Mindanao State University

College of Business Administration and Accountancy

DEPARTMENT OF ACCOUNTANCY
Marawi City

AUDITING IN A CIS ENVIRONMENT

Accounting 153

MULTIPLE CHOICE. Read carefully the questions below and choose the best statement among the choices. Write
the letter corresponding to your answer on the sheet provided along with this questionnaire. Erasures are strictly not
allowed.
1. Which of the following is an inherent characteristic of software package?
a. They are typically used without modifications of the programs.
b. The programs are tailored-made according to the specific needs of the user.
c. They are developed by software manufacturer according to a particular user’s specifications.
d. It takes a longer time of implementation.
2. An auditor would least likely use computer software to:
a. Access client data files.
b. Prepare spreadsheets.
c. Assess EDP controls.
d. Construct parallel simulations.
3. Which of the following is least likely to be tested with generalized audit software? 
a. An aging of accounts receivable.
b. A schedule of inventory.
c. A depreciation schedule.
d. A computer operations manual.
4. Which of the following is an inherent characteristic of software package?
a. They are typically used without modifications of the programs.
b. The programs are tailor-made according to the specific needs of the user.
c. They are developed by software manufacturer according to a particular user’s specifications.
d. It takes a longer time of implementation.
5. When the auditor encounters sophisticated computer-based systems, he or she may need to modify the audit
approach. Of the following conditions, which one is not a valid reason for modifying the audit approach?
a. More advanced computer systems produce less documentation, thus reducing the visibility of the
audit trail.
b. In complex computer-based systems, computer verification of data at the point of input replaces the
manual verification found in less sophisticated data processing systems.
c. Integrated data processing has replaced the more traditional separation of duties that existed in
manual and batch processing systems.
d. Real-time processing of transactions has enabled the auditor to concentrate less on the completeness
assertion.
6. Auditors often make use of computer programs that perform routine processing functions such as sorting and
merging. These programs are made available by electronic data processing companies and others and are
specifically referred to as:
a. Compiler programs.
b. Supervisory programs.
c. Utility programs.
d. User programs.
7. The applications of auditing procedures using the computer as an audit tool refer to:
a. Integrated test facility.
b. Auditing through the computer.
c. Data-based management system.
d. Computer assisted audit techniques.
8. Which statement is incorrect regarding CAATs?
a. CAATs are often an efficient means of testing a large number of transactions or controls over large
populations.
b. To ensure appropriate control procedures, the presence of the auditor is not necessarily required at
the computer facility during the running of a CAAT.
c. The general principles outlined in PAPS 1009 apply in small entity IT environments.
d. Where smaller volumes of data are processed, the use of CAATs is more cost effective.
9. Consists of generalized computer programs designed to perform common audit tasks or standardized data
processing functions.
a. Package or generalized audit software.
b. Utility programs.

Prepared by: Mohammad Muariff S. Balang, CPA, Second Semester, AY 2012-2013 Page | 1
 c. Customized or purpose-written programs.
d. System management programs.
10. Audit automation least likely include:
a. Expert systems.
b. Tools to evaluate a client’s risk management procedures.
c. Manual working papers.
d. Corporate and financial modeling programs for use as predictive audit tests.
11. Whether or not a real time program contains adequate controls is most effectively determined by the use of:
a. Audit software.
b. A tracing routine.
c. An integrated test facility.
d. A traditional test deck.
12. When an auditor tests a computerized accounting system, which of the following is true of the test data
approach?
a. Test data must consist of all possible valid and invalid conditions.
b. The program tested is different from the program used throughout the year by the client.
c. Several transactions of each type must be tested.
d. Test data are processed by the client’s computer programs under the auditor’s control.
13. The use of generalized audit software package:
a. Relieves an auditor of the typical tasks of investigating exceptions, verifying sources of information,
and evaluating reports.
b. Is a major aid in retrieving information from computerized files.
c. Overcomes the need for an auditor to learn much about computers.
d. Is a form of auditing around the computer.
14. An auditor most likely would introduce test data into a computerized payroll system to test internal controls
related to the
a. Existence of unclaimed payroll checks held by supervisors.
b. Early cashing of payroll checks by employees.
c. Discovery of invalid employee I.D. numbers.
d. Proper approval of overtime by supervisors.
15. Which of the following statements is not true to the test data approach when testing a computerized
accounting system?
a. The test data must consist of all possible valid and invalid conditions.
b. The test need consist of only those valid and invalid conditions which interest the auditor.
c. Only one transaction of each type need be tested.
d. Test data are processed by the client’s computer programs under the auditor’s control.
16. Which of the following computer-assisted auditing techniques allows fictitious and real transactions to be
processed together without client operating personnel being aware of the testing process?
a. Integrated test facility.
b. Input controls matrix.
c. Parallel simulation.
d. Data entry monitor.
17. Which of the following methods of testing application controls utilizes a generalized audit software package
prepared by the auditors?
a. Parallel simulation.
b. Integrated testing facility approach.
c. Test data approach.
d. Exception report tests.
18. Test data, integrated test data and parallel simulation each require an auditor to prepare data and computer
programs. CPAs who lack either the technical expertise or time to prepare programs should request from the
manufacturers or EDP consultants for:
a. The program code.
b. Flowchart checks.
c. Generalized audit software.
d. Application controls.
19. An auditor who is testing EDP controls in a payroll system would most likely use test data that contain
conditions such as:
a. Deductions not authorized by employees.
b. Overtime not approved by supervisors.
c. Time tickets with invalid job numbers.
d. Payroll checks with unauthorized signatures.
20. Auditing by testing the input and output of an EDP system instead of the computer program itself will:

Page | 2 Prepared by: MSB

 a. Not detect program errors which do not show up in the output sampled.
b. Detect all program errors, regardless of the nature of the output.
c. Provide the auditor with the same type of evidence.
d. Not provide the auditor with confidence in the results of the auditing procedures.
21. Which of the following tasks could not be performed when using a generalized audit software package?
a. Selecting inventory items for observations.
b. Physical count of inventories.
c. Comparison of inventory test counts with perpetual records.
d. Summarizing inventory turnover statistics for obsolescence analysis.
22. All of the following are “auditing through the computer” techniques, except:
a. Reviewing source code.
b. Test-decking.
c. Automated tracking and mapping.
d. Integrated test facility.
23. The output of a parallel simulation should always be:
a. Printed on a report.
b. Compared with actual results manually.
c. Compared with actual results using a comparison program.
d. Reconciled to actual processing output.
24. Generalized audit software is a computer-assisted audit technique. It is one of the widely used techniques for
auditing computer application systems. Generalized audit software is most often used to:
a. Verify computer processing.
b. Process data fields under the control of the operation manager.
c. Independently analyze data files.
d. Both A and B.
25. Which of the following testing techniques is more commonly used by internal auditors than by independent
auditors? 
a. Integrated test facilities.
b. Test data.
c. Controlled programs.
d. Tagging and tracing transactions.
26. Which of the following is a disadvantage of the integrated test facility approach?
a. In establishing fictitious entities, the auditor may be compromising audit independence.
b. Removing the fictitious transactions from the system is somewhat difficult and, if not done carefully,
may contaminate the client's files.
c. ITF is simply an automated version of auditing "around" the computer.
d. The auditor may not always have a current copy of the authorized version of the client's program.
27. When conducting field work for a physical inventory, an auditor cannot perform which of the following steps
using a generalized audit software package? 
a. Observing inventory.
b. Selecting sample items of inventory.
c. Analyzing data resulting from inventory.
d. Recalculating balances in inventory reports.
28. Which of the following testing techniques minimizes the possibility that the auditors will contaminate a
client's financial records? 
a. Test data.
b. Integrated test facilities.
c. Controlled programs.
d. Tagging and tracing transactions.
29. Auditing through the computer is most likely to be used when: 
a. Input transactions are batched and system logic is straightforward.
b. Processing primarily consists of sorting the input data and updating the master file sequentially.
c. Processing is primarily on line and updating is real-time.
d. Outputs are in hard copy form.
30. Parallel simulation programs used by the auditors for testing programs: 
a. Must simulate all functions of the production computer-application system.
b. Cannot be developed with the aid of generalized audit software.
c. Can use live data or test data.
d. Is generally restricted to data base environments.
31. The purpose of using generalized computer programs is to test and analyze a client's computer: 
a. Systems.
b. Equipment.

Prepared by: Mohammad Muariff S. Balang, CPA, Second Semester, AY 2012-2013 Page | 3
 c. Records.
d. Processing logic.
32. An auditor is preparing test data for use in the audit of a computer based accounts receivable application.
Which of the following items would be appropriate to include as an item in the test data?
a. A transaction record which contains an incorrect master file control total.
b. A master file record which contains an invalid customer identification number.
c. A master file record which contains an incorrect master file control total.
d. A transaction record which contains an invalid customer identification number.
33. In auditing through a computer, the test data method is used by auditors to test the:
a. Accuracy of input data.
b. Validity of the output.
c. Procedures contained within the program.
d. Normalcy of distribution of test data.
34. Which of the following is an advantage of generalized computer audit packages?
a. They are all written in one identical computer language.
b. They can be used for audits of clients that use differing CIS equipment and file formats.
c. They have reduced the need for the auditor to study input controls for CIS related procedures.
d. Their use can be substituted for a relatively large part of the required control testing.
35. Processing simulated file data provides the auditor with information about the reliability of controls from
evidence that exists in simulated files. One of the techniques involved in this approach makes use of:
a. Controlled reprocessing.
b. Program code checking.
c. Printout reviews.
d. Integrated test facility.
36. When auditing "around" the computer, the independent auditor focuses solely upon the source
documents and:
a. Test data.
b. CIS processing.
c. Control techniques.
d. CIS output.
37. An integrated test facility would be appropriate when the auditor needs to:
a. Trace a complex logic path through an application system.
b. Verify processing accuracy concurrently with processing.
c. Monitor transactions in an application system continuously.
d. Verify load module integrity for production programs.
38. Which of the following methods of testing application controls utilizes a generalized audit software package
prepared by the auditors?
a. Parallel simulation.
b. Integrated testing facility approach.
c. Test data approach.
d. Exception report tests.
39. Generalized audit software is of primary interest to the auditor in terms of its capability to:
a. Access information stored on computer files.
b. Select a sample of items for testing.
c. Evaluate sample test results.
d. Test the accuracy of the client's calculations.
40. When testing a computerized accounting system, which of the following is not true of the test data approach?
a. The test data need consist of only those valid and invalid conditions in which the auditor is interested.
b. Only one transaction of each type need be tested.
c. Test data are processed by the client's computer programs under the auditor's control.
d. The test data must consist of all possible valid and invalid conditions.
41. Which of the following is an acknowledged risk of using test data when auditing CIS records?
a. The test data may not include all possible types of transactions.
b. The computer may not process a simulated transaction in the same way it would an identical actual
transaction.
c. The method cannot be used with simulated master records.
d. Test data may be useful in verifying the correctness of account balances, but not in determining the
presence of processing controls.
42. Creating simulated transactions that are processed through a system to generate results that are compared with
predetermined results, is an auditing procedure referred to as:
a. Desk checking.
b. Use of test data.

Page | 4 Prepared by: MSB

 c. Completing outstanding jobs.
d. Parallel simulation.
43. Which of the following client electronic data processing (EDP) systems generally can be audited without
examining or directly testing the EDP computer programs of the system?
a. A system that affects a number of essential master files and produces a limited output.
b. A system that performs relatively uncomplicated processes and produces detailed output.
c. A system that updates a few essential master files and produces no printed output other than final
balances.
d. A system that performs relatively complicated processing and produces very little detailed output.
44. A primary advantage of using generalized audit packages in the audit of an advanced computer system is that
it enables the auditor to:
a. Substantiate the accuracy of data through self-checking digits and hash totals.
b. Utilize the speed and accuracy of the computer.
c. Verify the performance of machine operations which leave visible evidence of occurrence.
d. Gather and store large quantities of supportive evidential matter in machine readable form.
45. An auditor who wishes to capture an entity’s data as transactions are processed and continuously test the
entity’s computerized information system most likely would use which of the following techniques?
a. Snapshot application.
b. Embedded audit module.
c. Integrated data check.
d. Test data generator.
46. Which of the following computer-assisted auditing techniques processes client input data on a controlled
program under the auditor’s control to test controls in the computer system?
a. Test data.
b. Review of program logic.
c. Integrated test facility.
d. Parallel simulation.
47. Which of the following is not among the errors that an auditor might include in the test data when auditing a
client’s computer system?
a. Numeric characters in alphanumeric fields.
b. Authorized code.
c. Differences in description of units of measure.
d. Illogical entries in fields whose logic is tested by programmed consistency checks.
48. Which of the following computer-assisted auditing techniques allows fictitious and real transactions to be
processed together without client operating personnel being aware of the testing process?
a. Integrated test facility.
b. Input controls matrix.
c. Parallel simulation.
d. Data entry monitor.
49. Which of the following methods of testing application controls utilizes a generalized audit software package
prepared by the auditors?
a. Parallel simulation.
b. Integrated testing facility approach.
c. Test data approach.
d. Exception report tests.
50. In creating lead schedules for an audit engagement, a CPA often uses automated work paper software. What
client information is needed to begin this process?
a. Interim financial information such as third quarter sales, net income, and inventory and receivables
balances.
b. Specialized journal information such as the invoice and purchase order numbers of the last few sales
and purchases of the year.
c. General ledger information such as account numbers, prior year account balances, and current year
unadjusted information.
d. Adjusting entry information such as deferrals and accruals, and reclassification journal entries.
51. Using microcomputers in auditing may affect the methods used to review the work of staff assistants because:
a. The audit fieldwork standards for supervision may differ.
b. Documenting the supervisory review may require assistance of consulting services personnel.
c. Supervisory personnel may not have an understanding of the capabilities and limitations of
microcomputers.
d. Working paper documentation may not contain readily observable details of calculations.
52. A primary advantage of using generalized audit software packages to audit the financial statements of a client
that uses a computer system is that the auditor may:

Prepared by: Mohammad Muariff S. Balang, CPA, Second Semester, AY 2012-2013 Page | 5
 a. Access information stored on computer files while having a limited understanding of the client’s
hardware and software features.
b. Consider increasing the use of substantive tests of transactions in place of analytical procedures.
c. Substantiate the accuracy of data through self-checking digits and hash totals.
d. Reduce the level of required tests of controls to a relatively small amount.
53. An auditor would least likely use computer software to:
a. Access client data files.
b. Prepare spreadsheets.
c. Assess computer control risk.
d. Construct parallel simulations.
54. An auditor most likely would test for the presence of unauthorized computer program changes by running a:
a. Program with test data.
b. Check digit verification program.
c. Source code comparison program.
d. Program that computes control totals.
55. Generalized audit software is a computer-assisted audit technique. It is one of the widely used techniques for
auditing computer application systems. Generalized audit software is most often used to:
a. Verify computer processing.
b. Process data fields under the control of the operation manager.
c. Independently analyze data.
d. All of the above.
56. The application of auditing procedures using the computer as an audit tool refer to:
a. Integrated test facility.
b. Database management system.
c. Auditing through the computer.
d. Computer assisted audit techniques.
57. The primary use of generalized audit software is to:
a. Test controls embedded in programs.
b. Test unauthorized access to data.
c. Extract data of relevance to the audit.
d. Reduce the need for transaction vouching.
58. In auditing an on-line perpetual inventory system, an auditor selected certain file-updating transactions for
detailed testing. The audit technique that will provide a computer trail of all relevant processing steps applied
to a specific transaction is called:
a. Snapshot.
b. Simulation.
c. Tagging and tracing.
d. Code comparison.
59. Auditors have learned that increased computerization has created more opportunities for computer fraud but
has also led to the development of computer audit techniques to detect frauds. A type of fraud that has
occurred in the banking industry is a programming fraud in which the programmer designs a program to
calculate daily interest on savings accounts to four decimal points. The programmer then truncates the last
two digits and adds it to his account balance. Which of the following CAATs would be most effective in
detecting this type of fraud?
a. Generalized audit software that selects account balances for confirmation with the depositor.
b. Snapshot.
c. Parallel simulation.
d. Systems control and audit review file (SCARF).
60. These computer programs are enhanced productivity tools that are typically part of a sophisticated operating
systems environment, for example, data retrieval software or code comparison software.
a. Purpose written programs.
b. System management programs.
c. Utility programs.
d. Generalized audit software.
61. Embedded audit routines are sometimes built into an entity’s CIS to provide data for later use by the auditor.
One technique involves embedding audit software modules within an application system to provide
continuous monitoring of the entity’s transactions. These audit modules are used to create logs that collect
transaction information for subsequent review by the auditor. These logs are called:
a. SCARFs.
b. Console logs.
c. Computer logs.
d. IT logs.

Page | 6 Prepared by: MSB

 62. The following are examples of CAATs, except:
a. Integrated test facility.
b. Audit modules.
c. Disk operating systems.
d. Audit hooks.
63. The following tasks can be performed by an auditor using CAATs software, except:
a. Identifying missing check numbers.
b. Extracting data files containing only a two-year digit date field and changing it to hold four digits.
c. Matching identical product information in separate data files.
d. Aging accounts receivable.
64. Which of the following represents a limitation on the use of generalized audit software?
a. It requires lengthy detailed instructions in order to accomplish specific tasks.
b. It has limited application without significant modification.
c. It requires substantial programming knowledge to be used effectively.
d. It can only be used on hardware with compatible operating systems.
65. Which of the following may not be a purpose of using computer audit software?
a. Add transactions or balances in the data files for comparison with control account balance.
b. Select accounts or transactions for detailed testing.
c. To evaluate the collectibility of accounts receivable.
d. To examine databases for unusual items.
66. Whether or not a real time program contains adequate controls is most effectively determined by the use of:
a. Audit software.
b. A tracing routine.
c. An integrated test facility.
d. A traditional test deck.
67. Which of the following is an incorrect statement regarding testing strategies related to auditing through the
computer?
a. The test data approach involves processing the client’s data on a test basis to determine the integrity
of the system.
b. Test data should include all relevant data conditions that the auditor is interested in testing.
c. When the auditor uses the embedded audit module approach, an audit module is inserted in the
client’s system to capture transactions with certain characteristics.
d. The test data approach involves processing the auditor’s test data on the client’s computer system to
determine whether computer-performed controls are working properly.
68. Which of the following is not a CAAT?
a. Test data.
b. Tagging and lagging.
c. Audit hooks.
d. Program analysis.
69. Which of the following procedures is an example of auditing around the computer?
a. The auditor traces adding machine tapes of sales order batch totals to a computer printout of the
sales journal.
b. The auditor develops a set of hypothetical sales transactions and using the client’s computer
programs, enters the transactions into the system and observes the processing flow.
c. The auditor enters hypothetical transactions into the client’s processing system during client
processing of live data.
d. The auditor observes client personnel as they process the biweekly payroll. The auditor observes
client personnel as they process the biweekly payroll. The auditor is primarily concerned with
computer rejection of data that fails to meet reasonableness limits.
70. Which of the following is an acknowledged risk of using test data when auditing around computerized
records?
a. The test data may not include all possible types of transactions.
b. The computers may not process a simulated transaction in the same way it would an identical actual
transaction.
c. The method cannot be used with simulated master records.
d. Test data may be useful in verifying the correctness of account balances but not in determining the
presence of processing controls.
71. An auditor used test data to verify the existence of controls in a certain computer program. Even though the
program performed well on the test, the auditor may still have a concern that:
a. The program tested is the same one used in the regular production runs.
b. Generalized audit software may have been a better tool to use.
c. Data entry procedures may change and render the test useless.
d. No documentation exists for the program.

Prepared by: Mohammad Muariff S. Balang, CPA, Second Semester, AY 2012-2013 Page | 7
 72. Which of the following indicates the use of parallel simulation audit technique?
a. Live transactions are processed using test programs.
b. Live transactions are processed using live programs.
c. Live transactions are processed with test master file.
d. Test transactions are processed using test programs.
73. In auditing through the computer, actual client data is used with:
a. Integrated test facility.
b. The test data approach.
c. Parallel simulation.
d. An expert system.
74. Assume that an auditor estimated that 10,000 checks were issued during the accounting period. If an
application control that performs a limit check for each check request is to be subjected to the auditor’s test
data approach, the sample should include:
a. Approximately 1,000 test items.
b. A number of test items determined by the auditor to be sufficient under the circumstances.
c. One transaction.
d. A number of test items determined by the auditor’s reference to the appropriate sampling tables.
75. Which of the following best describes the early stages of an IS audit?
a. Observing key organizational facilities.
b. Assessing the IS environment.
c. Understanding the business process and environment applicable to the review.
d. Reviewing prior IS audit reports.
76. While developing a risk based audit program, on which of the following would the IS auditor most likely
focus?
a. Business processes.
b. Critical IT applications.
c. Operational controls.
d. Business strategies.
77. The first step in planning an audit is to:
a. Define audit deliverables.
b. Finalize the audit scope and audit objectives.
c. Gain an understanding of the business’ objectives.
d. Develop the audit approach or audit strategy.
78. Which of the following significance and complexity of the CIS activities should an auditor least understand?
a. The organizational structure of the client’s CIS activities.
b. Lack of transaction trails.
c. The significance and complexity of computer processing in each significant accounting application.
d. The use of software packages instead of customized software.
79. The approach an IS auditor should use to plan IS audit coverage should be based on:
a. Risk.
b. Materiality.
c. Professional skepticism.
d. Detective control.
80. Which of the following is not a function of generalized audit software?
a. To aid in the random selection of transactions for substantive testing.
b. To keep an independent log of access to the computer application software.
c. To run in parallel with the client’s application software and compare the output.
d. To test the mathematical accuracy by footing and cross-footing items in the accounting system.

Page | 8 Prepared by: MSB