chap2 Flashcards
What is a control
System that prevents, detects or corrects unlawful events.
What are the 3 types of controls
Preventive, detective or corrective
What are the two types of controls
Procedural and technical.
Two major guidelines for managing complexity
- Factoring the system into subsystems
- Determine the reliability of each subsystem with the implications of the entire system
What are the two ways to split subsystems
How do you identify problems in each of the subsystem
What are the two guidelines to subfactor systems
- Managerial functions
- Application functions - boundary, input, output, database, communication, processing
- Walk through the transactions for application functions
- Analyze each function for managerial functions
- Must be independent of each other ‘
- Must be internally cohesive where the whole subsystem is used to achieve one goal
What is audit risk
Risk where the audit does not identify any misstatements, or actual and potential material losses
What is the audit risk model and explain each audit risk
AR = IR X CR X DR
IR - Inherent risk. Any residual risk associated with assets at hand which cannot be reduced by controls
CR - Control risk. In the event where controls do not prevent, detect or correct any material losses. Can be reduced through use of better controls
DR - Risk or chance that the audit might not detect any account misstatements or material losses. Reduced by increasing the stringentness of audit
What are the five procedures to identify risk
- Obtain understanding of controls
- Tests of controls - check if controls work properly
- Tests of details and transactions - focus on details
- Test and details of account balances - focus not so much on details
- Analytical review procedures
Steps to an audit
- Plan audit
- Test of controls
- Test of transactions - test whether transactions handled effectively
- Test of balance or overall results - test for overall totals
- Completion of audit
4 types of audit opinion
- Disclaimer - no opinion
- Qualified - misstatement and material losses but not enough amount for material
- Non-qualified - no problems
- Adverse opinion - material losses or misstatement
Around the computer
- Auditing by examining management controls and the input/output of the system
- Treated as black boxes, cost effective but not effective
- Chosen if there is lack of technical knowledge
Through the computer
- Auditing by direct analysis and testing of computer controls which exist in the computer system.
- Sees computer as white box, higher risk but more effective
- More costly as need more certifications
