Chapter 9

Question 1

What is a LAN?

Answer 1

Local area network that serves several users within a specified geographical area

Question 2

What is a VAN?

Answer 2

Value added network that links different companies’ computer files together

Question 3

What is a WAN?

Answer 3

Wide area network that connects different remote locations that vary in distance

Question 4

What is an EDI and what are some considerations related to an EDI?

Answer 4

Electronic data interchange

1. Strict standards needed for data to be understood on both sides
2. Translation software is needed for data to be converted between the EDI and internal systems
3. Unauthorized access is a risk, so encryption is necessary

Question 5

What are the different types of general controls?

Answer 5

1. Personnel policies
   
   1. Systems = development & maintenance
   2. Operations = input (data entry) & output (control clerk)
2. File security (back-ups, read only, etc)
3. Business continuity planning (disaster recovery)
4. Computer facilities (fire/insurance)
5. Access Controls

General controls related to overall computer environment

Question 6

What are the different types of application controls?

Answer 6

1. Input
2. Processing
3. Output

Question 7

What is a field check?

Answer 7

Application control that checks that data is the correct length and format

Question 8

What is a validity check?

Answer 8

Application control that compares data with a list of acceptable entries to make sure it matches

Question 9

What is a limit test?

Answer 9

Application control that checks if data is within the acceptable range

Question 10

What are check digits?

Answer 10

Numbers with no meaning that are determined by a formula and applied to the rest of the number

Question 11

What is a hash total?

Answer 11

Total that verifies correct entry of the values. Cannot be meaningfully added together

Question 12

What are some computer assisted auditing techniques and what do they do?

Answer 12

1. Using programs to access program files for testing
2. Source code comparison to detect unauthorized changes
3. Parallel simulation where the auditor inputs client data into the auditor’s program to see if it is identical to client records
4. Preparing spreadsheets

Question 13

What is the test data approach?

Answer 13

Approach where auditor develops simulated data and enters it into the client program.

Auditor inserts valid and invalid data to see if program handles them accordingly.

Question 14

What is an embedded audit module?

Answer 14

Programs that are implanted in the client’s processing system and can perform audit procedures on a real time basis