The salami fraud affects large numbers of victims, but each in a minimal way, an

analogy to this which is slicing a large salami (the total fraud) into many thin pieces and
each victim gets one of these small pieces and is unaware of being defrauded.
True

False

The auditors' substantive testing task is made easier using Embedded Audit Module
(EAM) techniques since they do not have to identify significant transactions for
substantive testing.
True

False

User specification document must remain a statement of user needs and it should
describe the systems professional's view of the problem, not that of user.
True

False
Firms with an independent internal audit staff may conduct tests of the system
development life cycle on an ongoing basis.
True

False
The primary advantage of test data techniques is that auditors rely on the client's IT
personnel to obtain a copy of the production application under review since the client's
IT personnel is the most knowledgeable individual in the company who knows about the
application being tested.
True

False

The database management system stores programs on the SPL, retrieves programs for
maintenance, deletes obsolete programs and documents changes for an audit trail.
True

False

Generalized Audit Software (GAS) allows auditors to perform tests independent of

client.
True

False
Integrated test facility (ITF) is an automated, on-going technique that enables the
auditor to test an application's logic and controls during its normal operation.
True

False
Many consider the user specification activity to be the most important control over the
systems development process because this is the last point at which the user can
determine the system's acceptability prior to it going into service.
True

False
Embedded Audit Module (EAM) techniques use one or more specially programmed
modules embedded in a host application to select and record predetermined types of
transactions for subsequent analysis.
True

False
Generalized audit software packages are mainly used for substantive testing).
True

False
Prior to system implementation, User Test and Acceptance Procedures provide formal
and rigorous testing of the individual modules of the system.
True

False
In the black box approach, auditors analyze flowcharts and interview knowledgeable
personnel in the client's organization to understand the functional characteristics of the
application.
True

False
Test data should only consist of a set of valid transactions because invalid transactions
may corrupt the system being tested.
True

False
Controllable activities that distinguish an effective systems development process include
systems authorization, user specification, technical design, internal audit participation,
program testing, user test and acceptance procedures.
True

False
When using program-naming conventions, the name assigned to a program clearly
distinguishes it as being either a test or a production program.
True

False
Use of the integrated test facility does not pose a threat to organizational data files.
True

False
Audit procedures for identifying application errors comprise reconciling the source code
and reviewing the test results and retest the program.
True

False
All program modules must be thoroughly tested before they are implemented.
True

False
The presence of a SPLMS effectively guarantees program integrity.
True

False
The simplest form of check digit is to sum the digits in the code and use this sum as the
check digit.
True

False
SPLMS is the library of applications and software.
True

False
Through-the-computer testing employs computer-assisted audit tools and techniques
(CAATTs) and requires little understanding of the internal logic of application being
reviewed.
True

False
In parallel simulation, the results of a simulation are compared to the results of a test
data method in order to judge the quality of the application processes and controls.
True

False
The programmer's authority table will specify the libraries a programmer may access.
True

False
Which of the following statements is most correct?
An audit objective for systems maintenance is to detect unauthorized access to
application databases.
An audit objective for systems maintenance is to ensure program libraries are
protected from unauthorized access.
An audit objective for systems maintenance is to ensure that applications changes
are inexpensive.
An audit objective for systems maintenance is to ensure that maintenance
procedures protect applications from authorized changes.
All of the following are disadvantages of the test data technique EXCEPT
 the test data technique requires extensive computer expertise on the part of the
auditor.
the auditor cannot be sure that the application being tested is a copy of the current
application used by computer services personnel.
the auditor cannot be sure that the application being tested is the same application
used throughout the entire year.
preparation of the test data is time-consuming.

Which of the following statements is true?

All systems should be properly authorized to ensure their economic justification and
feasibility.
Users need not be actively involved in the systems development process.
All program modules must be thoroughly tested after they are implemented.
The task of creating meaningful test data involves less time.

Audit objectives related to systems development controls do not include

Verification that maintenance procedures protect applications from unauthorized
changes.
verification that the system was necessary and justified at various SDLC
checkpoints.
verification that original system is free from material errors and fraud.
none of the above.

Which of the following is NOT a test for identifying application control errors?
Access tests
User acceptance tests
Field tests
Range tests
2 points