Auditing and IT Flashcards
Auditing IC in a company’s IT environment helps: (@)
Plan the rest of the audit
assess the level of control risk
Assess the level of Control Risk
Focus on general controls
When is Audit of IT not required? (3)
Controls are redundant to another department
System doesn’t appear to be reliable and testing controls would be an efficient use of time
COSTS > BENEFIT
Database Admin (3)
Maintains Database
Restricts Access
Responsible for IT IC
Systems Analyst (2)
Recommends changes or upgrades
Liaison between IT and users
Librarian (2)
Responsible for disc storage
Holds System Documentation
What is Generalized Audit Strategy (5)
Uses computer speed to quickly sort data and files, which leads to a more efficient audit
Compatible with different client IT systems
Extracts evidence from client databases
Tests data without auditor needing to spend time learning the IT system in detail
Client tailored or commercially produced
What is check digits?
Consistently added to a set of of numbers
Makes it more difficult for a fraudulent account to be set up or go undetected
What is limit test?
Examines data and looks for reasonableness using upper and lower limits
What is test data method?
Auditor processes data with client’s computer
Fake transactions are used to test program control procedures
Each control needs to only be tested once
What are embedded audit modules?
Assist audit calculations
Enable continuous monitoring in an audit environment that is changing
Systems vs Application Outputs
if the auditor only audits the outputs of a computer system and doesn’t also audit the software applications, an error in the application could be missed
Compiler
Software that translates source program into a language that the computer can understand
What is parallel simulation
Client data is processed using generalized audit software
Sample size can be expanded without significantly increasing the audit cost
Gas Outpot compared to client output