Auditing Chapter 12 Quiz

1. Which of the following is not a category of an application control?

Processing controls.

Output controls.

Hardware controls.

Input controls.

The given correct answer is "Hardware controls." This is because hardware controls refer to the physical security measures implemented to protect the hardware components of a system, such as locks, alarms, and surveillance cameras. While hardware controls are important for overall system security, they are not specifically categorized as application controls. Application controls focus on the software and logical security measures, such as input controls, processing controls, and output controls, which are designed to ensure the integrity, accuracy, and security of data within an application.

Explanation

The given correct answer is "Hardware controls." This is because hardware controls refer to the physical security measures implemented to protect the hardware components of a system, such as locks, alarms, and surveillance cameras. While hardware controls are important for overall system security, they are not specifically categorized as application controls. Application controls focus on the software and logical security measures, such as input controls, processing controls, and output controls, which are designed to ensure the integrity, accuracy, and security of data within an application.

2. IT has several significant effects on an organization. Which of the following would not be important from an auditing perspective?

Organizational changes.

The visibility of information.

The potential for material misstatement.

None of the above; i.e., they are all important.

From an auditing perspective, all of the given options are important. Organizational changes can impact the control environment and the effectiveness of internal controls, therefore they need to be assessed. The visibility of information is crucial for auditors to ensure that information is accurate, complete, and accessible. The potential for material misstatement is a key concern for auditors as it can affect the reliability of financial statements. Therefore, all of these factors are important from an auditing perspective.

Explanation

From an auditing perspective, all of the given options are important. Organizational changes can impact the control environment and the effectiveness of internal controls, therefore they need to be assessed. The visibility of information is crucial for auditors to ensure that information is accurate, complete, and accessible. The potential for material misstatement is a key concern for auditors as it can affect the reliability of financial statements. Therefore, all of these factors are important from an auditing perspective.

3. One significant risk related to an automated environment is that auditors may ____ information provided by an information system.

Not place enough reliance on

Place too much reliance on

Reveal

Not understand

In an automated environment, auditors may place too much reliance on the information provided by an information system. This means that they may overly rely on the accuracy and completeness of the system's output without conducting sufficient independent verification. This can be a significant risk because if the information system is flawed or compromised, it can lead to incorrect or misleading audit conclusions. Auditors should always exercise caution and perform appropriate testing and validation to ensure the reliability of the information obtained from automated systems.

Explanation

In an automated environment, auditors may place too much reliance on the information provided by an information system. This means that they may overly rely on the accuracy and completeness of the system's output without conducting sufficient independent verification. This can be a significant risk because if the information system is flawed or compromised, it can lead to incorrect or misleading audit conclusions. Auditors should always exercise caution and perform appropriate testing and validation to ensure the reliability of the information obtained from automated systems.

4. Which of the following is not a benefit of using IT-based controls?

Ability to process large volumes of transactions.

Ability to replace manual controls with computer-based controls.

Reduction in misstatements due to consistent processing of transactions.

Over-reliance on computer-generated reports.

Over-reliance on computer-generated reports is not a benefit of using IT-based controls because it can lead to a false sense of security and a lack of critical thinking. Relying solely on computer-generated reports without human review and analysis can result in overlooking errors or fraudulent activities that may not be detected by the system. It is important to have a balance between automated controls and human oversight to ensure the accuracy and reliability of financial information.

Explanation

Over-reliance on computer-generated reports is not a benefit of using IT-based controls because it can lead to a false sense of security and a lack of critical thinking. Relying solely on computer-generated reports without human review and analysis can result in overlooking errors or fraudulent activities that may not be detected by the system. It is important to have a balance between automated controls and human oversight to ensure the accuracy and reliability of financial information.

5. Which of the following is not a risk specific to IT environments?

Reliance on the functioning capabilities of hardware and software.

Increased human involvement.

Loss of data due to insufficient backup.

Reduced segregation of duties.

Increased human involvement is not a risk specific to IT environments because in any environment, whether IT or non-IT, human involvement is always present. It is a general factor that can affect the overall risk in any situation, not just in IT environments. The other options mentioned, such as reliance on hardware and software, loss of data due to insufficient backup, and reduced segregation of duties, are all specific risks that are commonly associated with IT environments.

Explanation

Increased human involvement is not a risk specific to IT environments because in any environment, whether IT or non-IT, human involvement is always present. It is a general factor that can affect the overall risk in any situation, not just in IT environments. The other options mentioned, such as reliance on hardware and software, loss of data due to insufficient backup, and reduced segregation of duties, are all specific risks that are commonly associated with IT environments.

6. Which of the following is not a risk to IT systems?

Need for IT experienced staff

Separation of IT duties from accounting functions

Improved audit trail

Hardware and data vulnerability

An improved audit trail is not a risk to IT systems. In fact, it is a beneficial measure that helps in enhancing the security and integrity of IT systems. An audit trail refers to a record of all activities and transactions within a system, allowing for easier monitoring and detection of any unauthorized or suspicious activities. It helps in identifying potential risks and vulnerabilities, ensuring compliance with regulations, and facilitating effective troubleshooting. Therefore, an improved audit trail is a protective measure rather than a risk to IT systems.

Explanation

An improved audit trail is not a risk to IT systems. In fact, it is a beneficial measure that helps in enhancing the security and integrity of IT systems. An audit trail refers to a record of all activities and transactions within a system, allowing for easier monitoring and detection of any unauthorized or suspicious activities. It helps in identifying potential risks and vulnerabilities, ensuring compliance with regulations, and facilitating effective troubleshooting. Therefore, an improved audit trail is a protective measure rather than a risk to IT systems.

7. Which of the following is not an enhancement to internal control that will occur as a consequence of increased reliance on IT?

Computer controls replace manual controls.

Higher quality information is available.

Computer-based controls provide opportunities to enhance separation of duties.

Manual controls replace automated controls.

Increased reliance on IT typically leads to the replacement of manual controls with computer controls. This is because computer controls are more efficient, consistent, and reliable compared to manual controls. They can automate processes, perform calculations, and detect errors or anomalies in real-time. As a result, the organization can reduce the risk of human error, improve the accuracy and timeliness of information, and enhance the overall internal control system. On the other hand, the statement "Manual controls replace automated controls" contradicts this trend and does not represent an enhancement to internal control.

Explanation

Increased reliance on IT typically leads to the replacement of manual controls with computer controls. This is because computer controls are more efficient, consistent, and reliable compared to manual controls. They can automate processes, perform calculations, and detect errors or anomalies in real-time. As a result, the organization can reduce the risk of human error, improve the accuracy and timeliness of information, and enhance the overall internal control system. On the other hand, the statement "Manual controls replace automated controls" contradicts this trend and does not represent an enhancement to internal control.

8. The audit procedure which is least useful in gathering evidence on significant computer processes is:

Documentation

Observation

Test decks.

Generalized audit software.

Observation is the least useful audit procedure for gathering evidence on significant computer processes because it involves simply watching and noting down what is happening without actively testing or verifying the accuracy and effectiveness of the computer processes. While observation can provide some insight into how the processes are being performed, it does not provide concrete evidence or allow for the identification of potential errors or weaknesses in the system. Other audit procedures such as documentation, test decks, and generalized audit software are more effective in gathering evidence and evaluating the reliability of computer processes.

Explanation

Observation is the least useful audit procedure for gathering evidence on significant computer processes because it involves simply watching and noting down what is happening without actively testing or verifying the accuracy and effectiveness of the computer processes. While observation can provide some insight into how the processes are being performed, it does not provide concrete evidence or allow for the identification of potential errors or weaknesses in the system. Other audit procedures such as documentation, test decks, and generalized audit software are more effective in gathering evidence and evaluating the reliability of computer processes.