Harvard University AUDIT 111 Chapter 7-Computer-Assisted Audit Tools and Techniques TRUE/FALSE 1)The three groups of application controls are batch controls, run-to-run controls, and audit trail controls

Question

Harvard University

AUDIT 111

Chapter 7-Computer-Assisted Audit Tools and Techniques

TRUE/FALSE

1)The three groups of application controls are batch controls, run-to-run controls, and audit trail controls.

A reasonableness check determines if a value in one field is reasonable when considered along with data in other fields of the record

A truncation error is a form of transcription error.

A check digit is a method of detecting data coding errors.

Input controls are intended to detect errors in transaction data after processing.

The black box approach to testing computer applications allows the auditor to explicitly review program logic.

The black box approach to testing computer applications require a detailed knowledge of the the program logic being tested.

A run-to-run control is an example of an output control.

Shredding computer printouts is an example of an output control.

In a computerized environment, all input controls are implemented after data is input.

Achieving batch control objectives requires grouping similar types of input transac- tions (such as sales orders) together in batches and then controlling the batches throughout data processing.

The white box tests of program controls are also known as auditing through the computer.

Incorrectly recording sales order number 123456 as 124356 is an example of a transcription error

When using the test data method, the presence of multiple error messages indicates a flaw in the preparation of test transactions.

The base case system evaluation is a variation of the test data method.

Tracing is a method used to verify the logical operations executed by a computer application.

The results of a parallel simulation are compared to the results of a production run in order to judge the quality of the application processes and controls.

Input controls are programmed procedures that perform tests on master file data to ensure they are free from errors.

The integrated test facility (ITF) is an automated approach that permits auditors to test an application's logic and controls during its normal operation.

Use of the integrated test facility poses no threat to organizational data files.

Spooling is a form of processing control.
A salami fraud affects a large number of victims, but the harm to each appears to be very small.

ANS: T

An input control that tests time card records to verify than no employee has worked more 50 hours in a pay period is an example of a range test.

ANS: F

The black box approach to testing computer program controls is also known as auditing around the computer.

ANS: T

MULTIPLE CHOICE

Which statement is not correct? The audit trail in a computerized environment

a.	consists of records that are stored sequentially in an audit file
b.	traces transactions from their source to their final disposition
c.	is a function of the quality and integrity of the application programs
d.	may take the form of pointers, indexes, and embedded keys

All of the following concepts are associated with the black box approach to auditing computer applications except

a.	the application need not be removed from service and tested directly
b.	auditors do not rely on a detailed knowledge of the application's internal logic
c.	the auditor reconciles previously produced output results with production input transactions
d.	this approach is used for complex transactions that receive input from many sources

Which test is not an example of a white box test?

a.	determining the fair value of inventory
b.	ensuring that passwords are valid
c.	verifying that all pay rates are within a specified range
d.	reconciling control totals

When analyzing the results of the test data method, the auditor would spend the least amount of time reviewing

a.	the test transactions
b.	error reports
c.	updated master files
d.	output reports

All of the following are advantages of the test data technique except

a.	auditors need minimal computer expertise to use this method
b.	this method causes minimal disruption to the firm's operations
c.	the test data is easily compiled

d.	the auditor obtains explicit evidence concerning application functions

All of the following are disadvantages of the test data technique except

a.	the test data technique requires extensive computer expertise on the part of the auditor
b.	the auditor cannot be sure that the application being tested is a copy of the current applica- tion used by computer services personnel
c.	the auditor cannot be sure that the application being tested is the same application used throughout the entire year
d.	preparation of the test data is time-consuming

Program testing

a.	involves individual modules only, not the full system
b.	requires creation of meaningful test data
c.	need not be repeated once the system is implemented
d.	is primarily concerned with usability

The correct purchase order number,is123456. All of the following are transcription errors except

a.	1234567
b.	12345
c.	124356
d.	123454

Which of the following is correct?

a.	check digits should be used for all data codes
b.	check digits are always placed at the end of a data code
c.	check digits do not affect processing efficiency
d.	check digits are designed to detect transcription and transposition errors

Which statement is not correct? The goal of batch controls is to ensure that during processing

a.	transactions are not omitted
b.	transactions are not added
c.	transactions are free from clerical errors
d.	an audit trail is created

An example of a hash total is

a.	total payroll checks–$12,315
b.	total number of employees–10
c.	sum of the social security numbers–12,555,437,251
d.	none of the above

Which statement is not true? A batch control record

a.	contains a transaction code
b.	records the record count
c.	contains a hash total
d.	control figures in the record may be adjusted during processing
e.	All the above are true

Which of the following is not an example of a processing control?

a.	hash total.
b.	record count.
c.	batch total.
d.	check digit

Which of the following is an example of input control test?

a.	sequence check
b.	zero value check
c.	spooling check
d.	range check

Which input control check would detect a payment made to a nonexistent vendor?

a.	missing data check
b.	numeric/alphabetic check
c.	range check
d.	validity check

Which input control check would detect a posting to the wrong customer account?

a.	missing data check
b.	check digit
c.	reasonableness check
d.	validity check

The employee entered "40" in the "hours worked per day" field. Which check would detect this unintentional error?

a.	numeric/alphabetic data check
b.	sign check
c.	limit check
d.	missing data check

An inventory record indicates that 12 items of a specific product are on hand. A customer purchased two of the items, but when recording the order, the data entry clerk mistakenly entered 20 items sold. Which check could detect this error?

a.	numeric/alphabetic data checks
b.	limit check
c.	range check

d.	reasonableness check

Which check is not an input control?

a.	reasonableness check
b.	validity check.
c.	spooling check
d.	missing data check

A computer operator was in a hurry and accidentally used the wrong master file to process a transaction file. As a result, the accounts receivable master file was erased. Which control would prevent this from happening?

a.	header label check
b.	expiration date check
c.	version check
d.	validity check

Run-to-run control totals can be used for all of the following except

a.	to ensure that all data input is validated
b.	to ensure that only transactions of a similar type are being processed
c.	to ensure the records are in sequence and are not missing
d.	to ensure that no transaction is omitted

Methods used to maintain an audit trail in a computerized environment include all of the following except

a.	transaction logs
b.	Transaction Listings.
c.	data encryption
d.	log of automatic transactions

Risk exposures associated with creating an output file as an intermediate step in the printing process (spooling) include all of the following actions by a computer criminal except

a.	gaining access to the output file and changing critical data values
b.	using a remote printer and incurring operating inefficiencies
c.	making a copy of the output file and using the copy to produce illegal output reports
d.	printing an extra hardcopy of the output file

Which statement is not correct?

a.	only successful transactions are recorded on a transaction log
b.	unsuccessful transactions are recorded in an error file
c.	a transaction log is a temporary file
d.	a hardcopy transaction listing is provided to users

Input controls include all of the following except

a.	check digits
b.	Limit check.
c.	spooling check
d.	missing data check

Which of the following is an example of an input error correction technique?

a.	immediate correction
b.	rejection of batch
c.	creation of error file
d.	all are examples of input error correction techniques

All of the following statements are true about the integrated test facility (ITF) except

a.	production reports are affected by ITF transactions
b.	ITF databases contain "dummy" records integrated with legitimate records
c.	ITF permits ongoing application auditing
d.	ITF does not disrupt operations or require the intervention of computer services personnel

Which of the following is an input control?

a.	Reasonableness check
b.	Run-to-run check
c.	Spooling check
d.	Batch check
e.	None are input controls

Which of the following is not an input control?

a.	Range check
b.	Limit check
c.	Spooling check
d.	Validity check
e.	They are all input controls

When auditors do not rely on a detailed knowledge of the application's internal logic, they are performing

a.	black box tests of program controls
b.	white box tests of program controls
c.	substantive testing
d.	intuitive testing

SHORT ANSWER

The firm allows no more than 10 hours of overtime a week. An employee entered “15” in the field. Which control will detect this error?

The password was “CANARY”; the employee entered “CAANARY.” Which control will detect this error?

The order entry system will allow a 10 percent variation in list price. For example, an item with a list price of $1 could be sold for 90 cents or $1.10 without any system interference. The cost of the item is $3, but the cashier entered $2. Which control would detect this error?

What are the three broad categories of application controls?

How does privacy relate to output control?

What are the three categories of processing control?

What control issue is related to reentering corrected error records into a batch processing system? What are the two methods for doing this?

Output controls ensure that output is not lost, misdirected, or corrupted and that privacy is not violated. What are some output exposures or situations where output is at risk?
Name four input controls and describe what they test

1. A fraud affects a large number of victims but the harm to each appears to be very small.

1. Give one example of an error that is detected by a check digit control.

1. Auditors do not rely on detailed knowledge of the application's internal logic when they use the approach to auditing computer applications.

1. Describe parallel simulation.

1. What is meant by auditing around the computer versus auditing through the computer? Why is this so important?

1. Classify each of the following as a field, record, or file interrogation:
  1. Limit check
  2. Validity check
  3. Version check
  4. Missing data check
  5. Sign checks
  6. Expiration date check
  7. Numeric-alphabetic data check
  8. Sequence check
  9. Zero-value check
  10. Header label check
  11. Range check
  12. Reasonableness check

1. What are the five major components of a GDIS?

1. If all of the inputs have been validated before processing, then what purpose do run-to-run controls serve?

1. Explain input controls.

1. Name three types of transcription error.

20. Describe two types of transposition error

ESSAY

1. Various techniques can be used to control the input effort. Write a one-page essay

discussing three techniques.

1. 1. .

1. Explain the three methods used to correct errors in data entry.

1. The presence of an audit trail is critical to the integrity of the accounting information system. Discuss three of the techniques used to preserve the audit trail.

1. Define each of the following input controls and give an example of how they may be

Missing data check
Numeric/alphabetic data check
Limit check
Range check
Reasonableness check
Validity check

1. After data is entered into the system, it is processed. Processing control exists to make sure that the correct things happen during processing. Discuss processing controls.