Name:

__________________________________________
Section: BSA41E1
Subject: Auditing in CIS Environment

September 26, 2015

Permit No._______________

True/False:
1. During the detailed feasibility study of the project, the systems professional who proposed the project should be
involved in performing the study.
2. System maintenance is often viewed as the first phase of a new development cycle.
3. All of the steps in the SDLC apply to software that is developed in-house and to commercial software.
4. The first step in the SDLC is to develop a systems strategy.
5. When the nature of the project and the needs of the user permit, most organizations will seek a pre-coded commercial
software package rather than develop a system in-house.
6. Mixing technologies from many vendors improves technical feasibility.
7. Instead of implementing an application in a single big-bang release, modern systems are delivered in parts
continuously and quickly.
8. A tangible benefit can be measured and expressed in financial terms.
9. When preparing a cost-benefit analysis, design costs incurred in the systems planning, system analysis and
conceptual design phases of the SDLC are relevant costs.
10. When determining the operational feasibility of a new system, the expected ease of transition from the old system to
the new system should be considered.
11. One-time costs include operating and maintenance costs.
12. The objective of systems planning is to link systems projects to the strategic objectives of the firm.
13. The SDLC concept applies to specific applications and not to strategic systems planning.
14. An accountants responsibility in the SDLC is to ensure that the system applies proper accounting conventions and
rules and possesses adequate control.
15. In the conceptual design phase of the SDLC, task force members are focused on selecting the new system design.
Multiple Choice:
1. Which control is not associated with new systems development activities?
a. reconciling program version numbers
c. user involvement
b. program testing
d. internal audit participation
2. Routine maintenance activities require all of the following controls except
a. documentation updates
c. formal authorization
b. testing
d. internal audit approval
3. Which statement is correct?
a. compiled programs are very susceptible to unauthorized modification
b. the source program library stores application programs in source code form
c. modifications are made to programs in machine code language
d. the source program library management system increases operating efficiency
4. Which control is not a part of the source program library management system?
a. using passwords to limit access to application programs
b. assigning a test name to all programs undergoing maintenance
c. combining access to the development and maintenance test libraries
d. assigning version numbers to programs to record program modifications
5. Which control ensures that production files cannot be accessed without specific permission?
a. Database Management System
c. Source Program Library Management System
b. Recovery Operations Function
d. Computer Services Function
6. Program testing
a. involves individual modules only, not the full system
b. requires creation of meaningful test data
c. need not be repeated once the system is implemented
d. is primarily concerned with usability
7. Which statement is not true?
a. An audit objective for systems maintenance is to detect unauthorized access to application databases.
b. An audit objective for systems maintenance is to ensure that applications are free from errors.
c. An audit objective for systems maintenance is to verify that user requests for maintenance reconcile to program
version numbers.
d. An audit objective for systems maintenance is to ensure that the production libraries are protected from
unauthorized access.
8. When the auditor reconciles the program version numbers, which audit objective is being tested?
a. protect applications from unauthorized changes
b. ensure applications are free from error
c. protect production libraries from unauthorized access
d. ensure incompatible functions have been identified and segregated
9. Which level of a data flow diagram is used to produce program code and database tables?
a. context level
c. intermediate level
b. elementary level
d. prototype level
10. Which is not a level of a data flow diagram?
a. conceptual level
c. intermediate level
b. context level
d. elementary level
11. Which statement is not correct? The structure design approach
a. is a top-down approach
b. is documented by data flow diagrams and structure diagrams
c. assembles reusable modules rather than creating systems from scratch
d. starts with an abstract description of the system and redefines it to produce a more detailed description of the
system

12. The benefits of the object-oriented approach to systems design include all of the following except
a. protect applications from unauthorized changes
b. ensure applications are free from error
c. protect production libraries from unauthorized access
d. ensure incompatible functions have been identified and segregated
13. Evaluators of the detailed feasibility study should not include
a. the internal auditor
c. a user perspective
b. the project manager
d. the system designer
14. A cost-benefit analysis is a part of the detailed
a. protect applications from unauthorized changes
b. ensure applications are free from error
c. protect production libraries from unauthorized access
d. ensure incompatible functions have been identified and segregated
15. Examples of one-time costs include all of the following except
a. hardware acquisition
c. site preparation
b. insurance
d. programming
16. Examples of recurring costs include
a. software acquisition
c. personnel costs
b. data conversion
d. system design
17. A commercial software system that is completely finished, tested, and ready for implementation is called a
a. backbone system
c. bench system
b. vendor-supported system
d. turnkey system
18. Which of the following is not an advantage of commercial software? Commercial software
a. can be installed faster than a custom system
b. can be easily modified to the users exact specifications
c. is significantly less expensive than a system developed in-house
d. is less likely to have errors than an equivalent system developed in-house
19. Which step is least likely to occur when choosing a commercial software package?
a. a detailed review of the source code
c. preparation of a request for proposal
b. contact with user groups
d. comparison of the results of a benchmark problem
20. The output of the detailed design phase of the System Development Life Cycle (SDLC) is a
a. fully documented system report
c. detailed system design report
b. systems selection report
d. systems analysis report
21. The detailed design report contains all of the following except
a. input screen formats
c. report layouts
b. alternative conceptual designs
d. process logic
22. System documentation is designed for all of the following group except
a. systems designers and programmers
c. accountants
b. end users
d. all of the above require systems documentation
23. Which type of documentation shows the detailed relationship of input files, programs, and output files?
a. structure diagrams
c. system flowchart
b. overview diagram
d. program flowchart
24. Typical contents of a run manual include all of the following except
a. run schedule
c. file requirements
b. logic flowchart
d. explanation of errors messages
25. Computer operators should have access to all of the following types of documentation except
a. a list of users who receive output
c. a list of all master files used in the system
b. a program code listing
d. a list of required hardware devices