AUD Sample CPA Exam Questions

Weekly Review Quiz #354 - AUD: IT Evidence-Gathering Procedures

Thank you for taking our Auditing and Attestation (AUD) review quiz. Check back again for five new sample AUD CPA questions to help you prepare for the exam.

_____________________________________________________________________________________________________________________

Question 1

Which of the following is a computer-assisted audit technique that permits an auditor to insert the auditor's version of a client's program to process data and compare the output with the client's output?

  1. Test data module
  2. Frame relay protocol
  3. Remote node router
  4. Parallel simulation

The correct answer is: D.

A. Incorrect... Test data are a means of testing a client program using fake (test) data. The test data are created to include both valid and invalid conditions.

B. Incorrect... Frame relay is a protocol standard that allows local area networks (LAN) to quickly and efficiently transmit information from a user device to LAN bridges and routers.

C. Incorrect... A remote node router enables access to the company local area network (LAN) from computers or terminals located away from the main network, e.g., a branch office or a travelling user with a laptop.

D. Correct! In parallel simulation, a program is created by the auditor to process data that can then be compared to the same data processed by the client's program.

_____________________________________________________________________________________________________________________

Question 2

In auditing an entity's computerized payroll transactions, an auditor would be least likely to use test data to test controls concerning:

  1. Overpayment of employees for hours not worked.
  2. Control and distribution of unclaimed checks.
  3. Withholding of taxes and Social Security contributions.
  4. Missing employee identification numbers.

The correct answer is: B.

A. Incorrect... "Test data" would be useful in testing controls related to computations, including payments (overpayments) to employees for hours worked (not worked).

B. Correct! "Test data" would not be helpful in evaluating physical security controls over unclaimed checks or other documents.

C. Incorrect... "Test data" would be useful in testing controls related to computations, including withholding of taxes and Social Security contributions.

D. Incorrect... "Test data" would be useful in testing whether controls appropriately identify missing data fields, such as missing employee identification numbers.

_____________________________________________________________________________________________________________________

Question 3

When an auditor tests the internal controls of a computerized accounting system, which of the following is true of the test data approach?

  1. Test data are coded to a dummy subsidiary so they can be extracted from the system under actual operating conditions.
  2. Test data programs need not be tailor-made by the auditor for each client's computer applications.
  3. Test data programs usually consist of all possible valid and invalid conditions regarding compliance with internal controls.
  4. Test data are processed with the client's computer and the results are compared with the auditor's predetermined results.

The correct answer is: D.

A. Incorrect... The integrated test facility technique inserts a small set of fictitious records representing a fictitious division or dummy subsidiary into the master files. Test transactions are then processed to update these records to verify that the system and controls are operating properly.

B. Incorrect... Test data are used to test the client's programs. They are not test data programs.

C. Incorrect... It is not necessary (or feasible) to test ALL possible valid and invalid conditions. In addition, test data, not test data programs, are used to test the client's programs.

D. Correct! Test data are simulated data that include both valid and invalid conditions. They are processed using the client's programs, which should accept the valid data and reject invalid data. Results are compared to the auditor's predetermined results to check the accuracy of the computer processing of transactions.

_____________________________________________________________________________________________________________________

Question 4

An auditor who wishes to capture an entity's data as transactions are processed and continuously test the entity's computerized information system most likely would use which of the following techniques?

  1. Snapshot application
  2. Embedded audit module
  3. Integrated data check
  4. Test data generator

The correct answer is: B.

A. Incorrect... A snapshot application takes "pictures" of the client's master file records before and after processing. It reviews the way transactions are processed. It does not enable continuous monitoring and testing of the client's computerized information system.

B. Correct! An embedded audit module is a program inserted into the client's system to capture designated transactions, such as large or unusual transactions, for later review by the auditor. It enables the auditor to continuously test the client's computerized information system.

C. Incorrect... An integrated data check most likely refers to the type of test performed using an integrated test facility. This test involves the insertion of fictitious records into a fictitious division, branch, supplier, etc. into the master files. Testing can be performed without the knowledge of company employees, as dummy and actual records are processed concurrently. The test is performed, however, at specific points in time. It does not enable continuous monitoring and testing of the client's computerized information system.

D. Incorrect... A test data generator creates test data based on program specifications. The test data can then be used to test the client's program. Test data would typically include valid and invalid data. Test data enable testing of the client's program at specific points in time. They do not enable continuous monitoring and testing of the client's computerized information system.

_____________________________________________________________________________________________________________________

Question 5

Which of the following strategies would a CPA most likely consider in auditing an entity that processes most of its financial data only in electronic form, such as a paperless system?

  1. Continuous monitoring and analysis of transaction processing with an embedded audit module
  2. Increased reliance on internal control activities that emphasize the segregation of duties
  3. Verification of encrypted digital certificates used to monitor the authorization of transactions
  4. Extensive testing of firewall boundaries that restrict the recording of outside network traffic

The correct answer is: A.

A. Correct! An audit of an entity with primarily electronic data systems would be more likely to include continuous monitoring and analysis via an embedded audit module because in such environments transactions or accounting records may be available on a temporary basis and in machine-readable form only. As a result, testing would need to be performed continuously, rather than at a single time. An embedded audit module is a computer program inserted by the auditor into the client's application system. The audit module selects transactions, e.g., large or unusual transactions, for further review and testing by the auditor.

B. Incorrect... In electronic data systems, all of the general controls, not just segregation of duties, would require evaluation. For example, the auditor would also be concerned with physical and online security.

C. Incorrect... The verification of encrypted digital certificates addresses just a portion of one of the general controls that would be of concern to the auditor. In addition, such testing would occur at a single point in time and the auditor's greater concern would be continuous monitoring of the client's system.

D. Incorrect... Extensive testing of firewalls addresses just a portion of one of the general controls that would be of concern to the auditor. The auditor would be more concerned with the continuous monitoring of the client's system.

_____________________________________________________________________________________________________________________

End of Quiz

We hope you found this week's quiz helpful. These questions are just a small sample of what you will find in Wiley CPAexcel. Visit our Weekly Review Quiz Archive to view past quizzes with answers and rationales. If you haven't already done so, Sign Up to receive our free review quizzes every week via email.

Our courseware contains over 2,600 pages of electronic study text, over 5,400 proficiency questions, over 5,100 past exam questions, over 4,100 electronic flashcards, over 460 task-based simulations and personalized progress reports to manage and track your mastery of the material. Learn more about Wiley CPAexcel.

Video Gold Medal Course - This course is your complete solution for CPA Exam success. Learn more.