General Computer Controls

Question 1

Name 7 general controls for computers

Answer 1

1. System development and implementation controls
2. System maintenance controls
3. Organisational and management controls
4. Access controls to data and programs
5. Computer operating controls
6. System software controls
7. Business continuity controls

Question 2

What is an on-line system?

Answer 2

A computer system where data is captured via a terminal as the transaction occurs and the data is immediately edited, processed and written to computer file.

Question 3

Name the advantages of on-line system.

Answer 3

1. Files are up to date
2. Accuracy of entry
3. The risk of non-recording of transactions is small
4. The system is fast

Question 4

Name the disadvantages of on-line system.

Answer 4

1. Absence of visible entry and audit trails
2. Higher risk of unauthorized:
   
   • access to the system and data
   • processing on the system
   • changes to data

Question 5

Give the characteristics of an on-line system.

Answer 5

1. On-line (direct)entry of data
2. Authorization of input by the system through validation tests
3. On-line access to the system by users
4. Absence of visible audit trails
5. Risk that programmers could gain unauthorized access to the system

Question 6

What are the risk indicators specific to IT environment?

Answer 6

1. Risks which relate to the integrity of financial information (relevant to both management and auditors)
2. Risks relate principally to Management’s requirements

Question 7

What are the risks relating to the integrity of financial information relating to access?

Answer 7

1. Uncontrolled access to data leading to:
   
   • duplication
   • corruption
   • manipulation
   • sabotage
   • unauthorized processing of data
2. Unauthorized changes to transaction data
3. Unauthorized changes to master files (standing data)
4. Uncontrolled access to programs leading to unauthorized changes
5. Access through a third party such as service provider
6. Corruption of data by viruses

Question 8

What are the risks relating to the integrity of financial information relating to input?

Answer 8

1. Absence of input documentation

2. Lack of visible audit trail providing evidence of authorization

Question 9

What are the risks relating to the integrity of financial information relating to transfer of data?

Answer 9

1. Unauthorized access through telephone lines, wireless connections, etc which could result in duplication, corruption or manipulation of data on transfer
2. Data could be lost or corrupted in transmission

Question 10

What are the risks relating to the integrity of financial information relating to staff issues?

Answer 10

1. Loss of supervision in a decentralized/distributed processing environment
2. Staff may be limited experience of or lack training on computers
3. Segregation of duties may be weaker

Question 11

What are the risks relating to the integrity of financial information relating to processing?

Answer 11

1. Multiple functions performed by single person
2. Where systems are integrated, individual errors may affect different systems
3. System generated transactions
4. Uniform processing duces the risk of clerical error but may increase the risk of consistent error
5. Errors might not be noticed owing to high speed of processing and the volumes involved

Question 12

What are the risks relating to the integrity of financial information relating to output?

Answer 12

1. Absence of reports /loss of audit trail

2. There is often less manual review of information

Question 13

What are the risks relating to the integrity of financial information relating to continuity?

Answer 13

1. Loss of data

Question 14

What are the risks relating to the integrity of financial information relating to specific issues?

Answer 14

1. Financial loss due to electronic fund transfer
2. Failure to clear computer suspense files
3. Abuse of credit cards

Question 15

What are the risks relating to the integrity of financial information relating to general issues?

Answer 15

1. Types of computer used
2. Types of software: developed or bought
3. The processing method applied and any changes thereto
4. Effectiveness of the control environment and Management’s attitude towards computer controls
5. Effectiveness of computerized controls and potential weaknesses in:
   
   • general controls
   • application controls
6. Nature of the business/ transactions
7. The size of the entity and the volume of transactions
8. Materiality of data/transaction processed

Question 16

What are the risks relating principally to management’s requirements relating to access?

Answer 16

1. Confidentiality of data
2. Unauthorized use of data
3. Business continuity could’ve affected by viruses,hackers or denial of service attacks
4. Privacy of third parties’ data

Question 17

What are the risks relating principally to management’s requirements relating to computer fraud?

Answer 17

1. Possible fraud

Question 18

What are the risks relating principally to management’s requirements relating to quality of management information?

Answer 18

1. Completeness of information
2. Availability of information
3. Usefulness of data provided
4. Whether data is up to date
5. Loss of continuity leading to temporary lack of data

Question 19

What are the risks relating principally to management’s requirements relating to operating issues?

Answer 19

1. Inability of system to cope with volumes could result in poor customer service
2. Contractual liability arising from dealing with third parties
3. Non-compliance with tax law, regulation or software license conditions
4. Loss of control where third parties are involve
5. Adequacy and competence of IT staff
6. Dependence on communication
7. Dependence on technology
8. Cost control
9. Staff morale problems arising from changes in systems

Question 20

What are some control risks in an IT environment?

Answer 20

1. Program processing data inaccurately
2. Inaccurate data
3. Failure to make necessary changes to systems
4. Unauthorized access to data
5. Inappropriate manual intervention
6. A breakdown in segregation of duties
7. Unauthorized changes to systems or programs
8. Unauthorized changes to data in master files
9. Loss of data or inability to access data as required

Question 21

What are some benefits of IT controls?

Answer 21

1. Consistent processing
2. Accurate complex calculations for larger volumes of data
3. Enhanced timeliness, availability and accuracy of information
4. Additional, and more accurate, analysis of information
5. Enhanced monitoring of performance of the entity’s activities and compliance with policies and procedures
6. Reduce the risk of control override
7. Improved security over systems and data

Question 22

What is the objective of general computer controls?

Answer 22

Maintenance of integrity of data and programs

Effective functioning of the computer system

Question 23

Identify the feasibility studies need to be done when purchasing a new computer system

Answer 23

1. User needs
2. Specification and requirements of available packages
3. Costs
4. Assistance and support by suppliers
5. Adaptability and expansion ability of the package
6. Standing and reputation of the supplier
7. Conclusion supported by enquiring with staff and testing

Question 24

Name the steps in purchasing a new computer system package

Answer 24

1. Feasibility study
2. Authorization by management, users and computer staff
3. Implementation
4. System conversion

Question 25

List the advantages of a purchased system

Answer 25

1. Immediate installation
2. Pre-determined costs, often cheaper
3. Criteria reviewed at demonstration before buying therefore reduce risk
4. Usually de-bugged and error-free
5. Documentation sold with package
6. Supplier usually offer training
7. Supplier support
8. Continual upgrade with new version at reasonable cost

Question 26

List the disadvantages of a purchased system

Answer 26

1. Not tailor-made to requirements
2. Pre-written and not adaptable for changes
3. Processing speed and storage space not always sufficient
4. Written to supplier standards
5. Often overseas, not cater for SA requirements
6. Manual often inadequate and low quality

Question 27

List the steps in system conversion for a new system

Answer 27

1. Plan
2. Prepare for conversion
3. Control by data control group
4. Testing after conversion
5. System documentation updated
6. Back up new system/files
7. Post implementation review

Question 28

What needs to be included in planning of system conversion?

Answer 28

1. Date and time schedules prepared
2. Cut-off point determined
3. Conversion method defined

Question 29

What needs to be done for preparation of conversion?

Answer 29

1. Preparation of standing data files on the new system
2. Balancing files on the old system
3. Training staff
4. Prepare premises
5. Authorization of data to be transferred

Question 30

What are the testing done after system conversion?

Answer 30

1. Balancing of files on new with balances in old - control totals
2. Print-out of converted data and compare with source data/report from the old system
3. Follow up items on exception reports
4. Approval by users

Question 31

System documentation updated should include the following…

Answer 31

1. Approval documents
2. Application documents, including course codes
3. File documentation, including file layouts
4. Operation documentation (instruction/ manuals)
5. Documentation concerning testing
6. Approval at various stages

Question 32

What are the purposes of system documentations?

Answer 32

1. Record investigation, development, design and approval
2. Provide basis of communication between systems analysts and
   Programmers
3. As processing manual
4. Source references
5. For review and change to system
6. Staff training
7. Basis of evaluation of internal controls

Question 33

Steps involved in developing a system in-house.

Answer 33

1. Project authorization
2. Project management
3. Determine user needs
4. Purchase of hardware and software
5. Standards in respect of system development and programming
6. System specification and programming
7. Testing of system
8. Approval
9. Training
10. System documentation
11. Back ups
12. Conversion
13. Post implementation review
14. Long term plan

Question 34

What is involved in project authorization?

Answer 34

1. System development plan
2. Steering committee conduct feasibility study and define selection criteria
3. Result from requests by users and management
4. Feasibility study
5. Authorization after analyzing user needs and performing proper system analysis
6. System specification should be developed regardless of any specific technology hardware which may be available
7. Project authorized before commencement by computer steering committee

Question 35

What is involved in project management when developing a system in house?

Answer 35

1. Project team made up of management and user computer staff
2. Development in stages
3. Functions of the system analysis and programmers are to be defined
4. Deadlines and time schedules must be prepared for each task and stages of the project
5. Formal plan of action and development

Question 36

What is involved in the system maintenance controls?

Answer 36

1. Changes to a system after implementation to correct errors or meet the changing needs of users
2. Requests for changes/ corrections promptly completely carried out
3. Only authorized changes should be made
4. Compliance with standard
5. Controls over program changes
6. Testing and final approval
7. Changes made to test version not live version
8. Changes fully documented
9. Changes backed up and stored in program library
10. Train users
11. Post-implementation review

Question 37

What is included in organizational and management controls?

Answer 37

1. Division of duties, review and virus protection are met
2. Level of responsibility determined
3. Division of duties

Question 38

Division of duties…

Answer 38

1. Separate IT department
2. Computer department segregated from user department
3. Within the computer environment
4. Management
5. Supervision and review
6. Staff policies
7. All computer output to be reviewed by user department
8. Controls against viruses
9. Email policy to be in place

Question 39

What should be considered when segregation of duties from computer department to user department?

Answer 39

1. Computer department not to to originate or authorize transactions
2. Computer department not to have control over non-computer assets
3. Computer department not to authorize master file changes
4. User department to review all master file changes
5. User department to maintain independent control totals
6. User department to have custody over stationery

Question 40

What are some organizational and management controls within staff policies?

Answer 40

1. Employment of honest qualified, competent reliable IT staff
2. Rotation of IT staff duties
3. IT staff must regularly take leave
4. Scheduling of work
5. Training and career development
6. Supervision and review
7. Cancellation of access on dismissal

Question 41

Access controls to data and programs

Answer 41

1. Procedures designed to restrict access to on-line terminals, devices, programs and data
2. User authorization
3. User authentication
4. Program security
5. Data file security
6. Access to terminals and files
7. Access through other electronic devices

Question 42

Access controls framework:

Answer 42

Programmed controls and user controls

Question 43

Programmed control for access control:

Answer 43

1. Terminal controls -limit access to specific applications
2. Identification of users
3. Authorization of users
4. Authorization of use
5. Use access control software
6. Monitoring access and processing
7. Communication line and networks
8. Password control
9. Restrict access
10. Data to be encrypted
11. Establish separate systems for vulnerable and sensitive applications
12. Program library control
13. Utilities control
14. User programming controls
15. Terminals and other electronic devices

Question 44

What can be used for user authentication?

Answer 44

1. Unique login ID
2. Passwords
3. Access cards
4. Biometric data

Question 45

Name the programmed controls for terminals and other electronic devices.

Answer 45

1. Device disconnect after 5 mins of inactivity
2. Terminal is disconnected and shut down after 3 unsuccessful attempts to gain access
3. Investigation to each disconnection
4. Simultaneous log on by one user at more than one terminal is prohibited
5. Restricted hours of operation
6. Polling by central computer of remote devices to ID unauthorized users

Question 46

Name the ways programmed control is used to identify users

Answer 46

1. Passwords and their identification numbers
2. Verify user’s computer serial number
3. Verify user’s Internet protocol (IP) address
4. Use of biometric data
5. Magnetic card

Question 47

Programmed control for authorization of users

Answer 47

1. Log-on IDs
2. Passwords
   
   • required to sign on and off
   • limit access to system/ part of system
   • limit access to certain terminals
   • limit processing/access to certain time of day

Question 48

Programmed controls for authorization of use

Answer 48

1. Passwords structured for authorized levels of access
2. Multi-level passwords
3. One time passwords
4. Introduce a system of system owners

Question 49

List the password controls

Answer 49

1. Maximum length
2. Mix of alphabet and numerical and other characters
3. Not obvious or easily guessed
4. Not shown on screen
5. Changed regularly - forced by system
6. Confidentiality emphasized to users
7. Rejects identical password used already
8. Cancelled immediately on resignation/dismissal
9. Cancelled after specific period of inactivity
10. Cancelled after a number of unsuccessful attempts to gain access
11. Changes to passwords should be logged and reviewed

Question 50

List the physical access controls implemented by users

Answer 50

1. Terminals locked in visible area and in lockable terminal room with access control
2. Computer hardware situated in lockable room with constant supervision and review and physically secured
3. Use of terminal logs to control over processing
4. Distributed processing
5. All logs and activity register should be regularly reviewed and followed up by independent person
6. Screening and training of staff before access
7. Controls allowing circumvention of access controls in case of emergency

Question 51

List the computer operating controls

Answer 51

1. Proper operation of the system and procedures applied correctly and consistently
2. Duties of IT controllers to be defined
3. Scheduling of processing
4. Set-up of execution of programs
5. Use correct programs
6. Use correct data files
7. Operating procedures
8. Recovery procedures

Question 52

What are the recovery procedures for computer operating controls?

Answer 52

1. Emergency plan and written instructions for error correction
2. Backup of data after processing stored on separate premises

Question 53

List the operating procedures in computer operating controls

Answer 53

1. Monitor and review of functioning of the hardware
2. Standardized procedures and operating instructions
3. User manuals
4. Division of duties
5. Supervision and review
6. Rotation of duties
7. Maintenance of system and manual logs with regular follow up by management

Question 54

List the system software controls

Answer 54

1. Ensure installed or developed and maintained in an authorized and effective manner
2. Acquisition, development of and changes to system software
3. Security over system software
4. Database system - access controls
5. Networks - programmed controls
6. Processing by users on PCs - control of software

Question 55

List the business continuity controls

Answer 55

1. Ensure continuity of processing, be preventing system interruption or limiting to a minimum
2. Physical environment controls
3. Emergency plan and disaster recovery procedures
4. Back ups
5. Other controls

Question 56

List the controls to physical environment

Answer 56

1. Protection against elements
   
   • fire (extinguisher)
   • water (away from taps)
   • power (uninterrupted power supply)
   • environment (air conditioned, constant humidity, dust free)

Question 57

What is involved in back ups for business continuity controls

Answer 57

1. Back up data files regularly on rotation basis
2. store copies of backup files on separate premises
3. Removable media is stored in fireproof facilities
4. Arrange for hardware back up facilities
5. On-line back ups
6. Retention of data, records and files for required time

Question 58

List the other controls in business continuity controls

Answer 58

1. Physical security
2. Proper system development including selection of suppliers and testing the system
3. Maintenance of hardware
4. Adequate insurance
5. Cable protection
6. Uninterrupted power supply
7. Prevention of viruses
8. No over-reliance on staff
9. Logical access controls
10. Personnel controls affecting security and continuity

Question 59

What are application controls?

Answer 59

Application controls are control over the input, processing and output of financial information to ensure that the information is valid, complete and accurate. It includes programmed and user controls.

Question 60

List the objectives of application controls

Answer 60

1. Validity
2. Completeness
3. Accuracy

Question 61

Application controls over input is to ensure that data entered to update master file is valid,complete and accurate. It prevents the following for occurring.

Answer 61

1. Unauthorized data entered
2. Error in creation of data
3. Data lost during input
4. Data added or altered
5. Error in correction and re-entering of rejected data
6. Corruption of data during capture or transfer

Question 62

List the programmed controls that will ensure completeness of input.

Answer 62

1. Sequential numbering
2. Matching by computers
3. Field presence checks

Question 63

List the user controls that will ensure completeness over input.

Answer 63

1. Stationery control

2. Examination of processing logs for missing input entries

Question 64

List the programmed controls that will ensure accuracy of input.

Answer 64

1. Matching transaction with data on files by computer
2. Edit checks(validation checks) to test accuracy of data
3. Batch input and processing

Question 65

List the edit checks performed by computer to ensure accuracy of input.

Answer 65

1. Formatting checks - numerical/alphanumeric
2. Sign check - positive/negative
3. Screen check - checking of accuracy by users
4. Screen prompt - “are you sure?”
5. Validity/existence - field size, codes etc
6. Limit and reasonableness check - comparison with predetermined values
7. Check digits - accuracy of codes
8. Control totals - batch processing and comparison
9. Dependency check - check interdependence of data in respect of other fields
10. Field presence - all critical input fields are present
11. Field size check - overflow of fields
12. Specific character - space in the right place
13. Arithmetic check
14. Logic check

Question 66

List the user controls to ensure accuracy of input

Answer 66

1. Review by user/senior staff
2. Batch input and process
3. Use well designed documents to minimize error
4. Staff training

Question 67

List the programmed controls for validity of input

Answer 67

1. Access controls
2. Authorization of transactions
3. Authorization of changes to data
4. Transaction generated by computer
5. Validation tests

Question 68

List the user controls to ensure validity of input

Answer 68

1. Segregation of duties, staff training and staff recruitment policies
2. Authorization of transactions by user
3. Review authorization procedures
4. Authorization of changes to data

Question 69

List the programmed controls that will ensure that all objective are met.

Answer 69

1. Control totals and reconciliation

2. Batch processing - balancing batch totals

Question 70

List the user controls that will ensure all objectives are met.

Answer 70

1. Control totals and reconciliation
2. Batch processing - senior independent person to check for errors
3. Reviewing of output reports by users
4. Regular back ups during and after processing
5. Adequate error correction procedures

Question 71

Application controls during processing prevents the following from occurring.

Answer 71

1. Data altered during processing
2. Calculative or accounting errors
3. Logic, precision rounding errors
4. Incorrect program or data file
5. Incorrect values or internal tables in program
6. Data corrupted during transmission
7. Equipment malfunction

Question 72

List the programmed controls that will ensure completeness of processing.

Answer 72

1. Reconciliation of control totals
2. Sequential testing by computer
3. Reconciliation of accounts/balances
4. Logs of processing
5. Edit tests by computer programs
6. Control over transmission of data

Question 73

List the user controls that will ensure completeness of processing.

Answer 73

1. Reconciliation of control totals
2. Sequential testing by the computers checked by senior independent person
3. Reconciliation of accounts/balances
4. Logs of processing checked and reviewed regularly
5. Break point re-runs
6. Processing errors reported and corrected
7. Adequate back up procedure

Question 74

List the programmed controls that will ensure the accuracy of processing.

Answer 74

1. Control over computer hardware
2. Edit checks by computer program
3. Produce exception report for review by management
4. Reconciliation and balance of control totals and control accounts
5. Batch controls where data is processed in batches as opposed to online real time processing

Question 75

List the user controls that will ensure accuracy of processing

Answer 75

1. Exception report, reconciliation and batch processing
2. Operator’s manual and user instruction
3. Supervision a d review by competent staff

Question 76

List the programmed controls that will ensure validity of processing.

Answer 76

1. Access control over transactions and standing data during processing
2. Librarian function to ensure correct program and file version used
3. Files should have internal or external label and program should be identified with version numbers
4. Computer monitor and prints abnormal activities
5. Record of comparison and matching by the computer
6. Computer generate adequate audit trails

Question 77

List the user controls to ensure validity of processing

Answer 77

1. Authorization of override if incorrect version is detected
2. Authorize manual intervention if the system breaks down
3. User logs for monitoring unscheduled processing

Question 78

List the programmed controls that will ensure the completeness of processing or changes to master files

Answer 78

A sequentially numbered audit trail of master file changes is produced

Question 79

What is the user control implemented to ensure completeness of processing or changes to master file.

Answer 79

Reconciliation of changes with the list/register of requests for changes and follow-up of outstanding items

Question 80

Name the programmed control that will ensure validity of processing or changes to master files.

Answer 80

Access controls and levels of authorization on the system

Question 81

Name the user control to ensure validity of processing or changes to master files

Answer 81

Written authorization of changes by senior management and checking of changes to master files

Question 82

Programmed controls that will ensure all objectives are met in terms of master files

Answer 82

Master file is protected by:

• encryption
• library control
• record counts
• reconciliations

Question 83

What is the user control that will ensure all objectives are met with regards to master files?

Answer 83

The whole master file is reviewed regularly by management.

Question 84

List the programmed controls that will ensure completeness of output.

Answer 84

1. Output reports should be sequentially numbered

Question 85

List the user controls that will ensure completeness of output.

Answer 85

1. IT control group to follow up missing numbers
2. Review of output reports by users
3. Reconciliation of input to output by the IT control group
4. Sequence check on page numbers or document numbers
5. End of report message
6. Page counts
7. Reviewing of report by users for missing/duplicated items

Question 86

List the programmed controls that will ensure the validity (authorisation) of output

Answer 86

1. Logs, listing activities and output produced, maintained by computer system regularly reviewed by IT control group for unauthorized output

Question 87

List the user controls that will ensure validity of output

Answer 87

1. Distribution list of authorized users, listing to whom output is to be sent
2. Distribution schedule
3. Distribution controlled by the IT control group
4. Distribution register in which user sign for receipt
5. Review of report by users

Question 88

List the user controls that will ensure accuracy of output.

Answer 88

1. Reconciliation of output to input by user department for accuracy of processing
2. Review of output by IT users for obvious errors
3. physical checking of accuracy of calculation by users
4. Review and follow up of items in exception reports by an independent control group
5. Scrutiny (review) of processed information by users for accuracy
6. Checking by users of the accuracy of posting from subsidiary ledgers to general ledger

Question 89

List the programmed controls that will ensure confidentiality of output

Answer 89

Control over online output

• access controls to limit access to information on screen
• users should log out or log off when the terminal or device are not in use
• terminal or device to be disconnected automatically if not used for a specific period
• user should be forced to log on after system interruption to prevent data from remaining on the screen
• simultaneous log-on by users prohibited

Question 90

List the user controls to ensure confidentiality of outputs

Answer 90

1. Only authorized users have access to terminals
2. Restrictions on which printers can be used for confidential reports
3. Controls over stationery used for confidential reports

Question 91

Additional issues to be considered when auditing in an information technology environment

Answer 91

1. Engagement consideration - knowledge and skills required
2. Planning - understand the computer environment and internal control system
3. Consider risks in the system

Question 92

List the general controls in database system

Answer 92

1. Standard approach for development and maintenance of application programs
2. Data ownership
3. Access to database
4. Division of duties
5. Data resource management
6. Database recovery

Question 93

List the impact on audit procedure in a database system

Answer 93

1. The extent to which database are used to process accounting data
2. Type and materiality of transaction processed
3. Nature of files and programs used
4. Adequacy of general controls and application controls
5. Access control and security
6. Standards and procedures for development and maintenance of application programs in database
7. How data resources are managed
8. Job descriptions, standards
9. Controls and procedures to ensure security, integrity and accuracy of data
10. Availability of audit facilities within the database system

Question 94

List the use of database system for auditing purposes.

Answer 94

1. Generate test data
2. Test access controls
3. Print audit trails
4. Test the integrity of the database
5. Provide access to enable the use of CAATs
6. Obtain information which is necessary for audit purposes

Question 95

Name the important aspects when it comes to developing and understanding of the computer environment and processing in the planning process of an audit.

Answer 95

1. The entity’s use and attitude towards information technology
2. The use of information technology in relation to the industry
3. Changes and intended changes to the computer system
4. Changes and intended changes to non-financial system which will impact on the reporting function

Question 96

List the aspects to be considered when gaining understanding of the accounting and internal control system in an information technology environment.

Answer 96

1. The organization structure
2. The extent to which the computer is used in each financial application
3. Complexity of processing
4. Availability of data
5. The hardware and software utilized
6. The layout and organization of facilities
7. Processing methods in use
8. Where information is processed
9. By whom
10. Overview of manual and computer controls
11. Extent of audit trails
12. Complexity of system
13. The need for CAATs
14. The extent to which the client depends on the computer system
15. Intended changes to the system

Question 97

List the internal control characteristics and risks in a computer environment

Answer 97

1. Absence of input documentation
2. Lack of visible audit trails
3. Staff may have limited experience with computers
4. Segregation of duties
5. New system not functioning properly when first introduced
6. Lack of transaction audit trails
7. Absence of report
8. Potential errors and irregularities
9. Lack of human intervention to identify errors
10. Automatic initiation and generation of transactions
11. Dependence on programmed controls

Question 98

List the formulation of an audit approach in information technology system.

Answer 98

1. Obtain understanding of the system
2. Consider implication of any new system
3. Combined (reliance can be placed on general and application controls) or substantive approach
4. Nature of audit procedure dependent test of controls

Question 99

List the characteristics that would lead to necessity to increase test of controls in computer system.

Answer 99

1. Presence of controls which manages significant risks
2. Situation where sufficient audit evidence cannot be obtained from substantive procedure/testing alone
3. Large volume of information
4. No input documentations
5. Dependency on computerized controls
6. Complexity
7. System generate items
8. Integration
9. Lack of audit trails
10. Short retention of data

Question 100

List the detailed review of the controls within computerized environment.

Answer 100

1. Perform a review of general and application controls
2. Decide on specific controls to be tested
3. Perform test of general control environment
4. Perform test on application controls
5. Evaluate the tests of controls

Question 101

What is involved in view of general and application controls?

Answer 101

1. Detailed flow-chart, diagrams, notes, etc
2. Detailed internal control questionnaire
3. Enquiry with client staff
4. Full system walk through

Question 102

How to decide on which controls to be tested?

Answer 102

1. Are the controls performed?
2. How well are the controls performed?
3. By whom are the controls performed?
4. Are the controls performed consistently throughout the year?
5. Conclude on which controls to rely on.

Question 103

What is involved in detailed substantive procedures?

Answer 103

1. Timing
   
   • detailed testing of transactions
   • detailed testing to verify balances
   • analytical review procedures
2. Extent
   
   • reduced if control is sound
3. Timing
   
   • influenced by result of tests of controls

Question 104

What is a CAAT?

Answer 104

CAATs are computer assisted audit techniques.

They are used to test computerized controls.

Question 105

List the methods of CAATs.

Answer 105

1. Audit softwares
2. Purpose written softwares
3. Utilities
4. System management programs

Question 106

System oriented audit software are used for the following.

Answer 106

1. Test data
2. Control and reprocessing
3. Program code analysis
4. Simulation
5. Embedded audit routine

Question 107

List the steps in testing data in system oriented audit software.

Answer 107

1. Create simulated data by auditor and capture on the system for processing, results are checked against preprepared results.
2. Used to test controls and processing of data
3. Test data should include valid and invalid data
4. Auditor should ensure that test data runs in client’s computer and on correct version of program
5. Major risks of test data are:
   
   • lack of surprise element
   • program subjected to test data may not be program used throughout the year
   • possible corruption of live data

Question 108

What does embedded audit routine involve?

Answer 108

1. Snapshot
2. Integrated test facility
3. Online audit
4. Evolving techniques

Question 109

What is the data oriented audit software used for?

Answer 109

1. Used as substantive procedures to access, retrieve, manipulate data from computerized information system

Question 110

What does an audit retrieval software do?

Answer 110

1. Used for re-perform casts and calculations
2. Perform investigations and analysis
3. Select samples
4. Extract summaries
5. Perform comparison

Question 111

What are some of the uses of CAATs?

Answer 111

1. Substantive testing of detailed transactions and balances
2. Analyzing and selecting samples from a large volume of transactions
3. Analytical procedures

Question 112

List the advantages of CAATs.

Answer 112

1. Assist in achieving audit efficiency by saving time
2. Reduction in audit costs
3. Improving the quality of the audit
4. Better knowledge of the computerized information system is developed
5. Able to deal with large volumes
6. Audit staff develop improved expertise
7. Reduced reliance on client computer personnel
8. Improved client service

Question 113

Factors to consider in application of CAATs.

Answer 113

1. Computer knowledge, competence and experience
2. Availability of CAATs And computer facilities
3. Impracticality of human/manual testing
4. Effectiveness and efficiency
5. Timing of testing
6. Other considerations

Question 114

List the characteristics of CAATs.

Answer 114

1. Ease of use
2. Require limited technical knowledge
3. Cost effective
4. Adaptable and flexible to meet auditor’s need
5. Developed and run under audit supervision
6. Machine independent
7. Audit-oriented
8. Readily available
9. Good supplier support

Question 115

List the procedures in the application of CAATs.

Answer 115

1. Determine the objectives of applications of CAATs
2. Determine the contents and accessibility of the entity’s file
3. Define transactions to be tasted
4. Define the procedures to be performed
5. Define the output requirement
6. Arrange with client personnel for copies of the relevant data to be available
7. Identify audit and computer staff to assist in the design and application of CAATs
8. Estimate the costs and benefits
9. Control the application of CAATs
10. Administration of computer knowledge and facilities
11. Execute the application of CAATs
12. Reconcile all data used by CAAT with accounting records
13. Evaluate the results
14. Document the use off CAATs in working papers

Question 116

Name the procedures to control audit retrieval software.

Answer 116

1. Participate in design and testing
2. Check program coding
3. Ensure that the software will run on the client operating system
4. Run audit software on small test files before running on main system
5. Ensure that the correct version of client files are used
6. Obtain evidence such as reconciliation to prove that the software functioned as planned
7. Ensure scrutiny over data and CAAT output

Question 117

Name the procedures to control test data.

Answer 117

1. Checking of the sequence of test data runs
2. Test runs with small quantities of data
3. Comparison of processed results with own preprepared results
4. Confirmation that the correct version of the program was used
5. Confirmation that the program on which the test data was run is the same as the one used throughout the period

Question 118

List the advantages of using PC

Answer 118

1. Eliminating manual casting cross-casting and other routine calculations may save time
2. Calculations, comparisons and other data manipulations are more accurately performed
3. Analytical calculations may be more efficiently perform
4. The Scope of analytical procedures may be broadened
5. Audit sampling may be more efficient
6. Working papers may be generated and are easily stored and Accessed
7. Graphic capabilities may allow the auditor to generate display and evaluate various financial and non-financial relationship graphically
8. Staff morale and productivity improved by reducing time spent on clerical tasks
9. Client personnel may not need to manually prepare as many schedules and otherwise spend as much time assisting the auditor
10. Computer generated working papers are generally more legible and Consistent

Question 119

List the security in the used of personal computers

Answer 119

1. Limiting of client access
2. Programs and data file security
3. Security of client data
4. Staff
5. General

Question 120

List the specific audit and control considerations for an online computer systems

Answer 120

1. Absence of established security policy
2. Distribution of various input device throughout the entity increases the risk of unauthorized used and input
3. Increased risk of unauthorized use of the computer such as unauthorized changes
4. Network have greater risk
5. Greater dependence on validation checks performed at time of entry
6. There is an increased risk of lost transactions owing to interruption of processing