1.

A primary advantage of using generalized audit software packages to

audit the financial statements of a client that uses a computer system is
that the auditor may
a) Consider increasing the use of substantive tests of transactions in
place of analytical procedures.
b) Substantiate the accuracy of data through self-checking digits and
hash totals.
c) Reduce the level of required tests of control\s to a relatively small
amount.
d) Access information stored on computer files while having a limited
understanding of the clients hardware and software features.

Answer A is incorrect because the use of generalized audit software may

lead to either an increase or a decrease in the use of either substantive
tests of transactions or analytical procedures.

Answer B is incorrect because self-checking digits and hash totals are

controls within the client's computer system to substantiate the accuracy of
the data.

Answer C is incorrect because the use of generalized audit software will not
necessarily reduce the level of tests of controls.

Answer D is correct because generalized audit software allows an auditor to

test the client's data, not the software or hardware. As the software is
generalized, it can manipulate data from various types of information
systems.

2. In auditing through a computer, the test data method is used by

auditors to test the
a) Accuracy of input data.
b) Validity of the output.
c) Procedures contained within the program.
d) Normalcy of distribution of test data.

Answer A is incorrect because the controls, not the accuracy of input data,
are being directly tested--the auditor is the one preparing the input data.

Answer B is incorrect because overall output (e.g., a payroll journal) is not

directly tested; only the controls in effect are tested. Note that the parallel
simulation method tests validity of output more directly.

Answer C is correct because the auditor, when using test data, prepares a
set of dummy transactions to determine if the controls purported to be in
effect in a program are functioning as intended.

Answer D is incorrect and a nonsense reply because there is certainly no

reason to expect the auditor's test data to be normally distributed on any
meaningful measure.

3. An audit technique which involves actual analysis of the logic of a

computer programs processing routines is referred to as
a) Code review.
b) Comparison program.
c) Extended records.
d) Test data.

Answer A is correct because code review involves the actual analysis of the
logic of a computer program's processing routines. The primary advantage
is that the auditor obtains a detailed understanding of the program.

Answer B is incorrect because a code comparison program is used to

compare source and/or object codes of a controlled copy of a program
currently being used to process data.

Answer C is incorrect because extended records attaches additional audit

data which would not otherwise be saved to regular historic records and
thereby helps to provide a more complete audit trail.

Answer D is incorrect because a set of dummy transactions is developed by

the auditor and processed by the client's computer programs to determine
whether the controls which the auditor intends to test to restrict control risk
are operating effectively using the test data techniques.

4. When testing a computerized accounting system, which of the following

is not true of the test data approach?
a) The test data need consist of only those valid and invalid conditions in
which the auditor the auditor is interested.
b) Only one transaction of each type need be tested.
c) Test data are processed by the clients computer programs under the
auditors control.
d) The test data must consist of all possible valid and invalid conditions.

Answer A is incorrect because the auditor should test those valid and invalid
conditions in which s/he is interested.

Answer B is incorrect because only one transaction of each type need be

tested in a computer control system in which the control either works or
does not work.

Answer C is incorrect because test data is run using the client's computer
programs under the auditor's control.

Answer D is correct (not true) because it is impossible or not cost beneficial

to test all possible valid and invalid conditions. The number of possibilities
is too large.

5. Which of the following is not a technique to continuously test controls

within a computer system?
a) Controlled reprocessing.
b) Extended records.
c) Systems control audit review files.
d) Transactions tagging.

Answer A is correct because controlled reprocessing does not ordinarily

continuously test controls within a computer system. Controlled
reprocessing, a variation of parallel simulation, processes actual client data
through a copy of the client's application program.
Answer B is incorrect because extended records attaches additional audit
data which would not otherwise be saved to regular historic records and
thereby helps to provide a more complete audit trail. Extended records is
considered a technique for continuous (or concurrent) testing.

Answer C is incorrect because systems control audit review files (SCARF) is a

log, usually created by an embedded audit module, used to collect
information for subsequent review and analysis. SCARF is considered a
technique for continuous (or concurrent) testing.

Answer D is incorrect because transaction tagging is a technique in which an

identifier providing a transaction with a special designation is added to the
transaction record. Transaction tagging is considered a technique for
continuous (or concurrent) testing.

6. Which of the following is not a problem associated with the use of test
data for computer-audit purposes?
a) Auditing through the computer is more difficult than auditing around
the computer.
b) It is difficult to design test data that incorporate all potential variations
in transactions.
c) Test data may be commingled with live data causing operating
problem for the client.
d) The program with which the test data are processed may differ from
the one used in actual operations.

Answer A is correct. It is not a problem relative to the use of test data,

because once the auditor is at the test stage, the computer system is
probably so sophisticated that it is much more difficult or even impossible to
audit around the computer.

Answer B is incorrect. It does represent a problem with using the test data
approach to computer audits.

Answer C is incorrect. It does represent a problem with using the test data
approach to computer audits.

Answer D is incorrect. It does represent a problem with using the test data
approach to computer audits.

7. When an auditor tests a computerized accounting system, which of the

following is true of the test data approach?
a) The test data must consist of all possible valid and invalid conditions.
b) The program tested is different from the program used throughout the
year by the client.
c) Several transactions of each type must be tested.
d) Test data are processed by the clients computer programs under the
auditors control.

Answer A is incorrect because it is not possible to include all possible valid

and invalid conditions.
Answer B is incorrect because the program that should be tested is the
client's program which is used throughout the year.

Answer C is incorrect because only one transaction of each type need be

tested in a computer control system in which the control either works or
does not work.

Answer D is correct because the test data approach consists of processing a

set of dummy transactions on the client's computer system. The test data
approach is used to test the operating effectiveness of controls the auditor
intends to rely upon to assess control risk at a level lower than the
maximum.

8. The machine language for a specific computer

a) May be changed by the programmer.
b) Is the same as all the other computer languages.
c) Is determined by the engineers who designed the computer.
d) Is always alphabetic.

Answer A is incorrect because a programmer will not be able to write a

program which will change the computer's machine language.

Answer B is incorrect because machine languages differ among different

computers. Also, machine languages differ from user programs (e.g.,
written in BASIC, COBOL).

Answer C is correct because the machine language must be designed for the
specific computer and, therefore, is determined by the engineers who
design the computer.

Answer D is incorrect because the machine language is never alphabetic; it

is of a binary form.

9. An auditor should be familiar with a clients electronic data processing

hardware and software. An important element of the clients software is the
program. Another element of software is the
a) Cathode ray tube (CRT).
b) Central processing unit (CPU).
c) Magnetic tape drive.
d) Compiler.

Answer A is incorrect because a cathode ray tube is a television-like device

(hardware) to display input or output data.

Answer B is incorrect because the CPU (central processing unit) is the

principal hardware component of a computer containing the mathematic
unit, primary storage, and a control unit.

Answer C is incorrect because a magnetic tape drive is a hardware unit

which reads and writes on magnetic tape (i.e., a storage device), as well as
an input and output device.

Answer D is correct because software consists of the instructions which tell

the computer hardware how to perform the desired processing. A compiler
is software because it translates a source program (written in FORTRAN,
COBOL, etc.) into an object program which is machine-readable (i.e.,
instructions to be followed by the CPU).

10. A computer service center processes, for an auditors client, financial

data that has a material effect on that clients financial statements. The
independent auditor need not consider a review of the service center
controls if
a) The service center controls have already been reviewed by the internal
audit team of the client.
b) The service center processes data exclusively for the audit client and
its subsidiaries.
c) The user controls relied upon, which are external to the service center,
are adequate to provide assurance that errors and irregularities may be
discovered with reasonable promptness.
d) The service center is a partially owned subsidiary of the client
company, whose financial statements are examined by another CPA.

Answer A is incorrect because the auditor would have to review the service
center controls, even though the internal audit team of the client reviewed
the controls. The work of internal auditors cannot be substituted for the
work of the independent auditor.

Answer B is incorrect because a service center serving only the client would
be the same as an in-house system and would require full review of the
controls.

Answer C is correct because if the user controls relied upon are adequate to
detect errors or irregularities, a review of the service center controls would
not be necessary.

Answer D is incorrect because only the financial statements of the service

center were reviewed by another CPA, not the controls. Thus, the
independent auditor still must consider a review of the service center's
controls.

11. Which of the following is not a characteristic of a batch processed

computer system?
a) The collection of like transactions which are sorted and processed
sequentially against a master file.
b) Keypunching of transactions, followed by machine processing.
c) The production of numerous printouts.
d) The posting of a transaction, as it occurs, to several files, without
intermediate printouts.

Answer A is incorrect since a batch system may process sequentially against

a master file.

Answer B is incorrect because keypunching is followed by machine

processing in a batch system.

Answer C is incorrect because processed batches ordinarily result in

numerous printouts.
Answer D is correct because simultaneous posting to several files is most
frequently related to an on-line real-time system, not a batch system.

12. What is the computer process called when data processing is performed
concurrently with a particular activity and the results are available soon
enough to influence the particular course of action being taken or the
decision being made?
a) Batch processing.
b) Real-time processing.
c) Integrated data processing.
d) Random access processing.

Answer A is incorrect because integrated batch processing systems collect

data into groups (batches) prior to processing. Then, the entire group of
records is processed at regular intervals.
Answer B is correct because on-line real-time systems are those for which
processing is performed as data are input and the results are available
immediately.
Answer C is incorrect because integrated data processing refers to a system
(batch or real-time) for which duplicate records and duplicate operations are
minimized.
Answer D is incorrect because random access processing is a method of
data access (random versus sequential access), not a method of data
processing.