auditing in CBE

Question 1

What are the two main categories of internal controls in a computer-based environment?

Answer 1

Application controls and general controls.

Question 2

What do application controls relate to?

Answer 2

They relate to procedures used to initiate, record, process, and report transactions or other financial data to ensure accuracy and completeness.

Question 3

What are the four categories of application controls?

Answer 3

Input controls, processing controls, output controls, and master files and standing data controls.

Question 4

Give an example of an input control.

Answer 4

Edit checks, such as reasonableness checks or range checks.

Question 5

What are processing controls designed to ensure?

Answer 5

They ensure the accuracy and completeness of data processing by comparing input and output totals.

Question 6

What are output controls?

Answer 6

Controls that ensure the accuracy and completeness of output data, such as the controlled resubmission of rejected transactions.

Question 7

What do master files and standing data controls involve?

Answer 7

They involve checking changes to master files and ensuring the accuracy of data such as customer price changes.

Question 8

What are general controls?

Answer 8

Policies and procedures that support the effective functioning of application controls and maintain the integrity of data in various IT environments.

Question 9

What do administrative controls include?

Answer 9

Controls over data centre operations, network operations, and access security.

Question 10

What are system development controls?

Answer 10

Controls over system software acquisition, development, maintenance, program changes, and application system development.

Question 11

What are computer-assisted audit techniques (CAATs)?

Answer 11

Techniques that use computers to apply auditing procedures, including audit software, test data, and other techniques.

Question 12

What are the types of audit software used in CAATs?

Answer 12

Package programs, purpose-written programs, and enquiry programs.

Question 13

What is the purpose of test data in CAATs?

Answer 13

To test the operation of application controls by processing dummy data with error conditions.

Question 14

What is an integrated test facility?

Answer 14

A technique where dummy records are used within the client’s live system to test controls without corrupting master files.

Question 15

What are embedded audit facilities?

Answer 15

Audit tools embedded into the client’s application software to perform audit functions and gather information for review.

Question 16

How does a computer-based system impact audit planning?

Answer 16

Auditors need to consider the effect of IT on audit procedures, including data availability and CAATs.

Question 17

What does ISA 315 require auditors to do regarding internal controls?

Answer 17

Obtain an understanding of internal controls, including both IT and manual systems.

Question 18

What does ISA 330 require from auditors in response to assessed risks?

Answer 18

Design and perform further audit procedures based on assessed risks of material misstatement.

Question 19

What is the difference between ‘round the machine’ and ‘through the machine’ approaches to testing?

Answer 19

‘Round the machine’ involves reconciling input and output without detailed testing of controls; ‘through the machine’ involves using CAATs to test controls directly.

Question 20

What should auditors do when dealing with small computer-based systems?

Answer 20

They may use ‘round the computer’ auditing if sufficient evidence is obtained through testing input and output.

Question 21

What is the integral role of IT in modern accounting and management information systems?

Answer 21

IT is essential for gathering, processing, and reporting financial information and is used by auditors to audit financial statements.

Question 22

What are the main aspects of auditing in a computer-based environment covered in the article?

Answer 22

1. Application controls (input, processing, output, master file controls)
2. Computer-assisted audit techniques (CAATs)

Question 23

What are application controls in a computer-based accounting system?

Answer 23

Application controls ensure the completeness and accuracy of accounting records and the validity of entries, covering input, processing, output, and master file controls.

Question 24

What are the objectives of input controls?

Answer 24

To ensure that input data is authorized, complete, accurate, and timely.

Question 25

List some specific input validation checks.

Answer 25

1. Format checks
2. Range checks
3. Compatibility checks
4. Validity checks
5. Exception checks
6. Sequence checks
7. Control totals
8. Check digit verification

Question 26

What do format checks ensure in input controls?

Answer 26

That information is input in the correct format, e.g., dates in numeric format only.

Question 27

What do range checks ensure in input controls?

Answer 27

That the information input is reasonable and within expected limits, e.g., purchase invoices not exceeding $50,000.

Question 28

What do compatibility checks ensure in input controls?

Answer 28

That data input from two or more fields is compatible, e.g., sales invoice values and sales tax amounts.

Question 29

What do validity checks ensure in input controls?

Answer 29

That data input is valid, e.g., costs for completed jobs are not input.

Question 30

What do exception checks ensure in input controls?

Answer 30

That unusual situations are highlighted in exception reports, e.g., negative inventory values.

Question 31

What do sequence checks ensure in input controls?

Answer 31

Completeness of processing by rejecting documents processed out of sequence, e.g., pre-numbered goods received notes.

Question 32

What do control totals ensure in input controls?

Answer 32

Completeness of processing by comparing pre-input control totals with input control totals, e.g., batch totals of purchase invoices.

Question 33

What is the purpose of check digit verification in input controls?

Answer 33

To ensure data accuracy using algorithms, e.g., validating supplier numerical reference codes.

Question 34

What are processing controls designed to ensure?

Answer 34

That data input is processed correctly and data files are updated accurately and timely.

Question 35

What are examples of processing controls?

Answer 35

Run-to-run controls, processing of rejected data, and following procedures for rejected items.

Question 36

What are output controls designed to ensure?

Answer 36

That data is processed correctly and output is distributed only to authorized users.

Question 37

List some common output controls.

Answer 37

1. Use of batch control totals
2. Review and follow-up of exception reports
3. Timely data processing scheduling
4. Formal distribution instructions
5. Monitoring by a responsible official

Question 38

What is the purpose of master file controls?

Answer 38

To ensure the ongoing integrity of standing data contained in master files.

Question 39

List some master file controls.

Answer 39

1. Use of passwords
2. Amendment procedures with segregation of duties
3. Regular checking of master file data
4. Processing controls over updates

Question 40

What are Computer-Assisted Audit Techniques (CAATs)?

Answer 40

Techniques where auditors use computer tools to assist in auditing procedures, including audit software, test data, and other techniques.

Question 41

What are the three classifications of CAATs?

Answer 41

1. Audit software
2. Test data
3. Other techniques

Question 42

What are the two types of audit software?

Answer 42

1. Packaged programs
2. Purpose-written programs

Question 43

What are packaged programs in audit software?

Answer 43

Pre-prepared general programs used for various audit tasks, such as sample selection and arithmetic checks

Question 44

What are purpose-written programs in audit software?

Answer 44

Client-specific programs used for particular audit tasks, such as re-performing control procedures or analyzing balances.

Question 45

What are enquiry programs in audit software?

Answer 45

Programs integral to the client’s system but adapted for audit purposes, e.g., reporting employee starters and leavers.

Question 46

What is the purpose of audit test data?

Answer 46

To test the existence and effectiveness of controls built into an application program by processing dummy transactions and comparing results.

Question 47

What is an integrated test facility?

Answer 47

A special setup within the accounting system where dummy records are processed alongside live data to avoid corrupting the client’s system.

Question 48

What are embedded audit facilities (EAFs)?

Answer 48

Programs embedded in the client’s application software to perform audit functions, such as tagging transactions and recording audit results.

Question 49

What is application program examination in auditing?

Answer 49

Comparing application controls before and after system amendments to ensure proper implementation and reliability.

Question 50

How should auditors approach audits in computer-based environments?

Answer 50

By adapting audit approaches, planning, and techniques to the computer-based systems, while ensuring key audit objectives remain unchanged.