Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống
1
/ 28 trang
THÔNG TIN TÀI LIỆU
Thông tin cơ bản
Định dạng
Số trang
28
Dung lượng
105,98 KB
Nội dung
To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com ACCOUNTINGINFORMATION SYSTEMS CONTROLS AND PROCESSES TURNER / WEICKGENANNT CHAPTER 7: Auditing Information Technology-Bases Processes TESTBANK - CHAPTER - TRUE / FALSE All users of financial data - business managers, investors, creditors, and government agencies - have an enormous amount of data to use to make decisions Due to the use of IT systems, it is easy to verify the accuracy and completeness of the information In order to properly carry out an audit, accountants collect and evaluate proof of procedures, transactions, and / or account balances, and compare the information with established criteria The only person who can perform a financial statement audit of a publicly traded company is a government auditor who has extensive knowledge of generally accepted accounting principles Any professionally trained accountant is able to perform an operational audit An important requirement for CPA firms is that they must be personally involved with the management of the firm that is being audited The most common type of audit service is the operating audit performed by internal auditors All types of auditors should have knowledge about technology-based systems so that they can properly audit IT systems A financial statement audit is part of the IT audit Auditors not need to be experts on the intricacies of computer systems but they need to understand the impact of IT on their clients’ accounting systems and internal controls 10 A financial statement audit is conducted in order for an opinion to be expressed on the fair presentation of financial statements in accordance with GAAP This goal is affected by the presence or absence of IT accounting systems 11 The remoteness of information, one of the causes of information risk, can relate to geographic distance or organizational layers 12 The most common method for decision makers to reduce information risk is to rely on information that has been audited by an independent party 13 Auditors have the primary responsibility to make sure that they comply with international standards in all cases 14 There is not much room for professional judgment when performing audits, as a result of the detailed guidance provided by organizations, such as the PCAOB To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com 15 The responsibility for the preparation of the financial statements lies with the auditors 16 The role of the auditor is to analyze the financial statements to decide whether they are fairly presented in accordance with GAAP 17 Management assertions relate to the actual existence and proper valuation of transactions and account balances 18 The same audit tests would test for completeness of a liability or an asset 19 Auditing testing for any single general auditing objective would involve the same testing techniques even though there are different types of information collected to support different accounts and transactions 20 Auditors must think about how the features of their client’s IT systems influence its management assertions and the general audit objectives even though these matters have little or no impact on the choice of audit methodologies used 21 Risk can be inherent in the client’s business, due to things such as the nature of operations, or may be caused by weak internal controls 22 Auditors not need to concern themselves with risks unless there is an indication that there is an internal control weakness 23 The auditor’s understanding of internal controls provides the basis for designing appropriate audit tests to be used in the remaining phases of the audit 24 The process of evaluating internal controls and designing meaningful audit tests is more complex for manual systems than for automated systems 25 Computer-assisted audit techniques are useful audit tools because they make it possible for auditors to use computers to audit large amounts of evidence in less time 26 Substantive tests are also referred to as compliance tests 27 General controls relate to specific software and application controls relate to all aspects of the IT environment 28 General controls must be tested before application controls 29 Systems operators and users should not have access to the IT documentation containing details about the internal logic of computer systems 30 Control tests verify whether financial information is accurate, where substantive tests determine whether the financial information is managed under a system that promotes accuracy To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com 31 Regardless of the results of the control testing, some level of substantive testing must take place 32 The use of generalized audit software is especially useful when there are large volumes of data and when there is a need for accurate information 33 All of the risks and audit procedures that apply to a PC environment may also exist in networks, but the risk of less of much lower 34 Network operations typically involve a large number of computers, many users, and a high volume of data transfers, so any lack of network controls could cause widespread damage Because of this, it is necessary for auditors to apply strict tests to a representative sample of the network 35 When audit clients use a database system, the relating data is organized in a consistent manner which tends to make it easier for auditors to select items for testing 36 When a client company is using IT outsourcing, and that service center has its own independent auditors who report on internal control, the third-party report (from the independent auditors) cannot be used as audit evidence without the auditor performing an adequate amount of compliance testing 37 When a client changes the type of hardware or software used or in other ways modifies its IT environment, the auditors need to test only the new system in order to determine the effectiveness of the controls 38 When a client plans to implement new computerized systems, auditors will find it advantageous to review the new system before it is placed in use 39 A sample is random when each item in the population has an equal chance of being chosen 40 Of all the principles and related rules within the AICPA Code of Professional Conduct, the one that generally receives the most attention is integrity 41 The Sarbanes-Oxley Act has placed greater restrictions on CPAs by prohibiting certain types of services historically performed by CPAs for their audit clients 42 The Sarbanes-Oxley Act decreased management’s responsibilities regarding the fair presentation of the financial statements 43 The responsibility of the auditor to search for fraud is less than the responsibility to search for errors 44 Even with a good system of internal controls, employee fraud, the theft of assets, may occur due to collusion of two or more employees to carry out the fraud 45 Management fraud is the intentional misstatement of financial information and may be difficult for auditors to find because the perpetrator will attempt to hide the fraud To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com 46 The AICPA Code of Professional Conduct is made up of two sections One section, the rules, is the foundation for the honorable behavior expected of CPAs while performing professional duties ANSWERS TO TESTBANK – CHAPTER – TRUE / FALSE: 10 F T F T F F T F T F 11 12 13 14 15 16 17 18 19 20 T T F F F T T F F F 21 22 23 24 25 26 27 28 29 30 T F T F T F F T T F 31 32 33 34 35 36 37 38 39 40 T T F F T F F T T F 41 42 43 44 45 46 T F F T T F TESTBANK - CHAPTER - MULTIPLE CHOICE 47 Accounting services that improve the quality of information provided to the decision maker, an audit being the most common type of this service, is called: A Compliance Services B Assurance Services C Substantive Services D Operational Services 48 A type of assurance services that involves accumulating and analyzing support for the information provided by management is called an: A Audit B Investigation C Financial Statement Examination D Control Test 49 The A B C D main purpose of an audit is to assure users of the financial information about the: Effectiveness of the internal controls of the company Selection of the proper GAAP when preparing financial statements Proper application of GAAS during the examination Accuracy and completeness of the information 50 Which of the following is not one of the three primary types of audits? A Compliance Audits B Financial Statement Audits C IT Audits D Operational Audits To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com 51.This type of audit is completed in order to determine whether a client has adhered to the regulations and policies established by contractual agreements, governmental agencies, or some other high authority A Compliance Audit B Operational Audit C Information Audit D Financial Statement Audit 52 This type of audit is completed to assess the operating policies and procedures of a client for efficiency and effectiveness A Efficiency Audit B Effectiveness Audit C Compliance Audit D Operational Audit 53 This type of audit is completed to determine whether or not the client has prepared and presented its financial statements fairly, in accordance with generally accepted accounting principles A GAAP Audit B Financial Statement Audit C Compliance Audit D Fair Application Audit 54 This A B C D type of auditor is an employee of the company he / she audits IT Auditor Government Auditor Certified Public Accountant Internal Auditor 55 This A B C D type of auditor specializes in the information systems assurance, control, and security IT Auditor Government Auditor Certified Public Accountant Internal Auditor 56 This A B C D type of auditor conducts audits of government agencies or income tax returns IT Auditor Government Auditor Certified Public Accountant Internal Auditor 57 This type of audit is performed by independent auditors who are objective and neutral with respect to the company and the information being audited A Compliance Audit B Operational Audit C Internal Audit D External Audit To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com 58.The independence of a CPA could be impaired by: A Having no knowledge of the company or the company management B By owning stock of a similar company C Having the ability to influence the client’s decisions D Being married to a stockbroker 59 The IT environment plays a key role in how auditors conduct their work in all but which of the following areas: A Consideration of Risk B Consideration of Information Fairness C Design and Performance of Audit Tests D Audit Procedures Used 60 The A B C D chance that information used by decision makers may be inaccurate is referred to as: Sample Risk Data Risk Audit Trail Risk Information Risk 61 Which of the following is not one of the identified causes of information risk? A Audited information B Remote information C Complexity of data D Preparer motive 62 The main reasons that it is necessary to study information-based processing and the related audit function include: A Information users often not have the time or ability to verify information themselves B It may be difficult for decision makers to verify information contained in a computerized accountingsystem C Both of the above D Neither of the above 63 The existence of IT-based business processes often result in details of transactions being entered directly into the computer system, results in a lack of physical evidence to visibly view This situation is referred to as: A Physical Evidence Risk B Loss of Audit Trail Visibility C Transaction Summary Chart D Lack of Evidence View 64 The existence of IT-based business processes, that result in the details of the transactions being entered directly into the computer system, increases the likelihood of the loss or alternation of data due to all of the following, except: A System Failure B Database Destruction C Programmer Incompetence D Environmental Damage To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com 65 The advantages of using IT-based accounting systems, where the details of transactions are entered directly into the computer include: A Computer controls can compensate for the lack of manual controls B Loss of audit trail view C Increased internal controls risks D Fewer opportunities to authorize and review transactions 66 The ten standards that provide broad guidelines for an auditor’s professional responsibilities are referred to as: A Generally accepted accounting standards B General accounting and auditing practices C Generally accepted auditing practices D Generally accepted auditing standards 67 The generally accepted auditing standards are divided into three groups Which of the following is not one of those groups? A General Standards B Basic Standards C Standards of Fieldwork D Standards of Reporting 68 GAAS, generally accepted auditing standards, provide a general framework for conducting quality audits, but the specific standards - or detailed guidance - are provided by all of the following groups, except: A Public Company Accounting Oversight Board B Auditing Standards Board C Certified Fraud Examiners D International Audit Practices Committee 69 This organization, established by the Sarbanes-Oxley Act, was organized in 2003 for the purpose of establishing auditing standards for public companies A Auditing Standards Board B Public Company Accounting Oversight Board C International Audit Practices Committee D Information Systems Audit and Control Association 70 This organization is part of the AICPA and was the group responsible for issuing Statements on Auditing Standards which were historically widely used in practice A Auditing Standards Board B Public Company Accounting Oversight Board C International Audit Practices Committee D Information Systems Audit and Control Association 71 This organization was established by the IFA to set International Standards on Auditing that contribute to the uniform application of auditing practices on a worldwide basis A International Systems Audit and Control Association B Auditing Standards Board C Public Company Accounting Oversight Board D International Audit Practices Committee To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com 72 This organization issues guidelines for conducting the IT audit The standards issued address practices related to control and security of the IT system A Auditing Standards Board B Public Company Accounting Oversight Board C International Audit Practices Committee D Information Systems Audit and Control Association 73 The audit is to be performed by a person or persons having adequate technical training and proficiency as an auditor This is one of the generally accepted auditing standards that is part of the: A General Standards B Operating Standards C Fieldwork Standards D Reporting Standards 74 Independence in mental attitude is to be maintained in all matters related to the audit engagement This is one of the generally accepted auditing standards that is part of the: A General Standards B Operating Standards C Fieldwork Standards D Reporting Standards 75 The general guidelines, known as the generally accepted auditing standards, which include the concepts of adequate planning and supervision, internal control, and evidence relate to the: A General Standards B Operating Standards C Fieldwork Standards D Reporting Standards 76 The general guidelines, known as the generally accepted auditing standards, which include the concepts of presentation in accordance with GAAP, the consistent application of GAAP, adequate disclosure, and the expression of an opinion, relate to the: A General Standards B Operating Standards C Fieldwork Standards D Reporting Standards 77 Although there a number of organizations that provide detailed guidance, it is still necessary for auditors to rely on other direction regarding the types of audit tests to use and the manner in which the conclusions are drawn These sources of information include: A Industry Guidelines B PCAOB C ASB D ASACA To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com 78 Claims regarding the financial condition of the business organization and results of its operations are referred to as: A Financial Statements B Management Assertions C External Audit D Presentation and Disclosure 79 Audit tests developed for an audit client are documented in a(n): A Audit Program B Audit Objective C Management Assertion D General Objectives 80 The management assertion related to valuation of transactions and account balances would include all of the following, except: A Accurate in terms of dollar amounts and quantities B Classified properly C Real D Correctly summarized 81 There are four primary phases of the IT audit Which of the following is not one of those phases? A Planning B Evidence Audit C Tests of Controls D Substantive Tests 82 The A B C D proof of the fairness of the financial information is: Tests of Controls Substantive Tests Audit Completion Evidence 83 Techniques used for gathering evidence include all of the following, except: A Physical examination of assets or supporting documentation B Observing activities C Adequate planning and supervision D Analyzing financial relations relationship 84 During this phase of the audit, the auditor must gain a thorough understanding of the client’s business and financial reporting systems When completing this phase, the auditors review and assess the risks and controls related to the business A Tests of Controls B Substantive Tests C Audit Completion / Reporting D Audit Planning To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com 85 During the planning phase of the audit, auditors estimate the monetary amounts that are large enough to make a difference in decision making This amount is referred to as: A Risk B Materiality C Substantive D Sampling 86 The A B C D likelihood that errors or fraud may occur is referred to as: Risk Materiality Control Tests Sampling 87 A large part of the work performed by an auditor in the audit planning process is the gathering of evidence about the company’s internal controls This can be completed in any of the following ways, except: A Interviewing key members of the accounting and IT staff B Observing policies and procedures C Review IT user manuals and systems D Preparing memos to summarize their findings 88 The Accounting Standards Board issued the following SAS in recognition of the fact that accounting records and files often exist in electronic form The statement was issued in 2001 to expand the historical concept of audit evidence to include electronic evidence A SAS 82 B SAS 86 C SAS 94 D SAS 101 89 The Accounting Standard Board issued an SAS, called “The Effect of Information Technology on the Auditor’s Consideration of Internal Control in a Financial Statement Audit”, to describe the importance of understanding both the automated and manual procedures that make up an organization’s internal controls and considers how misstatements may occur, including all of the following, except: A How transactions are entered into the computer B How financial statement are printed from the computer C How nonstandard journal entries and adjusting entries are initiated, recorded, and processed D How standard journal entries are initiated, recorded, and processed 90 As the result of the guidance provided in SAS 94, the auditors may decide that IT auditors may need to be called in to: A Consider the effects of computer processing on the audit B To assist in testing the automated processes C Both of the above D None of the above To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com 110 Real-time financial reporting has created the need for this type of auditing, where auditors constantly analyze audit evidence and provide assurance on the related financial information as soon as it occurs or shortly thereafter A Real-time auditing B Virtual auditing C E-auditing D Continuous auditing 111 This phase of auditing occurs when the auditors evaluate all the evidence that has been accumulated and makes a conclusion based on that evidence A Tests of Controls B Audit Planning C Audit Completion / Reporting D Substantive Testing 112 This piece of audit evidence is often considered to be the most important because it is a signed acknowledgment of management’s responsibility for the fair presentation of the financial statements and a declaration that they have provided complete and accurate information to the auditors during all phases of the audit A Letter of Representation B Audit Report C Encounter Statement D Auditors Contract 113 Which of the following is a proper description of an auditor report? A Unqualified opinion - identifies certain exceptions to the clean opinion B Adverse opinion - notes that there are material misstatements presented C Qualified opinion - states that the auditors believe the financial statements are fairly and consistently presented in accordance with GAAP D Unqualified opinion - states that the auditors were not able to reach a conclusion 114 When PCs are used for accounting instead of mainframes or client-server system, they face a greater risk of loss due to which of the following: A Authorized access B Segregation of duties C Lack of backup control D All of the above 115 When client companies rely on external, independent computer service centers to handle all or part of their IT needs it is referred to as: A External Processing B WAN Processing C Database Management System D IT Outsourcing To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com 116 Because it is not possible to test all transactions and balances, auditors rely on this to choose and test a limited number of items and transactions and then make conclusions about the balance as a whole A Sampling B Materiality C Compliance D Substance 117 The AICPA Code of Professional Conduct, commonly called the Code of Ethics, is made up of two sections Which of the following correctly states the two sections? A Integrity and responsibility B Principles and rules C Objectivity and independence D Scope and nature 118 The rule in the AICPA Code of Professional Conduct that is referred to as Responsibilities, can be stated as: A CPAs should act in a way that will serve the public interest, honor the public trust, and demonstrate commitment to professionalism B To maintain and broaden public confidence, CPAs should perform their professional duties with the highest sense of integrity C In carrying out their professional duties, CPAs should exercise sensitive professional and moral judgments in all their activities D CPAs in public practice should observe the principles of the Code of Professional Conduct in determining the scope and nature of services to be provided 119 This concept means that the auditors should not automatically assume that their clients are honest, but that they (the auditors) must have a questioning mind and a persistent approach to evaluating evidence for possible misstatements A Independence B Integrity C Due Care D Professional Skepticism To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com ANSWERS TO TESTBANK – CHAPTER – MULTIPLE CHOICE: 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 B A D C A D B D A B D C B D A 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 C B C A D B C B A D D A A C D 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 A B A C B D C D B A D C B C B 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 A C D A B C D A B C A B C B D 107 108 109 110 111 112 113 114 115 116 117 118 119 C A B D C A B C D A B C D TESTBANK - CHAPTER – END OF CHAPTER QUESTIONS: 120 Which of the following types of audits is most likely to be conducted for the purpose of identifying areas for cost savings? A Financial Statement Audits B Operational Audits C Regulatory Audits D Compliance Audits 121 Financial statement audits are required to be performed by: A Governmental Auditors B CPAs C Internal Auditors D IT Auditors 122 Which of the following is not considered a cause for information risk? A Management’s geographic location is far from the source of the information needed to make effective decisions B The information is collected and prepared by persons who use the information for very different purposes C The information relates to business activities that are not well understood by those who collect and summarize the information for decision makers D The information has been tested by internal auditors and a CPA firm To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com 123 Which of the following is not a part of general accepted auditing standards? A General Standards B Standards of Fieldwork C Standards of Information Systems D Standards of Reporting 124 Which of the following best describes what is meant by the term “generally accepted auditing standards”? A Procedures used to gather evidence to support the accuracy of a client’s financial statements B Measures of the quality of an auditor’s conduct C Professional pronouncements issued by the Auditing Standards Board D Rules acknowledged by the accounting profession because of their widespread application 125 In an audit of financial statement in accordance with generally accepted auditing standards, an auditor is required to: A Document the auditor’s understanding of the client company’s internal controls B Search for weaknesses in the operation of the client company’s internal controls C Perform tests of controls to evaluate the effectiveness of the client company’s internal controls D Determine whether controls are appropriately designed to prevent or detect material misstatements 126 Auditors should design a written audit program so that: A All material transactions will be included in substantive testing B Substantive testing performed prior to year end will be minimized C The procedures will achieve specific audit objectives related to specific management assertions D Each account balance will be tested under either a substantive test or a test of controls 127 Which of the following audit objectives relates to the management assertion of existence? A A transaction is recorded in the proper period B A transaction actually occurred (i.e., it is real) C A transaction is properly presented in the financial statements D A transaction is supported by detailed evidence 128 Which of the following statements regarding an audit program is true? A A standard audit program should be developed for use on any client engagement B The audit program should be completed by the client company before the audit planning stage begins C An audit program should be developed by the internal auditor before audit testing begins D An audit program establishes responsibility for each audit testby requiring the signature or initials of the auditor who performed the test To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com 129 Risk A B C D assessment is a process designed to: Identify possible events that may affect the business Establish policies and procedures to carry out internal controls Identify and capture information in a timely manner Review the quality of internal controls throughout the year 130 Which of the following audit procedures is most likely to be performed during the planning phase of the audit? A Obtain an understanding of the client’s risk assessment process B Identify specific internal control activities that are designed to prevent fraud C Evaluate the reasonableness of the client’s accounting estimates D Test the timely cutoff of cash payments and collections 131 Which of the following is the most significant disadvantage of auditing around the computer rather than through the computer? A The time involved in testing processing controls is significant B The cost involved in testing processing controls is significant C A portion of the audit trail is not tested D The technical expertise required to test processing controls is extensive 132 The primary objective of compliance testing in a financial statement audit is to determine whether: A Procedures have been updated regularly B Financial statement amounts are accurately stated C Internal controls are functioning as designed D Collusion is taking place 133 Which of the following computer assisted auditing techniques processes actual client input data (or a copy of the real data) on a controlled program under the auditor’s control to periodically test controls in the client’s computer system? A Test data method B Embedded audit module C Integrated test facility D Parallel simulation 134 Which of the following computer assisted auditing techniques allows fictitious and real transactions to be processed together without client personnel being aware of the testing process? A Test data method B Embedded audit module C Integrated test facility D Parallel simulation To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com 135 Which of the following is a general control to test for external access to a client’s computerized systems? A Penetration tests B Hash totals C Field checks D Program tracing 136 Suppose that during the planning phase of an audit, the auditor determines that weaknesses exist in the client’s computerized systems These weaknesses make the client company susceptible to the risk of an unauthorized break-in Which type of audit procedures should be emphasized in the remaining phases of this audit? A Tests of controls B Penetration tests C Substantive tests D Rounding errors tests 137 Generalized audit software can be used to: A Examine the consistency of data maintained on computer files B Perform audit tests of multiple computer files concurrently C Verify the processing logic of operating system software D Process test data against master files that contain both real and fictitious data 138 Independent auditors are generally actively involved in each of the following tasks except: A Preparation of a client’s financial statements and accompanying notes B Advising client management as to the applicability of a new accounting standard C Proposing adjustments to a client’s financial statements D Advising client management about the presentation of the financial statements 139 Which of the following is most likely to be an attribute unique to the audit work of CPAs, compared with work performed by attorneys or practitioners of other business professions? A Due professional care B Competence C Independence D A complex underlying body of professional knowledge 140 Which of the following terms in not associated with the auditor’s requirement to maintain independence? A Objectivity B Neutrality C Professional Skepticism D Competence To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com ANSWERS TO TESTBANK - CHAPTER – END OF CHAPTER QUESTIONS 120 121 122 123 124 125 B B D C B A 126 127 128 129 130 131 C B D A A C 132 133 134 135 136 137 C D C A C A 138 A 139 C 140 D TESTBANK - CHAPTER – SHORT ANSWER QUESTIONS 141 What are assurance services? What value assurance services provide? Answer: Assurance services are accounting services that improve the quality of information Many services performed by accountants are valued because they lend credibility to financial information 142 Differentiate between a compliance audit and an operational audit Answer: A compliance audit is a form of assurance service that involves accumulating and analyzing information to determine whether a company has complied with regulations and policies established by contractual agreements, governmental agencies, company management, or other high authority Operational audits assess operating policies and procedures for efficiency and effectiveness 143 Which type of audit is most likely to be performed by government auditors? Which type of audit is most likely to be performed by internal auditors? Answer: Governmental auditors are most likely to perform compliance audits, and internal auditors are most likely to perform operational audits 144 Identify the three areas of an auditor’s work that are significantly impacted by the presence of IT accounting systems Answer: The IT environment plays a key role in how auditors conduct their work in the following areas: • consideration of risk • determination of audit procedures to be used to obtain knowledge of the accounting and internal control systems • design and performance of audit tests 145 Describe the three causes of information risk Answer: Information risk is caused by: • Remote information; for instance, when the source of information is removed from the decision maker, it stands a greater chance of being misstated • Large volumes of information or complex information • Variations in viewpoints or incentives of the preparer To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com 146 Explain how an audit trail might get “lost” within a computerized system Answer: Loss of an audit trail occurs when there is a lack of physical evidence to view in support of a transaction This may occur when the details of accounting transactions are entered directly into the computer system, with no supporting paper documents If there is a system failure, database destruction, unauthorized access, or environmental damage, the information processed under such a system may be lost or altered 147 Explain how the presence of IT processes can improve the quality of information that management uses for decision making Answer: IT processes tend to provide information in a timely and efficient manner This enhances management’s ability to make effective decisions, which is the essence of quality of information 148 Distinguish among the focuses of the GAAS standards of fieldwork and standards of reporting Answer: The standards of fieldwork provide general guidelines for performing the audit They address the importance of planning and supervision, understanding internal controls, and evidence accumulation The standards of reporting address the auditor’s requirements for communicating the audit results in writing, including the reference to GAAP, consistency, adequate disclosures, and the expression of an overall opinion on the fairness of the financial statements 149 Which professional standard-setting organization provides guidance on the conduct of an IT audit? Answer: The Information Systems Audit and Control Association (ISACA) is responsible for issuing Information Systems Auditing Standards (ISASs), which provide guidelines for conducting an IT audit 150 If management is responsible for its own financial statements, why are auditors important? Answer: Auditors are important because they are responsible for analyzing financial statements to decide whether they are fairly stated and presented in accordance with GAAP Since the financial statements are prepared by managers of the company, the role of auditors is to reduce information risk associated with those financial statements To accomplish this, auditors design tests to analyze information supporting the financial statements in order to determine whether management’s assertions are valid 151 List the techniques used for gathering evidence Answer: The techniques used for gathering evidence include the following: • physically examining or inspecting assets or supporting documentation • obtaining written confirmation from an independent source • rechecking or recalculating information • observing activities • making inquiries of company personnel • analyzing financial relationships and making comparisons to determine reasonableness 152 During which phase of an audit would an auditor consider risk assessment and materiality? Answer: Risk assessment and materiality are considered during the planning phase of an audit To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com 153 What is the significance of Statement on Auditing Standards No 94? Answer: SAS 94, “The Effect of Information Technology on the Auditor’s Consideration of Internal Control in a Financial Statement Audit”, is significant because it describes the importance of understanding both the automated and manual procedures that make up a company’s internal controls It also provides guidance to assist an auditor in determining whether an IT audit specialist may be needed for the audit 154 Distinguish between auditing through the computer and auditing with the computer Answer: When are auditors required to audit through the computer as opposed to auditing around the computer? Auditing through the computer involves directly testing internal controls within the IT system, which requires the auditors to understand the computer system logic Auditing through the computer is necessary when the auditor wants to test computer controls as a basis for evaluating risk and reducing the amount of audit testing required, and when supporting documents are available only in electronic form Auditing with the computer involves auditors using their own systems, software, and computer-assisted audit techniques to help conduct an audit 155 Explain why it is customary to complete the testing of general controls before testing application controls Answer: Since general controls are the automated controls that affect all computer applications, the reliability of general controls must be established before application controls are tested The effectiveness of general controls is considered the foundation for the IT control environment If there are problems with the effectiveness of general controls, auditors will not devote attention to the testing of application controls; rather, they will reevaluate the audit approach with reduced reliance on controls 156 Identify four important aspects of administrative control in an IT environment Answer: Four important aspects of administrative control include: • personal accountability and segregation of incompatible responsibilities • job descriptions and clear lines of authority • computer security and virus protection • IT systems documentation 157 Think about a place you have worked where computers were present What are some physical and environmental controls that you have observed in the workplace? Provide at least two examples of each from your personal experience Answer: Student’s responses are likely to vary greatly Examples of physical controls may include card keys and configuration tables, as well as other physical security features such as locked doors, etc Environmental controls may include temperature and humidity controls, fire, flood, earthquake controls, or measures to ensure a consistent power supply 158 Batch totals and hash totals are common input controls Considering the fact that hash totals can be used with batch processing, differentiate between these two types of controls Answer: Both batch totals and hash totals are mathematical sums of data that can be used to determine whether there may be missing data However, batch totals are meaningful because they provide summations of dollar amounts or item counts for a journal entry used in the financial accounting system, whereas hash totals are not relevant to the financial accountingsystem (i.e., the hash totals are used only for their control purpose and have no other numerical significance) To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com 159 The test data method and an integrated test facility are similar in that they are both tests of applications controls and they both rely on the use of test data Explain the difference between these two audit techniques Answer: The test data method tests the processing accuracy of software applications by using the company’s own computer system to process fictitious information developed by the auditors The results of the test must be compared with predicted results An integrated test facility also tests processing applications, but can accomplish this without disrupting the company’s operations An integrated test facility inputs fictitious data along with the company’s actual data, and tests it using the client’s own computer system The testing occurs simultaneously with the company’s actual transaction processing 160 Explain the necessity for performing substantive testing even for audit clients with strong internal controls and sophisticated IT systems Answer: Since substantive testing determines whether financial information is accurate, it is necessary for all financial statement audits Control testing establishes whether the system promotes accuracy, while substantive testing verifies the monetary amounts of transactions and account balances Even if controls are found to be effective, there still needs to be some testing to make sure that the amounts of transactions and account balances have actually been recorded fairly 161 What kinds of audit tools are used to perform routine tests on electronic data files taken from databases? List the types of tests that can be performed with these tools Answer: CPA firms use generalized audit software (GAS) or data analysis software (DAS) to perform audit tests on electronic data files taken from commonly used database systems These tools help auditors perform routine testing in an efficient manner The types of tests that can be performed using GAS or DAS include: • mathematical and statistical calculations • data queries • identification of missing items in a sequence • stratification and comparison of data items • selection of items of interest from the data files • summarization of testing results into a useful format for decision making 162 Which of the four types of audit reports is the most favorable for an audit client? Which is the least favorable? Answer: An unqualified audit report is the most favorable because it expresses reasonable assurance that the underlying financial statements are fairly stated in all material respects On the other hand, an adverse opinion is the least favorable report because it indicates the presence of material misstatements in the underlying financial statements 163 Why is it so important to obtain a letter of representations from an audit client? Answer: The letter of representations is so important because it is management’s acknowledgement of its primary responsibility for the fair presentation of the financial statements In this letter, management must declare that it has provided complete and accurate information to its auditors during all phases of the audit This serves as a significant piece of audit evidence To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com 164 How can auditors evaluate internal controls when their clients use IT outsourcing? Answer: When a company uses IT outsourcing, auditors must still evaluate internal controls This may be accomplished by relying upon a third-party report from the independent auditor of the outsourcing center, or it can audit around the computer, or it can test controls at the outsourcing center 165 An auditor’s characteristic of professional skepticism is most closely associated with which ethical principle of the AICPA Code of Professional Conduct? Answer: Professional skepticism is most closely associated with the principle of Objectivity and Independence Professional skepticism means that auditors should have a questioning mind and a persistent approach for evaluating financial information for the possibility of misstatements This is closely related to the notion of objectivity and independence in its requirements for being free of conflicts of interest TESTBANK - CHAPTER – SHORT ESSAY 166 Why is it necessary for a CPA to be prohibited from having financial or personal connections with a client? Provide an example of how a financial connection to a company would impair an auditor’s objectivity Provide an example of how a personal relationship might impair an auditor’s objectivity Answer: An auditor should not have any financial or personal connections with a client company because they could impair his/her objectivity It would be difficult for an auditor to be free of bias if he/she were to have a financial or personal relationship with the company or one of its associates For example, if an auditor owned stock in a client company, the auditor would stand to benefit financially if the company’s financial statements included and unqualified audit report, as this favorable opinion could lead to favorable results for the company such as paying a dividend, obtaining financing, etc Additionally, if an auditor had a family member or other close personal relationship with someone who works for the company, the auditor’s independence may be impaired due to the knowledge that the family member or other person may be financially dependent upon the company or may have played a significant role in the preparation of the financial statements 167 From an internal control perspective, discuss the advantages and disadvantages of using ITbased accounting systems Answer: The advantages of using IT-based accounting systems are the improvements in internal control due to the reduction of human error and increase in speed The disadvantages include the loss of audit trail visibility, increased likelihood of lost or altered data, lack of segregation of duties, and fewer opportunities for authorization and review of transactions 168 Explain why standards of fieldwork for GAAS are not particularly helpful to an auditor who is trying to determine the types of testing to be used on an audit engagement Answer: GAAS provides a general framework that is not specific enough to provide specific guidance in the actual performance of an audit For detailed guidance, auditors rely upon standards issued by the PCAOB, the ASB, the IAPC, and ISACA To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com 169 Tyrone and Tyson are assigned to perform the audit of Tylen Company During the audit, it was discovered that the amount of sales reported on Tylen’s income statement was understated because one week’s sales transactions were not recorded due to a computer glitch Tyrone claims that this problem represents a violation of the management assertion regarding existence, because the reported account balance was not real Tyson argues that the completeness assertion was violated, because relevant data was omitted from the records Which auditor is correct? Explain your answer Answer: The completeness assertion is concerned with possible omissions from the accounting records and the related understatements of financial information; in other words, it asserts that all valid transactions have been recorded Accordingly, Tyson’s argument is correct Tyrone’s argument is not correct because the existence assertion is concerned with the possibility of fictitious transactions and the related overstatements of financial information 170 One of the most important tasks of the planning phase is for the auditor to gain an understanding of internal controls How does this differ from the tasks performed during the tests of controls phase? Answer: During the planning phase of an audit, auditors must gain an understanding of internal controls in order to determine whether the controls can be relied upon as a basis for reducing the extent of substantive testing to be performed Understanding of internal controls is the basis for the fundamental decision regarding the strategy of the audit It also impacts the auditor’s risk assessment and establishment of materiality During the tests of controls phase, the auditor goes beyond the understanding of the internal controls and actually evaluates the effectiveness of those controls 171 How is it possible that a review of computer logs can be used to test for both internal access controls and external access controls? Answer: Other than reviewing the computer logs, identify and describe two types of audit procedures performed to test internal access controls, and two types of audit procedures performed to test external access controls Internal access controls can be evaluated by reviewing computer logs for the existence of login failures or unusual activity, and to gauge access times for reasonableness in light of the types of tasks performed Internal access controls can also be tested by reviewing the company’s policies regarding segregation of IT duties and other IT controls, and can test those controls to determine whether access is being limited in accordance with the company’s policies In addition, auditors may perform authenticity testing to evaluate the authority tables and determine whether only authorized employees are provided access to IT systems Computer logs can also be reviewed to evaluate external access controls, as the logs may identify unauthorized users and failed access attempts External access controls may also be tested through authenticity tests, penetrations tests, and vulnerability assessments Authenticity tests, as described above, determine whether access has been limited to those included in the company’s authority tables Penetration tests involve the auditor trying to gain unauthorized access to the client’s system, by attempting to penetrate its firewall Vulnerability assessments are tests aimed at identifying weak points in the company’s IT systems where unauthorized access may occur, such as through a firewall or due to problems in the encryption techniques To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com 172 Explain why continuous auditing is growing in popularity Identify and describe a computerassisted audit technique useful for continuous auditing Answer: Continuous auditing has increased in popularity due to the increase in e-commerce Realtime financial reporting has created the need for continuous auditing, whereby auditors continuously analyze evidence and provide assurance on the related financial information as soon as it occurs or shortly thereafter The embedded audit module is a computer-assisted audit technique that accomplishes continuous auditing The embedded audit module approach involves placing special audit testing programs within a company’s operating system These test modules search the data and analyze transactions or account balances that meet specified conditions of interest to the auditor 173 Each of the principles of the AICPA Code of Professional Conduct relates to the trustworthiness of the CPA Distinguish between the third principle (integrity) and the fourth principle (objectivity and independence) Answer: Integrity related closely to honesty and performing duties with a high sense of due care Objectivity and independence are more concerned with the attitude of skepticism in approaching duties This involves being unbiased and free of any conflicts of interest TESTBANK - CHAPTER – PROBLEMS 174 Match the standard-setting bodies with their purpose Answer: I c II a III d IV b 175 Identify whether the following audit tests are used to evaluate internal access controls (I), external access controls (E), or both (B): authenticity, penetration, vulnerability assessments, review of access logs, and review of policies concerning the issuance of passwords and security tokens Answer: • Authenticity tests (B) • Penetration tests (E) • Vulnerability assessments (E) • Review of access logs (B) • Review of policies concerning the issuance of passwords and security tokens (I) 176 Refer to the notes payable audit program excerpt presented in Exhibit 7-3 If an auditor had a copy of his client’s data file for its notes receivable, how could a general audit software or data analysis software package be used to assist with these audit tests? Answer: GAS and DAS could assist auditors in testing notes payable by performing mathematical calculations of interest amounts, stratification of amounts into current and long-term categories according to maturity dates, and performing ratio calculations as may be needed to assess compliance with restrictions To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com 177 In order to preserve auditor independence, the Sarbanes-Oxley Act of 2002 restricts the types of nonaudit services that auditors can perform for their public-company audit clients Answer: The list includes nine types of services that are prohibited because they are deemed to impair an auditor’s independence Included in the list are the following: • financial information systems design and implementation • internal audit outsourcing Describe how an auditor’s independence could be impaired if she performed IT design and implementation functions for her audit client Likewise, how could an auditor’s involvement with internal audit outsourcing impair her independence with respect to auditing the same company? Both of these scenarios would place the auditor in a position of auditing his/her own work Auditors could not maintain independence if they are involved in both the IT design and implementation as well as the financial statement audit To the extent that the IT system impacts financial reporting, an auditor could not possibly be unbiased with respect to a system that he/she had designed and implemented Likewise, auditors are not likely to be unbiased with respect to performing a financial statement audit for the same company as he/she performed internal audit work Any evaluations performed during the internal audit engagement are likely to have a bearing on the auditor’s professional attitude while performing the financial statement audit 178 Visit the AICPA website at www.aicpa.org and click on Becoming a CPA/Academic Resources Use the Careers in Accounting tab to locate information on audit careers Answer: The AICPA website presents information on various career paths, including public accounting (audit, taxation, financial planning, etc.), business and industry, governmental accounting, not-for-profit accounting, education, and entrepreneurship Some specialty areas include forensic accounting, environmental accounting, and showbiz accounting To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com 179 Visit the ISACA website at www.isaca.org and click the Students and Educators tab and then the IT Audit Basics tab to find articles covering topics concerning the audit process Locate an article on each of the following topics and answer the related question: a) Identify and briefly describe the four categories of CAATs, b) List the factors that contribute to the formation of due care in an auditor Answer: a Identify and briefly describe the four categories of CAATs The four categories include1: • data analysis software, including GAS and DAS • Network security evaluation software/utilities • OS and DBMS security evaluation software/utilities • Software and code testing tools b List the factors that contribute to the formation of due care in an auditor include2: • peer review • auditor conduct • communication • technical competence • judgment • business knowledge • training • certification • standards • independence • continuous reassessment • high ethical standards 180 Refer to the example presented in this chapter describing frauds perpetrated by top managers in large companies like Enron, Xerox, and WorldCom Perform an Internet search to determine the nature of Xerox’s management fraud scheme and to find out what happened to the company after the problems were discovered Answer: Xerox’s fraud involved earnings management or manipulation of the financial statements in order to boost earnings This occurred at Xerox to the tune of hundreds of millions of dollars and involved various accounting tricks to hide the company’s true financial performance so that it would meet or beat Wall Street expectations The most significant trick was the premature recording of revenues Upon discovery of the fraud, the SEC filed a $10 million civil suit against Xerox, the largest fine in SEC history In addition, Xerox had to restate its earnings from 1997 through 2001 “Using CAATs to Support IS Audit” by S Anantha Sayana for Information Systems Control Journal, Vol 1, 2003 “Due Professional Care” by Frederick Gallegos for Information Systems Control Journal, Vol, 2, 2002 ... of the accounting and internal control systems • design and performance of audit tests 145 Describe the three causes of information risk Answer: Information risk is caused by: • Remote information; ... account balances is known as: A Testing of controls B Substantive tests C Compliance tests D Application tests To download more slides, ebook, solutions and test bank, visit http://downloadslide.blogspot.com... understood by those who collect and summarize the information for decision makers D The information has been tested by internal auditors and a CPA firm To download more slides, ebook, solutions and test