help in homework

New User?

Fill This Form To Receive Instant Help

Help in Homework
trustpilot ratings
google ratings


Homework answers / question archive / Utah State University ACCT 610 Chapter 17-IT Controls Part III: Systems Development, Program Changes, and Application Controls TRUE/FALSE 1)Programs in their compiled state are very susceptible to the threat of unauthorized modification

Utah State University ACCT 610 Chapter 17-IT Controls Part III: Systems Development, Program Changes, and Application Controls TRUE/FALSE 1)Programs in their compiled state are very susceptible to the threat of unauthorized modification

Business

Utah State University

ACCT 610

Chapter 17-IT Controls Part III: Systems Development, Program Changes, and Application Controls

TRUE/FALSE

1)Programs in their compiled state are very susceptible to the threat of unauthorized modification.

 

 

  1. Maintenance access to systems increases the risk that logic will be corrupted either by the accident or intent to defraud.

 

 

 

  1. Source program library controls should prevent and detect unauthorized access to application programs.

 

 

 

  1. A check digit is a method of detecting data coding errors.

 

 

 

  1. Input controls are intended to detect errors in transaction data after processing.

 

 

 

  1. A header label is an internal, machine-readable label.

 

 

 

  1. The user test and acceptance procedure is the last point at which the user can determine the system’s acceptability prior to it going into service.

 

 

 

  1. A run-to-run control is an example of an output control.

 

 

 

  1. Shredding computer printouts is an example of an output control.

 

 

 

  1. In a CBIS environment, all input controls are implemented after data is input.

 

 

 

  1. Achieving batch control objectives requires grouping similar types of input transactions (such as sales orders) together in batches and then controlling the batches throughout data processing.

 

 

 

  1. The "white box" tests of program controls are also known as auditing through the computer.

 

 

 

  1. The presence of a SPLMS effectively guarantees program integrity.

 

 

 

  1. When using the test data method, the presence of multiple error messages indicates a flaw in the preparation of test transactions.

 

 

 

  1. The Base Case System Evaluation is a variation of the test data method.

 

 

 

  1. Tracing is a method used to verify the logical operations executed by a computer application.

 

 

 

  1. Generalized audit software packages are used to assist the auditor in performing substantive tests.

 

 

 

  1. The results of a parallel simulation are compared to the results of a production run in order to judge the quality of the application processes and controls.

 

 

 

  1. Firms with an independent internal audit staff may conduct tests of the system development life cycle on an ongoing basis.

 

 

 

  1. The programmer’s authority table will specify the libraries a programmer may access.

 

 

 

  1. Use of the integrated test facility poses no threat to organizational data files.

 

 

 

MULTIPLE CHOICE

 

  1. Which statement is not correct? The audit trail in a computerized environment

a.

consists of records that are stored sequentially in an audit file

b.

traces transactions from their source to their final disposition

c.

is a function of the quality and integrity of the application programs

d.

may take the form of pointers, indexes, and embedded keys

 

 

  1. Which control is not associated with new systems development activities?

a.

reconciling program version numbers

b.

program testing

c.

user involvement

d.

internal audit participation

 

 

  1. Routine maintenance activities require all of the following controls except

a.

documentation updates

b.

testing

c.

formal authorization

d.

internal audit approval

 

 

  1. Which statement is correct?

a.

compiled programs are very susceptible to unauthorized modification

b.

the source program library stores application programs in source code form

c.

modifications are made to programs in machine code language

d.

the source program library management system increases operating efficiency

 

 

  1. Which control is not a part of the source program library management system?

a.

using passwords to limit access to application programs

b.

assigning a test name to all programs undergoing maintenance

c.

combining access to the development and maintenance test libraries

d.

assigning version numbers to programs to record program modifications

 

 

  1. Which control ensures that production files cannot be accessed without specific permission?

a.

Database Management System

b.

Recovery Operations Function

c.

Source Program Library Management System

d.

Computer Services Function

 

 

  1. Program testing

a.

involves individual modules only, not the full system

b.

requires creation of meaningful test data

c.

need not be repeated once the system is implemented

d.

is primarily concerned with usability

 

 

  1. The correct purchase order number, 123456, was incorrectly recorded as shown in the solutions. All of the following are transcription errors except

a.

1234567

b.

12345

c.

124356

d.

123454

 

 

 

  1. Which of the following is correct?

a.

check digits should be used for all data codes

b.

check digits are always placed at the end of a data code

c.

check digits do not affect processing efficiency

d.

check digits are designed to detect transcription and transposition errors

 

 

  1. Which statement is not correct? The goal of batch controls is to ensure that during processing

a.

transactions are not omitted

b.

transactions are not added

c.

transactions are free from clerical errors

d.

an audit trail is created

 

 

  1. An example of a hash total is

a.

total payroll checks–$12,315

b.

total number of employees–10

c.

sum of the social security numbers–12,555,437,251

d.

none of the above

 

 

  1. Which statement is not true? A batch control record

a.

contains a transaction code

b.

records the record count

c.

contains a hash total

d.

control figures in the record may be adjusted during processing

e.

All the above are true

ANS: E

 

  1. Which of the following is not an example of a processing control?

a.

hash total.

b.

record count.

c.

batch total.

d.

check digit

 

 

  1. Which of the following is an example of input control test?

a.

sequence check

b.

zero value check

c.

spooling check

d.

range check

 

 

  1. Which input control check would detect a payment made to a nonexistent vendor?

a.

missing data check

b.

numeric/alphabetic check

c.

range check

d.

validity check

 

 

 

  1. The employee entered "40" in the "hours worked per day" field. Which check would detect this unintentional error?

a.

numeric/alphabetic data check

b.

sign check

c.

limit check

d.

missing data check

 

 

  1. An inventory record indicates that 12 items of a specific product are on hand. A customer purchased two of the items, but when recording the order, the data entry clerk mistakenly entered 20 items sold. Which check could detect this error?

a.

numeric/alphabetic data checks

b.

limit check

c.

range check

d.

reasonableness check

 

 

  1. Which check is not an input control?

a.

reasonableness check

b.

validity check.

c.

spooling check

d.

missing data check

 

 

  1. A computer operator was in a hurry and accidentally used the wrong master file to process a transaction file. As a result, the accounts receivable master file was erased. Which control would prevent this from happening?

a.

header label check

b.

expiration date check

c.

version check

d.

validity check

 

 

  1. Run-to-run control totals can be used for all of the following except

a.

to ensure that all data input is validated

b.

to ensure that only transactions of a similar type are being processed

c.

to ensure the records are in sequence and are not missing

d.

to ensure that no transaction is omitted

 

 

  1. Methods used to maintain an audit trail in a computerized environment include all of the following except

a.

transaction logs

b.

Transaction Listings.

c.

data encryption

d.

log of automatic transactions

 

 

  1. Risk exposures associated with creating an output file as an intermediate step in the printing process (spooling) include all of the following actions by a computer criminal except

a.

gaining access to the output file and changing critical data values

b.

using a remote printer and incurring operating inefficiencies

c.

making a copy of the output file and using the copy to produce illegal output reports

d.

printing an extra hardcopy of the output file

 

 

  1. Which statement is not correct?

a.

only successful transactions are recorded on a transaction log

b.

unsuccessful transactions are recorded in an error file

c.

a transaction log is a temporary file

d.

a hardcopy transaction listing is provided to users

 

 

  1. Input controls include all of the following except

a.

check digits

b.

Limit check.

c.

spooling check

d.

missing data check

 

 

  1. Which of the following is an example of an input error correction technique?

a.

immediate correction

b.

rejection of batch

c.

creation of error file

d.

all are examples of input error correction techniques

 

 

  1. Which test of controls will provide evidence that the system as originally implemented was free from material errors and free from fraud? Review of the documentation indicates that

a.

a cost-benefit analysis was conducted

b.

the detailed design was an appropriate solution to the user's problem

c.

tests were conducted at the individual module and total system levels prior to

implementation

d.

problems detected during the conversion period were corrected in the maintenance phase

 

 

  1. Which statement is not true?

a.

An audit objective for systems maintenance is to detect unauthorized access to application

databases.

b.

An audit objective for systems maintenance is to ensure that applications are free from

errors.

c.

An audit objective for systems maintenance is to verify that user requests for maintenance

reconcile to program version numbers.

d.

An audit objective for systems maintenance is to ensure that the production libraries are protected from unauthorized access.

 

 

  1. When the auditor reconciles the program version numbers, which audit objective is being tested?

a.

protect applications from unauthorized changes

b.

ensure applications are free from error

c.

protect production libraries from unauthorized access

d.

ensure incompatible functions have been identified and segregated

 

 

  1. When auditors do not rely on a detailed knowledge of the application's internal logic, they are performing

a.

black box tests of program controls

b.

white box tests of program controls

c.

substantive testing

d.

intuitive testing

 

 

  1. All of the following concepts are associated with the black box approach to auditing computer applications except

a.

the application need not be removed from service and tested directly

b.

auditors do not rely on a detailed knowledge of the application's internal logic

c.

the auditor reconciles previously produced output results with production input transactions

d.

this approach is used for complex transactions that receive input from many sources

 

 

  1. Which test is not an example of a white box test?

a.

determining the fair value of inventory

b.

ensuring that passwords are valid

c.

verifying that all pay rates are within a specified range

d.

reconciling control totals

 

 

  1. When analyzing the results of the test data method, the auditor would spend the least amount of time reviewing

a.

the test transactions

b.

error reports

c.

updated master files

d.

output reports

 

 

  1. All of the following are advantages of the test data technique except

a.

auditors need minimal computer expertise to use this method

b.

this method causes minimal disruption to the firm's operations

c.

the test data is easily compiled

d.

the auditor obtains explicit evidence concerning application functions

 

 

  1. All of the following are disadvantages of the test data technique except

a.

the test data technique requires extensive computer expertise on the part of the auditor

b.

the auditor cannot be sure that the application being tested is a copy of the current

application used by computer services personnel

 

c.

the auditor cannot be sure that the application being tested is the same application used

throughout the entire year

d.

preparation of the test data is time-consuming

 

 

 

  1. All of the following statements are true about the integrated test facility (ITF) except

a.

production reports are affected by ITF transactions

b.

ITF databases contain "dummy" records integrated with legitimate records

c.

ITF permits ongoing application auditing

d.

ITF does not disrupt operations or require the intervention of computer services personnel

 

 

  1. Which statement is not true? Embedded audit modules

a.

can be turned on and off by the auditor.

b.

reduce operating efficiency.

c.

may lose their viability in an environment where programs are modified frequently.

d.

identify transactions to be analyzed using white box tests.

 

 

  1. Generalized audit software packages perform all of the following tasks except

a.

recalculate data fields

b.

compare files and identify differences

c.

stratify statistical samples

d.

analyze results and form opinions

 

 

SHORT ANSWER

 

  1. Contrast the source program library (SPL) management system to the database management system (DBMS).

 

 

  1. Describe two methods used to control the source program library.

 

 

  1. New system development activity controls must focus on the authorization, development, and implementation of new systems and its maintenance. Discuss at least five control activities that are found in an effective system development life cycle.

 

 

  1. What are the three broad categories of application controls?

 

 

  1. How does privacy relate to output control?

 

 

  1. What are the three categories of processing control?

 

 

  1. What control issue is related to reentering corrected error records into a batch processing system? What are the two methods for doing this?

 

 

  1. Output controls ensure that output is not lost, misdirected, or corrupted and that privacy is not violated. What are some output exposures or situations where output is at risk?

 

 

  1. Input controls are programmed procedures (routines) that perform tests on transaction

data to ensure they are free from errors. Name four input controls and describe what they test

 

.

 

  1. A                                                                   fraud affects a large number of victims but the harm to each appears to be very small.

 

 

  1. Describe a test of controls that would provide evidence that only authorized program maintenance is occurring.

 

 

  1. Auditors do not rely on detailed knowledge of the application's internal logic when they use the

                                                                 approach to auditing computer applications.

 

 

  1. Describe parallel simulation.

 

 

  1. What is meant by auditing around the computer versus auditing through the computer? Why is this so important?

 

 

  1. What is an embedded audit module?

 

 

  1. What are the audit’s objectives relating to systems development?

 

 

ESSAY

  1. Outline the six controllable activities that relate to new systems development

 

  1. Explain the three methods used to correct errors in data entry.

 

 

  1. The presence of an audit trail is critical to the integrity of the accounting information system. Discuss three of the techniques used to preserve the audit trail.

 

 

  1. Define each of the following input controls and give an example of how they may be used:
    1. Missing data check
    2. Numeric/alphabetic data check
    3. Limit check
    4. Range check
    5. Reasonableness check
    6. Validity check

 

 

  1. After data is entered into the system, it is processed. Processing control exists to make sure that the correct things happen during processing. Discuss processing controls.

 

 

  1. If input and processing controls are adequate, why are output controls needed?

 

 

  1. Describe and contrast the test data method with the integrated test facility.

 

 

  1. Contrast Embedded Audit Modules with Generalized Audit Software.

 

 

  1. What is the purpose of the auditor's review of SDLC documentation?

 

 

  1. Microcomputers have traditionally been difficult to control, leaving auditors with special problems in verifying physical controls. Discuss what an auditor's objectives might be in testing microcomputer controls.

 

 

  1. Contrast the "black box" approach to IT auditing and the "white box" approach. Which is preferred?

 

Option 1

Low Cost Option
Download this past answer in few clicks

15.83 USD

PURCHASE SOLUTION

Already member?

Option 2

Custom new solution created by our subject matter experts

GET A QUOTE

rated 5 stars

Purchased 8 times

Completion Status 100%
View Answer

Sitejabber (5.0)

BBC (5.0)

Trustpilot (4.9)

Google (5.0)