Questions on Controls Part III: Systems Development, Program Changes, and Application Controls
Chapter 17—IT Controls Part III: Systems Development, Program Changes, and Application Controls
TRUE/FALSE
1. Programs in their compiled state are very susceptible to the threat of unauthorized modification.
ANS: F
2. Maintenance access to systems increases the risk that logic will be corrupted either by the accident or intent to defraud.
ANS: T
3. Source program library controls should prevent and detect unauthorized access to application programs.
ANS: T
4. A check digit is a method of detecting data coding errors.
ANS: T
5. Input controls are intended to detect errors in transaction data after processing.
ANS: F
6. A header label is an internal, machine-readable label.
ANS: T
7. The user test and acceptance procedure is the last point at which the user can determine the system’s acceptability prior to it going into service.
ANS: T
8. A run-to-run control is an example of an output control.
ANS: F
9. Shredding computer printouts is an example of an output control.
ANS: T
10. In a CBIS environment, all input controls are implemented after data is input.
ANS: F
11. Achieving batch control objectives requires grouping similar types of input transactions (such as sales orders) together in batches and then controlling the batches throughout data processing.
ANS: T
12. The "white box" tests of program controls are also known as auditing through the computer.
ANS: T
13. The presence of a SPLMS effectively guarantees program integrity.
ANS: F
14. When using the test data method, the presence of multiple error messages indicates a flaw in the preparation of test transactions.
ANS: F
15. The Base Case System Evaluation is a variation of the test data method.
ANS: T
16. Tracing is a method used to verify the logical operations executed by a computer application.
ANS: T
17. Generalized audit software packages are used to assist the auditor in performing
TRUE/FALSE
1. Programs in their compiled state are very susceptible to the threat of unauthorized modification.
ANS: F
2. Maintenance access to systems increases the risk that logic will be corrupted either by the accident or intent to defraud.
ANS: T
3. Source program library controls should prevent and detect unauthorized access to application programs.
ANS: T
4. A check digit is a method of detecting data coding errors.
ANS: T
5. Input controls are intended to detect errors in transaction data after processing.
ANS: F
6. A header label is an internal, machine-readable label.
ANS: T
7. The user test and acceptance procedure is the last point at which the user can determine the system’s acceptability prior to it going into service.
ANS: T
8. A run-to-run control is an example of an output control.
ANS: F
9. Shredding computer printouts is an example of an output control.
ANS: T
10. In a CBIS environment, all input controls are implemented after data is input.
ANS: F
11. Achieving batch control objectives requires grouping similar types of input transactions (such as sales orders) together in batches and then controlling the batches throughout data processing.
ANS: T
12. The "white box" tests of program controls are also known as auditing through the computer.
ANS: T
13. The presence of a SPLMS effectively guarantees program integrity.
ANS: F
14. When using the test data method, the presence of multiple error messages indicates a flaw in the preparation of test transactions.
ANS: F
15. The Base Case System Evaluation is a variation of the test data method.
ANS: T
16. Tracing is a method used to verify the logical operations executed by a computer application.
ANS: T
17. Generalized audit software packages are used to assist the auditor in performing