Application Controls Quiz

Questions and Answers

What is the primary purpose of simulation in production transaction processing?

To test the security of the application

To automate the entire transaction processing

To document every transaction online

To reprocess previously handled transactions and compare results (correct)

Which of the following best describes auditing around the computer?

Performing black box testing without looking at application logic (correct)

Understanding the internal logic of applications

Using advanced programming languages during audits

Revising the code directly within the application

How is a validity check classified in data interrogation?

Transaction

Record

Field (correct)

File

Which of the following is NOT one of the five major components of a GDIS?

Input procedures

What is the function of run-to-run controls?

To ensure the integrity and order of processed records

What do input controls primarily achieve in transaction processing?

Testing transaction data for errors

Which type of check is defined as a 'Zero-value check'?

Record interrogation

What does a sequence check ensure in data interrogation?

Data entries follow a specified order

Which of the following are not included as groups of application controls?

Input validation controls

What occurs during an addition error in transcription?

An extra digit or character is added to the code.

Which statement correctly describes a check digit?

It detects errors in data coding.

Which of the following describes a single transposition error?

Two digits in a code are reversed.

Which of the following statements about input controls is true?

They prevent errors before data input.

What does a reasonableness check evaluate?

Whether a value is reasonable based on related data.

What is the purpose of source document controls?

To control the documents used to initiate transactions.

Which of these describes what shredding computer printouts represents?

An output control mechanism.

Which method flags errors and places them in an error file during data entry?

Creation of an Error File.

What is indicative of a multiple transposition error?

Nonadjacent digits are reversed.

What method does not require detailed knowledge of program logic when testing applications?

Black box testing

Which of the following is true regarding transcription errors?

They can occur in any data entry process.

Which technique is primarily designed to prevent transcription errors?

Source Document Controls.

What happens when the control total for a data batch does not balance?

The entire batch is rejected and placed in the error file.

What is a significant characteristic of the white box testing approach?

It requires examination of program logic.

Which control would prevent a computer operator from accidentally using the wrong master file?

Header label check

Which error occurs when a digit in a code is replaced with another digit?

Substitution Error.

Run-to-run control totals are used to ensure all except which of the following?

All data input is validated

What method is not used to maintain an audit trail in a computerized environment?

Data encryption

Which risk exposure is associated with printing processes, but does not involve computer criminals?

Using a remote printer and incurring inefficiencies

Which statement about transaction logs is incorrect?

Transaction logs are temporary files

Which of the following is not included in input controls?

Spooling check

Which technique is an example of input error correction?

All are examples

Which of the following statements regarding the integrated test facility (ITF) is false?

ITF is solely for data validation

What is a potential risk associated with output spooling?

Data loss due to improper handling

Which of the following checks verifies that numerical values fall within a specified range?

Range check

What type of fraud harms many victims but affects each only slightly?

Salami fraud

Which input control is designed to ensure that the value entered is of the appropriate type, such as numbers or letters?

Numeric-alphabetic check

What is the purpose of a check digit in data entry?

To verify the entire numeric entry

In auditing, what does the black box approach entail?

Using the software without understanding its operations

What is an example of an exposure risk in report distribution?

Unauthorized access to sensitive reports

What is parallel simulation in auditing?

Auditing by writing a test program to mimic the application

Which of the following is not a characteristic of complex transactions that involve input from many sources?

Simple processing requirements

Which of the following options is a white box testing example?

Validating customer credentials

When analyzing results from the test data method, which aspect typically requires the least review time?

Transaction records

Which of the following is considered an advantage of the test data technique?

Explicit evidence of functionalities

Which of the following is an exception among the disadvantages of the test data technique?

Requires minimal computer expertise

What is a fundamental requirement for effective program testing?

Generation of significant test data

Identify the transcription error among the following purchase order number deviations.

124356

Which statement regarding check digits is not accurate?

They are primarily located at the start of codes.

Study Notes

True/False Questions

• The three groups of application controls are batch controls, run-to-run controls, and audit trail controls. False.
• A reasonableness check determines if a value is reasonable in one field when considered along with data in other fields of a record. True.
• A truncation error is a type of transcription error. True.
• A check digit is used to detect data coding errors. True.
• Input controls are designed to detect errors after processing. False.
• The black box approach allows auditors to explicitly review program logic. False.
• The black box approach requires detailed knowledge of the program logic being tested. False.
• A run-to-run control is an example of an output control. False.
• Shredding computer output is an output control. True.
• All input controls are implemented after data input. False.
• Achieving batch control requires grouping similar transactions, such as sales orders, and controlling batches throughout processing. True.
• The white box tests of program controls are also known as auditing through the computer. True.
• Incorrectly recording sales order 123456 as 124356 is an example of a transcription error. True.
• When using the test data method, multiple error messages indicate a flaw in test transactions. True.
• The base case system evaluation is a variation of the test data method. True.
• Tracing is a method used to verify logical operations by a computer application. True.
• Parallel simulation results are compared to production run results to evaluate application quality. True.
• Input controls use programmed procedures to ensure master file data is free of errors. False.
• The integrated test facility permits auditors to test applications during normal operation. True.
• Using an integrated test facility poses no threat to organizational data files. False.
• Spooling is a form of processing control. False.
• A salami fraud impacts many victims but with little harm to each. True.

Multiple Choice Questions

• Which statement is not correct about the audit trail?
  • It traces transactions from their source, though final disposition.
  • It's a function of application program quality.
  • It can be pointers, indexes, or embedded keys.
  • It's not stored sequentially in the audit file. (Incorrect)
• Which concept is not associated with black box auditing?
  • The application doesn't have to be taken 'offline' during testing.
  • Auditors don't need internal logic knowledge to test.
  • The auditor reconciles previous production outputs with inputs.
  • The approach uses complex transactions which receive inputs from several sources. (Incorrect)
• Which one is not a white box test?
  • Determining fair value of inventory
  • Verifying passwords are valid
  • Ensuring that pay rates are within a specified range
  • Reconciling control totals. (Incorrect)
• Analyzing test data, which one receives least attention?
  • The test transactions
  • Error reports
  • Updated master files
  • Output reports (Incorrect)
• Which of the following is not an advantage of the test data technique?
  • Auditors need little computer skill
  • The method doesn't disrupt operations too much
  • Easily compiled test data
  • The technique requires computer expertise. (Incorrect)
• Which is false about Program Testing?
  • Individual modules can be tested, not full systems.
  • Meaningful test data is needed.
  • Re-running tests isn't needed after systems have been implemented.
  • The primary concern is usability rather than the system being fully functional. (Incorrect)

Short Answer Questions

• A firm limits overtime to 10 hours per week. An employee is entered as working 15 hours. Which control detects this error?
  • Limit check.
• The employee typed "CANARY" when the password was "CANARY." Which control can detect this?
  • Validity check
• An order entry system allows 10% price variance. An item costs $3, but a cashier enters $2. Which control detects this?
  • Range check
• Name the three main categories of application controls.
  • Input, processing, and output controls.

Additional Notes

• Privacy implications of output relate to sensitive information (client data).
• Processing controls include batch, run-to-run, and audit trails.
• Errors detected during data processing require careful handling, and data can be re-entered at the input stage. Methods include reversing partially processed transactions and re-entry at the original error point.
• Output controls protect data from loss, misdirection, or corruption. Risk situations can include delayed printing, waste, report distribution, and more.
• Input controls include numeric/alphabetic checks (correct character types), limit checks (data within permissible limits), range checks (values within acceptable ranges), reasonableness checks (values are reasonable given other constraints), and validity checks (field values comply with expected values).
• Check digits detect entered data errors.
• A parallel simulation is when an auditor's program simulates the application using production data, then comparing results with the original program's output to validate performance.
• Auditing around the computer involves testing inputs and outputs without examining internal processes, while auditing through the computer necessitates knowledge of internal programming (i.e., knowledge of program logic). This understanding of the internal logic is especially crucial for modern computerized systems.
• Classification of fields (e.g., limit checks) and records (e.g., reasonableness checks) is critical to understanding data structure and controls.
• A General Data Input System (GDIS) has components such as a generalized validation module, validated data files, error files, error reports, and transaction logs.
• Run-to-run controls ensure that no data was lost or processed more than once, during a data process run.
• SDLC documentation review is necessary to confirm adherence to policies for user authorization, feasibility, detailed analysis of user needs, cost-benefit analysis, appropriate design, comprehensive testing, and evidence of error corrections during the conversion period.

Description

Test your knowledge on application controls with this True/False quiz. Each question deals with different types of controls, such as batch and input controls, and their functionalities. Determine whether these statements about application controls are true or false.