Application Controls Quiz

Questions and Answers

What is the primary purpose of simulation in production transaction processing?

• To test the security of the application
• To automate the entire transaction processing
• To document every transaction online
• To reprocess previously handled transactions and compare results (correct)

Which of the following best describes auditing around the computer?

• Performing black box testing without looking at application logic (correct)
• Understanding the internal logic of applications
• Using advanced programming languages during audits
• Revising the code directly within the application

How is a validity check classified in data interrogation?

• Transaction
• Record
• Field (correct)
• File

Which of the following is NOT one of the five major components of a GDIS?

Input procedures (B)

What is the function of run-to-run controls?

To ensure the integrity and order of processed records (C)

What do input controls primarily achieve in transaction processing?

Testing transaction data for errors (B)

Which type of check is defined as a 'Zero-value check'?

Record interrogation (C)

What does a sequence check ensure in data interrogation?

Data entries follow a specified order (A)

Which of the following are not included as groups of application controls?

Input validation controls (C)

What occurs during an addition error in transcription?

An extra digit or character is added to the code. (D)

Which statement correctly describes a check digit?

It detects errors in data coding. (C)

Which of the following describes a single transposition error?

Two digits in a code are reversed. (B)

Which of the following statements about input controls is true?

They prevent errors before data input. (B)

What does a reasonableness check evaluate?

Whether a value is reasonable based on related data. (C)

What is the purpose of source document controls?

To control the documents used to initiate transactions. (A)

Which of these describes what shredding computer printouts represents?

An output control mechanism. (D)

Which method flags errors and places them in an error file during data entry?

Creation of an Error File. (A)

What is indicative of a multiple transposition error?

Nonadjacent digits are reversed. (B)

What method does not require detailed knowledge of program logic when testing applications?

Black box testing (B)

Which of the following is true regarding transcription errors?

They can occur in any data entry process. (B)

Which technique is primarily designed to prevent transcription errors?

Source Document Controls. (B)

What happens when the control total for a data batch does not balance?

The entire batch is rejected and placed in the error file. (A)

What is a significant characteristic of the white box testing approach?

It requires examination of program logic. (C)

Which control would prevent a computer operator from accidentally using the wrong master file?

Header label check (B)

Which error occurs when a digit in a code is replaced with another digit?

Substitution Error. (A)

Run-to-run control totals are used to ensure all except which of the following?

All data input is validated (A)

What method is not used to maintain an audit trail in a computerized environment?

Data encryption (A)

Which risk exposure is associated with printing processes, but does not involve computer criminals?

Using a remote printer and incurring inefficiencies (D)

Which statement about transaction logs is incorrect?

Transaction logs are temporary files (A)

Which of the following is not included in input controls?

Spooling check (D)

Which technique is an example of input error correction?

All are examples (A)

Which of the following statements regarding the integrated test facility (ITF) is false?

ITF is solely for data validation (B)

What is a potential risk associated with output spooling?

Data loss due to improper handling (D)

Which of the following checks verifies that numerical values fall within a specified range?

Range check (D)

What type of fraud harms many victims but affects each only slightly?

Salami fraud (C)

Which input control is designed to ensure that the value entered is of the appropriate type, such as numbers or letters?

Numeric-alphabetic check (D)

What is the purpose of a check digit in data entry?

To verify the entire numeric entry (D)

In auditing, what does the black box approach entail?

Using the software without understanding its operations (A)

What is an example of an exposure risk in report distribution?

Unauthorized access to sensitive reports (C)

What is parallel simulation in auditing?

Auditing by writing a test program to mimic the application (D)

Which of the following is not a characteristic of complex transactions that involve input from many sources?

Simple processing requirements (A)

Which of the following options is a white box testing example?

Validating customer credentials (A), Reconciliating control totals (B), Ensuring compliance with pay rates (D)

When analyzing results from the test data method, which aspect typically requires the least review time?

Transaction records (D)

Which of the following is considered an advantage of the test data technique?

Explicit evidence of functionalities (A), Minimal disruption during testing (C)

Which of the following is an exception among the disadvantages of the test data technique?

Requires minimal computer expertise (C)

What is a fundamental requirement for effective program testing?

Generation of significant test data (C)

Identify the transcription error among the following purchase order number deviations.

124356 (D)

Which statement regarding check digits is not accurate?

They are primarily located at the start of codes. (C)

Flashcards

Test Data Method

A technique used to test an application's logic by inputting specially prepared data and analyzing the results.

White Box Testing

A type of software testing that examines the internal workings of a program, focusing on code structure and logic.

Black Box Testing

A type of software testing that focuses on the functional behavior of a program without looking at the code.

Test Data

Specially prepared data used to test the functionality of a system.

Check Digit

A digit calculated from other digits in a data code to help detect transcription and transposition errors.

Batch Controls

A set of techniques used to ensure the accuracy and completeness of data processed in batches.

Transcription Error

An error that occurs when data is incorrectly copied from one source to another.

Transposition Error

An error that occurs when two adjacent digits are switched in a data code.

Addition Error

An error where an extra digit or character is added to the original data.

Truncation Error

An error where a digit or character is removed from the end of the original data.

Substitution Error

An error where one digit in a code is replaced with another.

Single Transposition Error

An error where two adjacent digits are reversed.

Multiple Transposition Error

An error where non-adjacent digits are transposed.

Data Coding Controls

Methods used to ensure the accuracy of data entered into a system by preventing transcription and transposition errors.

Header Label Check

A control that verifies the correct master file is being used for processing. This ensures that the wrong file is not accidentally used, as in the scenario where the accounts receivable master file was erased due to a wrong file selection.

Run-to-Run Control Totals

A method used to track data throughout processing. These totals monitor data volume and integrity but do not validate individual input values.

Audit Trail

A record of all transactions and system events that helps track data changes and identify discrepancies. This is crucial for accountability and investigation.

Spooling

Creating an intermediate output file before printing. This introduces security risks as the file can be accessed and tampered with.

Transaction Log

A temporary file that records both successful and unsuccessful transactions. This assists in error detection and recovery.

Input Controls

Measures to ensure data accuracy and validity at the point of input. These controls help prevent errors from entering the system.

Input Error Correction Techniques

Methods used to handle errors detected during data input, such as immediate correction, batch rejection, or creation of an error file.

Integrated Test Facility (ITF)

A technique that involves creating test data within a live production system. ITF data is processed alongside real data to test system functionality without affecting production results.

Simulation in Auditing

Reprocessing production transactions to compare the results to the original production run. It's a common technique for auditing and verifying the accuracy of automated processes.

Auditing Around the Computer

Black box testing where auditors don't focus on the application's internal logic. They verify input matches output.

Auditing Through the Computer

Understanding the application's internal logic, including programming components. Vital for highly automated systems with less visible input/output.

Field Interrogation

Checking individual data elements (fields) for errors. Example: A limit check verifies if a field's value stays within a predefined limit.

Record Interrogation

Checks applied to a group of related data fields, forming a record. Example: A sequence check examines the order of entries in a record.

File Interrogation

Controls applied to a collection of records. Example: A version check ensures the correct file version is used.

Generalized Data Input System (GDIS)

A system that standardizes data input validation procedures. It comprises several key components like validation module, validated file, error file, reports, and transaction log.

Run-to-Run Controls

A control device to ensure records are not lost, duplicated, or missed during multiple processing steps. It ensures data consistency across processing.

Application Controls

These controls aim to ensure the accuracy, completeness, and validity of data processed by applications. They are built into the software itself and work in real-time to detect and prevent errors.

Audit Trail Controls

These controls ensure a complete, accurate, and reliable record of all transactions that have been processed. They help auditors trace data back to its origin.

Reasonableness Check

This type of check assesses whether a value in one field is reasonable when considering the data in other fields. It helps identify errors caused by data entry or system malfunctions.

Resubmitting Corrected Records

Processing corrected records can lead to duplicate transactions. Two methods to prevent this: 1. Reverse the effects of partially processed transactions and resubmit corrected records. 2. Reinsert corrected records at the stage where the error was detected.

Output Exposure Examples

Output exposures include situations where output is at risk, for example: output spooling, delayed printing, waste, and report distribution issues.

Numeric-Alphabetic Check

This input control verifies that fields contain the correct data type: numbers or letters.

Limit Check

A limit check verifies that values are within predefined limits.

Range Check

A range check ensures values fall within an acceptable range.

Salami Fraud

A fraud that affects a large number of victims, but each individual suffers small losses.

Study Notes

True/False Questions

• The three groups of application controls are batch controls, run-to-run controls, and audit trail controls. False.
• A reasonableness check determines if a value is reasonable in one field when considered along with data in other fields of a record. True.
• A truncation error is a type of transcription error. True.
• A check digit is used to detect data coding errors. True.
• Input controls are designed to detect errors after processing. False.
• The black box approach allows auditors to explicitly review program logic. False.
• The black box approach requires detailed knowledge of the program logic being tested. False.
• A run-to-run control is an example of an output control. False.
• Shredding computer output is an output control. True.
• All input controls are implemented after data input. False.
• Achieving batch control requires grouping similar transactions, such as sales orders, and controlling batches throughout processing. True.
• The white box tests of program controls are also known as auditing through the computer. True.
• Incorrectly recording sales order 123456 as 124356 is an example of a transcription error. True.
• When using the test data method, multiple error messages indicate a flaw in test transactions. True.
• The base case system evaluation is a variation of the test data method. True.
• Tracing is a method used to verify logical operations by a computer application. True.
• Parallel simulation results are compared to production run results to evaluate application quality. True.
• Input controls use programmed procedures to ensure master file data is free of errors. False.
• The integrated test facility permits auditors to test applications during normal operation. True.
• Using an integrated test facility poses no threat to organizational data files. False.
• Spooling is a form of processing control. False.
• A salami fraud impacts many victims but with little harm to each. True.

Multiple Choice Questions

• Which statement is not correct about the audit trail?
  • It traces transactions from their source, though final disposition.
  • It's a function of application program quality.
  • It can be pointers, indexes, or embedded keys.
  • It's not stored sequentially in the audit file. (Incorrect)
• Which concept is not associated with black box auditing?
  • The application doesn't have to be taken 'offline' during testing.
  • Auditors don't need internal logic knowledge to test.
  • The auditor reconciles previous production outputs with inputs.
  • The approach uses complex transactions which receive inputs from several sources. (Incorrect)
• Which one is not a white box test?
  • Determining fair value of inventory
  • Verifying passwords are valid
  • Ensuring that pay rates are within a specified range
  • Reconciling control totals. (Incorrect)
• Analyzing test data, which one receives least attention?
  • The test transactions
  • Error reports
  • Updated master files
  • Output reports (Incorrect)
• Which of the following is not an advantage of the test data technique?
  • Auditors need little computer skill
  • The method doesn't disrupt operations too much
  • Easily compiled test data
  • The technique requires computer expertise. (Incorrect)
• Which is false about Program Testing?
  • Individual modules can be tested, not full systems.
  • Meaningful test data is needed.
  • Re-running tests isn't needed after systems have been implemented.
  • The primary concern is usability rather than the system being fully functional. (Incorrect)

Short Answer Questions

• A firm limits overtime to 10 hours per week. An employee is entered as working 15 hours. Which control detects this error?
  • Limit check.
• The employee typed "CANARY" when the password was "CANARY." Which control can detect this?
  • Validity check
• An order entry system allows 10% price variance. An item costs $3, but a cashier enters $2. Which control detects this?
  • Range check
• Name the three main categories of application controls.
  • Input, processing, and output controls.

Additional Notes

• Privacy implications of output relate to sensitive information (client data).
• Processing controls include batch, run-to-run, and audit trails.
• Errors detected during data processing require careful handling, and data can be re-entered at the input stage. Methods include reversing partially processed transactions and re-entry at the original error point.
• Output controls protect data from loss, misdirection, or corruption. Risk situations can include delayed printing, waste, report distribution, and more.
• Input controls include numeric/alphabetic checks (correct character types), limit checks (data within permissible limits), range checks (values within acceptable ranges), reasonableness checks (values are reasonable given other constraints), and validity checks (field values comply with expected values).
• Check digits detect entered data errors.
• A parallel simulation is when an auditor's program simulates the application using production data, then comparing results with the original program's output to validate performance.
• Auditing around the computer involves testing inputs and outputs without examining internal processes, while auditing through the computer necessitates knowledge of internal programming (i.e., knowledge of program logic). This understanding of the internal logic is especially crucial for modern computerized systems.
• Classification of fields (e.g., limit checks) and records (e.g., reasonableness checks) is critical to understanding data structure and controls.
• A General Data Input System (GDIS) has components such as a generalized validation module, validated data files, error files, error reports, and transaction logs.
• Run-to-run controls ensure that no data was lost or processed more than once, during a data process run.
• SDLC documentation review is necessary to confirm adherence to policies for user authorization, feasibility, detailed analysis of user needs, cost-benefit analysis, appropriate design, comprehensive testing, and evidence of error corrections during the conversion period.

Description

Test your knowledge on application controls with this True/False quiz. Each question deals with different types of controls, such as batch and input controls, and their functionalities. Determine whether these statements about application controls are true or false.