Test bank accounting information system by turner 07 chapter

The only person who can perform a financial statement audit of a publicly traded company is a government auditor who has extensive knowledge of generally accepted accounting principles..

ACCOUNTING INFORMATION SYSTEMS

CONTROLS AND PROCESSES

TURNER / WEICKGENANNT

CHAPTER 7: Auditing Information Technology-Bases Processes

TEST BANK - CHAPTER 7 - TRUE / FALSE

1 All users of financial data - business managers, investors, creditors, and government agencies

- have an enormous amount of data to use to make decisions Due to the use of IT systems,

it is easy to verify the accuracy and completeness of the information

2 In order to properly carry out an audit, accountants collect and evaluate proof of procedures,

transactions, and / or account balances, and compare the information with established criteria

3 The only person who can perform a financial statement audit of a publicly traded company is a

government auditor who has extensive knowledge of generally accepted accounting principles

4 Any professionally trained accountant is able to perform an operational audit

5 An important requirement for CPA firms is that they must be personally involved with the

management of the firm that is being audited

6 The most common type of audit service is the operating audit performed by internal auditors

7 All types of auditors should have knowledge about technology-based systems so that they can

properly audit IT systems

8 A financial statement audit is part of the IT audit

9 Auditors do not need to be experts on the intricacies of computer systems but they do need to

understand the impact of IT on their clients’ accounting systems and internal controls

10 A financial statement audit is conducted in order for an opinion to be expressed on the fair

presentation of financial statements in accordance with GAAP This goal is affected by the presence or absence of IT accounting systems

11 The remoteness of information, one of the causes of information risk, can relate to geographic

distance or organizational layers

12 The most common method for decision makers to reduce information risk is to rely on

information that has been audited by an independent party

13 Auditors have the primary responsibility to make sure that they comply with international

standards in all cases

14 There is not much room for professional judgment when performing audits, as a result of the

detailed guidance provided by organizations, such as the PCAOB

15 The responsibility for the preparation of the financial statements lies with the auditors

16 The role of the auditor is to analyze the financial statements to decide whether they are fairly

presented in accordance with GAAP

17 Management assertions relate to the actual existence and proper valuation of transactions and

account balances

18 The same audit tests would test for completeness of a liability or an asset

19 Auditing testing for any single general auditing objective would involve the same testing

techniques even though there are different types of information collected to support different accounts and transactions

20 Auditors must think about how the features of their client’s IT systems influence its

management assertions and the general audit objectives even though these matters have little

or no impact on the choice of audit methodologies used

21 Risk can be inherent in the client’s business, due to things such as the nature of operations, or

may be caused by weak internal controls

22 Auditors do not need to concern themselves with risks unless there is an indication that there

is an internal control weakness

23 The auditor’s understanding of internal controls provides the basis for designing appropriate

audit tests to be used in the remaining phases of the audit

24 The process of evaluating internal controls and designing meaningful audit tests is more

complex for manual systems than for automated systems

25 Computer-assisted audit techniques are useful audit tools because they make it possible for

auditors to use computers to audit large amounts of evidence in less time

26 Substantive tests are also referred to as compliance tests

27 General controls relate to specific software and application controls relate to all aspects of the

IT environment

28 General controls must be tested before application controls

29 Systems operators and users should not have access to the IT documentation containing

details about the internal logic of computer systems

30 Control tests verify whether financial information is accurate, where substantive tests

determine whether the financial information is managed under a system that promotes

accuracy

31 Regardless of the results of the control testing, some level of substantive testing must take

place

32 The use of generalized audit software is especially useful when there are large volumes of

data and when there is a need for accurate information

33 All of the risks and audit procedures that apply to a PC environment may also exist in

networks, but the risk of less of much lower

34 Network operations typically involve a large number of computers, many users, and a high

volume of data transfers, so any lack of network controls could cause widespread damage Because of this, it is necessary for auditors to apply strict tests to a representative sample of the network

35 When audit clients use a database system, the relating data is organized in a consistent

manner which tends to make it easier for auditors to select items for testing

36 When a client company is using IT outsourcing, and that service center has its own

independent auditors who report on internal control, the third-party report (from the

independent auditors) cannot be used as audit evidence without the auditor performing an adequate amount of compliance testing

37 When a client changes the type of hardware or software used or in other ways modifies its IT

environment, the auditors need to test only the new system in order to determine the

effectiveness of the controls

38 When a client plans to implement new computerized systems, auditors will find it

advantageous to review the new system before it is placed in use

39 A sample is random when each item in the population has an equal chance of being chosen

40 Of all the principles and related rules within the AICPA Code of Professional Conduct, the one

that generally receives the most attention is integrity

41 The Sarbanes-Oxley Act has placed greater restrictions on CPAs by prohibiting certain types of

services historically performed by CPAs for their audit clients

42 The Sarbanes-Oxley Act decreased management’s responsibilities regarding the fair

presentation of the financial statements

43 The responsibility of the auditor to search for fraud is less than the responsibility to search for

errors

44 Even with a good system of internal controls, employee fraud, the theft of assets, may occur

due to collusion of two or more employees to carry out the fraud

45 Management fraud is the intentional misstatement of financial information and may be difficult

for auditors to find because the perpetrator will attempt to hide the fraud

46 The AICPA Code of Professional Conduct is made up of two sections One section, the rules, is

the foundation for the honorable behavior expected of CPAs while performing professional duties

ANSWERS TO TEST BANK – CHAPTER 7 – TRUE / FALSE:

TEST BANK - CHAPTER 7 - MULTIPLE CHOICE

47 Accounting services that improve the quality of information provided to the decision maker, an audit being the most common type of this service, is called:

A Compliance Services

B Assurance Services

C Substantive Services

D Operational Services

48 A type of assurance services that involves accumulating and analyzing support for the

information provided by management is called an:

A Audit

B Investigation

C Financial Statement Examination

D Control Test

49 The main purpose of an audit is to assure users of the financial information about the:

A Effectiveness of the internal controls of the company

B Selection of the proper GAAP when preparing financial statements

C Proper application of GAAS during the examination

D Accuracy and completeness of the information

50 Which of the following is not one of the three primary types of audits?

51.This type of audit is completed in order to determine whether a client has adhered to the

regulations and policies established by contractual agreements, governmental agencies, or some other high authority

A Compliance Audit

B Operational Audit

C Information Audit

D Financial Statement Audit

52 This type of audit is completed to assess the operating policies and procedures of a client for efficiency and effectiveness

A Efficiency Audit

B Effectiveness Audit

C Compliance Audit

D Operational Audit

53 This type of audit is completed to determine whether or not the client has prepared and

presented its financial statements fairly, in accordance with generally accepted accounting principles

A GAAP Audit

B Financial Statement Audit

C Compliance Audit

D Fair Application Audit

54 This type of auditor is an employee of the company he / she audits

58.The independence of a CPA could be impaired by:

A Having no knowledge of the company or the company management

B By owning stock of a similar company

C Having the ability to influence the client’s decisions

D Being married to a stockbroker

59 The IT environment plays a key role in how auditors conduct their work in all but which of the following areas:

A Consideration of Risk

B Consideration of Information Fairness

C Design and Performance of Audit Tests

D Audit Procedures Used

60 The chance that information used by decision makers may be inaccurate is referred to as:

A Information users often do not have the time or ability to verify information themselves

B It may be difficult for decision makers to verify information contained in a computerized

accounting system

C Both of the above

D Neither of the above

63 The existence of IT-based business processes often result in details of transactions being

entered directly into the computer system, results in a lack of physical evidence to visibly view This situation is referred to as:

A Physical Evidence Risk

B Loss of Audit Trail Visibility

C Transaction Summary Chart

D Lack of Evidence View

64 The existence of IT-based business processes, that result in the details of the transactions being entered directly into the computer system, increases the likelihood of the loss or alternation of data due to all of the following, except:

A System Failure

B Database Destruction

C Programmer Incompetence

D Environmental Damage

65 The advantages of using IT-based accounting systems, where the details of transactions are entered directly into the computer include:

A Computer controls can compensate for the lack of manual controls

B Loss of audit trail view

C Increased internal controls risks

D Fewer opportunities to authorize and review transactions

66 The ten standards that provide broad guidelines for an auditor’s professional responsibilities are referred to as:

A Generally accepted accounting standards

B General accounting and auditing practices

C Generally accepted auditing practices

D Generally accepted auditing standards

67 The generally accepted auditing standards are divided into three groups Which of the following

is not one of those groups?

A General Standards

B Basic Standards

C Standards of Fieldwork

D Standards of Reporting

68 GAAS, generally accepted auditing standards, provide a general framework for conducting

quality audits, but the specific standards - or detailed guidance - are provided by all of the following groups, except:

A Public Company Accounting Oversight Board

B Auditing Standards Board

C Certified Fraud Examiners

D International Audit Practices Committee

69 This organization, established by the Sarbanes-Oxley Act, was organized in 2003 for the

purpose of establishing auditing standards for public companies

A Auditing Standards Board

B Public Company Accounting Oversight Board

C International Audit Practices Committee

D Information Systems Audit and Control Association

70 This organization is part of the AICPA and was the group responsible for issuing Statements on Auditing Standards which were historically widely used in practice

A Auditing Standards Board

B Public Company Accounting Oversight Board

C International Audit Practices Committee

D Information Systems Audit and Control Association

71 This organization was established by the IFA to set International Standards on Auditing that contribute to the uniform application of auditing practices on a worldwide basis

A International Systems Audit and Control Association

B Auditing Standards Board

C Public Company Accounting Oversight Board

D International Audit Practices Committee

72 This organization issues guidelines for conducting the IT audit The standards issued address practices related to control and security of the IT system

A Auditing Standards Board

B Public Company Accounting Oversight Board

C International Audit Practices Committee

D Information Systems Audit and Control Association

73 The audit is to be performed by a person or persons having adequate technical training and proficiency as an auditor This is one of the generally accepted auditing standards that is part of the:

A General Standards

B Operating Standards

C Fieldwork Standards

D Reporting Standards

74 Independence in mental attitude is to be maintained in all matters related to the audit

engagement This is one of the generally accepted auditing standards that is part of the:

78 Claims regarding the financial condition of the business organization and results of its operations are referred to as:

A Financial Statements

B Management Assertions

C External Audit

D Presentation and Disclosure

79 Audit tests developed for an audit client are documented in a(n):

83 Techniques used for gathering evidence include all of the following, except:

A Physical examination of assets or supporting documentation

B Observing activities

C Adequate planning and supervision

D Analyzing financial relations relationship

84 During this phase of the audit, the auditor must gain a thorough understanding of the client’s business and financial reporting systems When completing this phase, the auditors review and assess the risks and controls related to the business

85 During the planning phase of the audit, auditors estimate the monetary amounts that are large enough to make a difference in decision making This amount is referred to as:

87 A large part of the work performed by an auditor in the audit planning process is the gathering

of evidence about the company’s internal controls This can be completed in any of the

following ways, except:

A Interviewing key members of the accounting and IT staff

B Observing policies and procedures

C Review IT user manuals and systems

D Preparing memos to summarize their findings

88 The Accounting Standards Board issued the following SAS in recognition of the fact that

accounting records and files often exist in electronic form The statement was issued in 2001 to expand the historical concept of audit evidence to include electronic evidence

A How transactions are entered into the computer

B How financial statement are printed from the computer

C How nonstandard journal entries and adjusting entries are initiated, recorded, and

processed

D How standard journal entries are initiated, recorded, and processed

90 As the result of the guidance provided in SAS 94, the auditors may decide that IT auditors may need to be called in to:

A Consider the effects of computer processing on the audit

B To assist in testing the automated processes

C Both of the above

D None of the above

91 Many companies design their IT system so that all documents and reports can be retrieved from the system in readable form Auditors can then compare the documents used to input the data into the system with reports generated from the system, without gaining any extensive

knowledge of the computer system and does not require the evaluation of computer controls This process is referred to as:

A Auditing through the system

B Auditing around the system

C Computer assisted audit techniques

D Auditing with the computer

92 This approach, referred to as the whitebox approach, requires auditors to evaluate IT controls and processing so that they can determine whether the information generated from the system

is reliable

A Auditing through the system

B Auditing around the system

C Computer assisted audit techniques

D Auditing with the computer

93 The IT auditing approach referred to as “Auditing through the system” is necessary under which

of the following conditions?

A Supporting documents are available in both electronic and paper form

B The auditor does not require evaluation of computer controls

C The auditor wants to test computer controls as a basis for evaluating risk and reducing the

amount of audit testing required

D The use of the IT system has a low impact on the conduct of the audit

94 Audit procedures designed to evaluate both general controls and application controls are

97 Related audit tests to review the existence and communication of company policies regarding important aspects of IT administrative control include all of the following, except:

A Personal accountability and segregation of incompatible responsibilities

B Job description and clear lines of authority

C Prevention of unauthorized access

101 These tests of security controls analyze a company’s control environment for possible

weaknesses Special software programs are available to help auditors identify weak points in their client’s security measures

104 This type of application control is performed to verify the accuracy and completeness of

information entered into software programs Auditors are concerned about whether errors are being prevented and detected during this stage of data processing

A Security controls

B Processing controls

C Input controls

D Output controls

105 IT audit procedures typically include a combination of data accuracy tests where the data

processed by computer applications are reviewed for correct dollar amounts or other numerical values These procedures are referred to as:

107 This is one of the computer-assisted audit techniques, related to processing controls, that

involves processing client data through a controlled program designed to resemble the client’s application This test is run to find out whether the same results are achieved under different systems

A Integrated Test Facility

B Embedded Audit Module

C Parallel Simulation

D Test Data Method

108 Regardless of whether the results are printed or retained electronically, auditors may perform all

of the following procedures to test application outputs, except:

A Integrated Tests

B Reasonableness Tests

C Audit Trail Tests

D Rounding Errors Tests

109 The auditor’s test of the accuracy of monetary amounts of transactions and account balances is known as:

A Testing of controls

B Substantive tests

C Compliance tests

D Application tests

110 Real-time financial reporting has created the need for this type of auditing, where auditors constantly analyze audit evidence and provide assurance on the related financial information as soon as it occurs or shortly thereafter

A Real-time auditing

B Virtual auditing

C E-auditing

D Continuous auditing

111 This phase of auditing occurs when the auditors evaluate all the evidence that has been

accumulated and makes a conclusion based on that evidence

113 Which of the following is a proper description of an auditor report?

A Unqualified opinion - identifies certain exceptions to the clean opinion

B Adverse opinion - notes that there are material misstatements presented

C Qualified opinion - states that the auditors believe the financial statements are fairly and

consistently presented in accordance with GAAP

D Unqualified opinion - states that the auditors were not able to reach a conclusion

114 When PCs are used for accounting instead of mainframes or client-server system, they face a greater risk of loss due to which of the following:

A Authorized access

B Segregation of duties

C Lack of backup control

D All of the above

115 When client companies rely on external, independent computer service centers to handle all or part of their IT needs it is referred to as:

A External Processing

B WAN Processing

C Database Management System

D IT Outsourcing