Which of the following is not true?

An internal audit is never performed by external auditors

The primary goals of an internal audit and an external audit are somewhat different

Both internal and external audits are similar in their insistence upon objectivity in the performance of the audit evaluation

Both the internal audit and the external audit rely heavily upon the audit trail of transactions in an accounting system

The primary purpose of an internal audit is:

To verify the accuracy of a firms financial statements

To punish employees for inefficient performance

To meet the requirements of the accounting profession

To ascertain employee adherence to organizational policies and procedures

The best educational background for a Certified Information Systems Auditor is:

A degree in information systems or technology

A degree which combines the study of accounting with the study of information systems

No college degree, but work experience in information systems

An accounting degree

Computer assisted audit techniques:

Are never used in compliance testing

May be used for substantive and compliance testing

Are used primarily when auditing around the computer

Are good tools for auditors who are lacking in technical computer skills

A computerized AIS is harder to audit than a manual system for all of the following reasons except:

The file information is not human readable

b) The volume of transaction records and master file records is usually much larger in computerized systems than in manual systems

An audit trail does not exist in a computerized AIS

d) Computerized systems often use remote real-time data processing, thus complicating the tracing of transaction records to their sources

Information technology governance:

a) Is a component of IT auditing

b) Has one objective to ensure that IT is used strategically to fulfill an organizations mission

c) Is intended to ensure both the strategic use of IT and control over IT resources

d) Is primarily intended to deter IT fraud

Which of the following is not one of the groups of SOX compliance requirements?

Requirements to use an IT auditor to evaluate controls

Regulations governing executive reporting and conduct

Rules about financial statement reporting

Audit committee/corporate governance requirements

The advantages of around-the-computer auditing include:

The emphasis which is placed on testing data processing exceptions

Use of live data

The minimal disturbance of a companys records

both b and c

If an auditor were to audit a payroll application using around-the-computer auditing techniques, the individual would:

a) Use test data

b) Verify that the output from the computerized processing was correct for the input data used to generate it

c) Never use a surprise audit because of the amount of time and work involved

d) Prepare a profile of a computer file and check the processed data with the profile thus obtained

Through-the-computer auditing uses all of the following except:

Confirmation sampling

Test data

Tests of program authorization

Embedded audit modules

The term test data" is associated with:

a) Auditing through-the-computer

b) Auditing around-the-computer

c) Auditing of manual accounting systems

d) Non-auditing procedures performed by a firms accounting subsystem employees

Three common techniques auditors use to test computer programs are:

Test data, integrated test facilities, and parallel simulation

Test data, edit checks, and integrated test facilities

Test data, program change control, and parallel simulation

Program change control, edit checks, and parallel simulation

The most important advantage of an integrated test facility is that it:

a) Allows auditors to evaluate transactions in an operational setting

b) Can test every exception transaction as opposed to test data which includes only a limited set of such transactions

c) Works best at evaluating input controls

d) Has no disadvantages

14. Which of the following audit techniques is likely to require the most technical expertise on the part of an auditor?

Test data

Integrated test facility

Evaluation of program change control

Parallel simulation

15. Which of the following is not typically checked by an auditor in a review of a responsibility system of computer program development and maintenance?

a) Documentation of all program changes on proper change-request forms

b) Proper costing of all program change requests

c) A review of each program change request by an internal auditor

d) Matches between program documentation and the production version of a computer program

16. The four approaches to through-the-computer auditing include all but which of the following:

Use of embedded audit modules

Testing of outputs to verify processing

Computer program testing

Validation of computer programs

The auditors role in reviewing the system of computer program development:

a) Does not include checking to see that all program changes are properly documented

b) Does not include a check of librarian functions

c) Does not include checking to see that program change requests are properly costed

d) Includes a cross-check of program changes against in-use programs

Which of the following is not a condition for fraud as identified in the fraud triangle?

Incentives or pressures

Rationalization

Opportunity

Flawed moral character

An integrated test facility is used to:

a) Test only the computer programs of an AIS

b) Test only the manual operations of an AIS

c) Test both the programs and the manual operations of an AIS in an operational setting

d) Test the computer programs, the manual operations, and the auditing procedures of a company using a computerized AIS

The greatest drawback of an integrated test facility is that:

It requires the construction of a high volume of test data

It introduces artificial transactions into the transaction stream

It produces overkill in the audit function

It is not broad enough to cover the entire spectrum of activities involved in the AIS

All of the following are true concerning embedded audit modules except:

a) They provide for continuous auditing of application processing

b) The auditor does not have to be involved in the development of these programs

c) Once implemented, the system can capture information that is useful to the auditor on an ongoing basis

d) With this approach, the application program incorporates subroutines for audit purposes

Which of the following statements is not true regarding people skills for IT auditors?

a) People skills are more important than technical skills

b) An example of people skills would be the ability to work on a team

c) In the case of protecting against computer viruses, technical skills matter more than people skills

d) Many internal controls evaluated by auditors concern human behavior