Test Bank Docx Ch7 Auditing Information Technology – Bases

ACCOUNTING INFORMATION SYSTEMS/3e

TURNER / WEICKGENANNT/COPELAND

Test Bank: CHAPTER 7: Auditing Information Technology – Bases Processes

NOTE: All new or adjusted questions are in red. New questions are identified by the letter A as part of the question number; adjusted questions are identified by the letter X as part of the question number.

End of Chapter Questions:

1. Which of the following types of audits is most likely to be conducted for the purpose of identifying areas for cost savings?
2. Financial Statement Audits
3. Operational Audits
4. Regulatory Audits
5. Compliance Audits
6. Financial statement audits are required to be performed by:
7. Governmental Auditors
8. CPAs
9. Internal Auditors
10. IT Auditors
11. Which of the following is not considered a cause for information risk?
12. Management’s geographic location is far from the source of the information needed to make effective decisions.
13. The information is collected and prepared by persons who use the information for very different purposes.
14. The information relates to business activities that are not well understood by those who collect and summarize the information for decision makers.
15. The information has been tested by internal auditors and a CPA firm.
16. Which of the following is not a part of general accepted auditing standards?
17. General Standards
18. Standards of Fieldwork
19. Standards of Information Systems
20. Standards of Reporting
21. Which of the following best describes what is meant by the term “generally accepted auditing standards”?
22. Procedures used to gather evidence to support the accuracy of a client’s financial statements.
23. Measures of the quality of an auditor’s conduct carrying out professional responsibilities.
24. Professional pronouncements issued by the Auditing Standards Board.
25. Rules acknowledged by the accounting profession because of their widespread application.
26. In an audit of financial statement in accordance with generally accepted auditing standards, an auditor is required to:
27. Document the auditor’s understanding of the client company’s internal controls.
28. Search for weaknesses in the operation of the client company’s internal controls.
29. Perform tests of controls to evaluate the effectiveness of the client company’s internal controls.
30. Determine whether controls are appropriately operating to prevent or detect material misstatements.
31. Auditors should develop a written audit program so that:
32. All material transactions will be included in substantive testing.
33. Substantive testing performed prior to year end will be minimized.
34. The procedures will achieve specific audit objectives related to specific management assertions.
35. Each account balance will be tested under either a substantive test or a test of controls.
36. Which of the following audit objectives relates to the management assertion of existence?
37. A transaction is recorded in the proper period.
38. A transaction actually occurred (i.e., it is real)
39. A transaction is properly presented in the financial statements.
40. A transaction is supported by detailed evidence.

1. Which of the following statements regarding an audit program is ?
2. An audit program should be standardized so that it may be used on any client engagement.
3. The audit program should be completed by the client company before the audit planning stage begins.
4. An audit program should be developed by the internal auditor during the audit’s completion/reporting phase.
5. An audit program establishes responsibility for each audit test by requiring the signature or initials of the auditor who performed the test.
6. Risk assessment is a process designed to:
7. Identify possible circumstances and events that may affect the business.
8. Establish policies and procedures to carry out internal controls.
9. Identify and capture information in a timely manner.
10. Review the quality of internal controls throughout the year.
11. Which of the following audit procedures is most likely to be performed during the planning phase of the audit?
12. Obtain an understanding of the client’s risk assessment process.
13. Identify specific internal control activities that are designed to prevent fraud.
14. Evaluate the reasonableness of the client’s accounting estimates.
15. Test the timely cutoff of cash payments and collections.
16. Which of the following is the most significant disadvantage of auditing around the computer rather than through the computer?
17. The time involved in testing processing controls is significant.
18. The cost involved in testing processing controls is significant.
19. A portion of the audit trail is not tested.
20. The technical expertise required to test processing controls is extensive.
21. The primary objective of compliance testing in a financial statement audit is to determine whether:
22. Procedures have been updated regularly.
23. Financial statement amounts are accurately stated.
24. Internal controls are functioning as designed.
25. Collusion is taking place.
26. Which of the following computer assisted auditing techniques processes actual client input data (or a copy of the real data) on a controlled program under the auditor’s control to periodically test controls in the client’s computer system?
27. Test data method
28. Embedded audit module
29. Integrated test facility
30. Parallel simulation
31. Which of the following computer assisted auditing techniques allows fictitious and real transactions to be processed together without client personnel being aware of the testing process?
32. Test data method
33. Embedded audit module
34. Integrated test facility
35. Parallel simulation
36. Which of the following is a general control to test for external access to a client’s computerized systems?
37. Penetration tests
38. Hash totals
39. Field checks
40. Program tracing
41. Suppose that during the planning phase of an audit, the auditor determines that weaknesses exist in the client’s computerized systems. These weaknesses make the client company susceptible to the risk of an unauthorized break-in. Which type of audit procedures should be emphasized in the remaining phases of this audit?
42. Tests of controls
43. Penetration tests
44. Substantive tests
45. Rounding errors tests
46. Generalized audit software can be used to:
47. Examine the consistency of data maintained on computer files.
48. Perform audit tests of multiple computer files concurrently.
49. Verify the processing logic of operating system software.
50. Process test data against master files that contain both real and fictitious data.
51. Independent auditors are generally actively involved in each of the following tasks except:
52. Preparation of a client’s financial statements and accompanying notes.
53. Advising client management as to the applicability of a new accounting standard.
54. Proposing adjustments to a client’s financial statements.
55. Advising client management about the presentation of the financial statements.
56. Which of the following is most likely to be an attribute unique to the financial statement audit work of CPAs, compared with work performed by attorneys or practitioners of other business professions?
57. Due professional care
58. Competence
59. Independence
60. A complex underlying body of professional knowledge
61. Which of the following terms in not associated with a financial statement auditor’s requirement to maintain independence?
62. Objectivity
63. Neutrality
64. Professional Skepticism
65. Competence

TEST BANK - CHAPTER 7 - MULTIPLE CHOICE

1. Accounting services that improve the quality of information provided to the decision maker, an audit being the most common type of this service, is called:
2. Compliance Services
3. Assurance Services
4. Substantive Services
5. Operational Services
6. A type of assurance services that involves accumulating and analyzing support for the information provided by management is called an:
7. Audit
8. Investigation
9. Financial Statement Examination
10. Control Test
11. The main purpose of an audit is to assure users of the financial information about the:
12. Effectiveness of the internal controls of the company.
13. Selection of the proper GAAP when preparing financial statements.
14. Proper application of GAAS during the examination.
15. Accuracy and completeness of the information.
16. Which of the following is not one of the three primary types of audits?
17. Compliance Audits
18. Financial Statement Audits
19. IT Audits
20. Operational Audits
21. This type of audit is completed in order to determine whether a company has adhered to the regulations and policies established by contractual agreements, governmental agencies, or some other high authority.
22. Compliance Audit
23. Operational Audit
24. Information Audit
25. Financial Statement Audit
26. This type of audit is completed to assess the operating policies and procedures of a client for efficiency and effectiveness.
27. Efficiency Audit
28. Effectiveness Audit
29. Compliance Audit
30. Operational Audit
31. This type of audit is completed to determine whether or not the client has prepared and presented its financial statements fairly, in accordance with established financial accounting criteria.
32. GAAP Audit
33. Financial Statement Audit
34. Compliance Audit
35. Fair Application Audit
36. Financial statement audits are performed by _________ who have extensive knowledge of generally accepted accounting principles (GAAP) in the US and/or International Financial Reporting Standards (IFRS).
37. Public Auditors
38. Governmental Auditors
39. Certified Public Accountants
40. Internal Auditors
41. This type of auditor is an employee of the company he / she audits.
42. IT Auditor
43. Government Auditor
44. Certified Public Accountant
45. Internal Auditor
46. This type of auditor specializes in the information systems assurance, control, and security. They may work for CPA firms, government agencies, or with the internal audit group.
47. IT Auditor
48. Government Auditor
49. Certified Public Accountant
50. Internal Auditor
51. This type of auditor conducts audits of government agencies or income tax returns.
52. IT Auditor
53. Government Auditor
54. Certified Public Accountant
55. Internal Auditor
56. An important requirement of CPA firms is that they must be ________ with regard to the company being audited. The requirement allows CPA firms to provide a completely unbiased opinion on the information it audits.
57. Neutral
58. Well-informed
59. Materially invested
60. All of the above
61. This type of audit is performed by independent auditors who are objective and neutral with respect to the company and the information being audited.
62. Compliance Audit
63. Operational Audit
64. Internal Audit
65. External Audit
66. Which of the following scenarios does NOT impair the independence of a CPA firm from its client?
67. The lead audit partner is the sister-in-law of the client’s VP of Accounting
68. One of the auditors owns stock in a competitor of the client
69. One of the auditors is the golf partner of the client’s CEO
70. The lead audit partner owns stock in the client
71. The independence of a CPA could be impaired by:
72. Having no knowledge of the company or the company management
73. By owning stock of a similar company
74. Having the ability to influence the client’s decisions
75. Being married to a stockbroker
76. Decision makers are typically forced to rely on others for information. When the source of the information is removed from the decision maker, the information stands a greater chance of being misstated. A decision maker may become detached from the source of information due to geography, organizational layers, or other factors. This describes which cause of information risk?
77. The lack of CPA independence
78. The volume and complexity of underlying data
79. The motive of the preparer
80. The remoteness of information
81. The IT environment plays a key role in how auditors conduct their work in all but which of the following areas:
82. Consideration of Risk
83. Consideration of Information Fairness
84. Design and Performance of Audit Tests
85. Audit Procedures Used
86. The chance that information used by decision makers may be inaccurate is referred to as:
87. Sample Risk
88. Data Risk
89. Audit Trail Risk
90. Information Risk
91. Which of the following is not one of the identified causes of information risk?
92. Audited information
93. Remote information
94. Complexity of data
95. Preparer motive
96. The main reasons that it is necessary to study information-based processing and the related audit function include:
97. Information users often do not have the time or ability to verify information themselves.
98. It may be difficult for decision makers to verify information contained in a computerized accounting system.
99. Both of the above.
100. Neither of the above.
101. The existence of IT-based business processes often result in details of transactions being entered directly into the computer system, results in a lack of physical evidence to visibly view. This situation is referred to as:
102. Physical Evidence Risk
103. Loss of Audit Trail Visibility
104. Transaction Summary Chart
105. Lack of Evidence View
106. The existence of IT-based business processes, that result in the details of the transactions being entered directly into the computer system, increases the likelihood of the loss or alternation of data due to all of the following, except:
107. System Failure
108. Database Destruction
109. Programmer Incompetence
110. Environmental Damage
111. The advantages of using IT-based accounting systems, where the details of transactions are entered directly into the computer include:
112. Computer controls can compensate for the lack of manual controls
113. Loss of audit trail view
114. Increased internal controls risks
115. Fewer opportunities to authorize and review transactions
116. The ten standards that provide broad guidelines for an auditor’s professional responsibilities are referred to as:
117. Generally accepted accounting standards
118. General accounting and auditing practices
119. Generally accepted auditing practices
120. Generally accepted auditing standards
121. The generally accepted auditing standards are divided into three groups. Which of the following is not one of those groups?
122. General Standards
123. Basic Standards
124. Standards of Fieldwork
125. Standards of Reporting
126. GAAS, generally accepted auditing standards, provide a general framework for conducting quality audits, but the specific standards - or detailed guidance - are provided by all of the following groups, except:
127. Public Company Accounting Oversight Board
128. Auditing Standards Board
129. Certified Fraud Examiners
130. International Auditing and Assurance Standards Board
131. This organization, established by the Sarbanes-Oxley Act, was organized in 2003 for the purpose of establishing auditing standards for public companies.
132. Auditing Standards Board
133. Public Company Accounting Oversight Board
134. International Audit Practices Committee
135. Information Systems Audit and Control Association
136. This organization is part of the AICPA and was the group responsible for issuing Statements on Auditing Standards which were historically widely used in practice.
137. Auditing Standards Board
138. Public Company Accounting Oversight Board
139. International Audit Practices Committee
140. Information Systems Audit and Control Association
141. This organization was established by the IFAC to set International Standards on Auditing (ISAs) that contribute to the uniform application of auditing practices on a worldwide basis.
142. International Systems Audit and Control Association
143. Auditing Standards Board
144. Public Company Accounting Oversight Board
145. International Auditing and Assurance Standards Board (IAASB)
146. This organization issues guidelines for conducting the IT audit. The standards issued address practices related to control and security of the IT system.
147. Auditing Standards Board
148. Public Company Accounting Oversight Board
149. International Audit Practices Committee
150. Information Systems Audit and Control Association
151. The audit is to be performed by a person or persons having adequate technical training and proficiency as an auditor. This is one of the generally accepted auditing standards that is part of the:
152. General Standards
153. Operating Standards
154. Fieldwork Standards
155. Reporting Standards
156. Independence in mental attitude is to be maintained in all matters related to the audit engagement. This is one of the generally accepted auditing standards that is part of the:
157. General Standards
158. Operating Standards
159. Fieldwork Standards
160. Reporting Standards
161. The general guidelines, known as the generally accepted auditing standards, which include the concepts of adequate planning and supervision, internal control, and evidence relate to the:
162. General Standards
163. Operating Standards
164. Fieldwork Standards
165. Reporting Standards
166. The general guidelines, known as the generally accepted auditing standards, which include the concepts of presentation in accordance with the established criteria, the consistent application of established principles, adequate disclosure, and the expression of an opinion, relate to the:
167. General Standards
168. Operating Standards
169. Fieldwork Standards
170. Reporting Standards
171. The role of the auditors is to analyze the underlying facts to decide whether information provided by management is fairly presented. Auditors design ____1_____ to analyze information in order to determine whether ____2_____ is/are valid.
172. 1=audit objectives; 2=management’s assertions
173. 1=audit tests; 2=audit objectives
174. 1=audit tests; 2=audit evidence
175. 1=audit tests; 2=management’s assertions
176. Although there are a number of organizations that provide detailed guidance, it is still necessary for auditors to rely on other direction regarding the types of audit tests to use and the manner in which the conclusions are drawn. These sources of information include:
177. Industry Guidelines
178. PCAOB
179. ASB
180. ASACA
181. Claims regarding the condition of the business organization and in terms of its operations, financial results, and compliance with laws and regulations, are referred to as:
182. Financial Statements
183. Management Assertions
184. External Audit
185. Presentation and Disclosure
186. Which management assertion determines that transactions and related asset accounts balances are actually owned and that liability account balances represent actual obligations?
187. Valuation and Allocation
188. Existence
189. Rights and Obligations
190. Classification and Presentation
191. Audit tests developed for an audit client are documented in a(n):
192. Audit Program
193. Audit Objective
194. Management Assertion
195. General Objectives
196. The management assertion related to valuation of transactions and account balances would include all of the following, except:
197. Accurate in terms of dollar amounts and quantities
198. Supported by detailed evidence
199. Real
200. Correctly summarized
201. There are four primary phases of the IT audit. Which of the following is not one of those phases?
202. Planning
203. Evidence Audit
204. Tests of Controls
205. Substantive Tests
206. The main difference between substantive testing and controls testing is:
207. Substantive testing verifies whether information is correct, whereas control tests determine whether the information is managed under a system that promotes correctness.
208. Substantive testing determines whether the information is managed under a system that promotes correctness, whereas Control testing verifies whether information is correct.
209. Substantive testing goes further in depth into the internal controls of a company, whereas controls testing just identifies which controls need further review.
210. Substantive testing identifies which controls need further review, whereas controls testing goes further in depth into the internal controls of a company.
211. During substantive testing, if material misstatements have been found to exist, which of the following actions should be taken next?
212. Proceed to the audit completion in the reporting phase
213. Re-evaluate the audit risk in the planning phase
214. Re-perform detailed tests of balances
215. Re-perform an internal controls systems analysis
216. The proof of the fairness of the financial information is:
217. Tests of Controls
218. Substantive Tests
219. Audit Completion
220. Audit Evidence
221. Techniques used for gathering evidence include all of the following, except:
222. Physical examination of assets or supporting documentation
223. Observing activities
224. Adequate planning and supervision
225. Analyzing financial relationships
226. During this phase of the audit, the auditor must gain a thorough understanding of the client’s business and financial reporting systems. When completing this phase, the auditors review and assess the risks and controls related to the business.
227. Tests of Controls
228. Substantive Tests
229. Audit Completion / Reporting
230. Audit Planning
231. During the planning phase of the audit, auditors estimate the monetary amounts that are large enough to make a difference in decision making. This amount is referred to as:
232. Risk
233. Materiality
234. Substantive
235. Sampling
236. The likelihood that errors or fraud may occur is referred to as:
237. Risk
238. Materiality
239. Control Tests
240. Sampling
241. A large part of the work performed by an auditor in the audit planning process is the gathering of evidence about the company’s internal controls. This can be completed in any of the following ways, except:
242. Interviewing key members of the accounting and IT staff.
243. Observing policies and procedures
244. Review IT user manuals and systems
245. Preparing memos to summarize their findings
246. Auditing standards address the importance of understanding both the automated and manual procedures that make up an organization’s internal controls and consider how misstatements may occur, including all of the following, except:
247. How transactions are entered into the computer
248. How financial statement are printed from the computer
249. How nonstandard journal entries and adjusting entries are initiated, recorded, and processed.
250. How standard journal entries are initiated, recorded, and processed.
251. IT auditors may need to be called in to:
252. Consider the effects of computer processing on the audit.
253. To assist in testing the automated processes.
254. Both of the above.
255. None of the above.
256. Many companies design their IT system so that all documents and reports can be retrieved from the system in readable form. Auditors can then compare the documents used to input the data into the system with reports generated from the system, without gaining any extensive knowledge of the computer system and does not require the evaluation of computer controls. This process is referred to as:
257. Auditing through the system
258. Auditing around the system
259. Computer assisted audit techniques
260. Auditing with the computer
261. The audit practice of “auditing around the computer” is also referred to as:
262. The white box approach
263. The black box approach
264. Computer-assisted audit techniques (CAATs)
265. The gray box approach
266. Which of the following is the most effective way of auditing the internal controls of an IT system?
267. Auditing with the Computer
268. Auditing through the computer
269. Auditing around the computer
270. Auditing in the computer
271. This approach, referred to as the whitebox approach, requires auditors to evaluate IT controls and processing so that they can determine whether the information generated from the system is reliable.
272. Auditing through the system
273. Auditing around the system
274. Computer assisted audit techniques
275. Auditing with the computer
276. The IT auditing approach referred to as “Auditing through the system” is necessary under which of the following conditions?
277. Supporting documents are available in both electronic and paper form.
278. The auditor does not require evaluation of computer controls.
279. The auditor wants to test computer controls as a basis for evaluating risk and reducing the amount of substantive audit testing required.
280. The use of the IT system has a low impact on the conduct of the audit.
281. Audit procedures designed to evaluate both general controls and application controls are referred to as:
282. Substantive Tests
283. Audit Planning
284. IT Auditing
285. Test of Controls
286. The automated controls that affect all computer applications are referred to as:
287. General Controls
288. Specific Controls
289. Input Controls
290. Application Controls
291. Which of the following describes a mathematical sum of data that is meaningless to the financial statements but useful for controlling the data and detecting possible missing items?
292. Hash Total
293. Batch Total
294. Validation Check
295. Sequence Verification total
296. The two broad categories of general controls that relate to IT systems include which of the following:
297. IT systems documentation
298. IT administration and the related operating systems development and maintenance processes
299. Authenticity table
300. Computer security and virus protection
301. Related audit tests to review the existence and communication of company policies regarding important aspects of IT administrative control include all of the following, except:
302. Personal accountability and segregation of incompatible responsibilities
303. Job description and clear lines of authority
304. Prevention of unauthorized access
305. IT systems documentation
306. Auditors may send text messages through a company’s system to find out whether encryption of private information is occurring properly. In addition, special software programs are available to help auditors identify weak points in a company’s security measures. These are examples of:
307. Penetration tests
308. Authenticity tests
309. Vulnerability assessments
310. Access log reviews
311. Controls meant to prevent the destruction of information as the result of unauthorized access to the IT system are referred to as:
312. IT administration
313. System controls
314. Information administration
315. Security controls
316. In addition to testing system documentation, auditors should test the three main functions of computer applications. Which of the following is not one of these functions?
317. Output
318. Input
319. Processing
320. Data Storage
321. All of the following are examples of security controls except for?
322. Biometric access controls
323. Swipe Key access controls
324. Online firewall protection controls
325. All of the Above are examples of security controls
326. Auditors should perform this type of test to determine the valid use of the company’s computer system, according to the authority tables.
327. Authenticity tests
328. Penetration tests
329. Vulnerability assessments
330. IT systems documentation
331. These tests of the security controls involve various methods of entering the company’s system to determine whether controls are working as intended.
332. Authenticity tests
333. Penetration tests
334. Vulnerability assessments
335. IT systems documentation
336. These tests of security controls analyze a company’s control environment for possible weaknesses. Special software programs are available to help auditors identify weak points in their company’s security measures.
337. Authenticity tests
338. Penetration tests
339. Vulnerability assessments
340. IT systems documentation
341. One of the most effective ways a client can protect its computer system is to place physical controls in the computer center. Physical controls include all of the following, except:
342. Proper temperature control
343. Locks
344. Security guards
345. Cameras
346. One of the most effective ways a client can protect its computer system is to place environmental controls in the computer center. Environmental controls include:
347. Card keys
348. Emergency power supply
349. Alarms
350. Security guards
351. This type of application control is performed to verify the correctness of information entered into software programs. Auditors are concerned about whether errors are being prevented and detected during this stage of data processing.
352. Security controls
353. Processing controls
354. Input controls
355. Output controls
356. IT audit procedures typically include a combination of data accuracy tests where the data processed by computer applications are reviewed for correct dollar amounts or other numerical values. These procedures are referred to as:
357. Security controls
358. Processing controls
359. Input controls
360. Output controls
361. This type of processing control test involves a comparison of different items that are expected to have the same values, such as comparing two batches or comparing actual data against a predetermined control total.
362. Validation Checks
363. Batch Totals
364. Run-to-Run Totals
365. Balancing Tests
366. This law, also known as the first-digit law, was named after a physicist who discovered a specific, but non-uniform pattern in the frequency of digits occurring as the first number in a list of numbers:
367. Number-up Law
368. Benford’s Law
369. Adams’ Digit Law
370. Jackson First Digit Law
371. This is one of the computer-assisted audit techniques related to processing controls that involves processing company data through a controlled program designed to resemble the company’s application. This test is run to find out whether the same results are achieved under different systems.
372. Integrated Test Facility
373. Embedded Audit Module
374. Parallel Simulation
375. Test Data Method
376. Regardless of whether the results are printed or retained electronically, auditors may perform all of the following procedures to test application outputs, except:
377. Integrated Tests
378. Reasonableness Tests
379. Audit Trail Tests
380. Rounding Errors Tests
381. The auditor’s test of the accuracy of monetary amounts of transactions and account balances is known as:
382. Testing of controls
383. Substantive tests
384. Compliance tests
385. Application tests
386. A process of constant evidence gathering and analysis to provide assurance on the information as soon as it occurs, or shortly thereafter, is referred to as:
387. Real-time auditing
388. Virtual auditing
389. E-auditing
390. Continuous auditing
391. This phase of auditing occurs when the auditors evaluate all the evidence that has been accumulated and makes a conclusion based on that evidence.
392. Tests of Controls
393. Audit Planning
394. Audit Completion / Reporting
395. Substantive Testing
396. This piece of audit evidence is often considered to be the most important because it is a signed acknowledgment of management’s responsibility for the fair presentation of the financial statements and a declaration that they have provided complete and accurate information to the auditors during all phases of the audit.
397. Letter of Representation
398. Audit Report
399. Encounter Statement
400. Auditors Contract
401. Which of the following is a proper description of an auditor report?
402. Unqualified opinion - identifies certain exceptions to the clean opinion.
403. Adverse opinion - notes that there are material misstatements presented.
404. Qualified opinion - states that the auditors believe the financial statements are fairly and consistently presented in accordance with GAAP.
405. Unqualified opinion - states that the auditors were not able to reach a conclusion.
406. When PCs are used for accounting instead of mainframes or client-server system, they face a greater risk of loss due to which of the following:
407. Authorized access
408. Segregation of duties
409. Lack of backup control
410. All of the above
411. When companies rely on external, independent computer service centers to handle all or part of their IT needs it is referred to as:
412. External Processing
413. WAN Processing
414. Database Management System
415. IT Outsourcing
416. Because it is not possible to test all transactions and balances, auditors rely on this to choose and test a limited number of items and transactions and then make conclusions about the balance as a whole.
417. Sampling
418. Materiality
419. Compliance
420. Substance
421. All types of auditors must follow guidelines promoting ethical conduct. For financial statement auditors, the PCAOB/AICPA has established a Code of Professional Conduct, commonly called the Code of Ethics, which consists of two sections. Which of the following correctly states the two sections?
422. Integrity and responsibility
423. Principles and rules
424. Objectivity and independence
425. Scope and nature
426. The rule in the PCAOB/AICPA Code of Professional Conduct that is referred to as Responsibilities, can be stated as:
427. CPAs should act in a way that will serve the public interest, honor the public trust, and demonstrate commitment to professionalism.
428. To maintain and broaden public confidence, CPAs should perform their professional duties with the highest sense of integrity.
429. In carrying out their professional duties, CPAs should exercise sensitive professional and moral judgments in all their activities.
430. CPAs in public practice should observe the principles of the Code of Professional Conduct in determining the scope and nature of services to be provided.
431. This concept means that the auditors should not automatically assume that their clients are honest, but that they (the auditors) must have a questioning mind and a persistent approach to evaluating evidence for possible misstatements.
432. Independence
433. Integrity
434. Due Care
435. Professional Skepticism

TEST BANK - CHAPTER 7 - TRUE /

1. All users of financial data - business managers, investors, creditors, and government agencies - have an enormous amount of data to use to make decisions. Due to the use of IT systems, it is easy to verify the accuracy and completeness of the information.
2. In order to properly carry out an audit, accountants collect and evaluate proof of procedures, transactions, and / or account balances, and compare the information with established criteria.
3. The only person who can perform a financial statement audit of a publicly traded company is a government auditor who has extensive knowledge of generally accepted accounting principles.
4. Any professionally trained accountant is able to perform an operational audit.
5. An important requirement for CPA firms is that they must be personally involved with the management of the firm that is being audited.
6. The most common type of audit service is the operating audit performed by internal auditors.
7. All types of auditors should have knowledge about technology-based systems so that they can properly audit IT systems.
8. A financial statement audit is part of the IT audit.
9. Auditors do not need to be experts on the intricacies of computer systems but they do need to understand the impact of IT on their clients’ accounting systems and internal controls.
10. An internal auditor is not allowed to assist in the performance of a financial statement audit.
11. A financial statement audit is conducted in order for an opinion to be expressed on the fair presentation of financial statements. This goal is affected by the presence or absence of IT accounting systems.
12. Information risk is the chance that information used by decision makers may be inaccurate.
13. As a business grows, the volume and complexity of its transactions increase. At the same timed, there is a decrease in the chance that misstated information may exist undetected.
14. The remoteness of information, one of the causes of information risk, can relate to geographic distance or organizational layers.
15. The most common method for decision makers to reduce information risk is to rely on information that has been audited by an independent party.
16. Auditors have the primary responsibility to make sure that they comply with international standards in all cases.
17. There is not much room for professional judgement when performing audits, as a result of the detailed guidance provided by organizations, such as the PCAOB.
18. The responsibility for operations, compliance, and financial reporting lies with the auditors.
19. The role of the auditor is to analyze the underlying facts to decide whether information provided by management is fairly presented.
20. Management assertions relate to the actual existence and proper valuation of transactions and account balances.
21. The same audit tests would test for completeness of a liability or an asset.
22. Auditing testing for any single general auditing objective would involve the same testing techniques even though there are different types of information collected to support different accounts and transactions.
23. Auditors must think about how the features of a company’s IT systems influence its management assertions and the general audit objectives even though these matters have little or no impact on the choice of audit methodologies used.
24. Risk can be inherent in the company’s business, due to things such as the nature of operations, or may be caused by weak internal controls.
25. The audit planning process is unlikely to vary if the company has adopted IFRS, or is in the process of convergence.
26. Adapting to fair value measures in the preparation of IFRS-based financial statements will likely cause auditors to evaluate supporting evidence differently than if US GAAP was used.

1. IFRS does not allow as much use of judgment as is allowed under GAAP.
2. Auditors do not need to concern themselves with risks unless there is an indication that there is an internal control weakness.
3. The auditor’s understanding of internal controls provides the basis for designing appropriate audit tests to be used in the remaining phases of the audit.
4. The process of evaluating internal controls and designing meaningful audit tests is more complex for manual systems than for automated systems.
5. Computer-assisted audit techniques are useful audit tools because they make it possible for auditors to use computers to audit large amounts of evidence in less time.
6. In order to enhance controls, reconciliations should be performed by company personnel who are independent from the tasks of initiating or recording the transactions with the accounts being reconciled.

1. Substantive tests are also referred to as compliance tests.
2. General controls relate to specific software and application controls relate to all aspects of the IT environment.
3. General controls must be tested before application controls.
4. Systems operators and users should not have access to the IT documentation containing details about the internal logic of computer systems.
5. Control tests verify whether financial information is accurate, where substantive tests determine whether the financial information is managed under a system that promotes accuracy.
6. Regardless of the results of the control testing, some level of substantive testing must take place.
7. The use of generalized audit software is especially useful when there are large volumes of data and when there is a need for accurate information.
8. All of the risks and audit procedures that apply to a PC environment may also exist in networks, but the risk of loss of much lower.
9. Network operations typically involve a large number of computers, many users, and a high volume of data transfers, so any lack of network controls could cause widespread damage. Because of this, it is necessary for auditors to apply strict tests to a representative sample of the network.
10. When audit clients use a database system, the relating data is organized in a consistent manner which tends to make it easier for auditors to select items for testing.
11. When a client company is using IT outsourcing, and that service center has its own auditors who report on internal control, the third-party report (from the independent auditors) cannot be used as audit evidence without the auditor performing an adequate amount of compliance testing.
12. Risk assessment in cloud computing is particularly challenging because the threats to a company’s data are uncontrolled, and often unforeseen, by the company.
13. Within the cloud computing environment, the service provider is responsible to make sure that all relevant risks have been identified and controlled. Because of this, the company using the cloud computing does not need to repeat that evaluation.
14. Because there is no such thing as a standard cloud, it is not possible to standardize a risk assessment process and audit procedures for a cloud computing environment.
15. When an auditor is engaged to audit a company that uses cloud computing, the auditor must rely on the SOC reports provided by the service company’s auditors.
16. When a client changes the type of hardware or software used or in other ways modifies its IT environment, the auditors need to test only the new system in order to determine the effectiveness of the controls.
17. When a client plans to implement new computerized systems, auditors will find it advantageous to review the new system before it is placed in use.
18. A sample is random when each item in the population has an equal chance of being chosen.
19. Of all the principles applicable to auditors, the one that generally receives the most attention is the requirement that financial statement auditors maintain integrity.
20. The Sarbanes-Oxley Act has placed restrictions on auditors by prohibiting certain types of services historically performed by auditors for their clients.
21. The Sarbanes-Oxley Act decreased management’s responsibilities regarding the fair presentation of the financial statements.
22. The responsibility of the auditor to search for fraud is less than the responsibility to search for errors.
23. Management fraud is the intentional misstatement of financial information and may be difficult for auditors to find because the perpetrator will attempt to hide the fraud.
24. The PCAOB/AICPA Code of Professional Conduct is made up of two sections. One section, the rules, are the foundations for the honorable behavior expected of CPAs while performing professional duties.
25. SO2 Types of Audits

Main purpose of an audit is to assure users of financial information about the accuracy and completeness of the information. Identify and describe the three primary types of audits, discussed in the text and class.

1. SO6 Four Primary Phases of an IT Audit

Identify and explain, in order of occurrence, the four primary phases to an IT audit

1. SO Primary objectives of compliance testing

The primary objective of compliance testing in a financial statement audit of a company with an automated AIS or ERP system is to determine whether

_______________________________________________________________________

_______________________________________________________________________

_______________________________________________________________________

_______________________________________________________________________

_______________________________________________________________________

_______________________________________________________________________

_______________________________________________________________________

_______________________________________________________________________

The purpose of compliance testing in a financial statement audit of a company with an automated AIS or ERP system is to determine whether internal controls are in place and functioning as designed.

1. SO7 Computers User in Audits

The text identifies three ways in which computers are used in audits.

IE Auditing __________ the computer. Identify, explain and provide examples of each of the ways in which computers are used in audits.

1. SO8 Compliance and Substantive Testing

Keperlsky and Bennuchi, and audit firm was auditing EDJ consulting. EDJ is a large consulting firm that has consistently had very strong internal controls over IT functions at the company. The company uses SAP, a sophisticated, Tier 1 ERP system that has not been customized. Keperlsky and Bennuchi’s audit team has reviewed and tested the internal controls and concluded that the controls are very effective (strong) and they can be relied upon. Mr Keperlsky, a partner, has said that it is not necessary to complete substantive testing in this case, given the strength of the internal controls and strong ERP system. Is Mr Keperlsky’s conclusion correct?

____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

____________________________________________________________________________________

_____________________________________________________________________________________

Mr Keperlsky is not correct. It is ALWAYS necessary to complete substantive testing. Compliance testing tests if internal controls are in place and functioning. Substantive test verify the accuracy of financial amounts. If controls are in place and functioning, su

1. SO7 Computer Assisted Audit Techniques (CAATs)

The text discusses several computer assisted audit techniques (CAAT’s). Lists 4 of the 5 CAAT’s and describe the technique.