(b) The requirement is to identify the least likely circumstance in which an auditor would consider engagements of an IT specialist on an audit. Answer (b) is correct because the requirement to assess going concern status remains the same on all audits, and thus does not directly affect engagement of an IT specialist. Answers (a), (c), and (d) are all incorrect because complexity, the use of emerging technologies, and participation in electronic commerce are all factors which make it more likely that an IT specialist will be engaged.
(a) The requirement is to identify a strategy that a CPA most likely would consider in auditing an entity that processes most of its financial data only in electronic form. Answer (a) is correct because continuous monitoring and analysis of transaction processing with an embedded audit module might provide an effective way of auditing these processes—although some question exists as to how many embedded audit modules CPAs have actually used in practice. Answer (b) is incorrect because there may well be a decrease in reliance on internal control activities that emphasize this segregation of duties since so many controls are in the hardware and software of the application. Answer (c) is incorrect because digital certificates deal with electronic commerce between companies, a topic not directly addressed by this question, and because such certificates provide limited evidence on authorization. Answer (d) is incorrect because while firewalls do control network traffic, this is not the most significant factor in the audit of electronic form financial data.
(c) The requirement is to identify the reply that is not a major reason for maintaining an audit trail for a computer system. Answer (c) is correct because analytical procedures use the outputs of the system, and therefore the audit trail is of limited importance. Answer (a) is incorrect because an audit trail may deter fraud since the perpetrator may realize that his or her act may be detected. Answer (b) is incorrect because an audit trail will help management to monitor the computer system. Answer (d) is incorrect because an audit trail will make it much easier to answer queries.
(a) The requirement is to identify a reason that utility software packages are important to an auditor. Answer (a) is correct because client use of such packages requires that the auditor include tests to determine that no unplanned interventions using utility routines have taken place during processing (Audit and Accounting Guide, Computer Assisted Audit Techniques). Answer (b) is incorrect because a client’s use of such programs implies that they are useful on his/her computer hardware, and therefore any flexibility is not of immediate relevance to the auditor. Answer (c) is incorrect because the primary purpose of utility programs is to support the computer user’s applications (Computer Assisted Audit Techniques). Answer (d) is incorrect because utility software programs have a variety of uses in addition to enabling auditors to extract and sort data (Computer Assisted Audit Techniques).
(c) The requirement is to identify the types of controls with which an auditor would be most likely to be concerned in a distributed data processing system. A distributed data processing system is one in which there is a network of remote computer sites, each having a computer connected to the main computer system, thus allowing access to the computers by various levels of users. Accordingly, answer (c) is correct because numerous individuals may access the system, thereby making such controls of extreme importance. Answers (a), (b), and (d), while requiring concern, are normally considered less critical than proper access controls for this situation.
(c) The requirement is to identify the type of evidence an auditor would examine to determine whether internal control is operating as designed. Answer (c) is correct because the inspection of documents and records such as those related to computer programs represents an approach for obtaining an understanding of internal control. Answer (a) is incorrect because examining gross margin information is more likely to be performed during the performance of analytical procedures. Answer (b) is incorrect because confirming of receivables is a substantive test. Answer (d) is incorrect because anticipated results documented in budgets or forecasts are much more frequently used in the performance of analytical procedures.
(d) The requirement is to determine the procedures on which the auditor would initially focus when anticipating assessing control risk at a low level. Answer (d) is correct because auditors usually begin by considering general control procedures. Since the effectiveness of specific application controls is often dependent on the existence of effective general controls over all computer activities, this is usually an efficient approach. Answers (a), (b), and (c) are all incorrect because they represent controls that are usually tested subsequent to the general controls.
(d) The requirement is to determine an inappropriate reason for omitting tests of controls related to computer control procedures. Answer (d) is correct because the fact that the controls appear adequate is not sufficient justification for reliance; tests of controls must be performed before the auditor can actually rely upon a control procedure to reduce control risk. Answer (a) is incorrect because when controls duplicate other controls the auditor who wishes to rely upon internal control need not test both sets. Answer (b) is incorrect because if weak controls are not to be relied upon, the auditor need not test their effectiveness. Answer (c) is incorrect because tests of controls may be omitted if their cost exceeds the savings from reduced substantive testing resulting from reliance upon the controls.
(a) The requirement is to determine the correct statement with respect to testing inputs and outputs of a computer system instead of testing the actual computer program itself. Answer (a) is correct because portions of the program which have errors not reflected on the output will be missed. Thus, if a “loop†in a program is not used in one application, it is not tested. Answer (b) is incorrect because the lack of an understanding of the entire program precludes the detection of all errors. Answer (c) is incorrect because while auditing inputs and outputs can provide valuable evidence, it will often be different than the evidence obtained by testing the program itself. Answer (d) is incorrect because such auditing of inputs and outputs may well satisfy the auditor.
(a) The requirement is to identify the type of computer system that can be audited without examining or directly testing computer programs (i.e., auditing around the system). Auditing around the system is possible if the system performs uncomplicated processes and produces detailed output (i.e., is a fancy bookkeeping machine). Answers (b), (c), and (d) all describe more complicated computer systems that produce only limited output. In these more complicated systems, the data and related controls are within the system, and thus the auditor must examine the system itself. Auditors must identify and evaluate the accounting controls in all computer systems. Further, complex computer systems require auditor specialized expertise to perform the necessary procedures.
Total Questions: | |
Correct Answers: | |
Wrong Answers: | |
Percentage: |
|