No. 125 Brgy.
San Sebastian
Lipa City, Batangas, Philippines
Mobile : 0927 283 8234
Telephone : (043) 723 8412
Gmail : [email protected]
AT 05-15 – Auditing in an IT Environment
1. Which of the following is not a benefit of using IT-based controls?
a. Ability to process large volume of transactions.
b. Ability to replace manual controls with automated, computer-based controls.
c. Over-reliance on computer-generated reports.
d. Reduction in misstatements due to consistent processing of transactions.
2. The _______ refers to the combination of the database, the Database Management
System (DBMS), and the application programs that access the database through the
DBMS.
a. Database administrator
b. Database system
c. Data warehouse
d. Database manager
3. An important characteristic of IT is uniformity of processing. Therefore, a risk exists
that:
a. Auditors will never be able test the IT system of the audit client.
b. Incorrect processing of the system can result in the accumulation of numerous
misstatements in a short period of time.
c. Auditors will not be able to determine if data is processed consistently.
d. All of the above.
4. Which of the following is not a risk specific to IT systems?
a. Improved audit trail
b. Need for IT experienced staff
c. Separation of IT duties from accounting functions
d. Hardware and data vulnerability
5. Which of the following is not a category of an application control?
a. Hardware controls
b. Processing controls
c. Input controls
d. Output controls
6. When the client uses a computer, but the auditor chooses to use only the non-IT
segment of internal control to assess control risk, it is referred to as auditing around
the computer. Which one of the following conditions need not be present to audit
around the computer?
a. The source documents must be available in a non-machine language.
b. The auditor should be able to communicate with the client personnel involved
in writing the code for the accounting information systems.
c. The output must be listed in sufficient detail to enable the auditor to trace
individual transactions.
d. The documents must be filed in a manner that makes it possible to locate them.
7. Pre-designed formats, such as those for audit documentation, can be created and
saved using electronic spreadsheets and word processors. These are called:
a. Desktop publishing
b. Templates
c. Macros
1P a g e
JABELLAR/AIBAY/AJABINAL/RBERCASIO/JMAGLINAO/ASARMIENTO
� No. 125 Brgy. San Sebastian
Lipa City, Batangas, Philippines
Mobile : 0927 283 8234
Telephone : (043) 723 8412
Gmail : [email protected]
d. Work files
8. This involves implementing a new system in one part of the organization, while other
locations continue to use the current system.
a. Parallel testing
b. Online testing
c. Standardized testing
d. Pilot testing
9. To obtain evidence that online access controls are properly functioning, an auditor
most likely would
a. Enter invalid identification numbers or passwords to ascertain whether the
system rejects them.
b. Analyze the flow of the transactions from the records to the database.
c. Examine the transaction log for duplicate transactions due to system
malfunction.
d. Trace random invoices produced by the system based on online transactions.
10. An auditor documents the status and screen outputs of program execution,
intermediate results, and transaction data at specified processing points in the
program processing. This technique for program analysis is called __________.
a. Code review
b. Flowcharting
c. Snapshots
d. Program checklist
11. It is a computer program (a block of executable code) that attaches itself to a legitimate
program or data file and uses its as a transport mechanism to reproduce itself without
the knowledge of the user.
a. Virus
b. Database management system
c. IP spoofing
d. Encryption
12. Statement 1: A hot site is a back-up center that is already installed with equipment
necessary to run the entity’s computer processes.
Statement 2: A cold site is a back-up center that is already prepared for equipment to
be brought in and set-up.
a. True, True
b. True, False
c. False, True
d. False, False
13. This is a networking tool used to enhance security by creating a private connection
between authorized devices that should be able to connect to the network, therefore
reducing the risk of hacking and unauthorized access or changes to the master files.
a. Artificial network
b. Firewall
c. Virtual Private Network (VPN)
d. Hotspot
14. Which of the following statements about general controls is incorrect?
2P a g e
JABELLAR/AIBAY/AJABINAL/RBERCASIO/JMAGLINAO/ASARMIENTO
� No. 125 Brgy. San Sebastian
Lipa City, Batangas, Philippines
Mobile : 0927 283 8234
Telephone : (043) 723 8412
Gmail : [email protected]
a. Successful IT development efforts require the involvement of IT and non-IT
personnel.
b. Disaster recovery plans should identify alternative hardware to process
company data.
c. The chief information officer should report to senior management and the
board.
d. Programmers should have access to computer operations to aid users in
resolving problems.
15. Which of the following is least likely a characteristic of a database system?
a. Individual applications share the data in the database for different purposes.
b. Coordination is usually performed by a group of individuals whose
responsibility is typically referred to as "database administration."
c. Separate data files are maintained for each application and similar data used
by several applications may be repeated on several different files.
d. A software facility is required to keep track of the location of the data in the
database.
16. These are programmed routines prepared by an auditor who is also a programmer, or
an expert engaged by the auditor, which are incorporated into an accounting program
to perform an audit function such as a calculation or logging activity as part of a
concurrent testing.
a. Embedded audit modules
b. Parallel simulation
c. Integrated test facility
d. Test data
17. An entity has recently converted its revenue/receipt cycle from a manual processing
to an online, real-time processing system. Which of the following statements is most
likely true in relation to the new computerized processing system?
a. Significant increase in processing time.
b. Reduction in the entity’s risk exposures.
c. Less segregation of traditional duties.
d. Increase in processing errors.
18. It refers to a control total of one field of information for all items in a batch that has no
intrinsic meaning.
a. Record count
b. Financial total
c. Hash total
d. Self-checking digit
19. When preparing the payroll register, only employees who have an existing record
within the HR department may be included in payroll preparation. This specific control
over input is called
a. Limit test
b. Validity test
c. Completeness test
d. Control total
20. It refers to a digit derived from and appended to a string of data digits, used to detect
corruption of the data string during transmission or transcription.
a. Record count
3P a g e
JABELLAR/AIBAY/AJABINAL/RBERCASIO/JMAGLINAO/ASARMIENTO
� No. 125 Brgy. San Sebastian
Lipa City, Batangas, Philippines
Mobile : 0927 283 8234
Telephone : (043) 723 8412
Gmail : [email protected]
b. Financial total
c. Hash total
d. Self-checking digit
21. An entity uses a visitor entry log to record individuals who go in and out of a critical
CIS facility. This type of access control is best classified as
a. Physical access control
b. Electronic access control
c. Hardware control
d. Data transmission control
22. One of the common data transmission controls used by entities communicating
through a network involves the receiving device sending a message that verifies a
transmission back to the sending device. This control is known as
a. Virtual Private Network (VPN)
b. Firewall
c. Echo check
d. Data encryption
23. In cryptography, this type of key is used to sign digital signatures and to decrypt data
that was encoded using the recipient's public key.
a. Public Key
b. Private Key
c. Hash
d. Time-stamp Key
24. This audit approach for testing IT controls enables the auditor to look within the logic
of procedures and data calculation made by the client organization’s system. This is
normally executed using computer-assisted audit techniques (CAATs).
a. Black box approach
b. White box approach
c. Embedded audit modules
d. Transaction simulations
25. In which of the following approaches to program testing the risk of data contamination
least likely to occur?
a. Test data approach
b. Integrated test facility
c. Base case system evaluation
d. Parallel simulation
*End of Handout*
4P a g e
JABELLAR/AIBAY/AJABINAL/RBERCASIO/JMAGLINAO/ASARMIENTO
