Auditing and IT Flashcards
When is an audit of IT not required?
Controls are redundant to another department. The system does not appear to be reliable and testing controls would not be efficient use of Time. Cost exceeds benefits
When can an audit of IT be performed without directly interacting with the system?
System isn’t complex or complicated. System output is detailed
What is the role of a database administrator?
Maintains database. Restricts access. Responsible for IT internal control
What is the role of a System’s Analyst?
Recommends changes or upgrades. Liaison between IT and users
What is the role of the data Librarian?
Responsible for disc storage. Holds system documentation
What is the benefit of generalized audit software in an audit?
Uses computer speed to quickly sort data and files - which leads to a more efficient audit. Compatible with different client IT systems. Extracts evidence from client databases. Tests data without auditor needing to spend time learning the IT system in detail. Client-tailored or commercially produced
What is a Relational Database?
Group of related spreadsheets. Retrieves information through Queries
What is a Data Definition Language?
A language that defines a database and gives information on database structure. It maintains tables - which can be joined together. It establishes database constraints.
What functions are performed by a Data Manipulation Language?
Maintains and queries a database. Auditor needs information - so client uses DML to get the information needed
What functions are performed by a Data Control Language?
A Data Control Language controls a database and restricts access to the database
What are check digits?
A numerical character consistently added to a set of numbers. It makes it more difficult for a fraudulent account to be set up or go undetected
What is the purpose of a Code Review?
A Code Review tests a program’s processing logic. Advantageous because auditor gains a greater understanding of the program
What is the purpose of a Limit Test?
Examines data and looks for reasonableness using upper and lower limits to determine if data fits the correct range. Did anyone score higher than 100%?
What is the Test Data Method?
Auditor processes data with client’s computer - fake transactions are used to test program control procedures. Each control needs to only be tested once. Problem with this method - fake data could combine with real data
How can Operating System Logs be utilized during an audit?
Auditor can review logs to see which applications were run and by whom