1. Database administration tasks typically include a.

The extent to which databases are being used by

I. Defining the database structure.
accounting applications.
II. Maintaining data integrity, security and
b. The type and significance of financial transactions
completeness.
being processed.
III. Coordinating computer operations related to the
c. The nature of the database, the DBMS, the database
database.
administration tasks and the applications.
IV. Monitoring system performance.
d. The CIS application controls.
V. Providing administrative support.
a. All of the above
7. Audit procedures in a database environment will be affected
b. All except I principally by
c. II and V only
a. The extent to which the data in the database are
d. II, III and V only used by the accounting system.
b. The type and significance of financial transactions
2. Due to data sharing, data independence and other
being processed.
characteristics of database systems
c. The nature of the database, the DBMS, the database
a. General CIS controls normally have a greater
administration tasks and the applications.
influence than CIS application controls on database d. The general CIS controls which are particularly
systems.
important in a database environment.
b. CIS application controls normally have a greater
influence than general CIS controls on database
8. Which statement is incorrect regarding the characteristics of a
systems.
CIS organizational structure?
c. General CIS controls normally have an equal
a. Certain data processing personnel may be the only
influence with CIS application controls on database
ones with a detailed knowledge of the
systems.
interrelationship between the source of data, how it is
d. CIS application controls normally have no influence
processed and the distribution and use of the output.
on database systems.
b. Many conventional controls based on adequate
segregation of incompatible functions may not exist,
3. Which statement is incorrect regarding the general CIS controls
or in the absence of access and other controls, may
of particular importance in a database environment?
be less effective.
a. Since data are shared by many users, control may c. Transaction and master file data are often
be enhanced when a standard approach is used for
concentrated, usually in machine-readable form,
developing each new application program and for either in one computer installation located centrally or
application program modification.
in a number of installations distributed throughout an
b. Several data owners should be assigned
entity.
responsibility for defining access and security rules,
d. Systems employing CIS methods do not include
such as who can use the data (access) and what
manual operations since the number of persons
functions they can perform (security). involved in the processing of financial information is
c. User access to the database can be restricted
significantly reduced.
through the use of passwords.
d. Responsibilities for performing the various activities
9. System characteristics that may result from the nature of CIS
required to design, implement and operate a
processing include, except
database are divided among technical, design,
a. Absence of input documents.
administrative and user personnel.
b. Lack of visible transaction trail.
c. Lack of visible output.
4. These require a database administrator to assign security
d. Difficulty of access to data and computer programs.
attributes to data that cannot be changed by database users.
a. Discretionary access controls
10. The development of CIS will generally result in design and
b. Name-dependent restrictions procedural characteristics that are different from those found in
c. Mandatory access controls
manual systems. These different design and procedural
d. Content-dependent restrictions. aspectsof CIS include, except:
a. Consistency of performance.
5. A discretionary access control wherein users are permitted or
b. Programmed control procedures.
denied access to data resource depending on the time series of
c. Vulnerability of data and program storage media
accesses to and actions they have undertaken on data
d. Multiple transaction update of multiple computer files
resources.
or databases.
a. Name-dependent restrictions
b. Context-dependent restriction 11. Which statement is incorrect regarding internal controls in a
c. Content-dependent restriction
CIS environment?
d. History-dependent restriction
a. Manual and computer control procedures comprise
the overall controls affecting the CIS environment
(general CIS controls) and the specific controls over
the accounting applications (CIS application
controls).
6. The effect of a database system on the accounting system and
b. The purpose of general CIS controls is to establish a
the associated risks will least likely depend on:
framework of overall control over the CIS activities
and to provide a reasonable level of assurance that
the overall objectives of internal control are achieved.
c. The purpose of CIS application controls is to
establish specific control procedures over the
application systems in order to provide reasonable
assurance that all transactions are authorized and
recorded, and are processed completely, accurately
and on a timely basis.

d. The internal controls over computer processing,

which help to achieve the overall objectives of
 internal control, include only the procedures b. Tools to evaluate a client’s risk management
designed into computer programs. procedures.
c. Manual working papers.
12. General CIS controls may include, except: d. Corporate and financial modeling programs for use
a. Organization and management controls. as predictive audit tests.
b. Delivery and support controls.
c. Development and maintenance controls. 20. An internal auditor noted the following points when conducting
d. Controls over computer data files. a preliminary survey in connection with the audit of an EDP
department. Which of the following would be considered a
13. 57. CIS application controls include, except safeguard in the control system on which the auditor might
a. Controls over input. rely?
b. Controls over processing and computer data files. a. Programmers and computer operators correct daily
c. Controls over output. processing problems as they arise.
d. Monitoring controls. b. The control group works with user organizations to
correct rejected input.
14. Which statement is incorrect regarding the review of general c. New systems are documented as soon as possible
CIS controls and CIS application controls? after they begin processing live data.
a. The auditor should consider how these general CIS d. The average tenure of employees working in the
controls affect the CIS applications significant to the EDP department is ten months.
audit.
b. General CIS controls that relate to some or all 21. An on-line access control that checks whether the user’s code
applications are typically interdependent controls in number is authorized to initiate a specific type of transaction or
that their operation is often essential to the inquiry is referred to as
effectiveness of CIS application controls. a. Password
c. Control over input, processing, data files and output b. Compatibility test
may be carried out by CIS personnel, by users of the c. Limit check
system, by a separate control group, or may be d. Reasonableness test
programmed into application software.
d. It may be more efficient to review the design of the 22. A control procedure that could be used in an on-line system to
application controls before reviewing the general provide an immediate check on whether an account number
controls. has been entered on a terminal accurately is a
a. Compatibility test
15. Which statement is incorrect regarding the evaluation of b. Record count
general CIS controls and CIS application controls? c. Hash total
a. The general CIS controls may have a pervasive d. Self-checking digit
effect on the processing of transactions in application
systems. 23. A control designed to catch errors at the point of data entry is
b. If general CIS controls are not effective, there may a. Batch total
be a risk that misstatements might occur and go b. Self-checking digit
undetected in the application systems. c. Record count
c. Manual procedures exercised by users may provide d. Checkpoints
effective control at the application level.
d. Weaknesses in general CIS controls cannot preclude 24. Program documentation is a control designed primarily to
testing certain CIS application controls. ensure that
a. Programmers have access to the tape library or
16. The applications of auditing procedures using the computer as information on disk files.
an audit tool refer to b. Programs do not make mathematical errors.
a. Integrated test facility c. Programs are kept up to date and perform as
b. Auditing through the computer intended.
c. Data-based management system d. Data have been entered and processed.
d. Computer assisted audit techniques
25. Some of the more important controls that relate to automated
17. Which statement is incorrect regarding CAATs? accounting information systems are validity checks, limit
a. CAATs are often an efficient means of testing a large checks, field checks, and sign tests. These are classified as
number of transactions or controls over large a. Control total validation routines
populations. b. Output controls
b. To ensure appropriate control procedures, the c. Hash totaling
presence of the auditor is not necessarily required at d. Input validation routines
the computer facility during the running of a CAAT.
c. The general principles outlined in PAPS 1009 apply 26. Most of today’s computer systems have hardware controls that
in small entity IT environments. are built in by the computer manufacturer. Common hardware
d. Where smaller volumes of data are processed, the controls are
use of CAATs is more cost effective. a. Duplicate circuitry, echo check, and internal header
labels
18. Consists of generalized computer programs designed to b. Tape file protection, cryptographic protection, and
perform common audit tasks or standardized data processing limit checks
functions. c. Duplicate circuitry, echo check, and dual reading
a. Package or generalized audit software d. Duplicate circuitry, echo check, tape file protection,
b. Utility programs and internal header labels
c. Customized or purpose-written programs
d. System management programs

27. Computer manufacturers are now installing software programs

19. Audit automation least likely include permanently inside the computer as part of its main memory to
a. Expert systems.
 provide protection from erasure or loss if there is interrupted d. Limit on the number of transaction inquiries that can
electrical power. This concept is known as be made by each user in a specified time period.
a. File integrity
b. Random access memory (RAM) 35. Which one of the following input validation routines is not likely
c. Software control to be appropriate in a real time operation?
d. Firmware a. Field check
b. Sequence check
28. Which one of the following represents a lack of internal control c. Sign check
in a computer-based information system? d. Redundant data check
a. The design and implementation is performed in
accordance with management’s specific 36. Which of the following controls is a processing control designed
authorization. to ensure the reliability and accuracy of data processing?
b. Any and all changes in application programs have
the authorization and approval of management. Limit test Validity check test
c. Provisions exist to protect data files from a. Yes Yes
unauthorized access, modification, or destruction. b. No No
d. Both computer operators and programmers have c. No Yes
unlimited access to the programs and data files. d. Yes No

29. In an automated payroll processing environment, a department 37. Which of the following characteristics distinguishes computer
manager substituted the time card for a terminated employee processing from manual processing?
with a time card for a fictitious employee. The fictitious a. Computer processing virtually eliminates the
employee had the same pay rate and hours worked as the occurrence of computational error normally
terminated employee. The best control technique to detect this associated with manual processing.
action using employee identification numbers would be a b. Errors or irregularities in computer processing will be
a. Batch total detected soon after their occurrences.
b. Hash total c. The potential for systematic error is ordinarily greater
c. Record count in manual processing than in computerized
d. Subsequent check processing.
d. Most computer systems are designed so that
30. An employee in the receiving department keyed in a shipment transaction trails useful for audit do not exist.
from a remote terminal and inadvertently omitted the purchase
order number. The best systems control to detect this error 38. Which of the following most likely represents a significant
would be deficiency in the internal control structure?
a. Batch total a. The systems analyst review applications of data
b. Sequence check processing and maintains systems documentation.
c. Completeness test b. The systems programmer designs systems for
d. Reasonableness test computerized applications and maintains output
controls.
31. The reporting of accounting information plays a central role in c. The control clerk establishes control over data
the regulation of business operations. Preventive controls are received by the EDP department and reconciles
an integral part of virtually all accounting processing systems, control totals after processing
and much of the information generated by the accounting d. The accounts payable clerk prepares data for
system is used for preventive control purposes. Which one of computer processing and enters the data into the
the following is not an essential element of a sound preventive computer.
control system?
a. Separation of responsibilities for the recording, 39. Which of the following activities would most likely be performed
custodial, and authorization functions. in the EDP Department?
b. Sound personnel policies. a. Initiation of changes to master records.
c. Documentation of policies and procedures. b. Conversion of information to machine-readable form.
d. Implementation of state-of-the-art software and c. Correction of transactional errors.
hardware. d. Initiation of changes to existing applications.

32. The most critical aspect regarding separation of duties within 40. For control purposes, which of the following should be
information systems is between organizationally segregated from the computer operations
a. Project leaders and programmers function?
b. Programmers and systems analysts a. Data conversion
c. Programmers and computer operators b. Systems development
d. Data control and file librarians c. Surveillance of CRT messages
d. Minor maintenance according to a schedule
33. Whether or not a real time program contains adequate controls
is most effectively determined by the use of 41. Which of the following is not a major reason for maintaining an
a. Audit software audit trail for a computer system?
b. A tracing routine a. Deterrent to irregularities
c. An integrated test facility b. Analytical procedures
d. A traditional test deck c. Monitoring purposes
d. Query answering
34. Compatibility tests are sometimes employed to determine
whether an acceptable user is allowed to proceed. In order to 42. In an automated payroll system, all employees in the finishing
perform compatibility tests, the system must maintain an department were paid the rate of P75 per hour when the
access control matrix. The one item that is not part of an authorized rate was P70 per hour. Which of the following
access control matrix is a controls would have been most effective in preventing such an
a. List of all authorized user code numbers and error?
passwords. a. Access controls which would restrict the personnel
b. List of all files maintained on the system. department’s access to the payroll master file data.
c. Record of the type of access to which each user is b. A review of all authorized pay rate changes by the
entitled. personnel department.
c. The use of batch control totals by department.
 d. A limit test that compares the pay rates per department with the maximum rate for all employees.

43. Which of the following errors would be detected by batch controls?

a. A fictitious employee as added to the processing of the weekly time cards by the computer operator.
b. An employee who worked only 5 hours in the week was paid for 50 hours.
c. The time card for one employee was not processed because it was lost in transit between the payroll department
and the data entry function.
d. All of the above.

44. The use of a header label in conjunction with magnetic tape is most likely to prevent errors by the
a. Computer operator
b. Computer programmer
c. Keypunch operator
d. Maintenance technician

45. For the accounting system of ACME Company, the amounts of cash disbursements entered into an EDP terminal are
transmitted to the computer that immediately transmits the amounts back to the terminal for display on the terminal screen.
This display enables the operator to
a. Establish the validity of the account number
b. Verify the amount was entered accurately
c. Verify the authorization of the disbursements
d. Prevent the overpayment of the account

46. When EDP programs or files can be accessed from terminals, users should be required to enter a(an)
a. Parity check
b. Self-diagnostic test
c. Personal identification code
d. Echo check

47. The possibility of erasing a large amount of information stored on magnetic tape most likely would be reduced by the use of
a. File protection ring
b. Completeness tests
c. Check digits
d. Conversion verification

48. Which of the following controls most likely would assure that an entity can reconstruct its financial records?
a. Hardware controls are built into the computer by the computer manufacturer.
b. Backup diskettes or tapes of files are stored away from originals.
c. Personnel who are independent of data input performparallel simulations.
d. System flowcharts provide accurate descriptions of input and output operations.

49. Mill Co. uses a batch processing method to process its sales transactions. Data on Mill’s sales transaction tape are
electronically sorted by customer number and are subject to programmed edit checks in preparing its invoices, sales
journals, and updated customer account balances. One of the direct outputs of the creation of this tape most likely would be a
a. Report showing exceptions and control totals.
b. Printout of the updated inventory records.
c. Report showing overdue accounts receivable.
d. Printout of the sales price master file.

50. Using microcomputers in auditing may affect the methods usedto review the work of staff assistants because
a. The audit field work standards for supervision may differ.
b. Documenting the supervisory review may requireassistance of consulting services personnel.

c. Supervisory personnel may not have an understanding of the capabilities and limitations of microcomputers.
 d. Working paper documentation may not contain readily observable details of calculations.

51. An auditor anticipates assessing control risk at a low level in a computerized environment. Under these circumstances, on
which of the following procedures would the auditor initially focus?
a. Programmed control procedures
b. Output control procedures
c. Application control procedures
d. General control procedures