Auditing with Techology

Question 1

Auditor’s consideration for IC may be affecetd in that compuster systems may:

Answer 1

1) result in tranaction trails that exists for short time only.
2) program errors that cause uniform mishandling of tranactiosn - clerical errors become less frequent.
3) include computer controls that need to be tested in addition to the segregation of functions.
4) Involve increased difficulty in detecting unauthorized access.
5) include less documentation of initation and execution of trancations.

Question 2

Computerized Audit Tools (CAAT) for Tests of contorls

Answer 2

Tests of contorls may be divided into the following categories of techniques: a) program analysis, b) program testing, c) continuous testing, and d) review of operating systems and other system software.

Question 3

Program analysis

Answer 3

Gain an understanding of the client’s program. time consuming and require hgh level fo computer expertise, they are infrequently used in FS audits.

1) code review
2) cmparison programs - compare computerized files. can be used in program analysis to determine that the auditor has the same version.
3) flowcharting software -
4) program trracing and mapping
5) snapshot -

Question 4

Techniques for program testing

Answer 4

program testing involves the use of auditor-controleld actual or simulated data.

1) test data - a set of dummy tranactions is developed by the adutiro and processed by the client’s computer progarams.
2) integrated test facility - this method introduces dummy tranactions into a system in teh midst of live tranactions built into the sytem during the original desing.
3) Parallel simulation - processes actual client data through the adutiro’s generalized audit software program. Method varifies processing of actual tranactions and allows the auditor to verify actual client results.

Question 5

Controlled reprocessing

Answer 5

1) Controlled reprocessing, a variation of parelle simulation, processes actual client data through a copy of hte client’s application program.

limitation of this method include

a) determining that he copy fo hte program is identical to the currently being used by the client
b) keeping current with changes in the porgram
3) the time invovled in repreocessing the large quantities of data.

Question 6

Techniques for continuous (or concurrent) testing

Answer 6

Advanced computer systems, particularly those utilizing EDI, sometimes do not retain permanent audit trails, thus requiring capture of aduit data as tranactions are rpopcessed.

1) Embedded audit modules and audit hooks - embedded audit modules are programmed routines incorporated into an application program.
2) systems control audit review files (SCARF) - a a log usually creaed by an embeeded audit moudle, used to collect info for subsequent revie and analysis.
3) extended records - this technique attaches additional data that would not otherwise be saved to regular historic recrods.
4) Tranaction tagging - tagging a techinque in which identifer providing a tranctions with a speical designation is added to the tranaction record.

Question 7

Techniques for review of operating systems and other systems software

Answer 7

Systems sotware may perform controls for computer systems. Related audit techniques range from user written programs to use the of purchasing operating sytems monitoring software.

1) job accounting data/opearting systems logs - created either by opearting system itself or additonal software packages that track particular functions, include reports on the resources used by the comptuer system. These logs provide a record of the activity of the computer system, the audtior may be able to use them to review the work processed.
2) Library management software - this software logs changes in programs, program moudles, job contorl language, and other processing activities.

Question 8

Access control and security software

Answer 8

software supplments the physical and contorl measures releating to he computer nad is particularly helpful in online environments.

Question 9

Information technology provides benefits of effectiveness and effiency by:

Answer 9

1) consistently apply predefined business rules and perform complex calculations on large volumnes of transactions
2) enhancetimeliness, availability, and accurarcy of info.
3) Facilitate the addtional anlysis of info.
4) enahcne the ability to monitor the performance of entity’s activities and its policeis and procedures
5) reduce risk that controls will be circumvented
6) enhance ability to achieve effective seg. of duties.

Question 10

IT poses specific risk to IC including

Answer 10

1) systems or programs may inaccurately process info.
2) unauthorized access to data may
3) unauthorized changes to data in master files
4) unauthorized changes to systems or programs
5) failure to make necessary changes to system or programs
6) inappropriate manual intervention
7) potential loss of data.

Question 11

Use of IT specialist - In determining whether a specialist shoudl be usd, the auditor shoudl consider:

Answer 11

1) complexity fo entity’s sytems nad IT contorls
2) Significance of changes made to existing sytems, or implemntation of new sytems
3) extent to which data is shared among systems
4) extent to entity’s particaiotn in electronic commerce
5) entity’s use of emerging technologies
6) significance of aduti evdiecne available only in electronic form.

Question 12

Procedures an auditor may assign to a professional possessing IT skills

Answer 12

1) inquiry of entity’s IT personnel on how data and tranactions are initiated, recorded, processed, and reqported, and how IT contorls are desinged
2) Inspecting systems documentation
3) Observing opeartion of IT controls
4) Planning and performing of tests of IT controls.

Question 13

Effects of IT on restriction of detection risk

Answer 13

1) an auditor may assess control risk at a maximum and perform substantive tests to restrict detection risk when he or she believs that a substatnive tests by themeselves would be more eficent.

Question 14

Computerized audit tools

Answer 14

1) generalized audit software - may use various types of software to perform tests of controls and subsatntive tests.

Question 15

GAS record extraction

Answer 15

1) extra copies based on certain criteria:
1) Accounts receivable balances over the creidt limit
2) inventory items with negative quantitites or unreasonably large quantities
3) uncostred invetory items
4) tranctions with related parties

b) snorting
3) summarization
1) by customer acocunt number
2) inventory turnover statistics
3) duplicarte sales invoices

D) field stattistics

e) file comparison
f) gap detection/duplciate detection
g) sampling
h) calculation
i) expoertation

Question 16

Electronic spreadsheets:

Answer 16

Pros: 1) spreadsheets may significantly simplify the computational aspects of tasks such as incorporating adjustments and reclassificaiotns on a worksheet. easy to use, einexpesive nad can be saved and modified.

Cons: need for auditor training, and the fact taht original spreadsheet development takes a significant maoutn of time.

Question 17

Automated workpaper software

Answer 17

Originally used to generate trial balances, lead schedules, and other workpapers, advances in computer technology make possible an electronic workpaper environemnt.

Question 18

Database Management systems

Answer 18

use to perofrm analytical procedures, mathematical caluclations, generation of confirm. advantages incldue a great opportunity for auditor to manipulate data.
disadvatnages include autiro training and the need for more adequate client documentation of applicaiton

Question 19

Test retrieval software

Answer 19

enables sccess to such databases as the AICPA. allows auidtor to reach tech issues quickly. disvantage incldue th training and some professional lirature is not currenlyt availble in software form.

Question 20

definition language

Answer 20

is used to define a database, including creating, altering, and deleting tables and establishing various constraints.

Question 21

Check digit—

Answer 21

An extra digit added to an identification number to detect certain types of data transmission errors. For example, a bank may add a check digit to individual’s— 7-digit account numbers. The computer will calculate the correct check digit based on performing predetermined mathematical operations on the 7-digit account number and will then compare it to the check digit.

Question 22

Which of the following is an advantage of using a value-added network for EDI transactions?

Answer 22

when computer control procedures leave no visible evidence indicating the procedures have been performed, the auditor should test these controls by reviewing transactions submitted for processing and comparing them with the related output. The objective is to determine that no transactions tested with unacceptable conditions went unreported and without appropriate resolution. This procedure can be undertaken by submitting actual client live data or dummy transactions.

Question 23

examples of application controls.

Answer 23

Input controls, processing controls, and output controls

Question 24

general controls

Answer 24

program change controls, controls that restrict access to programs or data, controls over the implementation of new releases of packaged software applications, and controls over system software that restrict access to or monitor the use of system utilities that could change financial data or records without leaving an audit trail.

Question 25

An embedded audit module enables continuous monitoring and analysis of transaction processing, including the functioning of processing controls.

more random info.

Answer 25

• Mapping is a technique for determining whether a computer program contains any unexecuted code that should be examined.
• Retrieval and analysis programs such as generalized audit software offer the features and flexibility suitable for verifying the correctness of information on a computer file.
• The snapshot method is a technique utilized to capture and print all data pertinent to the analysis of a specific moment in the processing cycle.

Question 26

Application controls can be performed by:

Answer 26

Application controls can be performed by IT (automated) or by individuals. When application controls are performed by people interacting with IT, they may be referred to as user controls.