A control designed to validate a transaction at the point of data entry is a. recalculation of
a record count.
a check digit.
recalculation of hash total.
Which of the following statements is true?
The black box approach to testing application controls is essentially auditing around the computer.
The white box approach audits through the computer and tests the application logic directly.
Both are true.
Both are false.
In an automated payroll processing environment, a department manager substituted the time card for a terminated employee with a time card for a fictitious employee. The fictitious employee had the same pay rate and hours worked as the terminated employee. The best control technique to detect this action using employee identification numbers would be a record count.
Users need to be actively involved in the system development process.
An electronic walk- through of the application’s internal logic is called
a salami logic test.
an integrated test.
a logic bomb test.
SOX legislation calls for sound internal control practices over financial reporting and requires SEC- registered corporations to maintain systems of internal control that meet SOX standards. An integral part of internal control is the appropriate use of preventive controls.Which of the following is not an essential element of preventive control?
separation of responsibilities for the recording, custodial, and authorization functions
sound personnel practices
documentation of policies and procedures
implementation of state of the art software and hardware
physical protection of assets
In regard to Generalized Audit Software (GAS) which of the following is false?
Generalized Audit Software is an off-the-shelf package that can provide a means to gain access to and interrogate data maintained on computer storage media.
Generalized Audit Software is utilized by auditors to obtain evidence directly on the quality of the records produced and maintained by application systems.
ACL and IDEA are two widely used Generalized Audit Software products.
Generalized audit software is the client’s software that is borrowed by the auditor.
Input controls should test validity, accuracy and completeness.
When using the test data method:
Involves an audit module designed into the application with dummy or test records integrated among legitimate records.
Performs an electronic walk through of the application’s internal logic.
The results of the test are compared to predetermined results.
Creating a program that does what the application program does. Transactions are reprocessed and the parallel simulation results are compared to the actual application results.
Involves a module embedded into the application program that selects transactions for further testing.
An employee in the receiving department keyed in a shipment from a remote terminal and inadvertently omitted the purchase order number. The best systems control to detect this error would be a reasonableness test.
In regard to program changes which of the following is false?
Normally there is no audit trail for program changes.
All program changes should be supported by a change authorization in the program permanent file.
The program maintenance change authorization should be approved by both the computer services management and the user department management.
Every program change should be thoroughly tested before being implemented.