Chapter 11 – ‘Auditing Computer-­‐Based Information Systems’

Question 1

1. Which of the following is a characteristic of auditing? 
   a. Auditing is a systematic, step-by-step process.
   b. Auditing involves the collection and review of evidence.
   c. Auditing involves the use of established criteria to evaluate evidence.
   d. All of the above are characteristics of auditing.

Answer 1

d. All of the above are characteristics of auditing. (Correct. Auditing is a
systematic step- by-step process that involves the collection and review of
evidence and uses established criteria to evaluate evidence.)

Question 2

2. Which of the following is NOT a reason an internal auditor should
   participate in internal control reviews during the design of new systems? 
   a. It is more economical to design controls during the design stage than to do
   so later.
   b. It eliminates the need for testing controls during regular audits.
   c. it minimizes the need for expensive modifications after the system is
   implemented.
   d. It permits the design of audit trails while they are economical.

Answer 2

b. It eliminates the need for testing controls during regular audits. (Correct.
Even if the auditor participates in internal control reviews, the auditor will
still have to test controls to determine whether they are in place and working
as intended.)

Question 3

3. Which type of audit involves a review of general and application
   controls, with a focus on determining if there is compliance with policies
   and adequate safeguarding of assets?
   a. information systems audit
   b. financial audit
   c. operational audit
   d. compliance audit

Answer 3

a. information systems audit (Correct. An information systems audit reviews
general and application controls, with a focus on determining whether there is
compliance with policies and adequate safeguarding of assets.)

Question 4

4. At what step in the audit process do the concepts of reasonable
   assurance and materiality enter into the auditor’s decision process?
   a. planning
   b. evidence collection
   c. evidence evaluation  
   d. They are important in all three steps.

Answer 4

d. They are important in all three steps. (Correct. Materiality and reasonable
assurance are important when the auditor plans an audit and when the auditor
collects and evaluates evidence.)

Question 5

5. What is the four step approach to internal control evaluation that
   provides a logical framework for carrying out an audit?
   a. inherent risk analysis
   b. systems review
   c. tests of controls
   d. risk-based approach to auditing

Answer 5

d. risk-based approach to auditing (Correct. The risk-based audit approach is
a four-step approach to carrying out an audit. The four steps are determining
threats, identifying control procedures, evaluating control procedures, and
evaluating weaknesses.)

Question 6

6.Which of the following procedures is NOT used to detect unauthorized
program changes?
a. source code comparison 
b. parallel simulation 
c. reprocessing 
d. reprogramming code

Answer 6

d. reprogramming code (Correct. Reprogramming code is not used to test for
unauthorized program changes.)

Question 7

7. Which of the following is a concurrent audit technique that monitors all
   transactions and collects data on those that meet certain characteristics
   specified by the auditor?
   a. ITF  
   b. snapshot techniques
   c. SCARF
   d. audit hooks

Answer 7

c. SCARF (Correct. System control audit review file is a concurrent audit
technique that embeds audit modules into application software to
monitor continuously all transaction activity.)

Question 8

8. Which of the following is a computer technique that assists an auditor
   in understanding program logic by identifying all occurrences of specific
   variables?
   a. mapping program
   b. program tracing
   c. automated flowcharting  
   d. scanning routine

Answer 8

d. scanning routine (Correct. Scanning routine software programs search for
particular variable names or specific characters.)

Question 9

9. Which of the following is a computer program written especially for
audit use? 
a. GAS 
b. CATAS 
c. ITF
d. CIS

Answer 9

a. GAS (Correct. Generalized audit software is a software program written
especially for audit uses, such as testing data files. Examples are ACL and
IDEA.) 

Question 10

10. The focus of an operational audit is on which of the following? 
    a. reliability and integrity of financial information
    b. all aspects of information systems management  
    c. internal controls
    d. safe guarding assets

Answer 10

b. all aspects of information systems management (Correct. An operational
audit is concerned with all aspects of information systems management.)