Accounting Information Systems The Processes And Control 2nd Edition By Leslie Turner – Test Bank A+

Description

NOTE: All new or adjusted questions are in red. New questions are identified by the letter A as part of the question number; adjusted questions are identified by the letter X as part of the question number.

End of Chapter Questions:

1. IT governance includes all but which of the following responsibilities?
2. Aligning IT strategy with the business strategy
3. Writing programming code for IT systems
4. Insisting that an IT control framework be adopted and implemented
5. Measuring IT’s performance

1. Which phase of the system development life cycle includes determining user needs of the IT system?
2. Systems planning
3. Systems analysis
4. Systems design
5. Systems implementation

1. Which of the following is not part of the system design phase of the SDLC?
2. Conceptual design
3. Evaluation and selection
4. Parallel operation
5. Detailed design

1. Which of the following feasibility aspects is an evaluation of whether the technology exists to meet the need identified in the proposed change to the IT system?
2. Technical feasibility
3. Operational feasibility
4. Economic feasibility
5. Schedule feasibility

1. The purpose of the feasibility study is to assist in
2. Selecting software
3. Designing internal controls
4. Designing reports for the IT system
5. Prioritizing IT requested changes

1. Within the systems analysis phase of the SDLC, which of the following data collection methods does not involve any feedback from users of the IT system?
2. Documentation review
3. Interviews using structured questions
4. Interviews using unstructured questions
5. Questionnaires

1. A request for proposal (RFP) is used during the
2. Phase-in period.
3. Purchase of software
4. Feasibility study
5. In-house design

1. Which of the following steps within the systems implementation phase could not occur concurrently with other steps, but would occur at the end?
2. Employee training
3. Data conversion
4. Software programming
5. Post-implementation review

1. Each of the following are methods for implementing a new application system except:
2. Direct cutover
3. Parallel
4. Pilot
5. Test

1. A retail store chain is developing a new integrated computer system for sales and inventories in its store locations. Which of the following implementation methods would involve the most risk?
2. Direct cutover
3. Phased-in implementation
4. Parallel running
5. Pilot testing

1. The use of the SDLC for IT system changes is important for several reasons. Which of the following is not part of the purposes of the SDLC processes?
2. As a part of strategic management of the organization
3. As part of the internal control structure of the organization
4. As part of the audit of an IT system
5. As partial fulfillment of management’s ethical obligations

1. Confidentiality of information is an ethical consideration for which of the following party or parties?
2. Management
3. Employees
4. Consultants
5. All of the above.

ANSWERS TO QUESTIONS 1 – 12 (FROM THE TEXTBOOK)

1. B 5. D 9. D
2. B 6. A 10. A
3. C 7. B 11. C
4. A 8. D 12. D

TEST BANK – CHAPTER 6 – MULTIPLE CHOICE

1. The process of determining the strategic vision for the organization, developing the long-term objectives, creating the strategies that will achieve the vision and objections, and implementing those strategies is referred to as
2. IT Governance
3. Strategic Governance
4. Strategic Management
5. IT Management

1. A structure of relationships and processes to direct and control the enterprise in order to achieve the enterprises’s goals by adding value while balancing risk versus return over IT and its processes is called:
2. IT Governance
3. Strategic Governance
4. Strategic Management
5. IT Management

1. To fulfill the management obligations that are an integral part of IT governance, management need not focus on:
2. Aligning IT strategy with the business strategy
3. Hiring an acceptable IT manager
4. Measuring IT’s performance
5. Insisting that an IT control framework be adopted and implemented

1. Which of the following is not one of the approaches used to achieve the management of an IT control framework?
2. Information Systems Audit and Control Association control objectives for IT
3. The International Organization for Standardization 17799, Code of Practice for Information Security Management
4. The Information Technology Infrastructure Library
5. Sarbanes-Oxley Act section on IT Controls

17X. A group of senior managers selected to oversee the strategic management of IT is called:

1. IT Strategic Committee
2. IT Governance Committee
3. Chief Information Officer (CIO)
4. IT Management

1. The formal process that many organizations use to select, design, and implement IT systems is the:
2. Systems Development Life Cycle
3. Control Objectives for IT
4. Practice for Security Management
5. Information Technology Development

1. The IT governance committee is made up of many different individuals within the organization. Which of the following would not be one of those individuals?
2. Chief Information Officer
3. Chief External Auditor
4. Chief Executive Officer
5. Top Managers from User Departments

1. The evaluation of long-term, strategic objectives and prioritization of the IT systems in order to assist the organizations in achieving its objectives is called:
2. Systems Planning
3. Systems Analysis
4. Systems Design
5. Systems Implementation

1. The phases of the SDLC include all of the following except:
2. Systems Planning
3. Systems Implementation
4. Systems Analysis
5. Systems Purchasing

1. This phase of SDLC involves the planning and continuing oversight of the design, implementation, and use of the IT systems.
2. Systems Analysis
3. Systems Implementation
4. Systems Planning
5. Systems Design

1. The study of the current system to determine the strengths and weaknesses and the user needs of that system is called:
2. Systems Analysis
3. Systems Design
4. Systems Planning
5. Systems Implementation

1. This phase of SDLC requires the collection of data about the system and the careful scrutiny of those data to determine areas of the system that can be improved.
2. Systems Planning
3. Systems Implementation
4. Systems Analysis
5. Systems Purchasing

1. The creation of the system that meets user needs and incorporates the improvements identified by the systems analysis phase is called:
2. Systems Planning
3. Systems Design
4. Systems Analysis
5. Operation and Maintenance

1. The set of steps undertaken to program, test, and activate the IT system as designed in the system design phase is called:
2. Systems Planning
3. Systems Implementation
4. Systems Design
5. Systems Analysis

1. The regular, ongoing, functioning of the IT system and the processes to fix smaller problems, or bugs, in the IT system is called:
2. Systems Analysis
3. Systems Planning
4. Operation and Maintenance
5. Systems Implementation

1. During this phase of the SDLC, management should request and receive ongoing reports about the performance of the IT system.
2. Operation and Maintenance
3. System Analysis
4. Systems Design
5. Systems Planning

1. The expanded SDLC presented in the textbook expands the processes within the system design phase. This is necessary because:
2. It necessary for most companies to create their own software.
3. The design phase needs to include the programming activities of self-created software.
4. There is usually more than one software or system type that will meet the needs of the organization.
5. Many organizations require a change in the type of operating system along with any changes in software.

1. The Evaluation and Selection cycle of the expanded SDLC would not include which of the following steps?
2. Design or buy the system selected.
3. Identify the alternative system approaches.
4. Evaluate the fit of each of the alternatives to company needs.
5. Implement the alternative selected.

1. The process of matching alternatives system models to the needs identified in the system analysis phase is called:
2. Conceptual Design
3. Systems Analysis
4. Systems Planning
5. Evaluation and Selection

1. The process of assessing the feasibility and fit of each of the alternative conceptual approaches and selecting the one that best meets the organization’s needs is termed:
2. Conceptual Design
3. Evaluation and Selection
4. Systems Analysis
5. Systems Implementation

1. The process of designing the outputs, inputs, user interfaces, databases, manual procedures, security and controls, and documentation of the new system is referred to as:
2. Conceptual Design
3. Software Selection
4. Systems Design
5. Detailed Design

1. When attempting to prioritize IT projects, the IT governance committee needs to consider:
2. The assessment of IT systems and their match to strategic organizational objectives.
3. The feasability of each of the requested modifications or upgrades.
4. Both of the above.
5. None of the above.

1. A company has stated that the main strategic objective is to improve the accounts payable function within the organization. There are limited resources for IT upgrades and modifications. The IT governance committee has received IT update requests from the public relations department, human services, and vendor satisfaction department. Given this information, which would be the likely be the first upgrade implemented?
2. Public relations would be first because it would include all areas of the business – vendors, employees, and customers.
3. Vendor satisfaction would be first because it would be most in line with the strategic objective of the company.
4. Human services would be the first because the employees are the ones who are most affected by changes in the IT departments.
5. It is not possible to make a decision without further information.

1. The need to match IT systems to organizational objectives emphasizes the for the IT governance committee to include top management as its members because:
2. These managers establish strategic objectives and are in the best position to assess the fit of the IT systems to those objectives.
3. These managers are in a position to allocate resources and or time to the projects.
4. Both of the above
5. None of the above

1. The realistic possibility of affording, implementing, and using the IT systems being considered is referred to as:
2. Feasibility
3. Rationality
4. Sequentiality
5. Ranking

1. The assessment of the realism of the possibility that technology exists to beet the need identified in the proposed change to the IT system is called:
2. Operational Feasibility
3. Economic Feasibility
4. Schedule Feasibility
5. Technical Feasibility

1. The assessment of the realism of the possibility that the current employees will be able to operate the proposed IT system is referred to as:
2. Operational Feasibility
3. Economic Feasibility
4. Schedule Feasibility
5. Technical Feasibility

1. The assessment of the costs and benefits associated with the proposed IT system is referred to as:
2. Operational Feasibility
3. Economic Feasibility
4. Schedule Feasibility
5. Technical Feasibility

1. The assessment of the realistic possibility that the proposed IT system can be implemented within a reasonable amount of time is called:
2. Operational Feasibility
3. Economic Feasibility
4. Schedule Feasibility
5. Technical Feasibility

1. Typical steps within the systems analysis phase of the SDLC would not include which of the following?
2. Preliminary Investigation
3. Survey of the Current System
4. Economic Feasibility
5. Determination of User Information Needs

1. The purpose of this step in the systems analysis phase is to determine whether the problem or deficiency in the current system really exists and to make a “go” or a “no-go” decision.
2. Survey of the Current System
3. Determination of User Information Needs
4. Business Process Reengineering
5. Preliminary Investigation

1. A detailed study of the current system to identify weaknesses to improve upon and strengths that should be maintained is referred to as:
2. Preliminary Investigation
3. System Survey
4. Process Reengineering
5. Determination of User Information Needs

1. Watching the steps that employees take as they process transactions in the system is referred to as:
2. Investigation
3. Interrogation
4. Observation
5. Interview

1. The detailed examination of documentation that exists about the system to gain an understanding of the system under study is called a(n):
2. Documentation Review
3. Systems Audit
4. System Survey
5. Records Observation

1. Face-to-face, verbal questioning of users of an IT system to determine facts or beliefs about the system are called:
2. Interrogation
3. User Review
4. Interviews
5. System Survey

1. This type of question is designed such that the format and range of the answer is known ahead of time.
2. Structured Question
3. Oral Question
4. Unstructured Question
5. Range Question

1. This type of question is completely op ended, and the respondent is free to answer in any way that he / she feels addresses the question.
2. Structured Question
3. Oral Question
4. Unstructured Question
5. Range Question

1. A written, rather than an oral, form or questioning of users to determine facts or beliefs about a system is referred to as a(n):
2. Interview
3. Questionnaire
4. Interrogation
5. System Survey

1. The purpose of this phase is to question the current approaches in the system and to think about better ways to carry out the steps and processes of the system.
2. Systems Analysis
3. Systems Survey
4. Analysis of Systems Survey
5. Preliminary Investigation

1. The fundamental rethinking and radical redesign of business processes to bring about dramatic improvements in performance is called:
2. Business Process Reengineering
3. Process Redesign
4. Business Analysis and Design
5. Business Process Design and Analysis

1. The many sets of activities within the organization performed to accomplish the functions necessary to continue the daily operations are referred to as:
2. Business Systems
3. Business Processes
4. Business Activities
5. Business Functions

1. The systems analysis report, which is sent to the IT governance committee, will inform the committee of all of the following, except:
2. The results of the systems survey
3. User needs determination
4. Detailed design
5. Recommendations regarding the continuation of the project

1. This document is sent to each software vendor offering a software package that meets the user and system needs and is sent to solicit proposals.
2. Requested Software Package
3. Request for Proposal
4. System Software Request
5. Software Vendor Needs

1. When a vendor returns a request for proposal, it will include all of the following, except:
2. Match of the system and user needs
3. Description of the software
4. The technical support it intends to provide
5. Prices for the software

1. After all of the RFPs have been received, either the IT governance committee or the project team will evaluate the proposals in order to select the best software package. Things that must be considered would include:
2. The match of the system and the user needs to the features of the software
3. Testimonials from other customers who use the software
4. Reputation and reliability of the vendor
5. All of the above

1. This phase of the systems design for in-house development of software involves the identifying the alternative approaches to systems that will beet the needs identified in the system analysis phase.
2. Request for proposal
3. Conceptual design
4. Systems concept
5. Systems analysis

1. The process of assessing the feasibility and fit of each of the alternative conceptual approaches and selecting the one that best fits the organization’s needs is called:
2. Conceptual Design
3. Systems Design
4. Evaluation and Selection
5. Systems Implementation

1. During this process, the project team must consider the number of employees, their capabilities and expertise, and any supporting systems necessary to operate each alternative design.
2. Operational feasibility
3. Technical feasibility
4. Economic feasibility
5. Schedule feasibility

1. The purpose of this analysis is to determine which of the alternative designs is the most cost effective.
2. Operational feasibility
3. Technical feasibility
4. Economic feasibility
5. Schedule feasibility

1. In this feasibility, the project team must estimate the total amount of time necessary to implement the each alternative design.
2. Operational feasibility
3. Technical feasibility
4. Economic feasibility
5. Schedule feasibility

62A1. Which of the following is NOT one of the approaches to cloud computing?

1. Software as a Service
2. Internet Clouds
3. Platform as a Service
4. Private Clouds

62A2. Considerations related to adopting or increasing cloud computing usage, include:

1. The customer support provided by the cloud vendor
2. The service level agreement with the cloud provider
3. The manner of monitoring the could service usage
4. All of the above

1. The purpose of this phase of systems design is to create the entire set of specifications necessary to build and implement the system.
2. Detailed design
3. Evaluation and selection
4. Operational design
5. Detailed analysis

1. In the detailed design stage of systems design it is necessary that the various parts of the system be designed. The parts of the system to be designed at this point would include all of the following, except:
2. Outputs
3. Inputs
4. Program Code
5. Data Storage

1. Reports and documents, such as income statements, aged accounts receivable reports, checks, and invoices are referred to as:
2. Outputs of the system
3. Data storage
4. Internal controls
5. Inputs of the system

1. The forms, documents, screens, or electronic means used to put data into the accounting system are called:
2. Outputs of the system
3. Data storage
4. Internal controls
5. Inputs of the system

1. Which of the following is not a method of data input?
2. Keying in data with a keyboard from data on a paper form
3. Electronic data interchange
4. Bar code scanning
5. Viewed on the screen

1. There are many different types of documentation necessary to operate and maintain an accounting system. These types of documentation include all of the following, except:
2. Flowcharts
3. Operator Manuals
4. Output Examples
5. Entity Relationship Diagrams

1. A system conversion method in which the old and the new systems are operated simultaneously for a short time.
2. Direct cutover conversion
3. Phase-in conversion
4. Pilot conversion
5. Parallel conversion

1. A system conversion method in which on a chose date the old system operation is terminated and all processing begins on the new system.
2. Direct cutover conversion
3. Phase-in conversion
4. Pilot conversion
5. Parallel conversion

1. A system conversion method in which the system is broken into modules, or parts, which are phased in incrementally and over a longer period.
2. Direct cutover conversion
3. Phase-in conversion
4. Pilot conversion
5. Parallel conversion

1. A system conversion method in which the system is operated in only one or a few sub-units of the organization.
2. Direct cutover conversion
3. Phase-in conversion
4. Pilot conversion
5. Parallel conversion

1. When the manager of the primary users of the system is satisfied with the system, an acceptance agreement will be signed , the enforce of which makes it much more likely that project teams will seek user input and that the project team will work hard to meet user needs.
2. System Conversion
3. Post-Implementation Acceptance
4. User Review
5. User Acceptance

1. A review of the feasibility assessments and other estimates made during the projects, the purpose of which is to help the organization learn from any mistakes that were made and help the company avoid those same errors in the future.
2. System Design Life Cycle
3. Post-Implementation Review
4. User Acceptance
5. System Conversion Review

1. During the operation of an IT system, it is necessary that regular reports are received by management to monitor the performance of the system. These reports would include all of the following, except:
2. IT Security and Number of Security Problems
3. IT Customer Satisfaction
4. Downtime of IT System
5. User Acceptance of the IT System

1. Which of the following is not a major purpose served by the continual and proper use of the IT governance committee and the SDLC?
2. The fulfillment of ethical obligations
3. The strategic management process of the organization
4. The conversion of the system
5. The internal control structure of the organization

1. The careful and responsible oversight and use by management of the assets entrusted to management is called:
2. IT Governance
3. Stewardship
4. Fiduciary Control
5. System Access
6. Employee Ethical considerations, related to IT governance, would include which of the following?
7. Maintain a set of processes and procedures that assure accurate and complete records.
8. Confidentiality for those who serve on the project teams.
9. Not to disclose proprietary information from the company to clients.
10. Carefully consider the impact of system changes and to be ethical in the manner it which the changes are processed.

1. When an organization hires consultants to assist with any phase or any phases of the SDLC, there are at least four ethical obligations. Which of the following is not one of those obligations?
2. Bid the engagement fairly, and completely disclose the terms of potential cost increases.
3. Bill time accurately to the client and do not inflate time billed.
4. Do not oversell unnecessary services or systems to the client.
5. Make an honest effort to participate, learn the new system processes, and properly use the new system.

1. Which of the following relationships would be allowed for a CPA firm?
2. Offering IT consulting services and completing the external audit.
3. Completing the external audit and maintaining the bookkeeping work.
4. Internal audit outsourcing and financial information systems design and implementation.
5. Providing fairness opinions and completing the external audit.

ANSWERS TO TEST BANK – CHAPTER 6 – MULTIPLE CHOICE:

1. C 27. C 41. C 55. B 69. D
2. A 28. A 42. C 56. A 70. A
3. B 29. C 43. D 57. D 71. B
4. D 30. D 44. B 58. B 72. C
5. B 31. A 45. C 59. C 73. D
6. A 32. B 46. A 60. A 74. B
7. B 33. D 47. C 61. C 75. D
8. A 34. C 48. A 62. D 76. C
9. D 35. B 49. C 63. A 77. B
10. C 36. C 50. B 64. C 78. B
11. A 37. A 51. C 65. A 79. D
12. C 38. D 52. A 66. D 80. C
13. B 39. A 53. B 67. D
14. B 40. B 54. C 68. C

ANSWERS TO TEST BANK – CHAPTER 6 – NEW MULTIPLE CHOICE

62A1. B

62A2. D

TEST BANK – CHAPTER 6 – TRUE / FALSE

1. IT governance is an issue for executives and top management. Lower level managers and the board of directors are outsiders in the process.

FALSE

1. In order to meets it obligation of corporate governance, the board of directors must oversee IT.

TRUE

1. In order to match company strategy to IT systems, the company needs to have an IT governance committee and a formal process to select, design, and implement IT systems.

TRUE

1. Either the IT governance or the system development life cycle are necessary in the strategic management of IT systems.

FALSE

1. Once the system development life cycle has determined the priority it places on IT systems, the IT governance committee will manage the development, implementation, and use of the systems.

FALSE

1. The IT governance committee should constantly assess the long-term strategy of the company and determine the type of IT systems to purchase, develop and use.

TRUE

1. The systems development life cycle is responsible for the oversight and management of the IT governance committee.

FALSE

1. Accounting software was often not available in the early days of computers which required that the organization would develop, program, and implement their in-house accounting software.

TRUE

1. Once the systems development life cycle (SDLC) is complete, it is not necessary to restart the cycle unless something is brought to the attention of the IT governance committee to indicate that another cycle is required.

FALSE

1. It is likely that the IT governance committee will go back through the phases of the SDLC to design new and improved IT systems.

TRUE

1. In the modern IT environment, it is necessary for an organization to follow each of the steps in the SDLC in the order presented.

FALSE

1. The exact steps in the SDLC and/or their sequence are not as important as is the need to formalize and conduct those steps completely and consistently.

TRUE

1. The IT governance committee will be constantly monitoring the IT system to look for fraud and system abuse.

FALSE

1. If the operational feasibility determines that the operation will require new training of employees, then the proposed upgrade or modification should be rejected.

FALSE

1. The economic feasibility study would answer the question about whether the benefits of the proposed IT system outweigh the costs.

TRUE

1. When the IT governance committee uses both the strategic match and the feasibility study, they will be better able to prioritize proposed changes to the IT systems.

TRUE

1. When the IT governance committee has made the decision as to which IT upgrades and/or modifications are to made, their job is complete.

FALSE

1. Data collection in the system survey step of systems analysis involves documentation review only.

FALSE

1. The purpose of observation in the system survey is to enable the project team to gain an understanding of the processing steps within the system.

TRUE

1. During a documentation review, the team would examine only relevant documentation of the proposed upgrade or modification.

FALSE

1. In order to gain a complete understanding of the system under study, the project team should seek the opinions and thoughts of those who use the system in addition to observation and documentation review.

TRUE

1. The face-to-face nature of an interview is advantageous due to the fact that the interviewer can clear up any misunderstandings as they occur and can follow up with more questions, depending on the response of the interviewee.

TRUE

1. One advantage of the interview process is efficiency.

FALSE

1. One advantage to the use of questionnaires is that they an be answered anonymously, which allows the respondent to be more truthful without fear of negative consequences.

TRUE

1. The determination of user requirements is often discovered through the use of observation and documentation review.

FALSE

1. The analysis phase is the critical-thinking stage of systems analysis.

TRUE

1. IT and business process reengineering have mutually enhancing relationships. The business processes should be supported by the IT capabilities.

TRUE

1. Business process reengineering takes place at the systems design stage of the SDLC.

FALSE

1. The last step of the systems analysis phase is to prepare a systems analysis report that will be delivered to the IT governance committee.

TRUE

1. The steps within the design phase of the SDLC is the same, whether the organization intends to purchase software or to design the software in-house.

FALSE

1. In general, purchased software is more costly but more reliable than software designed in-house.

FALSE

1. While it is not necessary to hire a consulting firm, many organizations find that the special expertise of consulting firms is most beneficial in the design and implementation of accounting system software.

TRUE

1. When in the systems design phase and creating an in-house accounting software, the feasibility aspect is the same as in the systems planning stage.

FALSE

1. In general, designs that require more complex technology have a higher feasibility than designs with less complex technology.

FALSE

1. When a company is revising systems, there are intangible benefits that are difficult to estimate in dollars. These intangible benefits should be included in the project team’s report.

TRUE

115A1. The incorporation of cloud computing requires a careful, controlled approach to system design related to the costs and benefits. Other issues are not important.

FALSE

115A2. Cloud computing results in greater availability, but also requires greater security and processing integrity.

TRUE

115A3. The cost of cloud computing is normally related to a period of time, and not to the use of the service.

FALSE

1. Because the users of reports need the reports on an ongoing basis as part of their jobs, it is critical to have user feedback in the design of the details of the output reports.

TRUE

1. In general, the manual input method is less error prone that the electronic methods.

FALSE

1. In the detailed design phase, all of the individual steps within a process must be identified and designed.

TRUE

1. The internal controls within a system must be designed in the implementation stage.

FALSE

1. It would not be necessary for the programming staff to have interaction with the accounting staff during the systems implementation process, as all systems design was previously completed.

FALSE

1. Software should never be implemented before it is tested.

TRUE

1. It is essential that accountants oversee the data conversion from the old system to the new system to make sure that all accounting data is completely and correctly converted.

TRUE

123X. The file or database storage for the new accounting system may is always be different from the old system.

FALSE

1. The longest and most costly part of the SDLC is the operation and maintenance.

TRUE

1. During the operation phase of the IT system, it is necessary that management receive regular reports that will enable management to determine whether IT is aligned with business strategy and meeting the objectives of the IT system.

TRUE

1. Once the SDLC has identified which types of IT systems are appropriate for the company, the IT governance committee becomes the mechanism to properly manage the development, acquisition, and implementation of the IT system.

FALSE

1. Each organization may approach IT governance in a different manner, but each organization should establish procedures for IT governance.

TRUE

1. The AICPA Trust Principles failed to include any reference to the internal control structure of the IT systems.

FALSE

1. Diligent adherence to the SDLC process, by management, is part of fulfilling its ethical obligations of stewardship and fraud prevention.

TRUE

1. As the result of the passage of the Sarbanes-Oxley Act, CPA firms have unlimited ability to provide non-audit services to their audit clients.

FALSE

ANSWERS TO TEST BANK – CHAPTER 6 – TRUE / FALSE:

1. F 91. F 101. T 111. F 121. T
2. T 92. T 102. T 112. T 122. T
3. T 93. F 103. F 113. F 123. F
4. F 94. F 104. T 114. F 124. T
5. F 95. T 105. F 115. T 125. T
6. T 96. T 106. T 116. T 126. F
7. F 97. F 107. T 117. F 127. T
8. T 98. F 108. F 118. T 128. F
9. F 99. T 109. T 119. F 129. T
10. T 100. F 110. F 120. F 130. F

ANSWERS TO TEST BANK – CHAPTER 6 – NEW TRUE/FALSE

115A1. F

115A2. T

115A3. F

ACCOUNTING INFORMATION SYSTEMS/2e

TURNER / WEICKGENANNT

Test Bank: CHAPTER 7: Auditing Information Technology – Bases Processes

NOTE: All new or adjusted questions are in red. New questions are identified by the letter A as part of the question number; adjusted questions are identified by the letter X as part of the question number.

End of Chapter Questions:

1. Which of the following types of audits is most likely to be conducted for the purpose of identifying areas for cost savings?
2. Financial Statement Audits
3. Operational Audits
4. Regulatory Audits
5. Compliance Audits

1. Financial statement audits are required to be performed by:
2. Governmental Auditors
3. CPAs
4. Internal Auditors
5. IT Auditors

1. Which of the following is not considered a cause for information risk?
2. Management’s geographic location is far from the source of the information needed to make effective decisions.
3. The information is collected and prepared by persons who use the information for very different purposes.
4. The information relates to business activities that are not well understood by those who collect and summarize the information for decision makers.
5. The information has been tested by internal auditors and a CPA firm.

1. Which of the following is not a part of general accepted auditing standards?
2. General Standards
3. Standards of Fieldwork
4. Standards of Information Systems
5. Standards of Reporting

5X. Which of the following best describes what is meant by the term “generally accepted auditing standards”?

1. Procedures used to gather evidence to support the accuracy of a client’s financial statements.
2. Measures of the quality of an auditor’s conduct carrying out professional responsibilities.
3. Professional pronouncements issued by the Auditing Standards Board.
4. Rules acknowledged by the accounting profession because of their widespread application.

6X. In an audit of financial statement in accordance with generally accepted auditing standards, an auditor is required to:

1. Document the auditor’s understanding of the client company’s internal controls.
2. Search for weaknesses in the operation of the client company’s internal controls.
3. Perform tests of controls to evaluate the effectiveness of the client company’s internal controls.
4. Determine wether controls are appropriately operating to prevent or detect material misstatements.

7X. Auditors should develop a written audit program so that:

1. All material transactions will be included in substantive testing.
2. Substantive testing performed prior to year end will be minimized.
3. The procedures will achieve specific audit objectives related to specific management assertions.
4. Each account balance will be tested under either a substantive test or a test of controls.

1. Which of the following audit objectives relates to the management assertion of existence?
2. A transaction is recorded in the proper period.
3. A transaction actually occurred (i.e., it is real)
4. A transaction is properly presented in the financial statements.
5. A transaction is supported by detailed evidence.

9X. Which of the following statements regarding an audit program is true?

1. An audit program should be standardized so that it may be used on any client engagement.
2. The audit program should be completed by the client company before the aud planning stage begins.
3. An audit program should be developed by the internal auditor during the audit’s completion/reporting phase.
4. An audit program establishes responsibility for each audit test by requiring the signature or initials of the auditor who performed the test.

10X. Risk assessment is a process designed to:

1. Identify possible circumstances and events that may effect the business.
2. Establish policies and procedures to carry out internal controls.
3. Identify and capture information in a timely manner.
4. Review the quality of internal controls throughout the year.

1. Which of the following audit procedures is most likely to be performed during the planning phase of the audit?
2. Obtain an understanding of the client’s risk assessment process.
3. Identify specific internal control activities that are designed to prevent fraud.
4. Evaluate the reasonableness of the client’s accounting estimates.
5. Test the timely cutoff of cash payments and collections.

1. Which of the following is the most significant disadvantage of auditing around the computer rather than through the computer?
2. The time involved in testing processing controls is significant.
3. The cost involved in testing processing controls is significant.
4. A portion of the audit trail is not tested.
5. The technical expertise required to test processing controls is extensive.

1. The primary objective of compliance testing in a financial statement audit is to determine whether:
2. Procedures have been updated regularly.
3. Financial statement amounts are accurately stated.
4. Internal controls are functioning as designed.
5. Collusion is taking place.

1. Which of the following computer assisted auditing techniques processes actual client input data (or a copy of the real data) on a controlled program under the auditor’s control to periodically test controls in the client’s computer system?
2. Test data method
3. Embedded audit module
4. Integrated test facility
5. Parallel simulation

1. Which of the following computer assisted auditing techniques allows fictitious and real transactions to be processed together without client personnel being aware of the testing process?
2. Test data method
3. Embedded audit module
4. Integrated test facility
5. Parallel simulation

1. Which of the following is a general control to test for external access to a client’s computerized systems?
2. Penetration tests
3. Hash totals
4. Field checks
5. Program tracing

1. Suppose that during the planning phase of an audit, the auditor determines that weaknesses exist in the client’s computerized systems. These weaknesses make the client company susceptible to the risk of an unauthorized break-in. Which type of audit procedures should be emphasized in the remaining phases of this audit?
2. Tests of controls
3. Penetration tests
4. Substantive tests
5. Rounding errors tests

1. Generalized audit software can be used to:
2. Examine the consistency of data maintained on computer files.
3. Perform audit tests of multiple computer files concurrently.
4. Verify the processing logic of operating system software.
5. Process test data against master files that contain both real and fictitious data.

1. Independent auditors are generally actively involved in each of the following tasks except:
2. Preparation of a client’s financial statements and accompanying notes.
3. Advising client management as to the applicability of a new accounting standard.
4. Proposing adjustments to a client’s financial statements.
5. Advising client management about the presentation of the financial statements.

20X. Which of the following is most likely to be an attribute unique to the financial statement audit work of CPAs, compared with work performed by attorneys or practitioners of other business professions?

1. Due professional care
2. Competence
3. Independence
4. A complex underlying body of professional knowledge

21X. Which of the following terms in not associated with a financial statement auditor’s requirement to maintain independence?

1. Objectivity
2. Neutrality
3. Professional Skepticism
4. Competence

ANSWERS TO QUESTIONS 1 – 21 (FROM THE TEXTBOOK)

1. B 7. C 13. C 19. A
2. B 8. B 14. D 20. C
3. D 9. D 15. C 21. D
4. C 10. A 16. A
5. B 11. A 17. C
6. A 12. C 18. A

TEST BANK – CHAPTER 7 – MULTIPLE CHOICE

1. Accounting services that improve the quality of information provided to the decision maker, an audit being the most common type of this service, is called:
2. Compliance Services
3. Assurance Services
4. Substantive Services
5. Operational Services

1. A type of assurance services that involves accumulating and analyzing support for the information provided by management is called an:
2. Audit
3. Investigation
4. Financial Statement Examination
5. Control Test

1. The main purpose of an audit is to assure users of the financial information about the:
2. Effectiveness of the internal controls of the company.
3. Selection of the proper GAAP when preparing financial statements.
4. Proper application of GAAS during the examination.
5. Accuracy and completeness of the information.

1. Which of the following is not one of the three primary types of audits?
2. Compliance Audits
3. Financial Statement Audits
4. IT Audits
5. Operational Audits

26X. This type of audit is completed in order to determine whether a company has adhered to the regulations and policies established by contractual agreements, governmental agencies, or some other high authority.

1. Compliance Audit
2. Operational Audit
3. Information Audit
4. Financial Statement Audit

1. This type of audit is completed to assess the operating policies and procedures of a client for efficiency and effectiveness.
2. Efficiency Audit
3. Effectiveness Audit
4. Compliance Audit
5. Operational Audit

28X. This type of audit is completed to determine whether or not the client has prepared and presented its financial statements fairly, in accordance with established financial accounting criteria.

1. GAAP Audit
2. Financial Statement Audit
3. Compliance Audit
4. Fair Application Audit

1. This type of auditor is an employee of the company he / she audits.
2. IT Auditor
3. Government Auditor
4. Certified Public Accountant
5. Internal Auditor

30X. This type of auditor specializes in the information systems assurance, control, and security. They may work for CPA firms, government agencies, or with the internal audit group.

1. IT Auditor
2. Government Auditor
3. Certified Public Accountant
4. Internal Auditor

1. This type of auditor conducts audits of government agencies or income tax returns.
2. IT Auditor
3. Government Auditor
4. Certified Public Accountant
5. Internal Auditor

1. This type of audit is performed by independent auditors who are objective and neutral with respect to the company and the information being audited.
2. Compliance Audit
3. Operational Audit
4. Internal Audit
5. External Audit

1. The independence of a CPA could be impaired by:
2. Having no knowledge of the company or the company management
3. By owning stock of a similar company
4. Having the ability to influence the client’s decisions
5. Being married to a stockbroker

1. The IT environment plays a key role in how auditors conduct their work in all but which of the following areas:
2. Consideration of Risk
3. Consideration of Information Fairness
4. Design and Performance of Audit Tests
5. Audit Procedures Used

1. The chance that information used by decision makers may be inaccurate is referred to as:
2. Sample Risk
3. Data Risk
4. Audit Trail Risk
5. Information Risk

1. Which of the following is not one of the identified causes of information risk?
2. Audited information
3. Remote information
4. Complexity of data
5. Preparer motive

1. The main reasons that it is necessary to study information-based processing and the related audit function include:
2. Information users often do not have the time or ability to verify information themselves.
3. It may be difficult for decision makers to verify information contained in a computerized accounting system.
4. Both of the above.
5. Neither of the above.

1. The existence of IT-based business processes often result in details of transactions being entered directly into the computer system, results in a lack of physical evidence to visibly view. This situation is referred to as:
2. Physical Evidence Risk
3. Loss of Audit Trail Visibility
4. Transaction Summary Chart
5. Lack of Evidence View

1. The existence of IT-based business processes, that result in the details of the transactions being entered directly into the computer system, increases the likelihood of the loss or alternation of data due to all of the following, except:
2. System Failure
3. Database Destruction
4. Programmer Incompetence
5. Environmental Damage

1. The advantages of using IT-based accounting systems, where the details of transactions are entered directly into the computer include:
2. Computer controls can compensate for the lack of manual controls
3. Loss of audit trail view
4. Increased internal controls risks
5. Fewer opportunities to authorize and review transactions

1. The ten standards that provide broad guidelines for an auditor’s professional responsibilities are referred to as:
2. Generally accepted accounting standards
3. General accounting and auditing practices
4. Generally accepted auditing practices
5. Generally accepted auditing standards

1. The generally accepted auditing standards are divided into three groups. Which of the following is not one of those groups?
2. General Standards
3. Basic Standards
4. Standards of Fieldwork
5. Standards of Reporting

43X. GAAS, generally accepted auditing standards, provide a general framework for conducting quality audits, but the specific standards – or detailed guidance – are provided by all of the following groups, except:

1. Public Company Accounting Oversight Board
2. Auditing Standards Board
3. Certified Fraud Examiners
4. International Auditing and Assurance Standards Board

1. This organization, established by the Sarbanes-Oxley Act, was organized in 2003 for the purpose of establishing auditing standards for public companies.
2. Auditing Standards Board
3. Public Company Accounting Oversight Board
4. International Audit Practices Committee
5. Information Systems Audit and Control Association

1. This organization is part of the AICPA and was the group responsible for issuing Statements on Auditing Standards which were historically widely used in practice.
2. Auditing Standards Board
3. Public Company Accounting Oversight Board
4. International Audit Practices Committee
5. Information Systems Audit and Control Association

46X. This organization was established by the IFAC to set International Standards on Auditing (ISAs) that contribute to the uniform application of auditing practices on a worldwide basis.

1. International Systems Audit and Control Association
2. Auditing Standards Board
3. Public Company Accounting Oversight Board
4. International Auditing and Assurance Standards Board (IAASB)

1. This organization issues guidelines for conducting the IT audit. The standards issued address practices related to control and security of the IT system.
2. Auditing Standards Board
3. Public Company Accounting Oversight Board
4. International Audit Practices Committee
5. Information Systems Audit and Control Association

1. The audit is to be performed by a person or persons having adequate technical training and proficiency as an auditor. This is one of the generally accepted auditing standards that is part of the:
2. General Standards
3. Operating Standards
4. Fieldwork Standards
5. Reporting Standards

1. Independence in mental attitude is to be maintained in all matters related to the audit engagement. This is one of the generally accepted auditing standards that is part of the:
2. General Standards
3. Operating Standards
4. Fieldwork Standards
5. Reporting Standards

1. The general guidelines, known as the generally accepted auditing standards, which include the concepts of adequate planning and supervision, internal control, and evidence relate to the:
2. General Standards
3. Operating Standards
4. Fieldwork Standards
5. Reporting Standards

51X. The general guidelines, known as the generally accepted auditing standards, which include the concepts of presentation in accordance with the established criteria, the consistent application of established principles, adequate disclosure, and the expression of an opinion, relate to the:

1. General Standards
2. Operating Standards
3. Fieldwork Standards
4. Reporting Standards

52X. Although there are a number of organizations that provide detailed guidance, it is still necessary for auditors to rely on other direction regarding the types of audit tests to use and the manner in which the conclusions are drawn. These sources of information include:

1. Industry Guidelines
2. PCAOB
3. ASB
4. ASACA

53X. Claims regarding the condition of the business organization and in terms of its operations, financial results, and compliance with laws and regulations, are referred to as:

1. Financial Statements
2. Management Assertions
3. External Audit
4. Presentation and Disclosure

1. Audit tests developed for an audit client are documented in a(n):
2. Audit Program
3. Audit Objective
4. Management Assertion
5. General Objectives

55X. The management assertion related to valuation of transactions and account balances would include all of the following, except:

1. Accurate in terms of dollar amounts and quantities
2. Supported by detailed evidence
3. Real
4. Correctly summarized

1. There are four primary phases of the IT audit. Which of the following is not one of those phases.
2. Planning
3. Evidence Audit
4. Tests of Controls
5. Substantive Tests

57X. The proof of the fairness of the financial information is:

1. Tests of Controls
2. Substantive Tests
3. Audit Completion
4. Audit Evidence

58X. Techniques used for gathering evidence include all of the following, except:

1. Physical examination of assets or supporting documentation
2. Observing activities
3. Adequate planning and supervision
4. Analyzing financial relationships

1. During this phase of the audit, the auditor must gain a thorough understanding of the client’s business and financial reporting systems. When completing this phase, the auditors review and assess the risks and controls related to the business.
2. Tests of Controls
3. Substantive Tests
4. Audit Completion / Reporting
5. Audit Planning

1. During the planning phase of the audit, auditors estimate the monetary amounts that are large enough to make a difference in decision making. This amount is referred to as:
2. Risk
3. Materiality
4. Substantive
5. Sampling

1. The likelihood that errors or fraud may occur is referred to as:
2. Risk
3. Materiality
4. Control Tests
5. Sampling

1. A large part of the work performed by an auditor in the audit planning process is the gathering of evidence about the company’s internal controls. This can be completed in any of the following ways, except:
2. Interviewing key members of the accounting and IT staff.
3. Observing policies and procedures
4. Review IT user manuals and systems
5. Preparing memos to summarize their findings

1. The Accounting Standards Board issued the following SAS in recognition of the fact that accounting records and files often exist in electronic form. The statement was issued in 2001 to expand the historical concept of audit evidence to include electronic evidence.
2. SAS 82
3. SAS 86
4. SAS 94
5. SAS 101

64X. Auditing standards address the importance of understanding both the automated and manual procedures that make up an organization’s internal controls and consider how misstatements may occur, including all of the following, except:

1. How transactions are entered into the computer
2. How financial statement are printed from the computer
3. How nonstandard journal entries and adjusting entries are initiated, recorded, and processed.
4. How standard journal entries are initiated, recorded, and processed.

65X. IT auditors may need to be called in to:

1. Consider the effects of computer processing on the audit.
2. To assist in testing the automated processes.
3. Both of the above.
4. None of the above.

1. Many companies design their IT system so that all documents and reports can be retrieved from the system in readable form. Auditors can then compare the documents used to input the data into the system with reports generated from the system, without gaining any extensive knowledge of the computer system and does not require the evaluation fo computer controls. This process is referred to as:
2. Auditing through the system
3. Auditing around the system
4. Computer assisted audit techniques
5. Auditing with the computer

1. This approach, referred to as the whitebox approach, requires auditors to evaluate IT controls and processing so that they can determine whether the information generated from the system is reliable.
2. Auditing through the system
3. Auditing around the system
4. Computer assisted audit techniques
5. Auditing with the computer

68X. The IT auditing approach referred to as “Auditing through the system” is necessary under which of the following conditions?

1. Supporting documents are available in both electronic and paper form.
2. The auditor does not require evaluation of computer controls.
3. The auditor wants to test computer controls as a basis for evaluating risk and reducing the amount of substantive audit testing required.
4. The use of the IT system has a low impact on the conduct of the audit.

1. Audit procedures designed to evaluate both general controls and application controls are referred to as:
2. Substantive Tests
3. Audit Planning
4. IT Auditing
5. Test of Controls

1. The automated controls that affect all computer applications are referred to as:
2. General Controls
3. Specific Controls
4. Input Controls
5. Application Controls

1. The two broad categories of general controls that relate to IT systems include which of the following:
2. IT systems documentation
3. IT administration and the related operating systems development and maintenance processes
4. Authenticity table
5. Computer security and virus protection

1. Related audit tests to review the existence and communication of company policies regarding important aspects of IT administrative control include all of the following, except:
2. Personal accountability and segregation of incompatible responsibilities
3. Job description and clear lines of authority
4. Prevention of unauthorized access
5. IT systems documentation

1. Controls meant to prevent the destruction of information as the result of unauthorized access to the IT system are referred to as:
2. IT administration
3. System controls
4. Information administration
5. Security controls

73A1. These risks tend to escalate as companies embrace newer technologies and allow sensitive data to be shared via smar devices, web and mobile applications, and social networks.

1. Input Risks
2. Authenticity Risks
3. Access Risks
4. Security Risks

73A2. Destruction of information may occur as a result of:

1. Natural disasters
2. Accidents
3. Environmental conditions
4. All of the above

74X. Auditors should perform this type of test to determine the valid use of the company’s computer system, according to the authority tables.

1. Authenticity tests
2. Penetration tests
3. Vulnerability assessments
4. IT systems documentation

75X. These tests of the security controls involve various methods of entering the company’s system to determine whether controls are working as intended.

1. Authenticity tests
2. Penetration tests
3. Vulnerability assessments
4. IT systems documentation

76X. These tests of security controls analyze a company’s control environment for possible weaknesses. Special software programs are available to help auditors identify weak points in their a company’s security measures.

1. Authenticity tests
2. Penetration tests
3. Vulnerability assessments
4. IT systems documentation

1. One of the most effective ways a client can protect its computer system is to place physical controls in the computer center. Physical controls include all of the following, except:
2. Proper temperature control
3. Locks
4. Security guards
5. Cameras

78X. One of the most effective ways a client can protect its computer system is to place environmental controls in the computer center. Environmental controls include:

1. Card keys
2. Emergency power supply
3. Alarms
4. Security guards

79X. This type of application control is performed to verify the correctness of information entered into software programs. Auditors are concerned about whether errors are being prevented and detected during this stage of data processing.

1. Security controls
2. Processing controls
3. Input controls
4. Output controls

1. IT audit procedures typically include a combination of data accuracy tests where the data processed by computer applications are reviewed for correct dollar amounts or other numerical values. These procedures are referred to as:
2. Security controls
3. Processing controls
4. Input controls
5. Output controls

1. This type of processing control test involves a comparison of different items that are expected to have the same values, such s comparing two batches or comparing actual data against a predetermined control total.
2. Validation Checks
3. Batch Totals
4. Run-to-Run Totals
5. Balancing Tests

81A1. This law, also known as the first-digit law, was named after a physicist who discovered a specific, but non-uniform pattern in the frequency of digits occurring as the first number in a list of numbers:

1. Number-up Law
2. Benford’s Law
3. Adams’ Digit Law
4. Jackson First Digit Law

81A2. Frank Benford found that the number one is likely to be the leading digit, the first digit, approximately:

1. One-third of the time
2. One-fourth of the time
3. One-fifth of the time
4. One-sixth of the time

82X. This is one of the computer-assisted audit techniques, related to processing controls, that involves processing company data through a controlled program designed to resemble the company’s application. This test is run to find out whether the same results are achieved under different systems.

1. Integrated Test Facility
2. Embedded Audit Module
3. Parallel Simulation
4. Test Data Method

1. Regardless of whether the results are printed or retained electronically, auditors may perform all of the following procedures to test application outputs, except:
2. Integrated Tests
3. Reasonableness Tests
4. Audit Trail Tests
5. Rounding Errors Tests

83A1. A detailed report assessing the correctness of an account balance or transaction record that is consistent with supporting documentation and the company’s policies and procedures, is termed a(n):

1. Integrated test
2. Compliance test
3. Simulation
4. Reconciliation

1. The auditor’s test of the accuracy of monetary amounts of transactions and account balances is known as:
2. Testing of controls
3. Substantive tests
4. Compliance tests
5. Application tests

85X. A process of constant evidence gathering and analysis to provide assurance on the information as soon as it occurs, or shortly thereafter, is referred to as:

1. Real-time auditing
2. Virtual auditing
3. E-auditing
4. Continuous auditing

1. This phase of auditing occurs when the auditors evaluate all the evidence that has been accumulated and makes a conclusion based on that evidence.
2. Tests of Controls
3. Audit Planning
4. Audit Completion / Reporting
5. Substantive Testing

1. This piece of audit evidence is often considered to be the most important because it is a signed acknowledgment of management’s responsibility for the fair presentation of the financial statements and a declaration that they have provided complete and accurate information to the auditors during all phases of the audit.
2. Letter of Representation
3. Audit Report
4. Encounter Statement
5. Auditors Contract

1. Which of the following is a proper description of an auditor report?
2. Unqualified opinion – identifies certain exceptions to the clean opinion.
3. Adverse opinion – notes that there are material misstatements presented.
4. Qualified opinion – states that the auditors believe the financial statements are fairly and consistently presented in accordance with GAAP.
5. Unqualified opinion – states that the auditors were not able to reach a conclusion.

1. When PCs are used for accounting instead of mainframes or client-server system, they face a greater risk of loss due to which of the following:
2. Authorized access
3. Segregation of duties
4. Lack of backup control
5. All of the above

90X. When companies rely on external, independent computer service centers to handle all or part of their IT needs it is referred to as:

1. External Processing
2. WAN Processing
3. Database Management System
4. IT Outsourcing

90A1. When a company uses cloud computing, the auditor needs to thoroughly understand the underlying technologies and related risks and controls. When evaluating the security risk in a cloud computing environment, the auditor needs to consider all of the following, except:

1. What damage would result if an unauthorized user accessed the company’s data?
2. How does the cloud service provider segregate information between clients?
3. How and when are data encrypted?
4. How does the cloud service provider handle internal security?

90A2. When a company uses cloud computing, the auditor needs to thoroughly understand the underlying technologies and related risks and controls. When evaluating the availability risk is a cloud computing environment, the auditor needs to consider all which of the following?

1. How and when are data encrypted?
2. How does the cloud service provider handle internal security?
3. What disaster recovery and business continuity plans are in place?
4. What damage would result if an unauthorized user accessed the company’s data?

90A3. Which of the following properly describes the listed SOC Report?

1. SOC 1 Type 1 Report – Considers controls over compliance and operations
2. SOC 1 Type II Report – Contains management’s assessment on the operating design of internal controls
3. SOC 2 Report – Includes an evaluation of the operating effectiveness of internal controls
4. SOC 1 Report – Addresses internal controls over financial reporting.

1. Because it is not possible to test all transactions and balances, auditors rely on this to choose and test a limited number of items and transactions and then make conclusions about the balance as a whole.
2. Sampling
3. Materiality
4. Compliance
5. Substance

92X. All types of auditors must follow guidelines promoting ethical conduct. For financial statement auditors, the PCAOB/AICPA has established a Code of Professional Conduct, commonly called the Code of Ethics, which consists of two sections. Which of the following correctly states the two sections?

1. Integrity and responsibility
2. Principles and rules
3. Objectivity and independence
4. Scope and nature

93X. The rule in thePCAOB/AICPA Code of Professional Conduct that is referred to as Responsibilities, can be stated as:

1. CPAs should act in a way that will serve the public interest, honor the public trust, and demonstrate commitment to professionalism.
2. To maintain and broaden public confidence, CPAs should perform their professional duties with the highest sense of integrity.
3. In carrying out their professional duties, CPAs should exercise sensitive professional and moral judgments in all their activities.
4. CPAs in public practice should observe the principles of the Code of Professional Conduct in determining the scope and nature of services to be provided.

1. This concept means that the auditors should not automatically assume that their clients are honest, but that they (the auditors) must have a questioning mind and a persistent approach to evaluating evidence for possible misstatements.
2. Independence
3. Integrity
4. Due Care
5. Professional Skepticism

ANSWERS TO TEST BANK – CHAPTER 7 – MULTIPLE CHOICE:

1. B 37. C 52. A 67. A 82. C
2. A 38. B 53. B 68. C 83. A
3. D 39. C 54. A 69. D 84. B
4. C 40. A 55. C 70. A 85. D
5. A 41. D 56. B 71. B 86. C
6. D 42. B 57. D 72. C 87. A
7. B 43. C 58. C 73. D 88. B
8. D 44. B 59. D 74. A 89. C
9. A 45. A 60. B 75. B 90. D
10. B 46. D 61. A 76. C 91. A
11. D 47. D 62. D 77. A 92. B
12. C 48. A 63. C 78. B 93. C
13. B 49. A 64. B 79. C 94. D
14. D 50. C 65. C 80. B
15. A 51. D 66. B 81. D

TEST BANK – CHAPTER 7 – TRUE / FALSE

1. All users of financial data – business managers, investors, creditors, and government agencies – have an enormous amount of data to use to make decisions. Due to the use of IT systems, it is easy to verify the accuracy and completeness of the information.

FALSE

1. In order to properly carry out an audit, accountants collect and evaluate proof of procedures, transactions, and / or account balances, and compare the information with established criteria.

TRUE

1. The only person who can perform a financial statement audit of a publicly traded company is a government auditor who has extensive knowledge of generally accepted accounting principles.

FALSE

1. Any professionally trained accountant is able to perform an operational audit.

TRUE

1. An important requirement for CPA firms is that they must be personally involved with the management of the firm that is being audited.

FALSE

1. The most common type of audit service is the operating audit performed by internal auditors.

FALSE

1. All types of auditors should have knowledge abut technology-based systems so that they can properly audit IT systems.

TRUE

1. A financial statement audit is part of the IT audit.

FALSE

1. Auditors do not need to be experts on the intricacies of computer systems but they do need to understand the impact of IT on their clients’ accounting systems and internal controls.

TRUE

103A1. An internal auditor is not allowed to assist in the performance of a financial statement audit.

FALSE

104X. A financial statement audit is conducted in order for an opinion to be expressed on the fair presentation of financial statements. This goal is affected by the presence or absence of IT accounting systems.

FALSE

104A1. Information risk is the chance that information used by decision makers may be inaccurate.

TRUE

104A2. As a business grows, the volume and complexity of its transactions increase. At the same timed, there is a decrease in the chance that misstated information may exist undetected.

FALSE

1. The remoteness of information, one of the causes of information risk, can relate to geographic distance or organizational layers.

TRUE

1. The most common method for decision makers to reduce information risk is to rely on information that has been audited by an independent party.

TRUE

1. Auditors have the primary responsibility to make sure that they comply with international standards in all cases.

FALSE

1. There is not much room for professional judgement when performing audits, as a result of the detailed guidance provided by organizations, such as the PCAOB.

FALSE

109X. The responsibility for operations, compliance, and financial reporting lies with the auditors.

FALSE

110X. The role of the auditor is to analyze the underlying facts to decide whether information provied by management is fairly presented.

TRUE

1. Management assertions relate to the actual existence and proper valuation of transactions and account balances.

TRUE

1. The same audit tests would test for completeness of a liability or an asset.

FALSE

1. Auditing testing for any single general auditing objective would involve the same testing techniques even though there are different types of information collected to support different accounts and transactions.

FALSE

114X. Auditors must think about how the features of a company’s IT systems influence its management assertions and the general audit objectives even though these matters have little or not impact on the choice of audit methodologies used.

FALSE

115X. Risk can be inherent in the company’s business, due to things such as the nature of operations, or may be caused by weak internal controls.

TRUE

115A1. The audit planning process is unlikely to vary if the company has adopted IFRS, or is in the process of convergence.

FALSE

115A2. Adapting to fair value measures in the preparation of IFRS-based financial statements will likely cause auditors to evaluate supporting evidence differently than if US GAAP was used.

TRUE

115A3. IFRS does not allow as much use of judgment as is allowed under GAAP.

FALSE

1. Auditors do not need to concern themselves with risks unless there is an indication that there is an internal control weakness.

FALSE

1. The auditor’s understanding of internal controls provides the basis for designing appropriate audit tests to be used in the remaining phases of the audit.

TRUE

1. The process of evaluating internal controls and designing meaningful audit tests is more complex for manual systems than for automated systems.

FALSE

1. Computer-assisted audit techniques are useful audit tools because they make it possible for auditors to use computers to audit large amounts of evidence in less time.

TRUE

119A1. In order to enhance controls, reconciliations should be performed by company personnel who are independent from the tasks of initiating or recording the transactions with the accounts being reconciled.

TRUE

1. Substantive tests are also referred to as compliance tests.

FALSE

1. General controls relate to specific software and application controls relate to all aspects of the IT environment.

FALSE

1. General controls must be tested before application controls.

TRUE

1. Systems operators and users should not have access to the IT documentation containing details about the internal logic of computer systems.

TRUE

1. Control tests verify whether financial information is accurate, where substantive tests determine whether the financial information is managed under a system that promotes accuracy.

FALSE

1. Regardless of the results of the control testing, some level of substantive testing must take place.

TRUE

1. The use of generalized audit software is especially useful when there are large volumes of data and when there is a need for accurate information.

TRUE

127X. All of the risks and audit procedures that apply to a PC environment may also exist in networks, but the risk of loss of much lower.

FALSE

128X. Network operations typically involve a large number of computers, many users, and a high volume of data transfers, so any lack of network controls could cause widespread damage. Because of this, it is necessary for auditors to apply strict tests to a representative sample of the network.

FALSE

1. When audit clients use a database system, the relating data is organized in a consistent manner which tends to make it easier for auditors to select items for testing.

TRUE

130X. When a client company is using IT outsourcing, and that service center has its own auditors who report on internal control, the third-party report (from the independent auditors) can not be used as audit evidence without the auditor performing an adequate amount of compliance testing.

FALSE

130A1. Risk assessment in cloud computing is particularly challenging because the threats to a company’s data are uncontrolled, and often unforeseen, by the company.

TRUE

130A2. Within the cloud computing environment, the service provider is responsible to make sure that all relevant risks have been identified and controlled. Because of this, the company using the cloud computing does not need to repeat that evaluation.

FALSE

130A3. Because there is no such thing as a standard cloud, it is not possible to standardize a risk assessment process and audit procedures for a cloud computing environment.

TRUE

130A4. When an auditor is engaged to audit a company that uses cloud computing, the auditor must rely on the SOC reports provided by the service company’s auditors.

FALSE

1. When a client changes the type of hardware or software used or in other ways modifies its IT environment, the auditors need to test only the new system in order to determine the effectiveness of the controls.

FALSE

1. When a client plans to implement new computerized systems, auditors will find it advantageous to review the new system before it is placed in use.

TRUE

1. A sample is random when each item in the population has an equal chance of being chosen.

TRUE

134X. Of all the principles applicable to auditors, the one that generally receives the most attention is the requirement that financial statement auditors maintain integrity.

FALSE

135X. The Sarbanes-Oxley Act has placed restrictions on auditors by prohibiting certain types of services historically performed by auditors for their clients.

TRUE

1. The Sarbanes-Oxley Act decreased management’s responsibilities regarding the fair presentation of the financial statements.

FALSE

1. The responsibility of the auditor to search for fraud is less than the responsibility to search for errors.

FALSE

1. Even with a good system of internal controls, employee fraud, the theft of assets, may occur due to collusion of two or more employees to carry out the fraud.

TRUE

1. Management fraud is the intentional misstatement of financial information and may be difficult for auditors to find because the perpetrator will attempt to hide the fraud.

TRUE

140X. The PCAOB/AICPA Code of Professional Conduct is made up of two sections. One section, the rules, are the foundations for the honorable behavior expected of CPAs while performing professional duties.

FALSE

ANSWERS TO TEST BANK – CHAPTER 7 – TRUE / FALSE:

1. F 105. T 115. T 125. T 135. T
2. T 106. T 116. F 126. T 136. F
3. F 107. F 117. T 127. F 137. F
4. T 108. F 118. F 128. F 138. T
5. F 109. F 119. T 129. T 139. T
6. F 110. T 120. F 130. F 140. F
7. T 111. T 121. F 131. F
8. F 112. F 122. T 132. T
9. T 113. F 123. T 133. T
10. F 114. F 124. F 134. F

ANSWERS TO TEST BANK – CHAPTER 7 – NEW TRUE/FALSE

103A1. F 115A1. F 119A1. T 130A3. T

104A1. T 115A2. T 130A1. T 130A4. F

104A2. F 115A3. F 130A2. F

Related products