A control designed to catch errors at the point of data entry is
Answer (C) is correct. A check digit, or self-checking number, is an input control to determine if an error might have been made on an identification number. The digit is an extra number on the end of the identification number (creating a new ID number) that is calculated by an algorithm on the original part of the ID number. If the ID is miskeyed, the algorithm will produce a number different from the check digit and an error will be detected and reported.
Program documentation is a control designed primarily to ensure that
Answer (C) is correct. Complete, up-to-date documentation of all programs and associated operating procedures is necessary for efficient operation of a computer installation. Maintenance of programs is important to provide for continuity and consistency of data processing services to users. Program documentation (the program run manual) consists of problem statements, systems flowcharts, operating instructions, record lay-outs, program
Compatibility tests are sometimes employed to determine whether an acceptable user is
allowed to proceed. In order to perform compatibility tests, the system must maintain an
access control matrix. The one item that isnot part of an access control matrix is a
Answer (D) is correct.
Compatibility tests restrict access to the computer system by determining
whether access by a given user (or device) is compatible with the nature
of the attempted use. A series of passwords or identification numbers
may be required to gain access to the system, to examine data files, and
to perform processing using particular programs. Thus, a clerk might be
authorized only to read the data in a given file while using a specified
terminal, but his or her superior might be able to update the file.
Compatibility tests require online storage of authorization tables or
matrices that specify the access permitted to specified codes and devices.
The number of authorized inquiries per user is not included in such a
Whether or not a real-time program contains adequate controls is most effectively
determined by the use of
Answer (B) is correct.
An integrated test facility involves the use of a fictitious entity, such as a
dummy customer in accounts receivable, against which data transactions
are processed. The results are then compared with those previously
determined. This technique can be used without computer operator
knowledge during routine system operation. The ITF is relatively
inexpensive and requires no special processing. It is employed in
auditing online, real-time systems.
The most critical aspect of the separation of duties within a mainframe information systems
environment is between
Answer (D) is correct. Segregation of duties is important in any environment in which control is a concern. In particular, programmers and computer operators should be kept separate because programmers have the ability to modify programs, files, and controls. Thus, they should not be allowed to also operate the computer
Control procedures over accounting information systems are referred to as general controls or application controls. The primary objective of application controls in a computer environment is to
Answer (A) is correct. Application controls relate to specific tasks performed by the IT department. Their function is to provide reasonable assurance that recording, processing, and reporting of data are performed properly. Application controls are often categorized as input controls, processing controls, and output controls.
A company employing an online computer system has terminals located in all operating departments for inquiry and updating purposes. Many of the company’s employees have access to and are required to use the terminals. A control the company would incorporate to prevent an employee from making an unauthorized change to computer records unrelated
Answer (D) is correct. A compatibility test is an access control used to ascertain whether a code number is compatible with the use to be made of the information requested. For example, a user may be authorized to enter only certain kinds of transaction data, to gain access only to certain information, to have access to but not update files, or to use the system only during certain hours.
In entering the billing address for a new client in Emil Company’s computerized database, a
clerk erroneously entered a nonexistent zip code. As a result, the first month’s bill mailed to
the new client was returned to Emil Company. Which one of the following would most likely
have led to discovery of the error at the time of entry into Emil Company’s computerized
Answer (B) is correct.
In validity tests, values entered into the system are compared against
master files of valid data. In this case, a master file of all zip codes
recognized in the U.S. is held in memory and each time a clerk enters
data in the zip code field, the clerk’s entry is compared to the list of valid
values. If the zip code entered does not match any entry in the master
file, data entry is halted and the clerk is advised to reenter the data.
Answer (A) is correct.
A turnaround document is a computer output prepared in such a way that
it can eventually be used as a source document for an input transaction.
For example, an optical character recognition (OCR) document might be
used as a sales invoice to be mailed to a customer and returned with
payment. Thus, no new document would have to be prepared to record
the payment. Utility bills are often mailed to customers in the form of
An advantage of having a computer maintain an automated error log in conjunction with computer edit programs is that
Answer (A) is correct. Editing (validation) of data should produce a cumulative error listing that includes not only errors found in the current processing run but also uncorrected errors from earlier runs. Each error should be identified and described, and the date and time of detection should be given. Sometimes, the erroneous transactions may need to be recorded in a suspense file. This process is the basis for developing appropriate reports.