auditing in CBE Flashcards
What are the two main categories of internal controls in a computer-based environment?
Application controls and general controls.
What do application controls relate to?
They relate to procedures used to initiate, record, process, and report transactions or other financial data to ensure accuracy and completeness.
What are the four categories of application controls?
Input controls, processing controls, output controls, and master files and standing data controls.
Give an example of an input control.
Edit checks, such as reasonableness checks or range checks.
What are processing controls designed to ensure?
They ensure the accuracy and completeness of data processing by comparing input and output totals.
What are output controls?
Controls that ensure the accuracy and completeness of output data, such as the controlled resubmission of rejected transactions.
What do master files and standing data controls involve?
They involve checking changes to master files and ensuring the accuracy of data such as customer price changes.
What are general controls?
Policies and procedures that support the effective functioning of application controls and maintain the integrity of data in various IT environments.
What do administrative controls include?
Controls over data centre operations, network operations, and access security.
What are system development controls?
Controls over system software acquisition, development, maintenance, program changes, and application system development.
What are computer-assisted audit techniques (CAATs)?
Techniques that use computers to apply auditing procedures, including audit software, test data, and other techniques.
What are the types of audit software used in CAATs?
Package programs, purpose-written programs, and enquiry programs.
What is the purpose of test data in CAATs?
To test the operation of application controls by processing dummy data with error conditions.
What is an integrated test facility?
A technique where dummy records are used within the client’s live system to test controls without corrupting master files.
What are embedded audit facilities?
Audit tools embedded into the client’s application software to perform audit functions and gather information for review.
How does a computer-based system impact audit planning?
Auditors need to consider the effect of IT on audit procedures, including data availability and CAATs.
What does ISA 315 require auditors to do regarding internal controls?
Obtain an understanding of internal controls, including both IT and manual systems.
What does ISA 330 require from auditors in response to assessed risks?
Design and perform further audit procedures based on assessed risks of material misstatement.
What is the difference between ‘round the machine’ and ‘through the machine’ approaches to testing?
‘Round the machine’ involves reconciling input and output without detailed testing of controls; ‘through the machine’ involves using CAATs to test controls directly.
What should auditors do when dealing with small computer-based systems?
They may use ‘round the computer’ auditing if sufficient evidence is obtained through testing input and output.
What is the integral role of IT in modern accounting and management information systems?
IT is essential for gathering, processing, and reporting financial information and is used by auditors to audit financial statements.
What are the main aspects of auditing in a computer-based environment covered in the article?
- Application controls (input, processing, output, master file controls)
- Computer-assisted audit techniques (CAATs)
What are application controls in a computer-based accounting system?
Application controls ensure the completeness and accuracy of accounting records and the validity of entries, covering input, processing, output, and master file controls.
What are the objectives of input controls?
To ensure that input data is authorized, complete, accurate, and timely.
List some specific input validation checks.
- Format checks
- Range checks
- Compatibility checks
- Validity checks
- Exception checks
- Sequence checks
- Control totals
- Check digit verification
What do format checks ensure in input controls?
That information is input in the correct format, e.g., dates in numeric format only.
What do range checks ensure in input controls?
That the information input is reasonable and within expected limits, e.g., purchase invoices not exceeding $50,000.
What do compatibility checks ensure in input controls?
That data input from two or more fields is compatible, e.g., sales invoice values and sales tax amounts.
What do validity checks ensure in input controls?
That data input is valid, e.g., costs for completed jobs are not input.
What do exception checks ensure in input controls?
That unusual situations are highlighted in exception reports, e.g., negative inventory values.
What do sequence checks ensure in input controls?
Completeness of processing by rejecting documents processed out of sequence, e.g., pre-numbered goods received notes.
What do control totals ensure in input controls?
Completeness of processing by comparing pre-input control totals with input control totals, e.g., batch totals of purchase invoices.
What is the purpose of check digit verification in input controls?
To ensure data accuracy using algorithms, e.g., validating supplier numerical reference codes.
What are processing controls designed to ensure?
That data input is processed correctly and data files are updated accurately and timely.
What are examples of processing controls?
Run-to-run controls, processing of rejected data, and following procedures for rejected items.
What are output controls designed to ensure?
That data is processed correctly and output is distributed only to authorized users.
List some common output controls.
- Use of batch control totals
- Review and follow-up of exception reports
- Timely data processing scheduling
- Formal distribution instructions
- Monitoring by a responsible official
What is the purpose of master file controls?
To ensure the ongoing integrity of standing data contained in master files.
List some master file controls.
- Use of passwords
- Amendment procedures with segregation of duties
- Regular checking of master file data
- Processing controls over updates
What are Computer-Assisted Audit Techniques (CAATs)?
Techniques where auditors use computer tools to assist in auditing procedures, including audit software, test data, and other techniques.
What are the three classifications of CAATs?
- Audit software
- Test data
- Other techniques
What are the two types of audit software?
- Packaged programs
- Purpose-written programs
What are packaged programs in audit software?
Pre-prepared general programs used for various audit tasks, such as sample selection and arithmetic checks
What are purpose-written programs in audit software?
Client-specific programs used for particular audit tasks, such as re-performing control procedures or analyzing balances.
What are enquiry programs in audit software?
Programs integral to the client’s system but adapted for audit purposes, e.g., reporting employee starters and leavers.
What is the purpose of audit test data?
To test the existence and effectiveness of controls built into an application program by processing dummy transactions and comparing results.
What is an integrated test facility?
A special setup within the accounting system where dummy records are processed alongside live data to avoid corrupting the client’s system.
What are embedded audit facilities (EAFs)?
Programs embedded in the client’s application software to perform audit functions, such as tagging transactions and recording audit results.
What is application program examination in auditing?
Comparing application controls before and after system amendments to ensure proper implementation and reliability.
How should auditors approach audits in computer-based environments?
By adapting audit approaches, planning, and techniques to the computer-based systems, while ensuring key audit objectives remain unchanged.
