Auditing and IT Flashcards
Auditing I/C in a co.’s IT environment helps to?
- ) Plan the rest of the audit
2. ) Asses the level of Control Risk
What is a problem with auditing IT?
Less documentation
What are 4 things that can affect the assessment of control risk in auditing IT?
- ) Unauthorized access to systems or data is more difficult to catch.
- ) Systems access controls adds another layer to separation of duties analysis
- ) Focus should be on general controls
- ) New systems
Audit of IT is not required when?
- ) Controls are redundant to another department.
- ) The system doesn’t appear to be reliable and testing controls wouldn’t be an efficient use of time.
- ) Cost > Benefit
An audit of IT can be performed without directly interacting with the system if?
- ) System isn’t complex/complicated
2. ) System output is detailed
Who are IT personnel?
- ) Database admin
- ) Systems Analyst
- ) Librarian
What does a database admin do?
- ) Maintains database
- ) Restricts access
- ) Responsible for IT I/C
What does a systems analyst do?
- ) Recommends changes or upgrades
2. ) Liaison between IT and users
What does a librarian do?
- ) Responsible for disc storage
2. ) Holds system documentation
What is generalized audit software
- ) Uses computer speed to quickly sort data and files, which leads to a more efficient audit.
- ) compatible with different client IT systems
- ) Extracts evidence from client databases
- ) Tests data without auditor needing to spend time learning the IT system in detail.
- ) client-tailored or commercially produced.
What are the types of data in Structured Query Lnaguage (SQL)?
- ) Relational database
- ) Data definition language
- ) Data manipulation language
- ) Data control language
What is a relational database?
- A group of related spreadsheets
- Retrieves information through queries
What is data definition language?
- defines a database
- gives information on database structure
- maintains tables - can be joined together
- establishes database constraints
What is data manipulation language?
- maintains and queries a database
- auditor needs information, so client uses DML to get the information needed.
What is data control language?
- controls a database
- restricts access
What are check digits?
- consistently added to a set of numbers
- makes it more difficult for a fraudulent account to be set up or go undetected.
What is code review?
- tests a program’s processing logic
- advantageous because auditor gains a greater understanding of the program
What is a limit test?
- examines data and looks for reasonableness using upper and lower limits.
Wat is the test data method?
- auditor processes data with client’s computer
- fake transactions are used to test program control procedures
- each control needs to only be tested once
What is a problem with test data method?
- fake data could combine with real data
What are operating logs?
- Auditor can review logs to see which applications were run and by whom
What is access security software?
- helpful in online environments
- restricts computer access; may use encryption
What is library management software?
Logs any changes to system/applications, etc.
What are embedded audit modules?
- assist with audit calculations
- enable continuous monitoring in an audit environment that is changing
What is a weakness with embedded audit modules?
requires implementation into the system design.
What is an audit hook?
Application instruction that gives auditor control over the application to grab transactions for analysis.
What is transaction tagging?
Auditor tags transactions and traces them through the system.
What is extended records?
Adds audit data to financial records to assist in audit trail creation
What is real time processing?
Destroys prior data when updated aka “Destructive Updating”. Requires well documented audit trail.
Why should an auditor audit both systems and applications?
If auditor aonly audits the outputs of a computer system and doesn’t also audit the software applications, an error in the applications could be missed.
What is parallel simulation?
Client data is processing generalized audit software (GAS). Sample size can be expanded without significantly increasing the audit cost.
