12-17 (Objectives 12-1, 12-4) The following questions concern the characteristics of IT systems. Choose the best response. • a. An IT system is designed to ensure that management possesses the information it needs to carry out its functions through the integrated actions of o (1) data-gathering, analysis, and reporting functions. o (2) a computer-based information retrieval and decision-making system. o (3) statistical and analytical procedures functions. o (4) production budgeting and sales forecasting activities. • b. Which of the following conditions will not normally cause the auditor to question whether material misstatements exist? o (1) Bookkeeping errors are listed on an IT-generated error listing. o (2) Differences exist between control accounts and supporting master files. o (3) Transactions are not supported by proper documentation. o (4) Differences are disclosed by confirmations. • c. As general IT controls weaken, the auditor is most likely to o (1) reduce testing of automated application controls done by the computer. o (2) increase testing of general IT controls to conclude whether they are operating effectively. o (3) expand testing of automated application controls used to reduce control risk to cover greater portions of the fiscal year under audit. o (4) ignore obtaining knowledge about the design of general IT controls and whether they have been implemented. • d. Which of the following is an example of an application control? o (1) The client uses access security software to limit access to each of the accounting applications. o (2) Employees are assigned a user ID and password that must be changed every quarter. o (3) The sales system automatically computes the total sale amount and posts the total to the sales journal master file. o (4) Systems programmers are restricted from doing applications programming functions. 12-18 (Objectives 12-2, 12-4) The following questions concern auditing complex IT systems. Choose the best response. • a. Which of the following client IT systems generally can be audited without examining or directly testing the computer programs of the system? o (1) A system that performs relatively uncomplicated processes and produces detailed output. o (2) A system that affects a number of essential master files and produces limited output. o (3) A system that updates a few essential master files and produces no printed output other than final balances. o (4) A system that does relatively complicated processing and produces little detailed output. • b. Which of the following is true of generalized audit software programs? o (1) They can be used only in auditing online computer systems. o (2) They can be used on any computer without modification. o (3) They each have their own characteristics that the auditor must carefully consider before using in a given audit situation. o (4) They enable the auditor to do all manual tests of control procedures less expensively. • c. Assume that an auditor estimates that 10,000 checks were issued during the accounting period. If an automated application control that does a limit check for each check request is to be subjected to the auditor’s test data approach, the sample should include o (1) approximately 1,000 test items. o (2) a number of test items determined by the auditor to be sufficient under the circumstances. o (3) a number of test items determined by the auditor’s reference to the appropriate sampling tables. o (4) one transaction. • d. An auditor will use the test data approach to obtain certain assurances with respect to the o (1) input data. o (2) machine capacity. o (3) procedures contained within the program. o (4) degree of data entry accuracy. • 12-27 (Objectives 12-2, 12-3) Your new audit client, Hardwood Lumber Company, has a computerized accounting system for all financial statement cycles. During planning, you visited with the information systems vice president and learned that personnel in information systems are assigned to one of four departments: systems programming, applications programming, operations, or data control. Job tasks are specific to the individual and no responsibilities overlap with other departments. Hardwood Lumber relies on the operating system software to restrict online access to individuals. The operating system allows an employee with “READ” capabilities to only view the contents of the program or file. • “CHANGE” allows the employee to update the contents of the program or file. “RUN” allows the employee to use a program to process data. Programmers, both systems and applications, are restricted to a READ-only access to all live application software program files but have READ and CHANGE capabilities for test copies of those software program files. Operators have READ and RUN capabilities for live application programs. Data control clerks have CHANGE access to data files only and no access to software program files. The person in charge of operations maintains access to the operating software security features and is responsible for assigning access rights to individuals. The computer room is locked and requires a card-key to access the room. Only operations staff have a card-key to access the room, and security cameras monitor access. A TV screen is in the information systems vice president’s office to allow periodic monitoring of access. The TV presents the live picture and no tape record is maintained. The librarian, who is in the operations department, is responsible for maintaining the library of program tapes and files. The librarian has READ and CHANGE access rights to program tapes and files. The files, when not being used, are stored in shelves located in a room adjacent to the computer room. They are filed numerically based on the tape label physically attached on the outside of the tape cartridge to allow for easy identification by operators as they access tapes from the shelves for processing. • Required • What recommendations for change can you suggest to improve Hardwood’s information systems function? 13-22 ( Objective 13-1, 13-5, 13-7 The following questions concern types of audit tests. Choose the best response. • a. The auditor looks for an indication on duplicate sales invoices to see whether the invoices have been verified. This is an example of o (1) a test of details of balances. o (2) a test of control. o (3) a substantive test of transactions. o (4) both a test of control and a substantive test of transactions. • b. Analytical procedures may be classified as being primarily o (1) tests of controls. o (2) substantive tests. o (3) tests of ratios. o (4) tests of details of balances. • c. The auditor faces a risk that the audit will not detect material misstatements that occur in the accounting process. To minimize this risk, the auditor relies primarily on o (1) substantive tests. o (2) tests of controls. o (3) internal control. o (4) statistical analysis. • d. A conceptually logical approach to the auditor’s evaluation of internal control consists of the following four steps: o I. Determining the internal controls that should prevent or detect errors and fraud. o II. Identifying control deficiencies to determine their effect on the nature, timing, or extent of auditing procedures to be applied and suggestions to be made to the client. o III. Determining whether the necessary internal control procedures are prescribed and are being followed satisfactorily. o IV. Considering the types of errors and fraud that can occur. What should be the order in which these four steps are performed? o (1) I, II, III, and IV o (2) I, III, IV, and II o (3) III, IV, I, and II o (4) IV, I, III, and II 13-23 ( Objective 13-1 ) The following questions deal with tests of controls. Choose the best response. • a. Which of the following statements about tests of controls is most accurate? o (1) Auditing procedures cannot concurrently provide both evidence of the effectiveness of internal control procedures and evidence required for substantive tests. o (2) Tests of controls include observations of the proper segregation of duties. o (3) Tests of controls provide direct evidence about monetary misstatements in transactions. o (4) Tests of controls ordinarily should be performed as of the balance sheet date or during the period subsequent to that date. • b. To support the auditor’s initial assessment of control risk below maximum, the auditor performs procedures to determine that internal controls are operating effectively. Which of the following audit procedures is the auditor performing? o (1) Tests of details of balances o (2) Substantive tests of transactions o (3) Tests of controls o (4) Tests of trends and ratios • c. The primary objective of performing tests of controls is to obtain o (1) a reasonable degree of assurance that the client’s internal controls are operating effectively on a consistent basis throughout the year. o (2) sufficient, appropriate audit evidence to afford a reasonable basis for the auditor’s opinion, without the need for additional evidence. o (3) assurances that informative disclosures in the financial statements are reasonably adequate. o (4) knowledge and understanding of the client’s prescribed procedures and methods. • d. Which of the following is ordinarily considered a test of control audit procedure? o (1) Sending confirmation letters to banks. o (2) Counting and listing cash on hand. o (3) Examining signatures on checks. o (4) Preparing reconciliations of bank accounts as of the balance sheet date. 13-24 ( Objectives 13-1, 13-2 ) The following are 11 audit procedures taken from an audit program: • 1. Foot the accounts payable trial balance and compare the total with the general ledger. • 2. Examine vendors’ invoices to verify the ending balance in accounts payable. • 3. Compare the balance in payroll tax expense with previous years. The comparison takes the increase in payroll tax rates into account. • 4. Examine the internal auditor’s initials on monthly bank reconciliations as an indication of whether they have been reviewed. • 5. Examine vendors’ invoices and other documentation in support of recorded transactions in the acquisitions journal. • 6. Multiply the commission rate by total sales and compare the result with commission expense. • 7. Examine vendors’ invoices and other supporting documents to determine whether large amounts in the repair and maintenance account should be capitalized. • 8. Discuss the duties of the cash disbursements clerk with him and observe whether he has responsibility for handling cash or preparing the bank reconciliation. • 9. Confirm accounts payable balances directly with vendors. • 10. Account for a sequence of checks in the cash disbursements journal to determine whether any have been omitted. • 11. Inquire about the accounts payable supervisor’s monthly review of a computer-generated exception report of receiving reports and purchase orders that have not been matched with a vendor invoice. Required • a. Indicate whether each procedure is a test of control, substantive test of transactions, analytical procedure, or a test of details of balances. • b. Identify the type of evidence for each procedure.