Auditing an IT Environment

Question 1

What is an IT Environment

Answer 1

Consists of IT applications and supporting IT infrastructures as well as the IT processes and personnel involved in those processes that an entity uses to support business operations and achieve business strategies

Question 2

IT Application

Answer 2

Program or set of programs that is used in the initiation processing recording and reporting of transactions or information.

Question 3

IT infrastructures

Answer 3

Comprises the network, operating system, and databases and their related hardware and software

Question 4

IT Processes

Answer 4

Entity’s processes to manage access to the IT environment, manage program changes or changes to the IT environment and manage IT operations

Question 5

Components of IT Infrastructure

Answer 5

1. Database System
2. Operating System
3. Networks

Question 6

Examples of Networks

Answer 6

1. LAN- Local Area Network
2. MAN- Metropolitan Area Network
3. NAN- National Area Network
4. WAN- Wide Area Network
5. Internet

Question 7

Hardware

Answer 7

Physical Devices or equipment used to accomplish data processing functions

Question 8

Software

Answer 8

Consists of sets of instructions or programs that direct, control, and coordinates the operation of the hardware components

Question 9

What is Risk arising from the use of IT (RAIT)

Answer 9

Susceptibility of information processing controls to ineffective design or operation or risk to the integrity of information in the information system due to ineffective design or operation of controls in the entity’s IT process

Question 10

Entity Wide general Controls

Answer 10

1. Strategies and Plans
2. Segregation of Duties
3. Policies and procedures
4. Quality Assurance
5. Risk Assessment Activities
6. Training
7. Internal Audit and Monitoring

Question 11

General IT Controls

Answer 11

1. Controls over IT changes
2. IT Operations Controls
3. Access Controls

Question 12

Handled by a Chief Information Officer who supervises the operation of the department

Answer 12

Information System Management

Question 13

Responsibilities within an Information Systems Department

Answer 13

1. Information Systems Management.
2. System Analysis
3. Application Programming
4. Database Administration
5. Data Entry
6. Computer Operation
7. Program and File Library
8. Data Control
9. Telecommunication
10. Quality Assurance

Question 14

Types of Computer Systems

Answer 14

1. Management Reporting Systems
2. Transaction Processing Systems

Question 15

Management Reporting System

Answer 15

Designed to help with the decision making process by providing access to computer daa

Question 16

Transaction Processing Systems

Answer 16

Involved in the daily processing of transactions

Question 17

Cold Site

Answer 17

Similar to a hotsite, but the customer provides and installs the equipment needed to continue operation

Question 18

Hot Site

Answer 18

Commercial disaster recovery service that allows a business to continue computer operations in the event of a computer disaster

Question 19

Gateway

Answer 19

A hardware and software solution that enables communications between two dissimilar networking systems or protocols.

Question 20

General Controls

Answer 20

Control policies and procedures that relate to the overall computer information system

Question 21

Application Controls

Answer 21

Control policies and procedures that relate to specific use of the system in order to provide reasonable assurance that all transactions are authorized, recorded, and are processed completely, accurately and on a timely basis

Question 22

Examples of Application Controls

Answer 22

1. Controls over input
2. Controls over processing and computer data files
3. Controls over output

Question 23

Check digit

Answer 23

Adding an extra number at the end of each account number and subjected the new number to an algorithm

Question 24

Blackbox Approach

Answer 24

Involves procedures generally performed in testing manual control structure
Focuses solely on the input documents and the IT output

Question 25

Whitebox Approach

Answer 25

A. Auditing with the computer- uses computer of entity as an audit tool
B. Auditing through the computer- enters the client’s system and examines directly the computer and its system and application softwares

Question 26

Categories of Computer-Assisted Auditing Techniques

Answer 26

1. Program Analysis
2. Program Testing
3. Continuous testing
4. Review of Operating Systems

Question 27

Program Analysis

Answer 27

Technique which allows auditor to gain an understanding of the client’s program

Question 28

Program Testing

Answer 28

Involves the use of auditor-controlled actual or simulated data. Also provides direct evidence about the operation of programs and programmed controls