Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AT > 7 Auditing in an IT (CIS) Environment > Flashcards

7 Auditing in an IT (CIS) Environment Flashcards

1
Q

7
Characteristics of CIS compare to manual environment

  1. Lack of visible audit trail
    -paperless
  2. Consistency of performance
    -CIS functions exactly as programmed
  3. Concentration of duties
    -still dapat iapply parin dito yung segregation of duties sa CAR (Custody, Authorization, Recording)
  4. Ease of access to data and computer programs
  5. System Generated transactions
  6. Vulnerability of data and program storage
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

7
NOTES:
*Same objectives and responsibilities as manual
*Also same stages (Preliminary, planning, etc)
*Iba lang dito, kasi ang FOCUS SA AUDIT OF CIS AY TOC. May substantive testing parin, pero konti lang. Bakit? Kasi wala naman audit trails sa “IT Applications”.
*At dahil sa use of IT Applications or other aspects in IT enviroment, IT MAY GIVE RISE TO RISKS ARISING FROM THE USE OF IT (RAIT)

*To address RAITs, management designs and incorporates IT controls. Please provide (3)

A
  1. Entity Level IT Controls
    -IT Environment
    -a.k.a. IT organizational controls
    -designed to define the strategic direction and establish an organizational framework for IT activities including (SSPARTA)
    a. Strategies and plans
    b. Segregation of incompatible duties
    c. Policies and Procedures
    d. Assurance of Quality
    e. Risk assessment activities
    f. Training
    g. Audit (internal) and Monitoring
  2. General IT Controls
    -controls over the entity’s IT Processes
    -completeness, accuracy and validity of information
    -this includes (COA):
    a. Changes on IT controls
    b. Operations of IT controls
    c. Access controls
  3. Application Controls
    -found within the different software programs
    -like other controls, it supports the proper authorization, completeness, accuracy, and validity of input, process, and output of transactions
    -relate to the processing of individual transactions
    -includes (IPO):
    a. Input Controls
    b. Processing controls
    c. Output Controls
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

7
The entity’s use of IT applications or other aspects in the IT environment may give rise to________ (RAIT)

This refer to the susceptibility of information processing controls to ineffective design or operation, or risks to the integrity of information (i.e. completeness, accuracy, validity, of transactions and other information) in the entity’s information system

A

Risk Arising from the use of IT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

7
Due to the complexities of an IT environment, auditor may use the work of an expert in the field of IT.

It should be emphasized that the auditor still has the sole responsibility for the audit opinion expressed, and that responsibility is not reduced by the auditor’s use of the work of an IT specialist

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

7
Test of IT Controls

Please provide two categories and explain

A
  1. Auditing AROUND the computer (aka Black-Box Approach)
    -the full potential of computers as an audit tool is NOT utilized
    -it ignores the IT system processes
    -only done by comparing inputs and output
    -usually applicable for audits that involve small scale entities whose IT environments are not complex
    -CAATs not applicable
    -no specific expertise required
    -ex. audit of aging of receivable, in order to examine the accuracy and completeness of schedule (output), just compare the supporting docs (input) such as invoices
  2. Auditing THROUGH the computer (aka White-box approach or Crystal-box testing)
    -test the input, processing and output
    -computers are considered essential tools for this audit procedure
    -executed thru CAATs
    -hence, knowledge and skills in the software, programs and techniques used

See pg. 294-295 for diagram

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

7
CAATs means? and explain.

A

Computer-Assited Auditing Techniques
-used by auditing through the computer
-software tools that provide detailed analysis of computer systems configurations, vulnerability, logs, and other information
-have built in report writers that generate predefined reports that contain findings relevant to the TOC
-use of CAATs requires more extensive planning considerations as it can be time-consuming and expensive
-expert training is often needed to utilize these techniques

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

7
Categories of Test of Controls using CAATs

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

7
Test of IT Controls using CAATs may be divided into the following categories of techniques (4) and explain:

A
  1. Program Analysis
    a. Code review
    b. Comparison diagrams
    c. Flowcharting software - programs logic
    d. program tracing and mapping
    e. snapshot - takes picture
  2. Program Testing
    a. test data - dummy transactions
    b. integrated test facility (ITF) or integrated test data or Minicompany approach
    c. base case system evaluation (BCSE) -special type of test data which auditor can have more assurance than test data alone. though this is time consuming
    d. parallel simulation - two actual data through audit generalized software and auditor’s software
    e. controlled reprocessing - variation of parallel simulation
  3. Continuous Testing - advance computer systems, particularly utilizing EDI (elecetronic data interchange)
    a. embedded audit modules
    b. system control audit review file (SCARF)
    c. audit hooks
    d. transaction tagging
    e. extended records
  4. Review of Operating Systems
    a. Job accounting data/operating system logs
    b. Library management software
    c. Access control and security software
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

7
____ involves an entity’s computer communicating with another’s computer to conduct business and financial transactions electronically across the globe

A

Electronic Commerce (ECommerce)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

7
E-Commerce Activities (4):

A
  1. Business to Business (B2B)
  2. Business to Government (B2G)
  3. Business to Consumer (B2C)
  4. Business to Employee (B2E)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

7
Computerized Audit Tools

A

a. Generalized Audit Software (GAS) / Package Programs

b. Electronic Spreadsheet

c. Automated working software

d. Database Management System

e. Text retrieval software / Text database software / Technical Guidance Library

f. Public Databases

g. Word Processing Software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

7
Which of the following methods of testing application controls utilizes a generalized audit software package prepared by the auditors?

Integrated testing facility
Exception report tests
Test data approach
Parallel simulation

A

Parallel simulation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

7
In a highly automated information processing system tests of control

Must be performed in all circumstances
Are required in first year audits
May be required in some circumstances
Are never required

A

MAY BE required in some circumstances

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

In a CIS environment, the auditor must, at a minimum, have

A

Sufficient Knowledge of the computer INFORMMATION system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

General Controls includes:

Developing, Maintaining, Modifying computer programs

Application Controls includes:
Input, Processing, Output

A

Yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

AT (13 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions