0% found this document useful (0 votes)

57 views64 pages

Feedback General Feedback Ensuring That Changes Are Authorized, Tested, Documented, and Implemented Securely

Uploaded by

intensivemoisture39

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

57 views64 pages

Feedback General Feedback Ensuring That Changes Are Authorized, Tested, Documented, and Implemented Securely

Uploaded by

intensivemoisture39

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 64

/ 1 point

What is the primary purpose of controlling program change activities within an IT system?

Enhancing aesthetic appeal in software updates

, Not Selected

Facilitating unrestricted access for developers

, Not Selected

Correct answer:

Ensuring that changes are authorized, tested, documented, and implemented securely

Increasing system downtime during maintenance

, Not Selected

Feedback

General Feedback

Answer: The correct answer is Ensuring that changes are authorized, tested, documented, and
implemented securely.
Explanation: Controlling program change activities ensures that each modification to a system is
thoroughly reviewed, authorized, and documented to minimize risks associated with unauthorized
or poorly tested changes.

Results for question 2.

1 / 1 point

Why is documentation of program changes critical in maintaining the integrity of the Source
Program Library (SPL)?

It is optional and rarely referenced in audits

, Not Selected

It decreases the number of people involved in program changes

, Not Selected

Correct answer:

It forms an audit trail that verifies approved modifications

It reduces system performance

, Not Selected
Feedback

General Feedback

Answer: The correct answer is It forms an audit trail that verifies approved modifications.
Explanation: Documentation in the SPL provides an audit trail that allows auditors to verify each
change and its approval, ensuring that only authorized changes were implemented.

Results for question 3.

1 / 1 point

In the worst-case scenario where no controls are in place in the SPL, what is a key risk?

Security costs decrease

, Not Selected

System functionality improves

, Not Selected

The program runs without any issues

, Not Selected

Correct answer:

Unauthorized changes to applications can go undetected

Feedback

General Feedback

Answer: The correct answer is Unauthorized changes to applications can go undetected.

Explanation: Without SPL controls, anyone with access can make unauthorized changes,
compromising application integrity and making it impossible to rely on system controls.

Results for question 4.

1 / 1 point

Which control feature in the SPL Management System (SPLMS) helps track the version history of
program modifications?

Source code deletion protocols

, Not Selected

Correct answer:
Program version numbers

Password complexity requirements

, Not Selected

Time-based restrictions

, Not Selected

Feedback

General Feedback

Answer: The correct answer is Program version numbers.

Explanation: Version numbers allow each program modification to be tracked, creating an audit trail
that reveals any unauthorized or undocumented changes.

Results for question 5.

1 / 1 point

What is the primary role of the Integrated Test Facility (ITF) in application control testing?

Removing control elements to test risk tolerance

, Not Selected

Correct answer:

Allowing auditors to test application controls during normal system operations

Testing applications without using real data

, Not Selected

Slowing down the overall system to evaluate its stability

, Not Selected

Feedback

General Feedback

Answer: The correct answer is Allowing auditors to test application controls during normal
system operations.
Explanation: The ITF is designed to test controls by integrating test transactions with live
transactions, enabling continuous auditing without disrupting daily operations.

Results for question 6.

6
1 / 1 point

In the black box approach to auditing, what is the auditor's primary focus?

Accessing source code directly

, Not Selected

Eliminating the need for interviews with system users

, Not Selected

Modifying system inputs for faster results

, Not Selected

Correct answer:

Evaluating outputs and comparing them with expected results

Feedback

General Feedback

Answer: The correct answer is Evaluating outputs and comparing them with expected results.
Explanation: The black box approach involves analyzing system outputs to ensure they align with
expected results, without requiring direct access to the system’s internal code.

Results for question 7.

1 / 1 point

What is one advantage of using the Embedded Audit Module (EAM) in monitoring application
controls?

It removes all errors from the system

, Not Selected

It slows down transaction processing for security checks

, Not Selected

Correct answer:

It captures significant transactions during regular operations for later review

It eliminates the need for audit documentation

, Not Selected

Feedback

General Feedback
Answer: The correct answer is It captures significant transactions during regular operations for
later review.
Explanation: The EAM monitors applications by capturing and storing critical transactions in a
separate file, which auditors can review to check for compliance with control requirements.

Results for question 8.

1 / 1 point

Why is it important to perform a source code reconciliation as part of the audit procedures?

It improves system speed for data processing

, Not Selected

It allows unrestricted modification of source code

, Not Selected

It eliminates errors in end-user processing

, Not Selected

Correct answer:

It verifies that all program changes are authorized and documented

Feedback

General Feedback

Answer: The correct answer is It verifies that all program changes are authorized and
documented.
Explanation: Reconciling source code ensures that only authorized changes were made,
maintaining program integrity and providing an audit trail for review.

Results for question 9.

1 / 1 point

In program change controls, why is it essential to have technical specifications?

Correct answer:

To ensure maintenance changes align with system requirements and control standards

To make the program code less accessible

, Not Selected

To maximize changes in software for testing

, Not Selected

To minimize the role of end-users

, Not Selected

Feedback

General Feedback

Answer: The correct answer is To ensure maintenance changes align with system requirements
and control standards.
Explanation: Detailed technical specifications provide a framework for maintaining control
standards during program modifications, helping ensure changes are appropriate and meet system
needs.

Results for question 10.

1 / 1 point

Which technique would be used to validate program functionality without accessing the
application’s internal logic?

Parallel simulation

, Not Selected

Embedded audit module

, Not Selected

Through-the-computer testing

, Not Selected

Correct answer:

The black box approach

Feedback

General Feedback

Answer: The correct answer is The black box approach.

Explanation: The black box approach focuses on reconciling actual output with expected output,
validating program functionality without needing to understand the internal logic.

Results for question 11.

1 / 1 point
How does the separation of test libraries from production libraries help control changes in an SPL
environment?

It allows programmers to modify production programs directly

, Not Selected

Correct answer:

It prevents untested versions from accidentally being deployed as production programs

It simplifies password management

, Not Selected

It increases the ease of unauthorized access

, Not Selected

Feedback

General Feedback

Answer: The correct answer is It prevents untested versions from accidentally being deployed
as production programs.
Explanation: Separate test libraries ensure that only thoroughly tested versions are moved to
production, reducing the risk of unintended program errors affecting live systems.

Results for question 12.

1 / 1 point

What is the purpose of implementing password control over SPL access?

To speed up the SPL management process

, Not Selected

Correct answer:

To limit access to only authorized individuals for program security

To enable end-users to modify source code

, Not Selected

To allow everyone easy access to the SPL

, Not Selected

Feedback

General Feedback
Answer: The correct answer is To limit access to only authorized individuals for program
security.
Explanation: Password controls restrict SPL access to authorized individuals, helping maintain the
security and integrity of the stored programs.

Results for question 13.

1 / 1 point

Which audit objective aims to ensure that program libraries are secure from unauthorized access?

Optimizing network speeds for all users

, Not Selected

Allowing unrestricted access to support collaboration

, Not Selected

Correct answer:

Verifying that access controls effectively limit unauthorized entry

Ensuring that password complexity requirements are minimal

, Not Selected

Feedback

General Feedback

Answer: The correct answer is Verifying that access controls effectively limit unauthorized
entry.
Explanation: This objective focuses on confirming that only authorized personnel can access
sensitive libraries, thereby protecting them from potential unauthorized changes or access.

Results for question 14.

1 / 1 point

What would an auditor use to evaluate application-specific logic in tests of IT controls?

External testing only

, Not Selected

Correct answer:

Through-the-computer approach

General observations
, Not Selected

Random testing with no prior design

, Not Selected

Feedback

General Feedback

Answer: The correct answer is Through-the-computer approach.

Explanation: The through-the-computer approach allows auditors to delve into application logic,
verifying that controls are functioning as intended based on specific program requirements.

Results for question 15.

1 / 1 point

How does the Integrated Test Facility (ITF) differ from parallel simulation?

Parallel simulation is less effective in capturing data

, Not Selected

ITF does not require auditing, but parallel simulation does

, Not Selected

Correct answer:

ITF inserts test transactions into live data, while parallel simulation recreates processes
independently

ITF operates externally, whereas parallel simulation only uses historical data

, Not Selected

Feedback

General Feedback

Answer: The correct answer is ITF inserts test transactions into live data, while parallel
simulation recreates processes independently.
Explanation: ITF allows testing within the live environment by integrating test transactions with
production data, while parallel simulation is conducted independently to replicate system
processes.

Results for question 16.

1 / 1 point
What is the purpose of the audit trail in SPL management software?

Increasing processing speed

, Not Selected

Storing deleted files for backup purposes

, Not Selected

Enabling unrestricted access for all programmers

, Not Selected

Correct answer:

Tracking and verifying program changes over time

Feedback

General Feedback

Answer: The correct answer is Tracking and verifying program changes over time.
Explanation: The audit trail in SPL management software allows tracking of every program change
made, which is essential for verifying the integrity and authorization of each modification.

Results for question 17.

1 / 1 point

In application control testing, which test verifies that the system processes data only within
acceptable parameters?

Audit trail tests

, Not Selected

Correct answer:

Validity tests

Redundancy tests

, Not Selected

Access tests

, Not Selected

Feedback

General Feedback
Answer: The correct answer is Validity tests.
Explanation: Validity tests ensure that the system processes only data values that fall within
acceptable ranges, preventing errors or unauthorized data from being processed.

Results for question 18.

1 / 1 point

Which type of test would best ensure that data values are calculated accurately and posted
correctly to each account?

Correct answer:

Accuracy tests

Audit trail tests

, Not Selected

Redundancy tests

, Not Selected

Completeness tests

, Not Selected

Feedback

General Feedback

Answer: The correct answer is Accuracy tests.

Explanation: Accuracy tests focus on verifying mathematical calculations and ensuring data is
posted to correct accounts, essential for maintaining reliable financial records.

Results for question 19.

1 / 1 point

When would a parallel simulation be used in IT auditing?

To bypass other controls for expedited results

, Not Selected

Correct answer:

To independently replicate application functions and compare results

To test real-time data input for faster processing

, Not Selected

To avoid auditing specific transactions

, Not Selected

Feedback

General Feedback

Answer: The correct answer is To independently replicate application functions and compare
results.
Explanation: Parallel simulation allows auditors to reprocess the same transactions independently,
which helps verify the accuracy of the application’s functions by comparing outcomes with original
processing results.

Results for question 20.

1 / 1 point

Why would an auditor use the black box approach?

Correct answer:

To verify system functionality without needing internal access

To create alternative pathways in the system

, Not Selected

To ensure no output is analyzed during tests

, Not Selected

To directly modify the system's code for security tests

, Not Selected

Feedback

General Feedback

Answer: The correct answer is To verify system functionality without needing internal access.
Explanation: The black box approach involves analyzing inputs and outputs without accessing the
internal system logic, which is useful for confirming overall functionality without interrupting
normal operations.

Results for question 21.

1 / 1 point
Which test ensures that all records in a batch process are accounted for and not omitted?

Correct answer:

Completeness tests

Audit trail tests

, Not Selected

Validity tests

, Not Selected

Redundancy tests

, Not Selected

Feedback

General Feedback

Answer: The correct answer is Completeness tests.

Explanation: Completeness tests are designed to identify missing data, ensuring every record in a
batch is processed and accounted for, thereby preventing unintentional omissions.

Results for question 22.

1 / 1 point

In an SPL-controlled environment, what is the primary role of separating test libraries from
production libraries?

To allow unrestricted testing within production

, Not Selected

To facilitate unrestricted access by users

, Not Selected

To simplify system backups

, Not Selected

Correct answer:

To prevent untested versions from mistakenly entering the production environment

Feedback

General Feedback
Answer: The correct answer is To prevent untested versions from mistakenly entering the
production environment.
Explanation: By maintaining separate test libraries, companies ensure that only thoroughly tested
versions are transferred to the production environment, reducing the risk of errors.

Results for question 23.

1 / 1 point

How does message sequence numbering aid in network control?

Correct answer:

It detects any attempts to alter or duplicate messages

It speeds up data transfer

, Not Selected

It minimizes audit trail entries

, Not Selected

It allows messages to be re-sequenced on arrival

, Not Selected

Feedback

General Feedback

Answer: The correct answer is It detects any attempts to alter or duplicate messages.
Explanation: Message sequence numbering ensures that all messages arrive in the correct order,
helping identify any deletions, duplications, or reordering attempts that may compromise data
integrity.

Results for question 24.

1 / 1 point

Which audit procedure is most effective in identifying unauthorized access to libraries?

Reviewing transaction frequency

, Not Selected

Performing network simulations

, Not Selected

Examining redundant data

, Not Selected

Correct answer:

Testing programmer authority tables

Feedback

General Feedback

Answer: The correct answer is Testing programmer authority tables.

Explanation: Reviewing programmer authority tables helps auditors verify that only authorized
personnel have access to sensitive libraries, reducing the risk of unauthorized access.

Results for question 25.

1 / 1 point

In terms of application control testing, which technique provides continuous auditing by capturing
transactions during processing?

Test data method

, Not Selected

Correct answer:

The Embedded Audit Module (EAM)

Parallel simulation

, Not Selected

Black box approach

, Not Selected

Feedback

General Feedback

Answer: The correct answer is The Embedded Audit Module (EAM).

Explanation: The EAM continuously captures significant transactions during regular processing,
allowing auditors to monitor application controls without interrupting system functions.

Results for question 26.

1 / 1 point

Which of the following controls helps prevent unauthorized access to a Source Program Library
(SPL)?
Correct answer:

Password control on the SPL

Unrestricted maintenance access

, Not Selected

Inclusion of SPL in the backup system

, Not Selected

Direct access for all system users

, Not Selected

Feedback

General Feedback

Answer: Password control on the SPL.

Explanation: Password control on the SPL restricts access to only authorized users, protecting
sensitive code from unauthorized modification.

Results for question 27.

1 / 1 point

Why is it important to have separate authorization for program maintenance actions in an SPL
environment?

To increase developer access

, Not Selected

Correct answer:

To ensure changes are approved and properly documented

To reduce overall maintenance time

, Not Selected

To create multiple versions of the same program

, Not Selected

Feedback

General Feedback
Answer: To ensure changes are approved and properly documented.
Explanation: Separate authorization ensures that all program changes are reviewed and
documented, preventing unauthorized modifications and enhancing control over the SPL.

Results for question 28.

1 / 1 point

Which of the following is NOT an advantage of using the test data method for application control
testing?

Requires minimal computer expertise

, Not Selected

Correct answer:

Continuous monitoring capability

Minimal disruption to operations

, Not Selected

Explicit evidence of application function

, Not Selected

Feedback

General Feedback

Answer: Continuous monitoring capability.

Explanation: The test data method is typically used at a specific point in time, not for continuous
monitoring; continuous monitoring is better achieved through techniques like Embedded Audit
Modules.

Results for question 29.

1 / 1 point

What is the primary objective of access tests in IT application control testing?

To validate the quality of encryption methods used

, Not Selected

Correct answer:

To verify the identity and legitimacy of access attempts

To confirm redundancy in transaction processing

, Not Selected

To check mathematical accuracy in transactions

, Not Selected

Feedback

General Feedback

Answer: To verify the identity and legitimacy of access attempts.

Explanation: Access tests ensure that only authorized users or systems can access sensitive
information, protecting against unauthorized access.

Results for question 30.

1 / 1 point

In SPL management, how does using program version numbers support auditing?

Correct answer:

It tracks the sequence of authorized program changes

It shortens program runtime

, Not Selected

It increases data transmission speed

, Not Selected

It prevents data from being processed

, Not Selected

Feedback

General Feedback

Answer: It tracks the sequence of authorized program changes.

Explanation: Program version numbers track each modification, helping auditors verify that only
approved changes have been made to the application.

Results for question 31.

1 / 1 point

What does the test of completeness in an application control audit verify?

That all passwords meet length requirements

, Not Selected

That every program update has a corresponding version number

, Not Selected

That no unauthorized access occurred

, Not Selected

Correct answer:

That no records were omitted from the processing batch

Feedback

General Feedback

Answer: That no records were omitted from the processing batch.

Explanation: Completeness tests ensure that every record in a batch is processed, with none
omitted, which is vital for data integrity.

Results for question 32.

1 / 1 point

Which control technique prevents accidental use of test versions in a production environment?

Reducing password requirements

, Not Selected

Correct answer:

Separating test and production libraries

Requiring multi-factor authentication for all developers

, Not Selected

Increasing the frequency of system updates

, Not Selected

Feedback

General Feedback

Answer: Separating test and production libraries.

Explanation: By keeping test and production libraries separate, companies reduce the risk of
untested versions accidentally being used in the production environment.

Results for question 33.

1 / 1 point

Which of the following is a primary benefit of using Generalized Audit Software (GAS) in an audit?

The necessity for high-level programming skills

, Not Selected

The increase in system downtime

, Not Selected

Correct answer:

The ability to access multiple data types and perform various operations

The prevention of access to complex data files

, Not Selected

Feedback

General Feedback

Answer: The ability to access multiple data types and perform various operations.
Explanation: GAS allows auditors to perform various operations on data files, enabling efficient
data extraction, analysis, and reporting without specialized programming knowledge.

Results for question 34.

1 / 1 point

Why is an embedded audit module (EAM) advantageous for continuous monitoring?

It exclusively captures incomplete transactions

, Not Selected

It simplifies data storage

, Not Selected

Correct answer:

It captures relevant transactions in real-time throughout the audit period

It prevents all unauthorized access

, Not Selected

Feedback
General Feedback

Answer: It captures relevant transactions in real-time throughout the audit period.

Explanation: An EAM records significant transactions during normal processing, allowing auditors
to monitor the application continuously.

Results for question 35.

1 / 1 point

Which approach allows auditors to assess application outputs without accessing internal logic?

Tracing

, Not Selected

Parallel simulation

, Not Selected

Integrated Test Facility

, Not Selected

Correct answer:

Black box approach

Feedback

General Feedback

Answer: Black box approach.

Explanation: The black box approach involves examining outputs relative to inputs without needing
to understand the internal workings of the application, suitable for straightforward testing.

Results for question 36.

1 / 1 point

Which type of test would an auditor use to confirm that each transaction is only processed once?

Completeness tests

, Not Selected

Correct answer:

Redundancy tests
Audit trail tests

, Not Selected

Validity tests

, Not Selected

Feedback

General Feedback

Answer: Redundancy tests.

Explanation: Redundancy tests verify that transactions are not duplicated and ensure that each one
is processed only once, preserving data integrity.

Results for question 37.

1 / 1 point

In the context of SPL management, what role does a program modification report serve?

It reduces the system’s processing speed

, Not Selected

Correct answer:

It documents every program change for audit purposes

It allows unrestricted access to the SPL

, Not Selected

It reduces the number of people involved in program modifications

, Not Selected

Feedback

General Feedback

Answer: It documents every program change for audit purposes.

Explanation: Program modification reports serve as an audit trail, recording each change made to a
program for verification and tracking purposes.

Results for question 38.

1 / 1 point
In network security, why is deep packet inspection (DPI) crucial in Intrusion Prevention Systems
(IPS)?

Correct answer:

It examines the entire packet content for suspicious patterns

It eliminates the need for encryption

, Not Selected

It only inspects packet headers

, Not Selected

It shortens the packet's data length

, Not Selected

Feedback

General Feedback

Answer: It examines the entire packet content for suspicious patterns.

Explanation: DPI inspects the data payload of packets for signs of malicious activity, making it
effective in detecting and blocking sophisticated network threats.

Results for question 39.

1 / 1 point

What control would detect if a hacker re-ordered messages in a stream to alter a financial
transaction?

Transaction logging

, Not Selected

Correct answer:

Message sequence numbering

Audit trail review

, Not Selected

Access control

, Not Selected

Feedback

General Feedback
Answer: Message sequence numbering.
Explanation: Message sequence numbering assigns a unique identifier to each message in a
sequence, making it easy to detect if messages have been altered, duplicated, or deleted.

Results for question 40.

1 / 1 point

Why is maintaining accurate system documentation critical for the audit process?

It reduces the time required for data processing

, Not Selected

Correct answer:

It facilitates future audits and maintenance activities

It shortens transaction times

, Not Selected

It decreases system security

, Not Selected

Feedback

General Feedback

Answer: It facilitates future audits and maintenance activities.

Explanation: Accurate documentation helps auditors understand system operations, which is
essential for assessing system integrity and compliance.

Results for question 41.

1 / 1 point

Which audit procedure helps verify the accuracy of system outputs by comparing test transactions
against known results?

Redundancy testing

, Not Selected

Correct answer:

Parallel simulation

Black box approach

, Not Selected

Tracing

, Not Selected

Feedback

General Feedback

Answer: Parallel simulation.

Explanation: Parallel simulation reprocesses transactions through a simulated application to verify
that output results align with expected outcomes.

Results for question 42.

1 / 1 point

What is the main advantage of using an Integrated Test Facility (ITF) over traditional test data
methods?

ITF requires less upfront planning than test data

, Not Selected

ITF only allows one-time testing

, Not Selected

Correct answer:

ITF allows real-time testing during normal operations without disrupting users

ITF is more effective than regular audits

, Not Selected

Feedback

General Feedback

Answer: ITF allows real-time testing during normal operations without disrupting users.
Explanation: ITF integrates test data into live data streams, allowing auditors to continuously assess
control functionality without halting regular system processes.

Results for question 43.

1 / 1 point

Which of the following would an auditor test to verify the integrity of SPL access control?
Transaction logs

, Not Selected

Correct answer:

Programmer authority tables

Backups of the SPL

, Not Selected

Firewall settings

, Not Selected

Feedback

General Feedback

Answer: Programmer authority tables.

Explanation: Reviewing programmer authority tables ensures that only authorized personnel can
access the SPL, thus safeguarding sensitive program files.

Results for question 44.

1 / 1 point

How does message transaction logging enhance system security?

It only logs successful attempts

, Not Selected

Correct answer:

It records each access attempt, helping to identify unauthorized entries

It reduces the number of messages in transit

, Not Selected

It provides direct access for all users

, Not Selected

Feedback

General Feedback

Answer: It records each access attempt, helping to identify unauthorized entries.

Explanation: Logging all access attempts, successful or not, helps auditors identify and investigate
unauthorized access attempts.
Results for question 45.

1 / 1 point

Which of the following tests would confirm that all fields in a record are filled as required?

Accuracy tests

, Not Selected

Correct answer:

Field completeness tests

Access control tests

, Not Selected

Audit trail tests

, Not Selected

Feedback

General Feedback

Answer: Field completeness tests.

Explanation: Field completeness tests check that each field in a record is populated according to
specifications, ensuring data completeness and validity.

Results for question 46.

1 / 1 point

Which feature of an SPLMS assigns a unique version number with each authorized change?

Firewall logging

, Not Selected

Message sequence numbering

, Not Selected

Correct answer:

Program versioning

Message transaction logs

, Not Selected
Feedback

General Feedback

Answer: Program versioning.

Explanation: Program versioning within an SPLMS assigns a unique identifier for each modification,
allowing auditors to verify that changes were properly documented and authorized.

Results for question 47.

1 / 1 point

What is a key objective when designing access tests for IT systems?

Correct answer:

Verifying the authenticity of access attempts

Ensuring all users can access all parts of the system

, Not Selected

Simplifying user credentials

, Not Selected

Minimizing data encryption

, Not Selected

Feedback

General Feedback

Answer: Verifying the authenticity of access attempts.

Explanation: Access tests aim to verify that only authorized users and systems can access sensitive
data, thus protecting against unauthorized access.

Results for question 48.

1 / 1 point

Which audit approach allows auditors to evaluate application controls without interfering with live
operations?

Parallel simulation

, Not Selected

Correct answer:
Black box approach

Test data method

, Not Selected

Integrated Test Facility

, Not Selected

Feedback

General Feedback

Answer: Black box approach.

Explanation: The black box approach tests the outputs of a system based on inputs without
accessing the system’s internal logic, making it minimally intrusive.

Results for question 49.

1 / 1 point

When testing the redundancy control in a payroll application, what is the primary objective?

To allow for repeated employee checks

, Not Selected

Correct answer:

To confirm that each employee record is processed only once

To ensure no employees have been omitted

, Not Selected

To simplify payroll processing

, Not Selected

Feedback

General Feedback

Answer: To confirm that each employee record is processed only once.

Explanation: Redundancy control in payroll ensures that each employee’s data is processed a
single time per payroll period, preventing duplicate records and payments.

Results for question 50.

1 / 1 point
Which aspect of substantive testing is unique compared to other IT control tests?

It only checks access credentials

, Not Selected

It performs continuous data monitoring

, Not Selected

Correct answer:

It substantiates specific account balances

It calculates network latency

, Not Selected

Feedback

General Feedback

Answer: It substantiates specific account balances.

Explanation: Substantive testing is used to confirm the accuracy of financial amounts in accounts,
providing auditors with confidence in reported balances.

Instructions

When answering the multiple-choice questions, begin by carefully reading the case to understand
the main points. As you work through each question, think about what it’s asking and review all the
answer choices before making your selection. Use details from the case to help you choose the
correct answer. Make sure to answer every question by selecting the answer you believe is best. If
you have time, review your answers before submitting to ensure they accurately reflect your
understanding of the case.

Case: Golden Tigresses Sporting Goods

Golden Tigresses Sporting Goods is a company that supplies sports equipment and apparel to
various schools and athletic organizations. To streamline its inventory processes, Golden Tigresses
has implemented an automated inventory management system integrated with its receiving
department. This system updates inventory in real-time as new items are received and recorded by
a receiving clerk. The clerk logs inventory receipts at a terminal in the receiving department, with
the system automatically updating inventory records.

The company is preparing for an audit, and the auditor has been granted access to a current copy of
the inventory application and supporting documentation. The auditor’s task is to evaluate the
accuracy and integrity of the system’s inventory receipt process, which includes ensuring the
accuracy of postings to inventory accounts, validating the three-way match process, and verifying
multilevel security and access controls in the purchases/accounts payable (AP) system.
The following controls and testing procedures are relevant to this audit:

1. Test Data Creation: The auditor will create test data with valid and invalid inventory
transactions to verify if errors are appropriately identified and reported.

2. Accuracy of Postings: By setting up a master file of inventory records, the auditor will use
test data to verify if approved transactions are accurately posted to inventory accounts.

3. Three-Way Match Testing: The auditor will check if the system correctly reconciles the
quantities ordered with the items received and the supplier’s invoice amounts with the
approved purchase order prices.

4. Multilevel Security Testing: The auditor will test if different access levels in the system
limit access to various data files and functionalities according to user roles.

Results for question 51.

1 / 1 point

What is the primary purpose of creating test data with both valid and invalid inventory
transactions for Golden Tigresses' inventory system audit?

To reduce the time needed for the audit

, Not Selected

To ensure only valid transactions are approved

, Not Selected

To update the test master file with new inventory data

, Not Selected

Correct answer:

To evaluate the system’s ability to identify and report errors

Feedback

General Feedback

Answer: To evaluate the system’s ability to identify and report errors

Explanation: The auditor creates test data to see if the system can correctly identify and manage
invalid entries while allowing valid transactions.

Results for question 52.

1 / 1 point
In the test to confirm accuracy of postings to inventory accounts, the auditor will use a master
file to:

Update incorrect balances in real-time

, Not Selected

Track the auditor's findings

, Not Selected

Correct answer:

Verify approved transactions post correctly to inventory accounts

Log unauthorized access attempts

, Not Selected

Feedback

General Feedback

Answer: Verify approved transactions post correctly to inventory accounts

Explanation: This test ensures that the system is accurately posting transaction data to the correct
accounts in the inventory master file.

Results for question 53.

1 / 1 point

What key feature should the three-way match process demonstrate in Golden Tigresses'
inventory system?

Automated reordering of out-of-stock items

, Not Selected

Automatic calculation of discounts for bulk orders

, Not Selected

Correct answer:

Reconciliation of received goods with purchase orders and invoices

Real-time reporting of rejected invoices

, Not Selected

Feedback

General Feedback
Answer: Reconciliation of received goods with purchase orders and invoices
Explanation: The three-way match verifies the alignment between the quantities ordered, received,
and invoiced, which is critical for accurate financial records.

Results for question 54.

1 / 1 point

Why is it essential for the auditor to log into the system under different roles when testing
multilevel security and access controls?

To simplify the testing of transaction speed

, Not Selected

To bypass system controls and access restricted data

, Not Selected

Correct answer:

To verify that each role has the correct level of access

To accelerate the inventory update process

, Not Selected

Feedback

General Feedback

Answer: To verify that each role has the correct level of access
Explanation: Testing different user roles ensures that access permissions are appropriately
restricted according to each user’s role in the company.

Results for question 55.

1 / 1 point

During the audit, the auditor detects discrepancies in the postings to the inventory account.
What might this indicate?

The presence of unauthorized user access

, Not Selected

Correct answer:

Logical errors or control issues in the system

Reduced system performance

, Not Selected

A need for increased data entry speed

, Not Selected

Feedback

General Feedback

Answer: Logical errors or control issues in the system

Explanation: Discrepancies in postings can signal issues in the inventory management
application’s logic, requiring further investigation.

Results for question 56.

1 / 1 point

Which of the following describes a key objective of testing the security and access privileges
in Golden Tigresses' inventory and AP systems?

Reducing the number of user roles for simplicity

, Not Selected

Allowing inventory updates by all system users

, Not Selected

Correct answer:

Verifying that unauthorized users cannot access sensitive data

Ensuring open access for all users to prevent delays

, Not Selected

Feedback

General Feedback

Answer: Verifying that unauthorized users cannot access sensitive data

Explanation: The security test ensures that only authorized personnel can access specific data
files and perform certain functions, safeguarding data integrity.

Results for question 57.

1 / 1 point

What does the auditor aim to achieve by examining the error reports generated from the
inventory system test data?
Correct answer:

To verify that all transactions have updated the master file correctly

To enhance transaction approval speed

, Not Selected

To adjust system settings for higher accuracy

, Not Selected

To enable faster data processing

, Not Selected

Feedback

General Feedback

Answer: To verify that all transactions have updated the master file correctly
Explanation: Error reports highlight discrepancies, helping the auditor assess if the system
correctly identifies and addresses errors in transaction data.

Results for question 58.

1 / 1 point

What would be the auditor’s next step if test data reveals unauthorized access to the
inventory system by certain roles?

Increase the number of authorized users

, Not Selected

Ignore the findings if no financial data was accessed

, Not Selected

Close the audit as complete

, Not Selected

Correct answer:

Notify management of the security gap and recommend access revisions

Feedback

General Feedback
Answer: Notify management of the security gap and recommend access revisions
Explanation: Unauthorized access findings require management attention to revise access
controls and prevent data misuse.

Results for question 59.

1 / 1 point

If the auditor’s test data shows that some transactions were posted incorrectly, what control
weakness does this highlight?

The need for faster transaction processing

, Not Selected

A need for additional user training

, Not Selected

Delayed error reporting

, Not Selected

Correct answer:

Potential errors in the posting logic of the inventory application

Feedback

General Feedback

Answer: Potential errors in the posting logic of the inventory application

Explanation: Incorrect postings indicate flaws in the application’s processing logic, necessitating
further evaluation of the code or controls.

Results for question 60.

1 / 1 point

When the auditor compares test results with the expected results, what outcome would signal
an effective inventory receipt process?

All inventory records are updated manually

, Not Selected

Test data shows varied posting outcomes

, Not Selected

Significant errors are detected in both test and actual data

, Not Selected

Correct answer:

Test results align with expected results, and error reports are minimal

Feedback

General Feedback

Answer: Test results align with expected results, and error reports are minimal
Explanation: Consistency between test and expected results, with few errors, suggests the system
is functioning correctly and reliably in processing inventory receipts.

Instructions

Case: Tiger-Dragons Rowing Club's SPL Management and Control Risks

Tiger-Dragons Rowing Club, a well-known sporting organization, develops its own in-house software
to track rower performance, manage event logistics, and process memberships. Due to frequent
changes in club activities and events, the IT environment at Tiger-Dragons faces constant updates
and application development requirements.

To keep up with this dynamic environment, the club’s IT director has combined the system
development and maintenance roles into a single department. This setup allows programmers who
create new applications to maintain them as well, reducing the learning curve and allowing quicker
updates without the need for extensive system documentation. To further streamline processes,
the IT team has an "open" source program library (SPL) policy, allowing programmers unrestricted
access to all applications and enabling them to download software to their personal computers for
modifications.

The club has noted an increase in efficiency, but this approach has raised concerns among auditors
who have flagged potential risks related to fraud, poor documentation, and a lack of audit trail for
program changes.

Results for question 61.

1 / 1 point
What is a primary risk associated with allowing Tiger-Dragons Rowing’s programmers full
access to all programs in the SPL without restrictions?

Correct answer:

Increased potential for fraud and unauthorized program changes

Reduced time needed for training and familiarization

, Not Selected

Enhanced collaboration among programmers

, Not Selected

Improved programmer efficiency and flexibility

, Not Selected

Feedback

General Feedback

Answer: Increased potential for fraud and unauthorized program changes

Explanation: Unrestricted access to the SPL makes it easier for programmers to make
unauthorized changes or commit program fraud without detection.

Results for question 62.

1 / 1 point

By allowing programmers to both develop and maintain applications, Tiger-Dragons faces

which of the following risks?

Decreased programmer collaboration

, Not Selected

Correct answer:

Increased potential for poorly documented systems

Increased oversight by external auditors

, Not Selected

More complex software requirements

, Not Selected

Feedback

General Feedback
Answer: Increased potential for poorly documented systems
Explanation: Without separation between development and maintenance roles, programmers may
produce insufficient documentation, complicating future maintenance.

Results for question 63.

1 / 1 point

In the current setup at Tiger-Dragons, what is the impact of having no control over
downloading software to personal devices?

Decreased efficiency in software updates

, Not Selected

Enhanced programmer independence and control

, Not Selected

Correct answer:

Higher risk of data leakage or unauthorized modifications

Reduced auditing costs

, Not Selected

Feedback

General Feedback

Answer: Higher risk of data leakage or unauthorized modifications

Explanation: Allowing software to be downloaded onto personal devices can increase the risk of
security breaches and unapproved program changes.

Results for question 64.

1 / 1 point

Which of the following controls would most effectively limit unauthorized changes in Tiger-
Dragons’ SPL?

Reducing documentation requirements

, Not Selected

Allowing open access for faster modifications

, Not Selected

Combining development and maintenance roles

, Not Selected

Correct answer:

Implementing password control over access to the SPL

Feedback

General Feedback

Answer: Implementing password control over access to the SPL

Explanation: Password control restricts SPL access to authorized users, reducing the likelihood of
unauthorized modifications.

Results for question 65.

1 / 1 point

Why might Tiger-Dragons' current approach lack an adequate audit trail for program changes?

All changes are logged and tracked for audits

, Not Selected

Correct answer:

The system combines development and maintenance roles without documented changes

The open library policy requires passwords for all actions

, Not Selected

Programmers have too little freedom to implement updates

, Not Selected

Feedback

General Feedback

Answer: The system combines development and maintenance roles without documented changes
Explanation: When the same programmer manages development and maintenance, changes may
be undocumented, reducing audit trail reliability.

Results for question 66.

1 / 1 point

What would be a primary advantage of requiring Tiger-Dragons programmers to work within a

separate test library?
Increasing the speed of program updates

, Not Selected

Correct answer:

Testing program changes thoroughly before implementation

Enhancing collaboration by reducing controls

, Not Selected

Reducing the need for version control

, Not Selected

Feedback

General Feedback

Answer: Testing program changes thoroughly before implementation

Explanation: Using a test library allows for changes to be tested in isolation, ensuring stability and
reducing the risk of errors in live systems.

Results for question 67.

1 / 1 point

The absence of strict version control in Tiger-Dragons’ SPL policy could lead to:

Increased access control

, Not Selected

Better organized system documentation

, Not Selected

Improved tracking of updates

, Not Selected

Correct answer:

Difficulties in tracking authorized versus unauthorized changes

Feedback

General Feedback

Answer: Difficulties in tracking authorized versus unauthorized changes

Explanation: Without version control, it is hard to determine which changes are authorized,
increasing the risk of accidental or intentional modifications.
Results for question 68.

1 / 1 point

What is a potential disadvantage of the open access policy in Tiger-Dragons' SPL system?

Correct answer:

Increased risk of unauthorized changes and fraud

Lowered programmer accountability

, Not Selected

Enhanced control over system modifications

, Not Selected

Reduced efficiency in programming updates

, Not Selected

Feedback

General Feedback

Answer: Increased risk of unauthorized changes and fraud

Explanation: Open access policies increase the chance of unauthorized changes by granting
unrestricted access to critical systems.

Results for question 69.

1 / 1 point

Which of the following would be an appropriate control for Tiger-Dragons to track and report
changes made in their SPL?

Correct answer:

Requiring audit trail reports detailing all program changes

Allowing direct access for all programmers

, Not Selected

Increasing the frequency of undocumented changes

, Not Selected

Reducing external audit activities

, Not Selected
Feedback

General Feedback

Answer: Requiring audit trail reports detailing all program changes

Explanation: Audit trail reports provide a documented history of all changes, allowing auditors to
verify that only authorized modifications were made.

Results for question 70.

1 / 1 point

To improve system control and reduce risks, which of the following would be an essential
feature to add to Tiger-Dragons' SPL management?

Correct answer:

Passwords, audit trails, and version control for all programs

Reduced testing procedures to improve efficiency

, Not Selected

Open library policies for all programmers

, Not Selected

Unrestricted download access for quick modifications

, Not Selected

Feedback

General Feedback

Answer: Passwords, audit trails, and version control for all programs
Explanation: Implementing these controls provides security and accountability, reducing the risks
of unauthorized access and ensuring only approved program versions are used.

Instructions

Case: Golden Spikers Inc. - Audit Concerns in AR File Verification

Golden Spikers Inc., a nationwide supplier of high-performance volleyball equipment, is undergoing

an audit of its financial records. As the external auditor, you are performing substantive tests to
confirm the accuracy of the accounts receivable (AR) file. Due to the large size and complexity of
the database structure, you cannot directly access the AR records. Instead, Golden Spikers’
systems programmer has created a special application to extract and compile the data into a flat
file for your review.

As you begin your verification, you recognize potential risks related to data integrity in the flat file
extraction process. You know that, in some cases, there is a risk that specific accounts might be
altered or omitted during the creation of the flat file. Therefore, you consider whether to proceed
with the flat file or to develop an independent data extraction method.

Results for question 71.

1 / 1 point

What primary risk should the auditor consider when relying on a flat file generated by Golden
Spikers' systems programmer?

Reduced accuracy in financial reporting

, Not Selected

Faster turnaround in accessing AR data

, Not Selected

Correct answer:

The possibility of data omission or manipulation in the flat file

Increased efficiency in data testing

, Not Selected

Feedback

General Feedback

Answer: The possibility of data omission or manipulation in the flat file

Explanation: When the auditor relies on an externally created flat file, there is a risk that data might
be intentionally or accidentally omitted or altered, compromising the audit’s reliability.

Results for question 72.

1 / 1 point

Which action should the auditor take to ensure data integrity when provided a flat file for
testing purposes by Golden Spikers?
Rely solely on the provided flat file without further verification

, Not Selected

Conduct tests only on the records visible in the flat file

, Not Selected

Correct answer:

Review the procedures used to create the flat file and consider alternative extraction methods

Request a hard copy of the original database

, Not Selected

Feedback

General Feedback

Answer: Review the procedures used to create the flat file and consider alternative extraction
methods
Explanation: By reviewing the file creation procedures and exploring independent extraction
methods, the auditor can reduce the risk of relying on potentially altered or incomplete data.

Results for question 73.

1 / 1 point

Why might an auditor with programming skills consider writing their own data extraction
routines instead of using Golden Spikers' flat file?

To expedite the audit and save on costs

, Not Selected

To allow the systems programmer more flexibility

, Not Selected

Correct answer:

To avoid potential data integrity issues introduced by client-prepared files

To minimize the time spent on audit testing

, Not Selected

Feedback

General Feedback
Answer: To avoid potential data integrity issues introduced by client-prepared files
Explanation: Creating an independent extraction routine allows the auditor to ensure data integrity,
as it bypasses the need to rely on the client’s programmer and reduces the risk of omitted or
manipulated data.

Results for question 74.

1 / 1 point

If the auditor suspects that certain accounts in Golden Spikers' AR file could be fraudulently
omitted in the flat file, which procedure would best address this concern?

Test only a sample from the flat file provided

, Not Selected

Perform substantive testing on the unaltered original database

, Not Selected

Correct answer:

Conduct an independent data extraction process if feasible

Increase reliance on Golden Spikers' internal audit reports

, Not Selected

Feedback

General Feedback

Answer: Conduct an independent data extraction process if feasible

Explanation: Using an independent extraction process can help the auditor directly access the
data needed and mitigate risks of omission or alteration by the client.

Results for question 75.

1 / 1 point

What additional step should an auditor take after receiving the flat file generated by the
Golden Spikers’ systems programmer?

Skip further validation as the flat file is generated by an internal expert

, Not Selected

Request the systems programmer’s approval of the flat file

, Not Selected
Perform only high-level review procedures on the flat file contents

, Not Selected

Correct answer:

Evaluate the accuracy and completeness of the flat file against known records

Feedback

General Feedback

Answer: Evaluate the accuracy and completeness of the flat file against known records
Explanation: By comparing the flat file contents with known records, the auditor can verify its
accuracy and completeness, helping to detect any anomalies or omissions.

Instructions

Case: Tiger Sands - Risk Identification and Audit Concerns in AR Confirmation Process

Tiger Sands, a high-end supplier of beach and coastal equipment, relies heavily on an embedded
audit module (EAM) in its accounts receivable (AR) confirmation process. This EAM is configured to
record only “material” invoices to the audit file for external confirmation by customers. As the
manager of the external audit team, you have identified a potential risk: by focusing exclusively on
large invoices, small transactions could accumulate unnoticed, potentially overstating the AR
balance.

This concern raises a red flag, as an organized scheme involving multiple small invoices could
evade detection in the confirmation process. Additionally, there is a risk of an elaborate accounts
receivable lapping scheme, where collections from smaller invoices might be misappropriated and
cycled through customer accounts to conceal fraud.

Results for question 76.

1 / 1 point

Why is the auditor concerned that only “material” invoices are selected for confirmation in the
AR audit process at Tiger Sands?

The EAM system ensures all invoices are adequately reviewed, regardless of size.
, Not Selected

Material invoices are likely to be more prone to errors than smaller ones.

, Not Selected

Correct answer:

Small invoices may collectively amount to a material total, potentially overstating AR.

Confirming only material invoices is a typical audit practice with minimal risk.

, Not Selected

Feedback

General Feedback

Answer: Small invoices may collectively amount to a material total, potentially overstating AR.
Explanation: Excluding small invoices from confirmation could enable a scheme where immaterial
amounts accumulate into a significant discrepancy, leading to AR overstatement.

Results for question 77.

1 / 1 point

What audit risk is associated with Tiger Sands’ current EAM setup, which confirms only
material invoices?

Correct answer:

It could allow an organized lapping scheme to go undetected.

It results in fewer invoices being confirmed, saving audit resources.

, Not Selected

It inherently reduces the risk of overstatement in AR balances.

, Not Selected

It confirms both material and immaterial invoices equally.

, Not Selected

Feedback

General Feedback

Answer: It could allow an organized lapping scheme to go undetected.

Explanation: Lapping schemes often involve small, repeated misappropriations, which may evade
detection if only large invoices are confirmed.
Results for question 78.

1 / 1 point

As the audit team manager, what initial step should you take to determine if Tiger Sands’ AR is
overstated due to small unconfirmed invoices?

Increase the threshold for material invoices in the EAM system.

, Not Selected

Assume the AR balance is correct based on confirmed material invoices alone.

, Not Selected

Correct answer:

Investigate a sample of immaterial invoices for possible discrepancies.

Review only the largest invoices to ensure they are accurate.

, Not Selected

Feedback

General Feedback

Answer: Investigate a sample of immaterial invoices for possible discrepancies.

Explanation: Sampling smaller invoices for confirmation can reveal if small discrepancies
collectively impact the AR balance and uncover potential fraud.

Results for question 79.

1 / 1 point

What potential fraud scheme is most likely to evade detection if Tiger Sands’ EAM only
captures material invoices?

Duplicate invoicing for major clients

, Not Selected

Correct answer:

Lapping of accounts receivable

Over-recording revenue from large transactions

, Not Selected

Misstatement of large accounts

, Not Selected

Feedback

General Feedback

Answer: Lapping of accounts receivable

Explanation: Lapping typically involves smaller, ongoing misappropriations which may not trigger
confirmation if the EAM excludes immaterial transactions.

Results for question 80.

1 / 1 point

If discrepancies are found in the sample of immaterial invoices, what action should the
auditor take next?

Request Tiger Sands to reconfigure the EAM to include only large invoices.

, Not Selected

Correct answer:

Investigate prior years’ AR balances for similar issues.

Assume no further action is required beyond the current year.

, Not Selected

Ignore prior years, as only current year discrepancies matter.

, Not Selected

Feedback

General Feedback

Answer: Investigate prior years’ AR balances for similar issues.

Explanation: If current year immaterial invoices show discrepancies, prior years’ records should be
reviewed to detect potential patterns of misstatement.

Results for question 81.

1 / 1 point

What is the primary purpose of reviewing small, immaterial invoices in the AR confirmation
process?

To confirm Tiger Sands’ compliance with financial regulations

, Not Selected
Correct answer:

To detect possible embezzlement schemes involving small amounts

To focus on high-risk, material invoices only

, Not Selected

To speed up the AR confirmation process

, Not Selected

Feedback

General Feedback

Answer: To detect possible embezzlement schemes involving small amounts

Explanation: Small amounts can add up to significant totals if embezzled over time, making it
essential to review immaterial invoices for potential fraud detection.

Results for question 82.

1 / 1 point

What could Tiger Sands do to mitigate the risk of AR overstatement due to small, unconfirmed
invoices?

Exclude immaterial invoices entirely to simplify auditing.

, Not Selected

Confirm only high-value invoices as a control measure.

, Not Selected

Change the EAM to record every transaction, large or small.

, Not Selected

Correct answer:

Include a random sample of immaterial invoices in the confirmation process.

Feedback

General Feedback

Answer: Include a random sample of immaterial invoices in the confirmation process.

Explanation: Adding a sample of smaller invoices ensures that any accumulation of minor
discrepancies is addressed, reducing the risk of AR overstatement.

Instructions
When answering the multiple-choice questions, begin by carefully reading the case to understand
the main points. As you work through each question, think about what it’s asking and review all the
answer choices before making your selection. Use details from the case to help you choose the
correct answer. Make sure to answer every question by selecting the answer you believe is best. If
you have time, review your answers before submitting to ensure they accurately reflect your
understanding of the case.

Case: Yellow Jackets Office Solutions – Risks in Audit Modules and System Integrity

Yellow Jackets Office Solutions, a provider of office equipment and digital solutions, installed
embedded audit modules (EAMs) two years ago to support its transaction processing and auditing
requirements. The installation and programming of these EAMs were managed under the
supervision of an external audit firm to ensure that critical transactions were logged for audit
purposes.

During this year's audit process, the external auditors requested a transaction log of all records
copied to the audit file for review. However, the auditors observed significant gaps in dates and
times for recorded transactions. Upon investigation, they discovered that, due to the increased load
on the mainframe, system operators often disabled the EAMs to ensure efficient processing of high-
priority transactions. Additionally, the application programs had undergone extensive maintenance
over the past year, raising concerns about undocumented or unauthorized changes to the system.

Results for question 83.

1 / 1 point

What primary risk arises from operators frequently disabling the EAMs at Yellow Jackets
Office Solutions?

Reduction in audit time and resources needed.

, Not Selected

Improved processing speed for high-priority transactions.

, Not Selected

Enhanced reliability of transactions recorded in the audit file.

, Not Selected

Correct answer:

Unauthorized or undetected transactions may bypass audit logging.

Feedback

General Feedback
Answer: Unauthorized or undetected transactions may bypass audit logging.
Explanation: By turning off EAMs, essential transactions could escape logging, creating a gap in the
audit trail and increasing the risk of unauthorized or fraudulent activity going undetected.

Results for question 84.

1 / 1 point

How should the external auditors proceed to ensure that any changes to Yellow Jackets'
application programs are legitimate and documented?

Correct answer:

Review program change authorizations and reconcile version numbers.

Ignore small maintenance updates since they are routine.

, Not Selected

Approve all program changes after reviewing the audit report.

, Not Selected

Request that the system operators maintain the EAMs permanently off for reliability.

, Not Selected

Feedback

General Feedback

Answer: Review program change authorizations and reconcile version numbers.

Explanation: Auditors should verify that any program modifications are authorized, documented,
and reflected accurately in the program version history to prevent unauthorized alterations.

Results for question 85.

1 / 1 point

What should auditors ensure regarding system programmers' access to Yellow Jackets’
system?

Correct answer:

Programmers only have access to the source code and not the running application or compilers.

Programmers have full access to all aspects of the system to troubleshoot effectively.

, Not Selected

Programmers can access the running application but not the compilers.
, Not Selected

Programmers have restricted access only to the mainframe processing unit.

, Not Selected

Feedback

General Feedback

Answer: Programmers only have access to the source code and not the running application or
compilers.
Explanation: Restricting programmers to source code access reduces the risk of unauthorized
program changes, as they cannot run or alter live applications without approval.

Results for question 86.

1 / 1 point

What specific control should Yellow Jackets implement to monitor undocumented program
changes?

Allow EAMs to run only during routine transactions and maintenance updates.

, Not Selected

Ignore documentation for minor application changes to improve processing time.

, Not Selected

Correct answer:

Enforce version control for each application change and reconcile with change records.

Increase the processing speed to handle both EAM and transaction loads.

, Not Selected

Feedback

General Feedback

Answer: Enforce version control for each application change and reconcile with change records.
Explanation: Version control ensures that each change to the application is recorded, and any
discrepancies can be traced back to prevent unauthorized modifications.

Results for question 87.

1 / 1 point
What is a potential exposure when application maintenance activities at Yellow Jackets are
not fully documented?

Increased reliability of the audit file logs.

, Not Selected

Faster transaction processing with fewer system checks.

, Not Selected

Correct answer:

Unauthorized program modifications may occur, compromising data integrity.

Reduced need for operator intervention in audit processes.

, Not Selected

Feedback

General Feedback

Answer: Unauthorized program modifications may occur, compromising data integrity.

Explanation: Without proper documentation, there is a risk that unauthorized changes could go
unnoticed, potentially affecting the reliability of data and audit outcomes.

Results for question 88.

1 / 1 point

To enhance the integrity of transaction records, what action should the external auditors
recommend regarding the EAMs at Yellow Jackets?

Exclude small transactions from EAM logging to conserve resources.

, Not Selected

Correct answer:

Require continuous operation of EAMs, regardless of system load.

Set EAMs to activate only during low-priority transactions.

, Not Selected

Permit operators to disable EAMs as needed to improve efficiency.

, Not Selected

Feedback

General Feedback
Answer: Require continuous operation of EAMs, regardless of system load.
Explanation: Continuous operation of EAMs ensures that all transactions, regardless of priority, are
logged, providing a complete audit trail without gaps.

Results for question 89.

1 / 1 point

If CASE (Computer-Aided Software Engineering) tools are being used at Yellow Jackets, what
control should the auditors verify?

Correct answer:

Built-in documentation of program changes is enabled and enforced.

Programmers can disable version controls for minor updates.

, Not Selected

CASE tools automatically bypass EAM for priority tasks.

, Not Selected

CASE tools allow direct access to the mainframe database.

, Not Selected

Feedback

General Feedback

Answer: Built-in documentation of program changes is enabled and enforced.

Explanation: Ensuring that CASE tools document all program modifications provides a reliable
history of changes, supporting effective audits and control of unauthorized changes.

Results for question 90.

1 / 1 point

In the current scenario at Yellow Jackets, what is the potential effect of disabling the EAMs on
audit accuracy?

Reduced system load increases the accuracy of transaction logs.

, Not Selected

Correct answer:

Transaction records may be incomplete, leading to inaccurate audit findings.

The audit process becomes faster and more efficient with fewer records.
, Not Selected

EAM disabling helps capture only the most material transactions.

, Not Selected

Feedback

General Feedback

Answer: Transaction records may be incomplete, leading to inaccurate audit findings.

Explanation: Turning off EAMs can create gaps in the transaction log, resulting in incomplete data
for the audit, which may lead to inaccurate conclusions.

Instructions

Case: Teletigers Communication Systems - Auditing Systems Development Procedures

Teletigers Communication Systems, a leading provider of telecommunications services in the

Philippines, has recently implemented an internal communication management system. This
system aims to streamline customer support, billing, and internal project management. Given the
system's complexity, Teletigers engaged their external auditors to review their systems
development process, ensuring that proper controls were followed throughout the development
lifecycle.

The auditors’ objectives are to confirm that:

1. The system was deemed necessary and was justified at various checkpoints throughout the
Systems Development Life Cycle (SDLC).

2. Systems development activities were applied consistently and in accordance with

Teletigers' internal policies for all development projects.

3. The system, as initially implemented, was free from significant errors or potential for fraud.

4. System documentation is accurate and complete, facilitating effective audit and

maintenance.

The audit identified six main activities that provide critical control evidence:
• Systems Authorization: Verifying that all systems are formally authorized before
development.

• User Specification: Ensuring users created detailed, clear specifications for their needs,
which are documented.

• Technical Design: Confirming that technical requirements are thoroughly analyzed and
documented to meet user needs.

• Internal Audit Participation: Verifying active participation by the internal audit team at key
decision points throughout the SDLC.

• Program Testing: Ensuring each program module undergoes rigorous testing to confirm
error-free functionality.

• User Testing and Acceptance: Validating that the completed system was fully tested and
formally accepted by users before being deployed.

Audit Tests: To meet these objectives, the auditors sampled completed projects and reviewed
authorization records, user specifications, technical design documents, and internal audit
participation. They also verified that program testing was documented and that test results were
saved for future reference. Finally, the audit reviewed maintenance authorizations and reconciled
program version numbers to confirm the accuracy and integrity of any modifications.

Results for question 91.

1 / 1 point

What is the primary purpose of the Systems Authorization activity in Teletigers’ systems
development process?

To provide users with the authority to manage the system's technical needs.

, Not Selected

To permit unrestricted access to system documentation for all staff.

, Not Selected

Correct answer:

To ensure that all systems are economically justified and formally approved.

To maintain a high level of technical design within the system.

, Not Selected

Feedback

General Feedback
Answer: To ensure that all systems are economically justified and formally approved.
Explanation: Systems Authorization confirms the project’s feasibility and justification, ensuring
each system is formally approved before development starts.

Results for question 92.

1 / 1 point

How does User Specification contribute to Teletigers’ SDLC control environment?

By giving technical teams control over the system design process.

, Not Selected

By enabling developers to perform user tasks for accuracy.

, Not Selected

Correct answer:

By involving users in specifying needs, ensuring the system aligns with operational requirements.

By limiting user input to reduce complexity in system development.

, Not Selected

Feedback

General Feedback

Answer: By involving users in specifying needs, ensuring the system aligns with operational
requirements.
Explanation: User Specification ensures that the system meets operational requirements,
capturing the needs as defined by users for accurate development.

Results for question 93.

1 / 1 point

What role does Internal Audit Participation play in Teletigers’ systems development controls?

Reduces the workload of systems developers by overseeing testing.

, Not Selected

Correct answer:

Provides an independent review to ensure compliance with governance requirements.

Allows IT staff to manage audit tasks independently of other departments.

, Not Selected

Ensures only technical issues are reviewed during development.

, Not Selected

Feedback

General Feedback

Answer: Provides an independent review to ensure compliance with governance requirements.

Explanation: Internal Audit Participation ensures the SDLC process aligns with governance and
compliance requirements by providing an independent assessment.

Results for question 94.

1 / 1 point

Why is Program Testing critical in Teletigers’ systems development process?

Correct answer:

To identify programming and logic errors by testing all branches of logic before implementation.

To ensure user specifications are collected accurately.

, Not Selected

To maintain strict control over access to technical specifications.

, Not Selected

To allow shortcuts in documentation for faster deployment.

, Not Selected

Feedback

General Feedback

Answer: To identify programming and logic errors by testing all branches of logic before
implementation.
Explanation: Program Testing identifies potential errors by testing each module’s logic before
deployment, helping prevent issues post-implementation.

Results for question 95.

1 / 1 point

What objective does User Testing and Acceptance achieve at Teletigers?

Correct answer:

Ensures the final system meets user requirements and functions as expected before deployment.

Allows only the technical team to assess system usability.

, Not Selected

Limits system changes post-deployment by locking out further updates.

, Not Selected

Reduces the need for user involvement during development.

, Not Selected

Feedback

General Feedback

Answer: Ensures the final system meets user requirements and functions as expected before
deployment.
Explanation: User Testing and Acceptance validate that the system meets specified requirements,
with users verifying functionality before it goes live.

Results for question 96.

1 / 1 point

What is the purpose of testing controls in Teletigers’ SDLC audit?

To streamline user specifications with minimal documentation.

, Not Selected

Correct answer:

To confirm that each phase of the SDLC is documented and followed accurately.

To ensure only economic feasibility is documented for each project.

, Not Selected

To allow the IT team to complete tasks independently of audits.

, Not Selected

Feedback

General Feedback
Answer: To confirm that each phase of the SDLC is documented and followed accurately.
Explanation: Testing controls ensure compliance with the SDLC phases, with appropriate
documentation maintained as evidence.

Results for question 97.

1 / 1 point

In the Teletigers audit, why should the auditor verify program version numbers?

To ensure only senior management has access to the system.

, Not Selected

To limit testing only to the latest version of the program.

, Not Selected

Correct answer:

To confirm that all authorized changes are documented and tracked.

To identify user access rights within the system.

, Not Selected

Feedback

General Feedback

Answer: To confirm that all authorized changes are documented and tracked.
Explanation: Program version numbers are tracked to confirm each authorized change, ensuring
transparency and control over modifications.

Results for question 98.

1 / 1 point

During the audit, why would auditors review Teletigers' technical design activities?

To prioritize efficiency over accuracy in system design.

, Not Selected

Correct answer:

To ensure that design activities accurately translate user needs into technical specifications.

To simplify the technical documentation process.

, Not Selected
To reduce the need for rigorous user testing.

, Not Selected

Feedback

General Feedback

Answer: To ensure that design activities accurately translate user needs into technical
specifications.
Explanation: Reviewing technical design activities ensures that user needs are translated into a
functional system that meets specified requirements.

Results for question 99.

1 / 1 point

How does saving test data support Teletigers' systems development controls?

It minimizes the involvement of users in the testing process.

, Not Selected

It allows for quicker updates by bypassing additional testing phases.

, Not Selected

Correct answer:

It provides a reference for comparing future test results to confirm system integrity.

It reduces the overall cost of program testing and documentation.

, Not Selected

Feedback

General Feedback

Answer: It provides a reference for comparing future test results to confirm system integrity.
Explanation: Saving test data allows auditors to reference previous results, ensuring that no
unauthorized changes impact system functionality.

Results for question 100.

100

1 / 1 point

What is the main objective of verifying user involvement in system specification at Teletigers?

Correct answer:
To ensure the system aligns with operational requirements and user needs.

To prevent users from altering system functionality post-deployment.

, Not Selected

To minimize technical complexities in the system design.

, Not Selected

To streamline the development process by limiting user input.

, Not Selected

Feedback

General Feedback

Answer: To ensure the system aligns with operational requirements and user needs.
Explanation: User involvement ensures that the system is designed to meet specific operational
needs, fostering a more effective developme

RR Trent 60
100% (6)
RR Trent 60
39 pages
CAS-005 Dumps
No ratings yet
CAS-005 Dumps
7 pages
CISA Dumps Isaca CISA: 100% Valid and Newest Version CISA Questions & Answers Shared by Certleader
100% (1)
CISA Dumps Isaca CISA: 100% Valid and Newest Version CISA Questions & Answers Shared by Certleader
7 pages
SDLC Control and Audit Guide
No ratings yet
SDLC Control and Audit Guide
24 pages
Solution Manual For Information Technology Auditing 4th Edition Hall 1133949886 9781133949886
100% (66)
Solution Manual For Information Technology Auditing 4th Edition Hall 1133949886 9781133949886
36 pages
(Bagayao) Afar Quicknotes
50% (2)
(Bagayao) Afar Quicknotes
538 pages
Summative Assessment 2 IT
100% (1)
Summative Assessment 2 IT
9 pages
Demand Analysis of Maggi
83% (6)
Demand Analysis of Maggi
8 pages
Ict Policies and Issues Implication To Teaching and Learning
100% (3)
Ict Policies and Issues Implication To Teaching and Learning
25 pages
Fsadasgfas
No ratings yet
Fsadasgfas
4 pages
Chpater 9 ANS
No ratings yet
Chpater 9 ANS
3 pages
Ch05 SDLC
100% (3)
Ch05 SDLC
19 pages
SM Ch7
50% (2)
SM Ch7
9 pages
17
No ratings yet
17
43 pages
SM 17 New
No ratings yet
SM 17 New
40 pages
Quiz On Chapter 17: Ul-College of Accountancy Csc42: Auditing in A Cis Environment
No ratings yet
Quiz On Chapter 17: Ul-College of Accountancy Csc42: Auditing in A Cis Environment
5 pages
Bookkeeping (Second Part)
100% (3)
Bookkeeping (Second Part)
38 pages
JAMES A. HALL - Accounting Information System Chapter 17
100% (1)
JAMES A. HALL - Accounting Information System Chapter 17
41 pages
True False
No ratings yet
True False
5 pages
Acctg. 325 - PF Quiz#1
No ratings yet
Acctg. 325 - PF Quiz#1
6 pages
WILP Brochure
No ratings yet
WILP Brochure
20 pages
Systems Development & Control Audit
No ratings yet
Systems Development & Control Audit
12 pages
Gear / Gearbox Transmission Error (TE)
No ratings yet
Gear / Gearbox Transmission Error (TE)
1 page
Ups Lyonn Rackeable
No ratings yet
Ups Lyonn Rackeable
2 pages
It6 SDC Report
No ratings yet
It6 SDC Report
26 pages
MGT301 MIDTERM Solved PDF
100% (2)
MGT301 MIDTERM Solved PDF
69 pages
IR-ADV C3530 C3525 C3520 III Series Partscatalog E EUR
No ratings yet
IR-ADV C3530 C3525 C3520 III Series Partscatalog E EUR
138 pages
IT Audit Control
No ratings yet
IT Audit Control
54 pages
Implementing Merchandise Plans
100% (4)
Implementing Merchandise Plans
19 pages
Control Audit and Security of Information System: Units
No ratings yet
Control Audit and Security of Information System: Units
58 pages
Chapter 17-IT Controls Part III: Systems Development, Program Changes, and Application Controls
No ratings yet
Chapter 17-IT Controls Part III: Systems Development, Program Changes, and Application Controls
15 pages
SM-17-9th Ed Final
No ratings yet
SM-17-9th Ed Final
48 pages
CS507 Quiz # 4 Solved by Usman
No ratings yet
CS507 Quiz # 4 Solved by Usman
24 pages
Mod H
No ratings yet
Mod H
103 pages
Final Auditing 5 Reviewer
No ratings yet
Final Auditing 5 Reviewer
2 pages
Ek Ehsaas Ek Vishwas
No ratings yet
Ek Ehsaas Ek Vishwas
32 pages
Law On Partnership and Corporation Study Guide
No ratings yet
Law On Partnership and Corporation Study Guide
18 pages
IT Controls Part III: Systems Development, Program Changes, and Application Controls
No ratings yet
IT Controls Part III: Systems Development, Program Changes, and Application Controls
41 pages
An Introduction To Hadoop
No ratings yet
An Introduction To Hadoop
12 pages
Chapter 12
No ratings yet
Chapter 12
12 pages
Cis Prelim Exam 45 COPIES
No ratings yet
Cis Prelim Exam 45 COPIES
11 pages
Iau 300 - 2022 Yt 1 - Q - Final
No ratings yet
Iau 300 - 2022 Yt 1 - Q - Final
11 pages
Case Study
No ratings yet
Case Study
9 pages
CIS Midterms Exam
No ratings yet
CIS Midterms Exam
4 pages
Compression: DMET501 - Introduction To Media Engineering
No ratings yet
Compression: DMET501 - Introduction To Media Engineering
26 pages
LAB 1 - Matlab Basic
100% (1)
LAB 1 - Matlab Basic
26 pages
ACIS - Auditing Computer Information System
100% (1)
ACIS - Auditing Computer Information System
10 pages
BE Module 5
No ratings yet
BE Module 5
16 pages
IT Auditing Essentials for Auditors
No ratings yet
IT Auditing Essentials for Auditors
48 pages
CISA Exam Dumps and Questions Guide
No ratings yet
CISA Exam Dumps and Questions Guide
7 pages
Chapter Eight
No ratings yet
Chapter Eight
42 pages
Chapter 17 It Controls Part III Systems Development Program Changes and Application Controls
No ratings yet
Chapter 17 It Controls Part III Systems Development Program Changes and Application Controls
15 pages
CHAPTER 7 - 8 Acise
No ratings yet
CHAPTER 7 - 8 Acise
8 pages
Domain 6 Questions
No ratings yet
Domain 6 Questions
6 pages
Exploring Strategy, Text and Cases - (1 Introducing Strategy)
No ratings yet
Exploring Strategy, Text and Cases - (1 Introducing Strategy)
29 pages
Local Media7707301369137256841
No ratings yet
Local Media7707301369137256841
33 pages
Self-Reflection On Instructional Coaching (1) 2
No ratings yet
Self-Reflection On Instructional Coaching (1) 2
3 pages
AFC Notes Last Year
No ratings yet
AFC Notes Last Year
81 pages
ZBAA
No ratings yet
ZBAA
53 pages
Bhatti 062014
No ratings yet
Bhatti 062014
41 pages
PFRS Reviewer
No ratings yet
PFRS Reviewer
6 pages
IT Audit 4ed SM Ch7
No ratings yet
IT Audit 4ed SM Ch7
10 pages
W5 - Hall Asia Edition PP - Ch17-Updated
No ratings yet
W5 - Hall Asia Edition PP - Ch17-Updated
32 pages
NJVP2K8 App Slip
No ratings yet
NJVP2K8 App Slip
3 pages
Dhruv Arora - Resume
No ratings yet
Dhruv Arora - Resume
1 page
Model Questions
No ratings yet
Model Questions
13 pages
Bro vd10 20140115
No ratings yet
Bro vd10 20140115
2 pages
Oilfield Chemical Solutions
No ratings yet
Oilfield Chemical Solutions
13 pages
Cisa Note2
No ratings yet
Cisa Note2
28 pages
Module8 SysDevt ApplicationControls
No ratings yet
Module8 SysDevt ApplicationControls
49 pages
Module 8 Systems Development Controls and Application Controls
No ratings yet
Module 8 Systems Development Controls and Application Controls
6 pages
Auditing in A Computerized Environment
No ratings yet
Auditing in A Computerized Environment
42 pages
0 To 100 CISA Dumps
No ratings yet
0 To 100 CISA Dumps
21 pages
Write The Room
No ratings yet
Write The Room
11 pages
Cis Controls Without 1
No ratings yet
Cis Controls Without 1
5 pages
CISA Exam 2023: Questions & Answers
No ratings yet
CISA Exam 2023: Questions & Answers
11 pages
Auditing in A CIS Environment
No ratings yet
Auditing in A CIS Environment
10 pages
Forex Transactions
No ratings yet
Forex Transactions
13 pages
M4 Lec01 Distinguishing Between and Among Fraud, Error, and Non-Compliance 3
No ratings yet
M4 Lec01 Distinguishing Between and Among Fraud, Error, and Non-Compliance 3
89 pages
AA MCQs Ch5
No ratings yet
AA MCQs Ch5
3 pages
30 MCQs With Answers
100% (1)
30 MCQs With Answers
6 pages
Cold Storage: Air Coolers vs. Bunker Coils
No ratings yet
Cold Storage: Air Coolers vs. Bunker Coils
6 pages
Aais Final Notes
No ratings yet
Aais Final Notes
51 pages
Dr. Naheed Zamani Clinic Lahore - Top Doctors, Fees, Contact Number
No ratings yet
Dr. Naheed Zamani Clinic Lahore - Top Doctors, Fees, Contact Number
1 page
CISA - Practice Questions and Answers v1.0
No ratings yet
CISA - Practice Questions and Answers v1.0
680 pages
Cis Audit Midterm Summative
No ratings yet
Cis Audit Midterm Summative
32 pages
TB 17 New
No ratings yet
TB 17 New
14 pages
Mcy JSD
No ratings yet
Mcy JSD
145 pages