1. Which statement is incorrect when auditing in an IS environment?

a. An IS environment exists when a computer of any type or size is involved in the processing by
the entity of financial information of significance to the audit, whether that computer is
operated by the entity or by a third party.
b. The auditor should consider how an IS environment affects the audit.
c. The use of a computer changes the processing, storage and communication of financial
information and may affect the accounting and internal control systems employed by the
entity.
d. An IS environment changes the overall objective and scope of an audit.

2. Which of the following is least likely a risk characteristic associated with IS environment?
a. Errors embedded in an application’s program logic maybe difficult to manually detect on a
timely basis.
b. Many control procedures that would ordinarily be performed by separate individuals in manual
system maybe concentrated in IS.
c. The potential unauthorized access to data or to alter them without visible evidence maybe
greater.
d. Initiation of changes in the master file is exclusively handled by respective users.

3. Corrections to transaction data in which errors have been detected should be made by the:
a. computer operator. d. Programmer.
b. data control clerk. e. Information systems director.
c. user departments.

4. In order to maintain good internal control:

a. computer operators need to be good programmers.
b. programmers should have control over day-to-day production runs.
c. computer operators should be allowed to make changes in programs as needed in order to
keep the computer running.
d. programmers and computer operators should be in separate organizational units of the
information systems function.
e. the data librarian should be able to operate the computer.

5. Which of the following responsibilities should not be assigned to members of the information
systems function?
a. Designing new information systems
b. Preparing documentation for new information systems
c. Maintaining a data and program library
d. Initiating changes to the files maintained in the database
e. Processing transaction data
6. Which is the most objectionable assignment of responsibilities within the information systems
function?
a. Programmers maintain the processing and output controls for applications.
b. Systems analysts maintain systems documentation.
c. Data processing supervisors schedule the processing times for applications.
d. Data control clerks establish controls over batches of transactions received from user
departments.
e. Data librarians maintain custody over data files.

7. Which of the following is an inherent characteristic of software package?

a. They are typically used without modifications of the programs.
b. The programs are tailored-made according to the specific needs of the user.
c. They are developed by software manufacturer according to a particular user’s specifications.
d. It takes a longer time of implementation.

8. It is a computer program (a block of executable code) that attaches itself to a legitimate program or
data file and uses its as a transport mechanism to reproduce itself without the knowledge of the
user.
a. Virus c. System management program
b. Utility program d. Encryption

9. A warehouse employee of a retail firm concealed the theft of merchandise inventory items by
entering adjustments to the computer-based inventory records indicating that the items had been
damaged or lost. Which control would be most suitable for preventing this fraud?
a. Check digits in inventory item numbers
b. Validity checks on inventory item numbers
c. Passwords allowing changes to inventory records that are assigned only to authorized
employees
d. Removal of computer terminals from the warehouse

10. Which of the following least likely protects critical and sensitive information from unauthorized
access in a personal computer environment?
a. Using secret file names and hiding the files.
b. Keeping of back up copies offsite.
c. Employing passwords.
d. Segregating data into files organized under separate file directories.

11. It refers to plans made by the entity to obtain access to comparable hardware, software and data in
the event of their failure, loss or destruction.
a. Back-up b. Encryption c. Anti-virus d. Wide Area Network (WAN)

12. Which of the following is the deliverable from the analysis phase of systems development?
a. Approved project proposal d. Selected hardware and software
b. Requirements e. Installed physical system
c. Specifications

13. Computer systems that enable users to access data and programs directly through workstations are
referred to as
a. Online computer systems c. Personal computer systems
b. Database management systems (DBMS) d. Database systems

14. Online systems allow users to initiate various functions directly. Such functions include:
I. Entering transactions III. Requesting reports
II. Making inquiries IV. Updating master files
 a. I, II, III and IV c. I and II
b. I, II and III d. I and IV

15. Which of the following is deliverable from the design phase of systems development?
a. Approved project proposal d. Selected hardware and software
b. Requirements e. Installed physical system
c. Specifications

16. Which of the following employees in a firm's information systems function should be responsible
for designing new or improved transaction processing procedures?
a. Flowchart editor d. Control-group supervisor
b. Programmer e. Database administrator
c. Systems analyst

17. Operating documentation is of primary interest to:

a. computer operators. d. users.
b. computer programmers. e. operations management.
c. systems analysts.

18. In an online/real time processing system

a. Individual transactions are entered at workstations, validated and used to update related
computer files immediately.
b. Individual transactions are entered at a workstation, subjected to certain validation checks and
added to a transaction file that contains other transactions entered during the period.
c. Individual transactions immediately update a memo file containing information which has been
extracted from the most recent version of the master file.
d. The master files are updated by other systems.

19. It combines online/real time processing and online/batch processing.

a. Online/Memo Update c. Online/inquiry
b. Online Downloading/Uploading Processing d. Online/combined processing

20. It is a communication system that enables computer users to share computer equipment,
application software, data and voice and video transmissions.
a. Network b. File server c. Host d. Client

21. A type of network that multiple buildings are close enough to create a campus, but the space
between the buildings is not under the control of the company is
a. Local Area Network (LAN) c. Metropolitan Area Network (MAN)
b. Wide Area Network (WAN) d. World Wide Web (WWW)

22. Which of the following is least likely a characteristic of Wide Area Network (WAN)?
a. Created to connect two or more geographically separated LANs.
b. Typically involves one or more long-distance providers, such as a telephone company to provide
the connections.
c. WAN connections tend to be faster than LAN.
d. Usually more expensive than LAN.

23. The following matters are of particular importance to the auditor in an online computer system,
except
a. Authorization, completeness and accuracy of online transactions.
b. Integrity of records and processing, due to online access to the system by many users and
programmers.
c. Changes in the performance of audit procedures including the use of CAAT's.
 d. Cost-benefit ratio of installing online computer system.

24. A collection of data that is shared and used by a number of different users for different purposes.
a. Database b. Information file c. Master file d. Transaction file

25. Which of the following is least likely a characteristic of a database system?

a. Individual applications share the data in the database for different purposes.
b. Separate data files are maintained for each application and similar data used by several
applications may be repeated on several different files.
c. A software facility is required to keep track of the location of the data in the database.
d. Coordination is usually performed by a group of individuals whose responsibility is typically
referred to as "database administration."

26. Database administration tasks typically include

I. Defining the database structure.
II. Maintaining data integrity, security and completeness.
III. Coordinating computer operations related to the database.
IV. Monitoring system performance.
V. Providing administrative support.

a. All of the above b. All except I c. II and V only d. II, III and V only

27. General IS controls may include, except:

a. Organization and management controls. c. Delivery and support controls.
b. Development and maintenance controls. d. Controls over computer data files.

28. CIS application controls include, except

a. Controls over input.
b. Controls over processing and computer data files.
c. Controls over output.
d. Monitoring controls.

29. The applications of auditing procedures using the computer as an audit tool refer to
a. Integrated test facility c. Auditing through the computer
b. Data-based management system d. Computer-assisted audit techniques

30. Which statement is incorrect regarding CAATs?

a. CAATs are often an efficient means of testing a large number of transactions or controls over
large populations.
b. To ensure appropriate control procedures, the presence of the auditor is not necessarily
required at the computer facility during the running of a CAAT.
c. The general principles outlined in PAPS 1009 apply in small entity IT environments.
d. Where smaller volumes of data are processed, the use of CAATs is more cost effective.

31. Consists of generalized computer programs designed to perform common audit tasks or
standardized data processing functions.
a. Package or generalized audit software c. Utility programs
b. Customized or purpose-written programs d. System management programs

32. Audit automation least likely include

a. Expert systems.
b. Tools to evaluate a client’s risk management procedures.
c. Manual working papers.
d. Corporate and financial modeling programs for use as predictive audit tests.
33. An internal auditor noted the following points when conducting a preliminary survey in connection
with the audit of an IT department. Which of the following would be considered a safeguard in the
control system on which the auditor might rely?
a. Programmers and computer operators correct daily processing problems as they arise.
b. The control group works with user organizations to correct rejected input.
c. New systems are documented as soon as possible after they begin processing live data.
d. The average tenure of employees working in the IT department is ten months.

34. A control procedure that could be used in an online system to provide an immediate check on
whether an account number has been entered on a terminal accurately is a
a. Compatibility test c. Record count
b. Hash total d. Self-checking digit

35. A control designed to catch errors at the point of data entry is

a. Batch total c. Self-checking digit
b. Record count d. Checkpoints

36. Program documentation is a control designed primarily to ensure that

a. Programmers have access to the tape library or information on disk files.
b. Programs do not make mathematical errors.
c. Programs are kept up to date and perform as intended.
d. Data have been entered and processed.

37. Some of the more important controls that relate to automated accounting information systems are
validity checks, limit checks, field checks, and sign tests. These are classified as
a. Control total validation routines c. Output controls
b. Hash totaling d. Input validation routines

38. Which one of the following represents a lack of internal control in a computer-based information
system?
a. The design and implementation is performed in accordance with management’s specific
authorization.
b. Any and all changes in application programs have the authorization and approval of
management.
c. Provisions exist to protect data files from unauthorized access, modification, or destruction.
d. Both computer operators and programmers have unlimited access to the programs and data
files.

39. In an automated payroll processing environment, a department manager substituted the time card
for a terminated employee with a time card for a fictitious employee. The fictitious employee had
the same pay rate and hours worked as the terminated employee. The best control technique to
detect this action using employee identification numbers would be a
a. Batch total b. Hash total c. Record count d. Subsequent check

40. An employee in the receiving department keyed in a shipment from a remote terminal and
inadvertently omitted the purchase order number. The best systems control to detect this error
would be
a. Batch total c. Sequence check
b. Completeness test d. Reasonableness test

41. The reporting of accounting information plays a central role in the regulation of business
operations. Preventive controls are an integral part of virtually all accounting processing systems,
and much of the information generated by the accounting system is used for preventive control
 purposes. Which one of the following is not an essential element of a sound preventive control
system?
a. Separation of responsibilities for the recording, custodial, and authorization functions.
b. Sound personnel policies.
c. Documentation of policies and procedures.
d. Implementation of state-of-the-art software and hardware.

42. The most critical aspect regarding separation of duties within information systems is between
a. Project leaders and programmers c. Programmers and systems analysts
b. Programmers and computer operators d. Data control and file librarians

43. Which of the following characteristics distinguishes computer processing from manual processing?
a. Computer processing virtually eliminates the occurrence of computational error normally
associated with manual processing.
b. Errors or irregularities in computer processing will be detected soon after their occurrences.
c. The potential for systematic error is ordinarily greater in manual processing than in
computerized processing.
d. Most computer systems are designed so that transaction trails useful for audit do not exist.

44. Which of the following most likely represents a significant deficiency in the internal control
structure?
a. The systems analyst review applications of data processing and maintains systems
documentation.
b. The systems programmer designs systems for computerized applications and maintains output
controls.
c. The control clerk establishes control over data received by the IT department and reconciles
control totals after processing
d. The accounts payable clerk prepares data for computer processing and enters the data into the
computer.

45. Which of the following activities would most likely be performed in the IT Department?
a. Initiation of changes to master records.
b. Conversion of information to machine-readable form.
c. Correction of transactional errors.
d. Initiation of changes to existing applications.

46. For control purposes, which of the following should be organizationally segregated from the
computer operations function?
a. Data conversion c. Systems development
b. Surveillance of CRT messages d. Minor maintenance according to a schedule

47. In an automated payroll system, all employees in the finishing department were paid the rate of
P75 per hour when the authorized rate was P70 per hour. Which of the following controls would
have been most effective in preventing such an error?
a. Access controls which would restrict the personnel department’s access to the payroll master
file data.
b. A review of all authorized pay rate changes by the personnel department.
c. The use of batch control totals by department.
d. A limit test that compares the pay rates per department with the maximum rate for all
employees.

48. For the accounting system of ACME Company, the amounts of cash disbursements entered into a
computer terminal are transmitted to the computer that immediately transmits the amounts back
to the terminal for display on the terminal screen. This display enables the operator to
 a. Establish the validity of the account number
b. Verify the amount was entered accurately
c. Verify the authorization of the disbursements
d. Prevent the overpayment of the account

49. Which of the following controls most likely would assure that an entity can reconstruct its financial
records?
a. Hardware controls are built into the computer by the computer manufacturer.
b. Backup diskettes or tapes of files are stored away from originals.
c. Personnel who are independent of data input perform parallel simulations.
d. System flowcharts provide accurate descriptions of input and output operations.

50. An auditor anticipates assessing control risk at a low level in a computerized environment. Under
these circumstances, on which of the following procedures would the auditor initially focus?
a. Programmed control procedures c. Output control procedures
b. Application control procedures d. General control procedures

51. To obtain evidence that online access controls are properly functioning, an auditor most likely
would
a. Create checkpoints at periodic intervals after live data processing to test for unauthorized use
of the system.
b. Examine the transaction log to discover whether any transactions were lost or entered twice
due to a system malfunction
c. Enter invalid identification numbers or passwords to ascertain whether the system rejects
them.
d. Vouch a random sample of processed transactions to assure proper authorization

52. An auditor would least likely use computer software to

a. Access client data files c. Assess IT controls
b. Prepare spreadsheets d. Construct parallel simulations

53. A primary advantage of using generalized audit software packages to audit the financial statements
of a client that uses an IT system is that the auditor may
a. Consider increasing the use of substantive tests of transactions in place of analytical
procedures.
b. Substantiate the accuracy of data through self-checking digits and hash totals.
c. Reduce the level of required tests of controls to a relatively small amount.
d. Access information stored on computer files while having a limited understanding of the client’s
hardware and software features.

54. The use of generalized audit software package

a. Relieves an auditor of the typical tasks of investigating exceptions, verifying sources of
information, and evaluating reports.
b. Is a major aid in retrieving information from computerized files.
c. Overcomes the need for an auditor to learn much about computers.
d. Is a form of auditing around the computer.

55. An auditor most likely would introduce test data into a computerized payroll system to test internal
controls related to the
a. Existence of unclaimed payroll checks held by supervisors.
b. Early cashing of payroll checks by employees.
c. Discovery of invalid employee ID numbers.
 d. Proper approval of overtime by supervisors.

56. When an auditor tests a computerized accounting system, which of the following is true of the test
data approach?
a. Test data must consist of all possible valid and invalid conditions.
b. The program tested is different from the program used throughout the year by the client.
c. Several transactions of each type must be tested.
d. Test data are processed by the client’s computer programs under the auditor’s control.

57. Which of the following computer-assisted auditing techniques allows fictitious and real transactions
to be processed together without client operating personnel being aware of the testing process?
a. Integrated test facility c. Parallel simulation
b. Input controls matrix d. Data entry monitor

58. Which of the following methods of testing application controls utilizes a generalized audit software
package prepared by the auditors?
a. Parallel simulation c. Test data approach
b. Integrated testing facility approach d. Exception report tests

59. The auditor is considering the use of Computer-Assisted Audit Techniques (CAATs) to improve audit
efficiency during an engagement with a client. Which of the following is an example of using test
data for trade payables testing?
a. Selecting a sample of supplier balances for testing using monetary unit sampling.
b. Recalculating the ageing of trade receivables to identify balances which may be in dispute.
c. Calculation of trade payables days to use in analytical procedures.
d. Inputting dummy purchase invoices into the client system to see if processed correctly.

60. Where disk files are used, the grandfather-father-son updating backup concept is relatively difficult
to implement because the
e. Location of information points on disks is an extremely time consuming task.
f. Magnetic fields and other environmental factors cause off-site storage to be impractical.
g. Information must be dumped in the form of hard copy if it is to be reviewed before used in
updating.
h. Process of updating old records is destructive.

61. If a control total were computed on each of the following data items, which would best be
identified as a hash total for a payroll system or application?
a. Total debits and total credits c. Department numbers
b. Net pay d. Hours worked

62. Which of the following is an example of a check digit?

a. An agreement of the total number of employees to the total number of checks printed by the
computer.
b. An algebraically determined number produced by the other digits of the employee number.
c. A logic test that ensures all employee numbers are nine digits.
d. A limit check that an employee’s hours do not exceed 50 hours per work week.

63. In a computerized system, procedure or problem-oriented language is converted to machine

language through a(an)
a. Interpreter b. Verifier c. Compiler d. Converter
64. A customer erroneously ordered Item No. 86321 rather than item No. 83621. When this order is
processed, the vendor’s IT department would identify the error with what type of control?
a. Key verifying c. Batch total
b. Self-checking digit d. Item inspection

65. The computer process whereby data processing is performed concurrently with a particular activity
and the results are available soon enough to influence the course of action being taken or the
decision being made is called:
a. Random access sampling c. Online, real-time system
b. Integrated data processing d. Batch processing system

66. Internal control is ineffective when computer department personnel

a. Participate in computer software acquisition decisions.
b. Design documentation for computerized systems.
c. Originate changes in master file.
d. Provide physical security for program files.

67. Test data, integrated test data and parallel simulation each require an auditor to prepare data and
computer programs. CPAs who lack either the technical expertise or time to prepare programs
should request from the manufacturers or IT consultants for
a. The program Code c. Generalized audit software
b. Flowchart checks d. Application controls

68. Which of the following tasks could not be performed when using a generalized audit software
package?
a. Selecting inventory items for observations.
b. Physical count of inventories.
c. Comparison of inventory test counts with perpetual records.
d. Summarizing inventory turnover statistics for obsolescence analysis.

69. The output of a parallel simulation should always be

a. Printed on a report.
b. Compared with actual results manually.
c. Compared with actual results using a comparison program.
d. Reconciled to actual processing output.

70. Generalized audit software is a computer-assisted audit technique. It is one of the widely used
technique for auditing computer application systems. Generalized audit software is most often
used to
a. Verify computer processing.
b. Process data fields under the control of the operation manager.
c. Independently analyze data files.
d. Both a and b.

71. Which of the following should be a responsibility of the information systems function?
a. Initiating transactions d. Processing transactions
b. Initiating changes to programs e. Correcting errors in transaction data
c. Maintaining custody over cash assets

72. Which one of the following represents a weakness in internal control in computer-based AIS?
a. Any and all changes in application programs have the authorization and approval of
management.
 b. Provisions exist to ensure the accuracy and integrity of computer processing of all files and
reports.
c. Provisions exist to protect files from unauthorized access, modification, or destruction.
d. Both computer operators and programmers have unlimited access to the programs and data
files.

73. To obtain evidence that user identification and password control procedures are functioning as
designed, an auditor would most likely
a. Attempt to sign on to the system using invalid user identifications and passwords.
b. Write a computer program that simulates the logic of the client’s access control software.
c. Extract a random sample of processed transactions and ensure that the transactions were
appropriately authorized.
d. Examine statements signed by employees stating that they have not divulged their user
identifications and passwords to any other person.

74. Which of the following is least affected by the presence of computer-based processing?
a. Security measures c. General controls
b. Control objectives d. Application controls

75. General controls include controls:

a. designed to ascertain that all transaction data are accurate.
b. that relate to the correction and resubmission of data that were initially incorrect.
c. for documenting and approving programs and changes to programs.
d. designed to assure the accuracy of the processing steps.

76. The use of a programmed check or edit test with respect to transaction data is an example of a:
a. preventive control. d. corrective control.
b. detective control. d. check control.

77. The primary responsibility for establishing an adequate internal control structure within a
computerized information system rests with the:
a. auditors.
b. audit committee.
c. information systems director.
d. higher-level management.

78. Which of the following represents a sound organizational control with respect to information
system activities?
a. Allowing the user departments to specify data processing standards
b. Allowing requests for system changes to be initiated by the computer operator
c. Allowing the user departments to submit data for processing directly to the computer operators
d. Allowing the user departments to prepare input data

79. Which of the following generally enter transaction data in online processing applications?
a. User departments c. Data control unit
b. Computer operations d. Database administration

80. Which of the following is a violation of internal control in a computer-based system?

a. The data librarian maintains custody of computer programs.
b. Computer operators are provided program documentation.
c. The data control unit is solely responsible for the distribution of all computer output.
d. Computer programmers write programs based on specifications developed by the systems
analyst.
81. Which of the following policies or practices is most likely to represent a weakness in internal control
pertaining to a computer-based system?
a. Employees in the data processing department are prohibited from initiating requests for
changes to master files.
b. Computer programmers are not permitted to operate the computer for regular processing runs,
which involve programs that they have written.
c. Computer operators who run the programs pertaining to inventory are prohibited from
reconciling batch totals after computer runs.
d. All corrections of errors in the master file are reviewed and approved by a supervisory level
employee who is a member of the data processing department.

82. Which of the following BEST describes the early stages of an IS audit?
a. Observing key organizational facilities
b. Assessing the IS environment
c. Understanding the business process and environment applicable to the review
d. Reviewing prior IS audit reports

83. In performing a risk-based audit, which risk assessment is completed initially by the IS auditor?
a. Detection risk assessment c. Inherent risk assessment
b. Control risk assessment d. Fraud risk assessment

84. While developing a risk-based audit program, on which of the following would the IS auditor MOST
likely focus?
a. Business processes c. Operational controls
b. Critical IT applications d. Business strategies

85. Which of the following types of audit risk assumes an absence of compensating controls in the area
being reviewed?
a. Control risk c. Inherent risk
b. Detection risk d. Sampling risk

86. The PRIMARY use of generalized audit software (GAS) is to:

a. test controls embedded in programs. c. extract data of relevance to the audit
b. test unauthorized access to data. d. reduce the need for transaction vouching

87. The FIRST step in planning an audit is to:

a. define audit deliverables.
b. finalize the audit scope and audit objectives
c. gain an understanding of the business’s objectives.
c. develop the audit approach or audit strategy.

88. The approach an IS auditor should use to plan IS audit coverage should be based on:
a. risk. c. professional skepticism.
b. materiality. d. detective control.

89. A company performs a daily backup of critical data and software files and stores the backup tapes
at an offsite location. The backup tapes are used to restore the files in case of a disruption. This is
a:
a. preventive control. c. corrective control.
b. management control. d. detective control.

90. Which of the following would be included in an IS strategic plan?

 a. Specifications for planned hardware purchases
b. Analysis of future business objectives
c. Target dates for development projects
d. Annual budgetary targets for the IS department

91. What is considered the MOST critical element for the successful implementation of an information
security (IS) program?
a. An effective enterprise risk management (ERM)framework
b. Senior management commitment
c. An adequate budgeting process
d. Meticulous program planning

92. Which of the following tasks may be performed by the same person in a well-controlled information
processing computer center?
a. Security administration and change management
b. Computer operations and system development
c. System development and change management
d. System development and systems maintenance

93. Which of the following is the MOST critical control over database administration?
a. Approval of DBA activities c. Review of access logs and activities
b. Segregation of duties d. Review of the use of database tools

94. When a complete segregation of duties cannot be achieved in an online system environment, which
of the following functions should be separated from the others?
a. Origination c. Recording
b. Authorization d. Correction

95. In a small organization, where segregation of duties is not practical, an employee performs the
function of computer operator and application programmer. Which of the following controls
should an IS auditor recommend?
a. Automated logging of changes to development libraries
b. Additional staff to provide segregation of duties
c. Procedures that verify that only approved program changes are implemented
d. Access controls to prevent the operator from making program modifications

96. In a risk-based audit approach, the IS auditor must consider the inherent risk as well as considering:
a. How to eliminate the risk through the application of controls.
b. The balance of loss potential vs. the cost to implement controls.
c. Whether the risk is material, regardless of management’s tolerance for risk.
d. Whether the residual risk is higher than the insurance coverage purchased

97. An IS auditor is verifying the IT policies and found that some of the policies have not been approved
by management (as required by policy), but the employees strictly follow the policies. What should
the IS auditor do FIRST?
a. Ignore the absence of management approval because employees follow the policies.
b. Recommend immediate management approval of the policies
c. Emphasize the importance of approval to management
d. Report the absence of documented approval
98. An IS auditor is reviewing changes to a company’s disaster recovery (DR) strategy. The IS auditor
notices that the recovery point objective (RPO) has been shortened for the company’s mission-
critical application. What is the MOST significant risk of this change?
a. The existing DR plan is not updated to achieve the new RPO
b. The DR team has not been trained on the new RPO
c. Backups are not done frequently enough to achieve the new RPO
d. The plan has not been tested with the new RPO

99. A poor choice of passwords and transmission over unprotected communications lines are example
of:
a. Vulnerabilities c. Probabilities
b. Threats d. Impacts

100. The IS auditor is reviewing a recently completed conversion to a new enterprise resource
planning (ERP) system. As the final stage of the conversion process, the organization ran the old and
new systems in parallel for 30 days before allowing the new system to run on its own. What is the
MOST significant advantage to the organization by using this strategy?
a. Significant cost savings over other testing approaches
b. Assurance that new, faster hardware is compatible with the new system
c. Assurance that the new system meets functional requirements
d. Increased resiliency during the parallel processing time

101. An IS auditor is planning an audit of a bank wire transfer systems in the context of a regulation
that requires bank to accurately report transactions. Which of the following represents the
PRIMARY focus of the audit scope?
a. Data availability c. Currency of data
b. Data confidentiality d. Data integrity