Welcome to the Weekly Review Quiz!

Weekly Review Quiz #350 - AUD: IT Controls – General Controls

Thank you for taking our weekly review quiz.

_____________________________________________________________________________________________________________________

Question 1

In building an electronic data interchange (EDI) system, what process is used to determine which elements in the entity's computer system correspond to the standard data elements?

  1. Mapping
  2. Translation
  3. Encryption
  4. Decoding

The correct answer is: A.

A. Correct! In an EDI system, a standard format is adopted. Mapping is the process by which the elements in the client's computer system are related to the standard data elements.

B. Incorrect... Translation is the process by which messages are changed from one form to another form.

C. Incorrect... Encryption is the process used to encode a message from plain text to a secret code.

D. Incorrect... Decoding is the process used to translate an encrypted message back into plain text.

_____________________________________________________________________________________________________________________

Question 2

Which of the following procedures would an entity most likely include in its disaster recovery plan?

  1. Convert all data from EDI format to an internal company format.
  2. Maintain a Trojan horse program to prevent illicit activity.
  3. Develop an auxiliary power supply to provide uninterrupted electricity.
  4. Store duplicate copies of files in a location away from the computer center.

The correct answer is: D.

A. Incorrect... Converting data from an EDI format to an internal company format is a processing step. It would not necessarily aid the company in restoring and maintaining operations in the event of a disaster.

B. Incorrect... A Trojan horse is a legitimate program that contains an unauthorized component. The "extra" programming typically performs an illegal and/or destructive function. A Trojan horse program does not prevent illicit activity, nor would it be included in a disaster recovery plan.

C. Incorrect... The availability of an auxiliary power supply is more likely to be an ongoing element of an entity's operations. Temporary power outages occur frequently and many entities have added auxiliary power supplies to ensure uninterrupted computer operation.

D. Correct! A disaster recovery plan is the entity's plan to restore and maintain operations in the event of a major disaster such as a flood, hurricane, or fire. Storage of duplicate files in a separate location would enable a company to begin processing at a new site if the computer center were unusable.

_____________________________________________________________________________________________________________________

Question 3

Which of the following are essential elements of the audit trail in an electronic data interchange (EDI) system?

  1. Network and sender/recipient acknowledgments
  2. Message directories and header segments
  3. Contingency and disaster recovery plans
  4. Trading partner security and mailbox codes

The correct answer is: A.

A. Correct! Network and sender/recipient acknowledgments document the trail of accounting data (and transactions) through the system. In doing so, they serve as essential elements of the audit trail in an EDI system.

B. Incorrect... Message directories and header segments identify file contents. They do not necessarily serve as essential elements of the audit trail.

C. Incorrect... Contingency and disaster recovery plans address a company's ability to maintain an operating information system in the event of a disaster. They do not provide documentation of accounting transactions and are not essential elements of the audit trail.

D. Incorrect... Trading partner security and mailbox codes help to ensure that messages and data are viewed only by authorized parties. They do not aid in documenting the trail of an accounting transaction through the system.

_____________________________________________________________________________________________________________________

Question 4

Which of the following is an inherent limitation in internal control?

  1. Incompatible duties
  2. Lack of segregation of duties
  3. Faulty human judgment
  4. Lack of an audit committee

The correct answer is: C.

A. Incorrect... Incompatible duties can be addressed through proper segregation of duties in a good internal control system.

B. Incorrect... Lack of segregation of duties can be addressed through proper consideration and assignment of duties in a good internal control system.

C. Correct! Humans are subject to judgment errors, which can create weaknesses in an otherwise strong internal control system. As a result, faulty human judgment is an inherent limitation of any system of internal control.

D. Incorrect... The lack of an audit committee is a choice, not an inherent limitation. The entity chooses not to create and support a strong audit committee, which would support a good control environment.

_____________________________________________________________________________________________________________________

Question 5

The ultimate purpose of assessing control risk is to contribute to the auditor's evaluation of the risk that:

  1. Specific internal control activities are not operating as designed.
  2. The collective effect of the control environment may not achieve the control objectives.
  3. Tests of controls may fail to identify activities relevant to assertions.
  4. Material misstatements may exist in the financial statements.

The correct answer is: D.

A. Incorrect... The auditor performs tests of controls to assess whether specific internal control activities are operating as designed. The auditor assesses control risk in order to determine how internal controls affect the risk that the financial statements will be materially misstated.

B. Incorrect... The auditor considers the control environment (and its impact on the achievement of overall control objectives) in developing an understanding of the internal control structure. The auditor assesses control risk in order to determine how internal controls affect the risk that the financial statements will be materially misstated.

C. Incorrect... The auditor performs tests of controls to assess whether specific internal controls are operating effectively. The auditor should only perform tests of controls if they are identified as relating to specific assertions. The auditor assesses control risk in order to determine how internal controls affect the risk that the financial statements will be materially misstated.

D. Correct! The auditor's objective is to collect sufficient evidence to express an opinion on the financial statements and to provide reasonable assurance that the financial statements are not materially misstated. Thus, the auditor's objective in assessing control risk is to determine how internal controls affect the risk that the financial statements will be materially misstated. Remember that control risk is the risk that internal controls will fail to prevent or detect a material misstatement.

_____________________________________________________________________________________________________________________

End of Quiz

We hope you found this week's quiz helpful. These questions are just a small sample of what you will find in Wiley CPAexcel. Visit our Weekly Review Quiz Archive to view past quizzes with answers and rationales. If you haven't already done so, Sign Up to receive our free review quizzes every week via email.

Our courseware contains over 2,600 pages of electronic study text, over 5,400 proficiency questions, over 5,100 past exam questions, over 4,100 electronic flashcards, over 460 task-based simulations and personalized progress reports to manage and track your mastery of the material. Learn more about Wiley CPAexcel.