration of Internal Control in an Information Technology Environment

True / False Questions

1.Magnetic tape drives have the advantage of direct access to stored data.TrueFalse

2.The operating system is an example of system software.TrueFalse

3.For good internal control, programmers should not be given access to complete program documentation for the programs they work on.TrueFalse

4.Data encryption is an example of data transmission control.TrueFalse

5.Internal file labels are designed to prevent errors by programmers.TrueFalse

6.For auxiliary storage when the computer is operating, personal computers use hard disk drives.TrueFalse

7.Distributive data processing eliminates the need for data security.TrueFalse

8.Most advanced computer systems do not have audit trails.TrueFalse

9.Auditors usually begin their consideration of IT systems with tests of application controls.TrueFalse

10.Generalized audit software may be used for substantive tests or for tests of controls.TrueFalse

Multiple Choice Questions

11.Which of the following procedures would an entity most likely include in its disaster recovery plan?A.Convert all data from external formats to an internal company format.B.Maintain a program to prevent illegal activity.C.Develop an auxiliary power supply to provide uninterrupted electricity.D.Store duplicate copies of files in a location away from the computer center.

12.A service auditor's report on a service center should include a(n):A.Detailed description of the service center's internal control.B.Statement that the user of the report may assess control risk at the minimum level.C.Indication that no assurance is provided.D.Opinion on the operating effectiveness of the service center's internal control.

13.The report of a service auditor may provide assurance on whether:

A.Option AB.Option BC.Option CD.Option D

14.Which of the following is a password security problem?A.Users are assigned passwords when accounts are created, but do not change them.B.Users have accounts on several systems with different passwords.C.Users copy their passwords on note paper, which is kept in their wallets.D.Users select passwords that are not listed in any online dictionary.

15.Which of the following is a software component of a computer system?A.The operating system.B.The storage unit.C.The display monitorD.The optical scanner.

16.Which of the following is least likely to be a general control over computer activities?A.Procedures for developing new programs and systems.B.Requirements for system documentation.C.A change request log.D.A control total.

17.Which of the following computer related employees should not be allowed access to program listings of application programs?A.The systems analyst.B.The programmer.C.The operator.D.The librarian.

18.The advent of personal computers has resulted in a(n):A.Decentralization of data processing activities.B.Increased concern over the accuracy of computerized processing.C.Decrease in the number of local area networks.D.Increase for general computer control activities.

19.Which of the following is most likely to include user group development and execution of certain computer applications?A.Telecommunication transmission systems.B.Database administration.C.End user computing.D.Electronic data interchange systems.

20.Which of the following is not a data transmission control?A.Echo checks.B.Data encryption.C.File labels.D.Parity checks.

21.Which of the following is an example of general computer control?A.Input validation checks.B.Control total.C.Operations manual.D.Generalized audit software.

22.Which of the following would the auditors consider to be a weakness in an IT system?A.Operators have access to terminals.B.Programmers are allowed access to the file library.C.Reprocessing of exceptions detected by the computer is handled by a data control group.D.More than one employee is present when the computer facility is in use.

23.Which of the following is least likely to be tested with generalized audit software?A.An aging of accounts receivable.B.A schedule of inventory.C.A depreciation schedule.D.A computer operations manual.

24.Which of the following would be least likely to be considered a desirable attribute of a database management system?A.Data redundancy.B.Quick response to users' request for information.C.Control of users' identification numbers and passwords.D.Logging of terminal activity.

25.A problem for a CPA associated with advanced IT systems is that:A.The audit trail normally does not exist.B.The audit trail is sometimes generated only in machine readable form.C.The client's internal auditors may have been involved at the design stage.D.Tests of controls are not possible.

26.Which of the following testing techniques is more commonly used by internal auditors than by independent auditors?A.Integrated test facilities.B.Test data.C.Controlled programs.D.Tagging and tracing transactions.

27.General controls over IT systems are typically tested using:A.Generalized audit software.B.Observation, inspection, and inquiry.C.Program analysis techniques.D.Test data.

28.When conducting field work for a physical inventory, an auditor cannot perform which of the following steps using a generalized audit software package?A.Observing inventory.B.Selecting sample items of inventory.C.Analyzing data resulting from inventory.D.Recalculating balances in inventory reports.

29.Which of the following personnel is responsible for determining the computer processing needs of the various users?A.The application programmer.B.The computer operator.C.The systems analyst.D.The systems programmer.

30.Which of the following testing techniques minimizes the possibility that the auditors will contaminate a client's financial records?A.Test data.B.Integrated test facilities.C.Controlled programs.D.Tagging and tracing transactions.

31.Which of the following is not a distinctive characteristic of advanced IT systems?A.Data communication.B.Integrated database.C.Batch processing of transactions.D.Distributive data processing.

32.The best method of achieving internal control over advanced IT systems is through the use of:A.Batch controls.B.Controls written into the computer system.C.Equipment controls.D.Documentation controls.

33.Which of the following personnel is responsible for the proper functioning of the security features built into the operating system?A.The systems programmer.B.The application programmer.C.The computer operator.D.The telecommunications specialist.

34.Which of the following is not a data transmission control?A.Data encryption.B.Parity check.C.Message acknowledgment techniques.D.Distributed data processing.

35.Which of the following is not a programmed control?A.Private lines.B.Validity tests.C.Self-checking numbers.D.Limit tests.

36.A system in which the end user is responsible for the development and execution of the computer application that he or she uses is referred to as:A.Laptop computing.B.End-user computing.C.Distributed computing.D.Decentralized computing.

37.In a client/server environment, the "client" is most likely to be the:A.Supplier of the computer system.B.Computers of various users.C.Computer that contains the networks software and provides services to a server.D.Database administrator.

38.When designing the physical layout of a data processing center, which of the following would be least likely to be a necessary control that is considered?A.Design of controls to restrict access.B.Adequate physical layout space for the operating system.C.Inclusions of an adequate power supply system with surge protection.D.Consideration of risks related to other uses of electricity in the area.

39.A data warehouse is an example of:A.On-line analytical processing.B.On-line transaction processing.C.Essential information batch processing.D.Decentralized processing.

40.An example of an access control is a:A.Check digit.B.Password.C.Test facility.D.Read only memory.

41.End-user computing is most likely to occur on which of the following types of computers?A.Mainframe.B.Macrocomputers.C.Personal computers.D.Personal reference assistants.

42.Auditing through the computer is most likely to be used when:A.Input transactions are batched and system logic is straightforward.B.Processing primarily consists of sorting the input data and updating the master file sequentially.C.Processing is primarily on line and updating is real-time.D.Outputs are in hard copy form.

43.Which of the following computer system risks would be increased by the installation of a database system?A.Programming errors.B.Data entry errors.C.Improper data access.D.Loss of power.

44.Parallel simulation programs used by the auditors for testing programs:A.Must simulate all functions of the production computer-application system.B.Cannot be developed with the aid of generalized audit software.C.Can use live data or test data.D.Is generally restricted to data base environments.

45.Auditing by testing the input and output of a computer system instead of the computer program itself will:A.Not detect program errors which do not show up in the output sampled.B.Detect all program errors, regardless of the nature of the output.C.Provide the auditors with the same type of evidence.D.Not provide the auditors with the confidence in the results of the auditing procedures.

46.If a control total were to be computed on each of the following data

Which of the following employees normally would be assigned the operating responsibility for designing the information system?

Which of the following would not generally be considered a program control?

Which of the following personnel is responsible for the proper functioning of the security features built into the operating system?

Which of the following statements presents an example of a general control for a computerized system?