Auditing and IT

Question 1

Auditing I/C in a co.’s IT environment helps to?

Answer 1

1. ) Plan the rest of the audit

2. ) Asses the level of Control Risk

Question 2

What is a problem with auditing IT?

Answer 2

Less documentation

Question 3

What are 4 things that can affect the assessment of control risk in auditing IT?

Answer 3

1. ) Unauthorized access to systems or data is more difficult to catch.
2. ) Systems access controls adds another layer to separation of duties analysis
3. ) Focus should be on general controls
4. ) New systems

Question 4

Audit of IT is not required when?

Answer 4

1. ) Controls are redundant to another department.
2. ) The system doesn’t appear to be reliable and testing controls wouldn’t be an efficient use of time.
3. ) Cost > Benefit

Question 5

An audit of IT can be performed without directly interacting with the system if?

Answer 5

1. ) System isn’t complex/complicated

2. ) System output is detailed

Question 6

Who are IT personnel?

Answer 6

1. ) Database admin
2. ) Systems Analyst
3. ) Librarian

Question 7

What does a database admin do?

Answer 7

1. ) Maintains database
2. ) Restricts access
3. ) Responsible for IT I/C

Question 8

What does a systems analyst do?

Answer 8

1. ) Recommends changes or upgrades

2. ) Liaison between IT and users

Question 9

What does a librarian do?

Answer 9

1. ) Responsible for disc storage

2. ) Holds system documentation

Question 10

What is generalized audit software

Answer 10

1. ) Uses computer speed to quickly sort data and files, which leads to a more efficient audit.
2. ) compatible with different client IT systems
3. ) Extracts evidence from client databases
4. ) Tests data without auditor needing to spend time learning the IT system in detail.
5. ) client-tailored or commercially produced.

Question 11

What are the types of data in Structured Query Lnaguage (SQL)?

Answer 11

1. ) Relational database
2. ) Data definition language
3. ) Data manipulation language
4. ) Data control language

Question 12

What is a relational database?

Answer 12

• A group of related spreadsheets

- Retrieves information through queries

Question 13

What is data definition language?

Answer 13

• defines a database
• gives information on database structure
• maintains tables - can be joined together
• establishes database constraints

Question 14

What is data manipulation language?

Answer 14

• maintains and queries a database

- auditor needs information, so client uses DML to get the information needed.

Question 15

What is data control language?

Answer 15

• controls a database

- restricts access

Question 16

What are check digits?

Answer 16

• consistently added to a set of numbers

- makes it more difficult for a fraudulent account to be set up or go undetected.

Question 17

What is code review?

Answer 17

• tests a program’s processing logic

- advantageous because auditor gains a greater understanding of the program

Question 18

What is a limit test?

Answer 18

• examines data and looks for reasonableness using upper and lower limits.

Question 19

Wat is the test data method?

Answer 19

• auditor processes data with client’s computer
• fake transactions are used to test program control procedures
• each control needs to only be tested once

Question 20

What is a problem with test data method?

Answer 20

• fake data could combine with real data

Question 21

What are operating logs?

Answer 21

• Auditor can review logs to see which applications were run and by whom

Question 22

What is access security software?

Answer 22

• helpful in online environments

- restricts computer access; may use encryption

Question 23

What is library management software?

Answer 23

Logs any changes to system/applications, etc.

Question 24

What are embedded audit modules?

Answer 24

• assist with audit calculations

- enable continuous monitoring in an audit environment that is changing

Question 25

What is a weakness with embedded audit modules?

Answer 25

requires implementation into the system design.

Question 26

What is an audit hook?

Answer 26

Application instruction that gives auditor control over the application to grab transactions for analysis.

Question 27

What is transaction tagging?

Answer 27

Auditor tags transactions and traces them through the system.

Question 28

What is extended records?

Answer 28

Adds audit data to financial records to assist in audit trail creation

Question 29

What is real time processing?

Answer 29

Destroys prior data when updated aka “Destructive Updating”. Requires well documented audit trail.

Question 30

Why should an auditor audit both systems and applications?

Answer 30

If auditor aonly audits the outputs of a computer system and doesn’t also audit the software applications, an error in the applications could be missed.

Question 31

What is parallel simulation?

Answer 31

Client data is processing generalized audit software (GAS). Sample size can be expanded without significantly increasing the audit cost.