131 final.txt

Fraud is defined as failure to use reasonable care in the performance of services. T/F
True False

Most of the burden of affirmative proof is on the defendant under common law. 
TRUE/FALSE
True False

The Ultramares v. Touche case held that auditors could be held liable to any
foreseen third party for ordinary negligence. 
TRUE/FALSE
True False

The Securities Exchange Act of 1934 offers recourse against the auditors to a far
greater number of investors than does the Securities Act of 1933. 
TRUE/FALSE
True False

The precedent set by the Hochfelder v. Ernst case is generally believed to have
increased auditors' legal liability. 
TRUE/FALSE
True False

The auditors can be held liable for negligence in audits of financial statements, but not in reviews of financial statements. 
TRUE/FALSE
True False

The results of the Continental Vending Corporation case included the criminal
prosecution of auditors for gross negligence. 
TRUE/FALSE
True False

Most charges made against auditors under common law are criminal. 
TRUE/FALSE
True False

The Securities Act of 1934 includes provisions for criminal charges against persons
violating the Act. 
TRUE/FALSE
True False

The use of engagement letters is generally designed to prevent lawsuits by third parties against the auditors. 
TRUE/FALSE
True False

A CPA issued an unqualified opinion on the financial statements of a company that
sold common stock in a public offering subject to the Securities Act of 1933.
Based on a misstatement in the financial statements, the CPA is being sued by
an investor who purchased shares of this public offering. Which of the following represents a viable defense? 
A.  The investor has not proven CPA negligence.
B.  The CPA detected the misstatement after the audit report date.
C.  The investor did not rely upon the financial statement.
D.  The misstatement is immaterial in the overall context of the financial statements.

Which of the following is a correct statement related to CPA legal liability under common law? 
A.  CPAs are normally liable to their clients, the shareholders, for either ordinary or gross negligence.
B.  CPAs are liable for either ordinary or gross negligence to identified third parties for whose benefit the audit was performed.
C.  CPAs may escape all personal liability through incorporation as a limited liability
corporation.
D. CPAs are guilty until they prove that they performed the audit with "good
faith."

Under Section 10 of the 1934 Securities Exchange Act auditors are liable to security
purchasers for: 
A.  Existence of scienter.
B.  Ordinary negligence.
C.  Lack of due diligence.
D.  Auditors have no liability to security purchasers under this act.

Jones, CPA, is in court defending himself against a lawsuit filed under the 1933
Securities Act. The charges have been filed by purchasers of securities covered under that act. If the purchasers prove their required elements, in general Jones will have to prove that: 
A.  He performed the audit with good faith.
B.  The plaintiffs did not show him to be negligent.
C.  He is not guilty of gross negligence.
D.  He performed the audit with due diligence.

An auditor knew that the purpose of her audit was to render reasonable assurance on financial statements that were to be used for the application for a loan; the auditor did not know the identity of the bank that would
eventually give the loan. Under the Restatement of Torts approach to liability
the auditor is generally liable to the bank which subsequently grants the loan for: 
A.  Lack of due diligence.
B.  Gross negligence, but not ordinary negligence.
C.  Either ordinary or gross negligence.
D.  Lack of good faith.

An auditor knew that the purpose of her audit was to render reasonable assurance on financial statements that were to be used for the application for a loan; the auditor did not know the identity of the bank that would
eventually give the loan. Under the foreseeable third party approach the auditor is generally liable to the bank which subsequently grants the loan for: 
A.  Lack of due diligence.
B.  Lack of good faith.
C.  Either ordinary or gross negligence.
D.  Gross negligence, but not ordinary negligence.

Which of the following forms of organization is most likely to protect the personal  assets of any partner, or shareholder who has not been involved on an engagement resulting in litigation? 
A.  Partnership.
B.  Limited liability partnership.
C.  Subchapter M Incorporation.
D.  Professional corporation.

Under which common law approach are auditors most likely to be held liable for
ordinary negligence to a "reasonably foreseeable" third party? 
A.  Rosenblum Approach.
B.  Due Diligence Approach.
C.  Ultramares Approach.
D.  Restatement of Torts Approach.

Assume that $500,000 in damages are awarded to a plaintiff, and the CPA's percentage of responsibility established at 10%, while others are responsible for the
other 90%. Assume the others have no financial resources. As a result the CPA
has been required to pay the entire $500,000. The auditor's liability is most
likely based upon which approach to assessing liability? 
A.  Joint and several liability.
B.  Proportional liability.
C.  Absolute liability
D.  Contributory negligence

Assume that $500,000 in damages are awarded to a plaintiff, and the CPA's percentage of responsibility established at 10%, while others are responsible for the
other 90%. Assume the others have no financial resources. The CPA has been
required to pay $50,000. The auditor's liability is most likely based upon
which approach to assessing liability? 
A.  Joint and several liability.
B.  Absolute liability.
C.  Contributory negligence.
D.  Proportional liability.

Assume that a client has encountered a $500,000 fraud and that the CPA's percentage of responsibility established at 10%, while the company itself was responsible for the other 90%. Under which approach to liability is the CPA most likely to
avoid liability entirely? 
A.  Comparative negligence.
B.  Contributory negligence.
C.  Absolute negligence.
D.  Joint Negligence.

In which of the following court cases was a precedent set increasing liability to third parties arising from audits under common law? 
A.  1136 Tenants Corporation v. Rothenberg.
B.  Hochfelder v. Ernst.
C.  Continental Vending.
D.  Rosenblum v. Adler.

The burden of proof that must be proven to recover losses from the auditors under
the Securities Exchange Act of 1934 is generally considered to be: 
A.  Less than the Securities Act of 1933.
B.  Greater than the Securities Act of 1933.
C.  The same as the Securities Act of 1933.
D.  Indeterminate in relation to the Securities Act of 1933.

CPAs should not be liable to any party if they perform their services with: 
A.  Regulatory providence.
B.  Ordinary negligence.
C.  Good faith.
D.  Due professional care.

The Second Restatement of the Law of Torts provides for auditor liability to a limited class of foreseen third parties for: 
A.  Only criminal acts.
B.  Only gross negligence.
C.  Either ordinary or gross negligence.
D.  Only fraud.

A principle that may reduce or entirely eliminate auditor liability to a client is: 
A.  Client contributory negligence.
B.  Auditor ordinary negligence.
C.  Client constructive negligence.
D.  Auditor gross negligence.

Under the Securities Act of 1933 the burden of proof that the plaintiff sustained a loss must be proven by the: 
A.  SEC.
B.  Defendant.
C.  Plaintiff.
D.  Jury.

A case by a client against its CPA firm alleging negligence would be brought under: 
A.  Common law.
B.  The Securities Exchange Act of 1934.
C.  The Securities Act of 1933.
D.  The state blue sky laws.

Assume that a CPA firm was negligent but not grossly negligent in the performance of
an engagement. Which of the following plaintiffs probably would not recover losses proximately caused by the auditors' negligence? 
A. A loss sustained by a client in a suit brought under common law.
B. A loss sustained by a lender not in privity of contract in a suit brought in a state court which adheres to the Ultramares v. Touche
precedent.
C. A loss sustained by initial purchasers of stock in a suit brought under the Securities
Act of 1933.
D. A loss sustained by a bank named as a third-party beneficiary in the engagement letter in a suit brought under common law.

Which of the following court cases highlighted the need for obtaining engagement
letters for professional services? 
A.  Ultramares v. Touche.
B.  1136 Tenants Corporation v. Rothenberg.
C.  Hochfelder v. Ernst.
D.  Rosenblum v. Adler.

In which type of court case is proving "due diligence" essential to the auditors' defense? 
A.  Court cases brought by third parties under common law.
B.  Court cases brought under the Securities Act of 1933.
C.  Court cases brought by clients under common law.
D.  Court cases brought under the Securities Exchange Act of 1934.

Which common law approach leads to increased CPA liability to "foreseeable" third parties for ordinary negligence? 
A.  Rule 10b-5.
B.  Ultramares v. Touche.
C.  Restatement of Torts.
D.  Rosenblum v. Adler.

Which of the following is the best defense that a CPA can assert against common law
litigation by a stockholder claiming fraud based on an unqualified opinion on
materially misstated financial statements? 
A.  Lack of due diligence.
B.  A disclaimer contained in the engagement letter.
C.  Contributory negligence on the part of the client.
D.  Lack of gross negligence.

Which of the following must be proven by the plaintiff in a case against a CPA under the Section 11 liability provisions of the Securities Act of 1933? 
A.  The CPA knew of the misstatement.
B.  Material misstatements were contained in the financial statements.
C.  The CPA was negligent.
D.  The unqualified opinion contained in the registration statement was relied upon by
the party suing the CPA.

A CPA issued a standard unqualified audit report on the financial statements of a
client that the CPA knew was in the process of obtaining a loan. In a suit by the bank issuing the loan the CPA's best defense would be that the: 
A.  Audit complied with generally accepted auditing standards.
B.  Client was aware of the misstatements.
C.  Bank's identity was known to the CPA prior to completion of the audit.
D.  Bank was not the CPA's client.

The Private Securities Litigation Reform Act of 1995 imposes proportionate liability on the CPA who: 
A.  Knowingly or unknowingly violates the 1934 Securities Exchange Act.
B.  Unknowingly violates the 1933 Securities Act.
C.  Unknowingly violates the 1934 Securities Exchange Act.
D.  Knowingly or unknowingly violates the 1933 Securities Act.

Which of the following is not correct relating to the Private Securities Litigation Reform Act of 1995? 
A.  It provides certain small investors better recovery rights than it does large investors.
B.  It eliminates securities fraud as an offense under civil RICO.
C.  It makes recovery against CPAs more difficult under common law litigation.
D.  It retains joint and several liability in certain circumstances.

A limited liability partnership form of organization: 
A.  Decreases liability of all partners of a CPA firm.
B.  Eliminates personal liability for all partners.
C.  Has similar liability requirements to that of a professional corporation.
D.  Eliminates personal liability for some, but not all, partners.

Which of the following is accurate with respect to litigation involving CPAs? 
A. A CPA will not be found liable for an audit unless the CPA has audited all affiliates
of that company.
B. A CPA may not successfully assert as a defense that the CPA had no motive to be part of a fraud.
C. A CPA may be exposed to criminal as well as civil liability.
D. A CPA is primarily responsible, while the client is secondarily responsible for the
notes in an annual report filed with the SEC.

Starr Corp. approved a plan of merger with Silo Corp. One of the determining factors
in approving the merger was the strong financial statements of Silo which were
audited by Cox & Co., CPAs. Starr had engaged Cox to audit Silo's financial
statements. While performing the audit, Cox failed to discover certain instances of fraud which have subsequently caused Starr to suffer substantial losses. In order for Cox to be liable under common law, Starr at a minimum must prove that Cox: 
A.  Failed to exercise due care.
B.  Was grossly negligent.
C.  Acted recklessly or with lack of reasonable grounds for belief.
D.  Knew of the instances of fraud.

Dexter and Co., CPAs, issued an unqualified opinion on the 20X3 financial statements
of Bart Corp. Late in 20X4, Bart determined that its treasurer had embezzled over $1,000,000. Dexter was unaware of the embezzlement. Bart has decided to sue Dexter to recover the $1,000,000. Bart's suit is based upon Dexter's failure to discover the missing money while performing the audit. Which of the following is Dexter's best defense? 
A.  That the audit was performed in accordance with GAAS.
B.  The treasurer was Bart's agent and as such had designed the controls which
C.  The financial statements were presented in conformity with GAAP.
D.  Dexter had no knowledge of the embezzlement.
facilitated the embezzlement.

Under common law, when performing an audit, a CPA: 
A.  Must strictly adhere to generally accepted accounting principles.
B.  Is not liable unless the CPA commits gross negligence or intentionally disregards generally accepted auditing standards.
C.  Is strictly liable for failures to discover client fraud.
D.  Must exercise the level of care, skill, and judgment expected of a reasonably prudent CPA under the circumstances.

A CPA's duty of due care to a client most likely will be breached when a CPA: 
A.  Gives a client an oral report instead of a written report.
B.  Gives a client incorrect advice based on an honest error of judgment.
C.  Fails to follow generally accepted auditing standards.
D.  Fails to give tax advice that saves the client money.

Under common law, which of the following statements most accurately reflects the
liability of a CPA who fraudulently gives an opinion on an audit of a client's
financial statements? 
A.  The CPA is liable only to third parties in privity of contract with the CPA.
B.  The CPA probably is liable to the client even if the client was aware of the fraud
C.  The CPA probably is liable to any person who suffered a loss as a result of the fraud.
D.  The CPA is liable only to known users of the financial statements.
and did not rely on the opinion.

In a common law action against an accountant, lack of privity is a viable defense if the plaintiff: 
A.  Is the client's creditor who sues the accountant for negligence.
B.  Is the accountant's client.
C.  Can prove the presence of gross negligence that amounts to a reckless disregard for the truth.
D.  Bases the action upon fraud.

If a CPA recklessly departs from the standards of due care when conducting an audit, the CPA will be liable to third parties who are unknown to the CPA based on: 
A.  Ordinary negligence.
B.  Criminal deceit.
C.  Strict liability.
D.  Gross negligence.

Hark, CPA, negligently failed to follow generally accepted auditing standards in
auditing Long Corporation's financial statements. Long's president told Hark
that the audited financial statements would be submitted to several, at this point undetermined, banks to obtain financing. Relying on the statements, Third Bank gave Long a loan. Long defaulted on the loan. In jurisdiction applying the Ultramares decision, if Third sues Hark, Hark will: 
A.  Lose because Hark knew that a bank would be relaying the financial statements.
B.  Win because there was no privity of contract between Hark and Third.
C.  Win because Third was contributory negligent in granting the loan.
D.  Lose because Hark was negligent in performing the audit.

Under the Ultramares rule, to which of the following parties will an accountant be
liable for ordinary negligence?
   Parties in privity         Foreseen Parties
A.     yes                                  no
B.     yes                                 yes
C.     no                                  no
D.     no                                    yes
    
A. Option A
B. Option B
C. Option C
D. Option D

Quincy bought Teal Corp. common stock in an offering registered under the Securities
Act of 1933. Worth & Co., CPAs, gave an unqualified opinion on Teal's financial statements that were included in the registration statement filed with the SEC. Quincy sued Worth under the provisions of the 1933 Act that deal with omission of facts required to be in the registration statement. Quincy must prove that: 
A.  There was a material misstatement in the financial statements.
B.  Quincy was in privity with Worth.
C.  There was fraudulent activity by Worth.
D.  Quincy relied on Worth's opinion.

Bran, CPA, audited Frank Corporation. The shareholders sued both Frank and Bran for
securities fraud under the Federal Securities Exchange Act of 1934. The court determined that there was securities fraud and that Frank was 80% at fault and Bran was 20% at fault due to her negligence in the audit. Both Frank and Bran are solvent and the damages were determined to be $1 million. What is the
maximum liability of Bran? 
A.  $500,000
B.  $1,000,000
C.  $0
D.  $200,000

If a CPA recklessly departs from the standards of due care when conducting an
audit, the CPA will be liable to third parties who are unknown to the CPA based on 
A.  Strict liability.
B.  Criminal deceit.
C.  Gross negligence.
D.  Negligence.

The Public Company Accounting Oversight Board may conduct investigations and
disciplinary proceedings of:
       Registered Public   Registered Public
       Accting Firms        Accting Firm Emplees
A        yes                            yes
B.       yes                            no
C.       no                              yes
D.       no                              no
A.  Option D
B.  Option C
C.  Option B
D.  Option A

Magnetic tape drives have the advantage of direct access to stored data. 
TRUE/FALSE
True False

The operating system is an example of system software. 
TRUE/FALSE
True False

For good internal control, programmers should not be given access to complete program documentation for the programs they work on. 
TRUE/FALSE
True False

Data encryption is an example of data transmission control. 
TRUE/FALSE
True False

Internal file labels are designed to prevent errors by programmers. 
TRUE/FALSE
True False

For auxiliary storage when the computer is operating, personal computers use hard
disk drives. 
TRUE/FALSE
True False

Distributive data processing eliminates the need for data security. 
TRUE/FALSE
True False

Most advanced computer systems do not have audit trails. 
TRUE/FALSE
True False

Auditors usually begin their consideration of IT systems with tests of application
controls. 
TRUE/FALSE
True False

Generalized audit software may be used for substantive tests or for tests of controls. 
TRUE/FALSE
True False

Which of the following procedures would an entity most likely include in its disaster
recovery plan? 
A.  Store duplicate copies of files in a location away from the computer center.
B.  Maintain a program to prevent illegal activity.
C.  Convert all data from external formats to an internal company format.
D.  Develop an auxiliary power supply to provide uninterrupted electricity.

A service auditor's report on a service center should include a(n) 
A.  Statement that the user of the report may assess control risk at the minimum level.
B.  Detailed description of the service center's internal control.
C.  Indication that no assurance is provided.
D.  Opinion on the operating effectiveness of the service center's internal control.

The report of a service auditor may provide assurance on whether:
     Controls are       Operating effectiveness
    implemented                  of controls
A.         yes                         yes
B.         no                           no
C.         no                           yes
D.         yes                          no
A. Option A
B. Option B
C. Option C
D. Option D

Which of the following is a password security problem? 
A.  Users are assigned passwords when accounts are created, but do not change them.
B.  Users select passwords that are not listed in any online dictionary.
C.  Users have accounts on several systems with different passwords.
D.  Users copy their passwords on note paper, which is kept in their wallets.

Which of the following is a software component of a computer system? 
A.  The optical scanner.
B.  The display monitor
C.  The operating system.
D.  The storage unit.

Which of the following is least likely to be a general control over computer activities? 
A.  A control total.
B.  Procedures for developing new programs and systems.
C.  A change request log.
D.  Requirements for system documentation.

Which of the following computer related employees should not be allowed
access to program listings of application programs? 
A.  The operator.
B.  The programmer.
C.  The librarian.
D.  The systems analyst.

The advent of personal computers has resulted in a(n): 
A.  Increase for general computer control activities.
B.  Decentralization of data processing activities.
C.  Decrease in the number of local area networks.
D.  Increased concern over the accuracy of computerized processing.

Which of the following is most likely to include user group development and execution of certain computer applications? 
A.  Electronic data interchange systems.
B.  Database administration.
C.  Telecommunication transmission systems.
D.  End user computing.

Which of the following is not a data transmission control? 
A.  Echo checks.
B.  Data encryption.
C.  Parity checks.
D.  File labels.

Which of the following is an example of general computer control? 
A.  Input validation checks.
B.  Operations manual.
C.  Control total.
D.  Generalized audit software.

Which of the following would the auditors consider to be a weakness in an IT system? 
A.  Reprocessing of exceptions detected by the computer is handled by a data control group.
B.  Operators have access to terminals.
C.  More than one employee is present when the computer facility is in use.
D.  Programmers are allowed access to the file library.

Which of the following is least likely to be tested with generalized audit software? 
A.  A computer operations manual.
B.  An aging of accounts receivable.
C.  A schedule of inventory.
D.  A depreciation schedule.

Which of the following would be least likely to be considered a desirable attribute of a database management system? 
A.  Quick response to users' request for information.
B.  Data redundancy.
C.  Logging of terminal activity.
D.  Control of users' identification numbers and passwords.

A problem for a CPA associated with advanced IT systems is that: 
A.  Tests of controls are not possible.
B.  The audit trail is sometimes generated only in machine readable form.
C.  The audit trail normally does not exist.
D.  The client's internal auditors may have been involved at the design stage.

Which of the following testing techniques is more commonly used by internal auditors
than by independent auditors? 
A.  Controlled programs.
B.  Test data.
C.  Integrated test facilities.
D.  Tagging and tracing transactions.

General controls over IT systems are typically tested using: 
A.  Test data.
B.  Generalized audit software.
C.  Program analysis techniques.
D.  Observation, inspection, and inquiry.

When conducting field work for a physical inventory, an auditor cannot perform which of the following steps using a generalized audit software package? 
A.  Recalculating balances in inventory reports.
B.  Selecting sample items of inventory.
C.  Observing inventory.
D.  Analyzing data resulting from inventory.

Which of the following personnel is responsible for determining the computer
processing needs of the various users? 
A.  The systems programmer.
B.  The systems analyst.
C.  The computer operator.
D.  The application programmer.

Which of the following testing techniques minimizes the possibility that the auditors
will contaminate a client's financial records? 
A.  Integrated test facilities.
B.  Controlled programs.
C.  Test data.
D.  Tagging and tracing transactions.

Which of the following is not a distinctive characteristic of advanced IT systems? 
A.  Data communication.
B.  Batch processing of transactions.
C.  Distributive data processing.
D.  Integrated database.

The best method of achieving internal control over advanced IT systems is through
the use of: 
A.  Batch controls.
B.  Equipment controls.
C.  Documentation controls.
D.  Controls written into the computer system.

Which of the following personnel is responsible for the proper functioning of the
security features built into the operating system? 
A.  The application programmer.
B.  The computer operator.
C.  The systems programmer.
D.  The telecommunications specialist.

Which of the following is not a data transmission control? 
A.  Parity check.
B.  Data encryption.
C.  Distributed data processing.
D.  Message acknowledgment techniques

Which of the following is not a programmed control? 
A.  Private lines.
B.  Validity tests.
C.  Limit tests.
D.  Self-checking numbers.

A system in which the end user is responsible for the development and execution of the computer application that he or she uses is referred to as: 
A.  End-user computing.
B.  Laptop computing.
C.  Distributed computing.
D.  Decentralized computing.

In a client/server environment, the "client" is most likely to be the: 
A.  Supplier of the computer system.
B.  Computers of various users.
C.  Computer that contains the networks software and provides services to a server.
D.  Database administrator.

When designing the physical layout of a data processing center, which of the following would be least likely to be a necessary control that is considered? 
A.  Design of controls to restrict access.
B.  Adequate physical layout space for the operating system.
C.  Inclusions of an adequate power supply system with surge protection.
D.  Consideration of risks related to other uses of electricity in the area.

A data warehouse is an example of: 
A.  On-line analytical processing.
B.  Decentralized processing.
C.  Essential information batch processing.
D.  On-line transaction processing.

An example of an access control is a: 
A.  Password.
B.  Check digit.
C.  Test facility.
D.  Read only memory.

End-user computing is most likely to occur on which of the following types of computers? 
A.  Personal reference assistants.
B.  Personal computers.
C.  Mainframe.
D.  Macrocomputers.

Auditing through the computer is most likely to be used when: 
A. Input transactions are batched and system logic is straightforward.
B. Processing primarily consists of sorting the input data and updating the master file
sequentially.
C. Processing is primarily on line and updating is real-time.
D. Outputs are in hard copy form.

Which of the following computer system risks would be increased by the installation of a database system? 
A.  Improper data access.
B.  Data entry errors.
C.  Loss of power.
D.  Programming errors.

Parallel simulation programs used by the auditors for testing programs: 
A.  Is generally restricted to data base environments.
B.  Must simulate all functions of the production computer-application system.
C.  Cannot be developed with the aid of generalized audit software.
D.  Can use live data or test data.

Auditing by testing the input and output of a computer system instead of the computer program itself will: 
A.  Not provide the auditors with the confidence in the results of the auditing
B.  Provide the auditors with the same type of evidence.
C.  Not detect program errors which do not show up in the output sampled.
D.  Detect all program errors, regardless of the nature of the output.
procedures.

If a control total were to be computed on each of the following data items, which would best be identified as a hash total for a payroll computer application? 
A.  Net pay.
B.  Hours worked.
C.  Department numbers.
D.  Total debits and total credits.

Smith Corporation has numerous customers. A customer file is kept on disk storage.
Each account in the customer file contains name, address, credit limit, and account balance. The auditor wishes to test this file to determine whether credit limits are being exceeded. The best procedure for the auditor to follow would be to: 
A. Develop test data that would cause some account balance to exceed the credit limit and
determine if the system properly detects such situations.
B. Develop a program to compare credit limits with account balances and print out the details of any account with a balance exceeding its credit limit.
C. Require a printout of all account balances so they can be manually checked against the credit limits.
D. Request a printout of a sample of account balances so they can be individually checked
against the credit limits.

In their consideration of a client's IT controls, the auditors will encounter general controls and application controls. Which of the following is an application control? 
A.  Hash total.
B.  Systems documentation.
C.  Control over program changes.
D.  The operations manual.

When erroneous data are detected by computer program controls, such data may be excluded from processing and printed on an exception report. The exception
report should most probably be reviewed and followed up on by the: 
A.  Systems analyst.
B.  Data control group.
C.  Computer programmer.
D.  Supervisor of computer operations.

The purpose of using generalized computer programs is to test and analyze a client's computer: 
A.  Systems.
B.  Processing logic.
C.  Equipment.
D.  Records.

An auditor may decide not to perform tests of controls related to the control activities within the computer portion of the client's internal
control. Which of the following would not be a valid reason for choosing to omit such test? 
A.  The controls appear adequate.
B.  The time and dollar costs of testing exceed the time and dollar savings in substantive testing if the tests show the controls to be operative.
C.  There appear to be major weaknesses that would preclude reliance on the stated procedure.
D.  The controls duplicate operative controls existing elsewhere.

A control feature in a computer system requires the central processing unit (CPU)
to send signals to the printer to activate the print mechanism for each character. The print mechanism, just prior to printing, sends a signal back to the CPU verifying that the proper print position has been activated. This type of data transmission is referred to as: 
A.  Validity control.
B.  Signal control.
C.  Echo control.
D.  Check digit control.

Which of the following constitutes a weakness in the internal control of a computer system? 
A.  Machine operators distribute error messages to the control group.
B.  Machine operators are supervised by the programmer.
C.  Machine operators do not have access to the complete systems manual.
D.  One generation of backup files is stored in an off-premises location.

The completeness of computer-generated sales figures can be tested by comparing the
number of items listed on the daily sales report with the number of items billed on the actual invoices. This process uses: 
A.  Validity tests.
B.  Self-checking numbers.
C.  Process tracing data.
D.  Control totals.

Internal control is ineffective when computer department personnel: 
A.  Provide physical security for program files.
B.  Originate changes in master files.
C.  Participate in computer software acquisition decisions.
D.  Design documentation for computerized systems.

Which of the following is likely to be of least importance to an auditor in considering the internal control in a company with computer
processing? 
A.  The control over source documents.
B.  The segregation of duties within the computer center.
C.  The cost/benefit of data processing operations.
D.  The documentation maintained for accounting applications.

In the weekly computer run to prepare payroll checks, a check was printed for an
employee who had been terminated the previous week. Which of the following
controls, if properly utilized, would have been most effective in preventing the error or ensuing its prompt detection? 
A. A control total for hours worked, prepared from time cards collected by the timekeeping department.
B. Requiring the treasurer's office to account for the numbers of the prenumbered checks
issued to the computer department for the processing of the payroll.
C. Use of a check digit for employee numbers.
D. Use of a header label for the payroll input sheet.

A company's labor distribution report requires extensive corrections each month because of
labor hours charged to inactive jobs. Which of the following data processing input controls appears to be missing? 
A.  Control total.
B.  Limit test.
C.  Validity test.
D.  Completeness test.

Passwords for microcomputer software programs are designed to prevent: 
A.  Inaccurate processing of data.
B.  Incomplete updating of data files.
C.  Unauthorized use of the software.
D.  Unauthorized access to the computer.

The capability for computers to communicate with physically remote terminals is an
important feature in the design of modern business information systems. Which
of the following risks associated with the use of telecommunications systems is minimized through the use of a password control system? 
A.  Physical destruction of remote terminals.
B.  Unauthorized access to system program and data files.
C.  Physical destruction of system program and data files.
D.  Unauthorized physical availability of remote terminals.

Consider the following computer applications:
(1) At a catalog sales firm, as phone orders are entered into their computer, both inventory and credit are immediately checked.
(2) A manufacturer's computer sends the coming week's production schedule and
parts orders to a supplier's computer.
Which statement below is true for these applications? 
A. Both applications are examples of EDI.
B. Both applications are examples of on-line real-time processing.
C. The first application is an example of EDI and the second is an example of on-line
real-time.
D. The first application is an example of on-line real-time and the second is an example of EDI.

What type(s) of liability do CPA's have in the United States?
A) Both common law and statutory law
B) Only common law
C) Only statutory law
D) Neither common law nor statutory law

Ordinarily a claim of negligence against a CPA states that the CPAs performed
their duties:
A)Without due professional care.
B)With reckless disregard of professional
responsibilities.
C)With wanton disregard to GAAS.
D)With reckless disregard to GAAP.

Under which common law approach is an unidentified third party least  likely to be able to recover damages from a CPA who is guilty of ordinary  negligence?
A) Due Diligence Approach
B) Ultramares Approach
C) Rosenblum Approach
D) Restatement of Torts Approach

Under which common law approach are auditors most likely to be held liable for
ordinary negligence to a "reasonably foreseeable" third party?
A) Rosenblum Approach
B) Restatement of Torts Approach
C) Due Diligence Approach
D) Ultramares Approach

A CPA is considered 5% responsible for an investor's loss. Under which concept is it most likely that the CPA will be held liable for 100% of the dames if the other defendants are bankrupt?
A. Joint and several liability
B. Common law liability
C. Statutory Liability
D. Proportionate liability

Establishing "due diligence" is most directly related to court cases tried under:
A. The 1933 Securities Act
B. The 1934 Securities Exchange Act
C. Common law by clients
D. Common law by third parties

Under common law rules, a claimant suing a CPA firm based on an audit of  financial statements must prove each of the following except:
A) A loss was sustained.
B) Reliance upon the audited financial statements was a proximate  cause of the loss.
C) The loss sustained was material to the claimant.
D) The auditors were guilty of either ordinary or gross  negligence, depending upon the claimant's recovery rights.

The concept of privity may be important in defending auditors against potential
claimants. Privity in general only allows:
A) Clients to sue their auditors.
B) Anyone that relied upon the audited financial statements to make a decision to sue the auditor as long as the auditor knew or should have known of such reliance.
C) Shareholders who relied upon the audited financial statements to make an investment decision.
D) Lenders of the client to sue the auditor.

Which of the following is not correct concerning the Securities Act of  1933 and Securities Exchange Act of 1934 with regard to auditor liability?
A) The 1934 Act provides protection to more third  parties.
B) Only the 1934 Act is affected by the Private Securities  Litigation Reform Act of 1995 provision for proportionate liability under  certain circumstances.
C) The 1933 Act relates to common law liability, while the 1934  Act relates to statutory law liability.
D) The 1933 Act holds auditors to a higher standard of  performance.

Which of the following is not an advantage of a computerized accounting system?
A) Computers can process many transactions quickly.
B) Computers process transactions uniformly.
C) Computers help alleviate human errors.
D) Computers leave a thorough audit trail which can be easily followed.

One of the greatest difficulties in auditing a computerized accounting system is:
A) Because of the lack of an audit trail, computer systems have  weaker controls and more substantive testing is required.
B) The large dissemination of entry points into the computer system leads to weak overall reliance on information generated by a computer.
C) Because of the uniform nature of transaction processing,  computer systems have strong controls and less substantive testing is  required.
D) Data can be erased from the computer with no visible  evidence.

How have electronic data interchange (EDI) systems affected audits?
A) Auditors often need to plan ahead to capture information about  selected transactions over the EDI.
B) There is no audit trail in an EDI system, so controls are typically assessed as weak.
C) Since orders and billing transactions are done over the  computer, source documents cannot be obtained.
D) Since all transactions occur over the computer, reliability is  high and little substantive testing is needed.

Since the computer can do many jobs simultaneously, segregation is not as
defined as it is in a manual system. How can a computer system be modified to compensate for the lack of segregation of duties?
A) The computer system should be under the direction of the  internal audit department.
B) The computer system should be accessible to various competent parties so they can check on each others' work.
C) Strong controls should be built into both the computer software and hardware to limit access and manipulation.
D) Many companies run complete parallel manual and automated accounting systems for a cross check on input and output.

One key control in the organization of the information systems department is
the:
A) Separation of the systems development group and the operations  (data processing) group.
B) Operating personnel should strictly control access to the  client's database.
C) Information systems department should be under the direction of  systems development personnel since they are responsible for the overall  performance of the system.
D) Controller should manage the information system since it  supplements the accounting work already done under the supervision of the controller.

Which of the following represent examples of general, application and user control activities, respectively, in the computer environment?
A) Control over access to programs, computer exception reports,  and manual checks of computer output.
B) Manual checks of computer output, control over access to  programs, and computer exception reports.
C) Computer exception reports, control over access to programs,  and manual checks of computer output.
D) Manual checks of computer output, computer exception reports,  and control over access to programs.

When would an auditor typically not perform additional tests of a computer systems controls?

A)When the assessed level of control risk is at a minimum.
B)When computer controls appear to be strong and risk is at a minimum.
C)When controls appear to be weak.
D)When inherent risk is at a maximum.

When would "auditing around the computer" be appropriate?
A)When controls over the computer system are strong.
B)When controls over the computer system are non-existent.
C)When controls over the computer system are adequate.
D)It is never appropriate to audit around the computer.

Which of the following would not be an appropriate procedure for testing
the general control activities of an information system?
A)Inquiries of client personnel.
B)Inspecting computer logs.
C)Testing for the serial sequence of source documents.
D)Examination of the organizational chart to determine the segregation of duties.

If an auditor is using test data in a client's computer system to test the integrity of the systems output, which of the following type of controls is the auditor testing:
A)General controls.
B)User controls.
C)Quantitative test controls.
D)Application controls.

Which of the following is not a function of generalized audit software?
A) To run in parallel with the client's application software and  compare the output
B) To keep an independent log of access to the computer application software
C) To test the mathematical accuracy by footing and cross-foot  items in the accounting system
D) To aid in the random selection of transactions for substantive testing

Which of the following is not a computer-assisted audit technique?
A) Test data
B) Tagging and lagging
C) Integrated test facility
D) Program analysis