Audit with IT

Question 1

What is the thing that an auditor’s client most likely to use to perform queries requested by the auditor of a relational database?

Answer 1

Data manipulation language is composed of commands used to maintain and query a database, including updating, inserting in, modifying and querying (asking for data).

Question 2

A computer-assisted audit technique that is most likely to be effective in a continuous auditing environment is

Answer 2

embedded audit modules are programmed routines incorporated directly into an application program that will help auditors perform audit functions such as calculations and to allow continuous monitoring.

Question 3

Data definition language (DDL)

Answer 3

Used to define a database, including creating, altering, and deleting tables and establishing various constraints

Question 4

Data control language (DCL)

Answer 4

Commands used to control a database, including controlling which users have various privileges (e.g., who is able to read from and write to various portions of the database).

Question 5

Structured query language (SQL)

Answer 5

—The most common language used for creating and querying relational databases (see below), its commands may be classified into three types:

1. Data Definition Language
2. Data Manipulation Language
3. Data Control Language

Question 6

Data manipulation language

Answer 6

is composed of commands used to maintain and query a database, including updating, inserting in, modifying and querying (asking for data).

Question 7

An auditor may decide not to perform tests of controls related to the computer portion of the client’s controls. Which of the following would not be a valid reason for choosing to omit tests of controls?

Answer 7

If controls appear adequate, the auditor tests them unless, (1) the costs of testing are expected to exceed the savings in substantive tests or
(2) the controls are redundant to other internal control activities. Therefore, this is not a valid reason for omitting tests of controls

Question 8

Controlled reprocessing

Answer 8

Controlled reprocessing, a variation of parallel simulation, processes actual client data through a copy of the client’s application program. As with parallel simulation, this method uses actual transactions and the auditor compares the output obtained with output obtained from the client. Limitations of this method include:

(a) Determining that the copy of the program is identical to that currently being used by the client.
(b) Keeping current with changes in the program.
(c) The time involved in reprocessing large quantities of data.

Question 9

Test Data Module

Answer 9

test data uses a set of dummy records and transactions developed to test a client’s computer program or system

Question 10

List 4 types of general control activities:

Answer 10

(a) developing new programs and systems,
(b) changing existing programs and systems,
(c) controlling access to programs and data, and
(d) controlling computer operations.

Question 11

An auditor anticipates assessing control risk at a low level in a computerized environment. Under these circumstances, What controls would the auditor initially focus?

Answer 11

auditors usually begin by considering general control procedures. Since the effectiveness of specific application controls is often dependent on the existence of effective general controls over all computer activities, this is usually an efficient approach.

Question 12

Continues or concurrent testing:

Answer 12

1. Transactions tagging
2. Systems and control audit review files (SCARF)
3. Extended records

Question 13

Database administrator

Answer 13

Individual responsible for maintaining the database and restricting access to the database to authorized personnel

Question 14

Electronic data interchange (EDI)

Answer 14

Involves an electronic transaction between companies
(one is selling, the other is buying).
1. The usual hardcopy documents (e.g. purchase orders, sales invoices) don’t exist!
2. The goal is greater efficiency and less paperwork - should result in lower receivable/payable balances.
3. Point-to-point (point of sale) transactions – Involve direct computer-to-computer communication between the parties.
4. Value Added Network– As indicated above, an independent company may develop the electronic infrastructure to facilitate these electronic business activities (along with support services).

Question 15

Advantages of PPS sampling

Answer 15

(1) Generally easier to use.
(2) Size of sample not based on variation of audited amounts.
(3) Automatically results in a stratified sample.
(4) Individually significant items are automatically identified.
(5) Usually results in a smaller sample size if no misstatements are expected.
(6) Can be easily designed and sample selection can begin before the complete population is available.