CHAPTER 11 Auditing Computer-Based Information Systems

Question 1

1. An audit is planned so that the most of it focuses on the areas with the highest risk factors.
   The risk that auditors and their audit procedures will fail to detect a material error or misstatement
   is an
   a. inherent risk.
   b. control risk.
   c. detection risk.

Answer 1

c. detection risk. (Correct. Auditors and their audit procedures will fail to detect a material
error or misstatement.)

Question 2

2. Auditing is the systematic process of obtaining and evaluating evidence regarding assertions
   about economic actions and events in order to determine how well they correspond
   with the established criteria. Developing knowledge of business operations is regarded as
   a part of the following audit process.
   a. planning
   b. collection of evidence
   c. evaluation of evidence
   d. communication of results

Answer 2

a. planning (Correct. The first step in an operational audit is planning, during which
knowledge of business operations is developed.)

Question 3

3. Reperformance of calculations is part of the collection of the evidence process.
   a. True
   b. False

Answer 3

a. True (Correct. Performing calculations again to verify quantitative information. It is a
part of the collection of audit evidence.)

Question 4

4. At what step in the audit process do the concepts of reasonable assurance and materiality
   enter into the auditor’s decision process?
   a. planning
   b. evidence collection
   c. evidence evaluation
   d. They are important in all three steps.

Answer 4

d. They are important in all three steps. (Correct. Materiality and reasonable assurance
are important when the auditor plans an audit and when the auditor collects and evaluates
evidence.)

Question 5

5. What is the four-step approach to internal control evaluation that provides a logical framework
for carrying out an audit?
a. inherent risk analysis 
b. systems review 
c. tests of controls 
d. risk-based approach to auditing

Answer 5

d. risk-based approach to auditing (Correct. The risk-based audit approach is a four-step
approach to carrying out an audit. The four steps are determining threats, identifying
control procedures, evaluating control procedures, and evaluating weaknesses.)

Question 6

6. Which of the following procedures is NOT used to detect unauthorized program changes?
   a. source code comparison
   b. parallel simulation
   c. reprocessing
   d. reprogramming code

Answer 6

d. reprogramming code (Correct. Reprogramming code is not used to test for unauthorized
program changes.)

Question 7

7. Which of the following is a concurrent audit technique that monitors all transactions and
   collects data on those that meet certain characteristics specified by the auditor?
   a. ITF
   b. snapshot techniques
   c. SCARF
   d. audit hooks

Answer 7

c. SCARF (Correct. System control audit review file is a concurrent audit technique that
embeds audit modules into application software to monitor continuously all transaction
activity.)

Question 8

8. Which of the following is a computer technique that assists an auditor in understanding
   program logic by identifying all occurrences of specific variables?
   a. mapping program
   b. program tracing
   c. automated flowcharting
   d. scanning routine

Answer 8

d. scanning routine (Correct. Scanning routine software programs search for particular
variable names or specific characters.)

Question 9

9. Which of the following is a computer program written especially for audit use?
   a. GAS
   b. CATAS
   c. ITF
   d. CIS

Answer 9

a. GAS (Correct. Generalized audit software is a software program written especially for
audit uses, such as testing data files. Examples are ACL and IDEA.)

Question 10

10. The focus of an operational audit is on which of the following?
    a. reliability and integrity of financial information
    b. all aspects of information systems management
    c. internal controls
    d. safeguarding assets

Answer 10

b. all aspects of information systems management (Correct. An operational audit is concerned
with all aspects of information systems management.)