Multiple Choice Questions:

1. Which of the following about application control is not true?

a. The control functions do not vary based on the business purpose of the specific
application, but the main objective is to help ensure the privacy and security of data used
by and transmitted between applications.
b. Processing Controls ensure processing is complete, accurate, and authorized.
c. Output Controls compare output results with expected results by checking the output
against the input.
d. Management Trial (Audit Trail) Controls monitors the effectiveness of other controls and
identifies errors as close as possible to their sources.

2. The following are examples of application control except:

a. Input control
b. Output control
c. Forensic control
d. Software control

3. Which of the following are not key features and benefits of application control?
a. Identify and control which applications are in your it environment and which to add to
the it environment.
b. Control the design, security, and use of computer programs and the security of data files
in general throughout the organization.
c. Automatically identify trusted software that has authorization to run.
d. Prevent all other, unauthorized applications from executing – they may be malicious,
untrusted, or simply unwanted.

4. Which of the following about application control is not true?

a. Once an application control is established, and there is little change to the application,
database, or supporting technology, the organization can rely on the application control
until a change occurs.
b. An application control will continue to operate more effectively if the general controls
that have a direct impact on its programmatic nature are operating effectively as well. as
a result, the auditor will be able to test the control once and not multiple times during the
testing period.
c. Application controls are typically tested one time as long as the general controls are
effective.
d. Application controls generally take more time to test than general controls.
5. Which of the following is not a category of an application control?
a. Processing controls
b. Output controls
c. Hardware controls
d. Input controls

6. Which of the following statements related to application controls is correct?

a. Application controls relate to various aspects of the IT function including software
acquisition and the processing of transactions.
b. Application controls relate to various aspects of the IT function including physical
security and the processing of transactions in various cycles.
c. Application controls relate to all aspects of the IT function.
d. Application controls relate to the processing of individual transactions.

7. Controls which apply to a specific element of the system are called:

a. User controls
b. General controls
c. Systems controls
d. Applications controls

8. Which of the following is not an example of an applications control?

a. An equipment failure causes system downtime.
b. There is a preprocessing authorization of the sales transactions.
c. There are reasonableness tests for the unit selling price of a sale.
d. After processing, all sales transactions are reviewed by the sales department.

9. Programmers should be allowed access to:

a. Systems controls
b. User controls
c. General controls
d. Applications controls

10. Which of the following is not an application control?

a. Preprocessing authorization of sales transactions.
b. Reasonableness test for unit selling price of sale.
 c. Post-processing review of sales transactions by the sales department.
d. Separation of duties between computer programmer and operators.

11. Controls which are designed to assure that the information processed by the computer is
authorized, complete, and accurate are called:
a. Input controls
b. Processing controls
c. Output controls
d. General controls

12. Which of the following is not a processing control?

a. Control totals
b. Logic tests
c. Check digits
d. Computations tests

13. Where computer processing is used in significant accounting applications, internal control
procedures may be defined by classifying control procedures in two types: general and
a. Administrative
b. Specific
c. Application
d. Authorization

14. Which of the following computer related employees should not be allowed access to program
listings of application programs?
a. The systems analyst
b. The programmer
c. The operator
d. The librarian

15. Which of the following is not an example of an applications control?

a. Back-up of data to a remote site for data security.
b. There is a preprocessing authorization of the sales transactions.
c. There are reasonableness tests for the unit selling price of a sale.
d. After processing, all sales transactions are reviewed by the sales department.
16. Which of the following is not an example of an applications control?
a. There are reasonableness tests for the unit selling price of a sale.
b. After processing, all sales transactions are reviewed by the sales department. There is a
preprocessing authorization of the sales transactions.
c. An equipment failure causes an error message on the monitor.
d. An equipment failure causes an error message on the monitor.

17. In their consideration of a client’s CIS controls, the auditors will encounter general controls
and application controls. Which of the following is an application control?
a. The operations manual
b. Hash total
c. Systems documentation
d. Control over programs changes

18. Which of the following statements related to application controls is correct?

a. Application controls relate to various aspects of the CIS operation including software
acquisition and the processing of transactions.
b. Application controls relate to various aspects of the CIS operation including physical
security and the processing of transactions in various cycles.
c. Application controls relate to all aspects of the CIS operation.
d. Application controls relate to the processing of individual transactions.

19. Which of the following controls would be correctly classified as an application control?
a. Honesty testing to hire only honest individuals.
b. Organizationally separating the data processing functions from the accounting functions.
c. A manually prepared control total to verify that all transactions are correctly processed
through the system.
d. Storing supplies in a locked room with only the supply clerk having a key to the room.

20. Auditors should evaluate the general controls before evaluating _______because of the
potential for pervasive effects.
a. System controls
b. Hardware controls
c. User controls
d. Application controls
21. Which of the following statements is correct?
a. Auditors should evaluate application controls before evaluating general controls.
b. Auditors should evaluate application controls and general controls simultaneously.
c. Auditors should evaluate general controls before evaluating application controls.
d. None of these statements is correct.

22. Output controls are not designed to assure that data generated by the computer are:
a. Accurate
b. Distributed only to authorized people
c. Complete
d. Used appropriately by employees in making decisions

23. Application controls vary across the IT system. To gain an understanding of internal control
for a private company, the auditor must evaluate the application controls for every:
a. Every audit area.
b. Every material audit area.
c. Every audit area in which the client uses the computer.
d. Every audit area where the auditor plans to reduce assessed control risk.

24. The most important output control is:

a. Distribution control, which assures that only authorized personnel receive the reports
generated by the system.
b. Review of data for reasonableness by someone who knows what the output should look
like.
c. Control totals, which are used to verify that the computer’s results are correct.
d. Logic tests, which verify that no mistakes were made in processing.

25. Controls which are designed to assure that data generated by the computer is valid, accurate,
complete, and distributed only to authorized people are called:
a. Input controls
b. Processing controls
c. Output controls
d. General controls
26. Controls focus on detecting errors after processing is completed rather than preventing errors
prior to processing are called:
a. System controls
b. Processing controls
c. Hardware controls
d. Output controls

27. Auditors usually obtain information about application controls through:

a. Interviews with IT personnel
b. Examination of systems documentation
c. Reading program change requests
d. All of the above methods

28. _________ controls prevent and detect errors while transaction data are processed.
a. Software
b. Application
c. Processing
d. Transaction

29. Controls that apply to processing of transactions are called:

a. General controls
b. Hardware controls
c. Systems controls
d. Applications controls

30. Computer information system application controls include, except:

a. Controls over input
b. Controls over processing and computer data files
c. Controls over output
d. Monitoring control

31. Certain CIS application controls that are particularly important to on line processing least
likely include:
a. Pre-processing authorization
b. Transaction logs
 c. Cut off procedures
d. Balancing

32. Which of the following methods of testing application controls utilizes a generalized audit
software package prepared by the auditors?
a. Parallel simulation
b. Test data approach
c. Integrated testing facility approach
d. Exception report tests

33. Which of the following controls ensures the integrity of specific systems such as sales order
processing, accounts payable, and payroll applications?
a. General controls
b. Information controls
c. Application controls
d. Internal control

34. Computer accounting control procedures are referred to as general or application controls.
The primary objectives of application controls in a computer environment is to
a. Ensure that the computer system operates efficiently.
b. Ensure the validity, completeness, and accuracy of financial transactions.
c. Provide controls over the electronic functioning of the hardware.
d. Plan for the protection of the facilities and backup for the systems.

35. Computer applications use routines for checking the validity and accuracy of transaction data
called:
a. Operating system
b. Edit programs
c. Compiler programs
d. Integrated test facilities
e. Compatibility test

36. Which of the following is an example of input control?

a. Making sure that output is distributed to the proper people.
b. Monitoring the work of programmers.
c. Collecting accurate statistics of historical actions while gathering data.
 d. Recalculating an amount to ensure its accuracy.
e. Having another person review the design of a business form.

37. A control designed to validate a transaction at the point of data entry is

a. Recalculation of a batch total
b. A record count
c. A check digit
d. Check points
e. Recalculation of hash total

38. The controls in a computerized system are classified as

a. Input, processing, and output
b. Input, processing, output, and storage
c. Input, processing, output, and control
d. Input, processing, output, storage, and control
e. Collecting, sorting, summarizing, and reporting

39. An electronic walk through of the application's internal logic is called

a. A salami logic test
b. An integrated test
c. Tracing
d. A logic bomb test

40. In a computer system, how are accounting records posted?

a. Master file is updated to a transaction file.
b. Master file is updated to an index file.
c. Transaction file is updated to a master file.
d. Master file is updated to a year-to-date file.
e. Current balance file is updated to an index file.
Multiple Choice Answers:

1. A 21. C
2. D 22. D
3. B 23. D
4. D 24. B
5. C 25. C
6. D 26. D
7. D 27. D
8. A 28. C
9. D 29. D
10. D 30. D
11. A 31. B
12. C 32. A
13. C 33. C
14. C 34. B
15. A 35. B
16. D 36. D
17. B 37. C
18. D 38. D
19. C 39. C
20. D 40. C