Fill This Form To Receive Instant Help
Homework answers / question archive / Utah State University ACCT 610 Chapter 17-IT Controls Part III: Systems Development, Program Changes, and Application Controls TRUE/FALSE 1)Programs in their compiled state are very susceptible to the threat of unauthorized modification
Utah State University
ACCT 610
Chapter 17-IT Controls Part III: Systems Development, Program Changes, and Application Controls
TRUE/FALSE
1)Programs in their compiled state are very susceptible to the threat of unauthorized modification.
a. |
consists of records that are stored sequentially in an audit file |
b. |
traces transactions from their source to their final disposition |
c. |
is a function of the quality and integrity of the application programs |
d. |
may take the form of pointers, indexes, and embedded keys |
a. |
reconciling program version numbers |
b. |
program testing |
c. |
user involvement |
d. |
internal audit participation |
a. |
documentation updates |
b. |
testing |
c. |
formal authorization |
d. |
internal audit approval |
a. |
compiled programs are very susceptible to unauthorized modification |
b. |
the source program library stores application programs in source code form |
c. |
modifications are made to programs in machine code language |
d. |
the source program library management system increases operating efficiency |
a. |
using passwords to limit access to application programs |
b. |
assigning a test name to all programs undergoing maintenance |
c. |
combining access to the development and maintenance test libraries |
d. |
assigning version numbers to programs to record program modifications |
a. |
Database Management System |
b. |
Recovery Operations Function |
c. |
Source Program Library Management System |
d. |
Computer Services Function |
a. |
involves individual modules only, not the full system |
b. |
requires creation of meaningful test data |
c. |
need not be repeated once the system is implemented |
d. |
is primarily concerned with usability |
a. |
1234567 |
b. |
12345 |
c. |
124356 |
d. |
123454 |
a. |
check digits should be used for all data codes |
b. |
check digits are always placed at the end of a data code |
c. |
check digits do not affect processing efficiency |
d. |
check digits are designed to detect transcription and transposition errors |
a. |
transactions are not omitted |
b. |
transactions are not added |
c. |
transactions are free from clerical errors |
d. |
an audit trail is created |
a. |
total payroll checks–$12,315 |
b. |
total number of employees–10 |
c. |
sum of the social security numbers–12,555,437,251 |
d. |
none of the above |
a. |
contains a transaction code |
b. |
records the record count |
c. |
contains a hash total |
d. |
control figures in the record may be adjusted during processing |
e. |
All the above are true |
ANS: E
a. |
hash total. |
b. |
record count. |
c. |
batch total. |
d. |
check digit |
a. |
sequence check |
b. |
zero value check |
c. |
spooling check |
d. |
range check |
a. |
missing data check |
b. |
numeric/alphabetic check |
c. |
range check |
d. |
validity check |
a. |
numeric/alphabetic data check |
b. |
sign check |
c. |
limit check |
d. |
missing data check |
a. |
numeric/alphabetic data checks |
b. |
limit check |
c. |
range check |
d. |
reasonableness check |
a. |
reasonableness check |
b. |
validity check. |
c. |
spooling check |
d. |
missing data check |
a. |
header label check |
b. |
expiration date check |
c. |
version check |
d. |
validity check |
a. |
to ensure that all data input is validated |
b. |
to ensure that only transactions of a similar type are being processed |
c. |
to ensure the records are in sequence and are not missing |
d. |
to ensure that no transaction is omitted |
a. |
transaction logs |
b. |
Transaction Listings. |
c. |
data encryption |
d. |
log of automatic transactions |
a. |
gaining access to the output file and changing critical data values |
b. |
using a remote printer and incurring operating inefficiencies |
c. |
making a copy of the output file and using the copy to produce illegal output reports |
d. |
printing an extra hardcopy of the output file |
a. |
only successful transactions are recorded on a transaction log |
b. |
unsuccessful transactions are recorded in an error file |
c. |
a transaction log is a temporary file |
d. |
a hardcopy transaction listing is provided to users |
a. |
check digits |
b. |
Limit check. |
c. |
spooling check |
d. |
missing data check |
a. |
immediate correction |
b. |
rejection of batch |
c. |
creation of error file |
d. |
all are examples of input error correction techniques |
a. |
a cost-benefit analysis was conducted |
b. |
the detailed design was an appropriate solution to the user's problem |
c. |
tests were conducted at the individual module and total system levels prior to implementation |
d. |
problems detected during the conversion period were corrected in the maintenance phase |
a. |
An audit objective for systems maintenance is to detect unauthorized access to application databases. |
b. |
An audit objective for systems maintenance is to ensure that applications are free from errors. |
c. |
An audit objective for systems maintenance is to verify that user requests for maintenance reconcile to program version numbers. |
d. |
An audit objective for systems maintenance is to ensure that the production libraries are protected from unauthorized access. |
a. |
protect applications from unauthorized changes |
b. |
ensure applications are free from error |
c. |
protect production libraries from unauthorized access |
d. |
ensure incompatible functions have been identified and segregated |
a. |
black box tests of program controls |
b. |
white box tests of program controls |
c. |
substantive testing |
d. |
intuitive testing |
a. |
the application need not be removed from service and tested directly |
b. |
auditors do not rely on a detailed knowledge of the application's internal logic |
c. |
the auditor reconciles previously produced output results with production input transactions |
d. |
this approach is used for complex transactions that receive input from many sources |
a. |
determining the fair value of inventory |
b. |
ensuring that passwords are valid |
c. |
verifying that all pay rates are within a specified range |
d. |
reconciling control totals |
a. |
the test transactions |
b. |
error reports |
c. |
updated master files |
d. |
output reports |
a. |
auditors need minimal computer expertise to use this method |
b. |
this method causes minimal disruption to the firm's operations |
c. |
the test data is easily compiled |
d. |
the auditor obtains explicit evidence concerning application functions |
a. |
the test data technique requires extensive computer expertise on the part of the auditor |
b. |
the auditor cannot be sure that the application being tested is a copy of the current application used by computer services personnel |
c. |
the auditor cannot be sure that the application being tested is the same application used throughout the entire year |
d. |
preparation of the test data is time-consuming |
a. |
production reports are affected by ITF transactions |
b. |
ITF databases contain "dummy" records integrated with legitimate records |
c. |
ITF permits ongoing application auditing |
d. |
ITF does not disrupt operations or require the intervention of computer services personnel |
a. |
can be turned on and off by the auditor. |
b. |
reduce operating efficiency. |
c. |
may lose their viability in an environment where programs are modified frequently. |
d. |
identify transactions to be analyzed using white box tests. |
a. |
recalculate data fields |
b. |
compare files and identify differences |
c. |
stratify statistical samples |
d. |
analyze results and form opinions |
data to ensure they are free from errors. Name four input controls and describe what they test
.
approach to auditing computer applications.