General Controls Flashcards
computer software is used to make spreadsheets, access client data files, and make simulations (not assess EDP risk)
true
EDI system (electronic data interchange)
standard format is adopted; mapping occurs; network and send recipients acknowledgements through the system
disadvantage is seg of duties; audit trail may be lacking
advantage is that computer process is uniform
Mapping
occurs in an EDI system; process in which the elements in the clients computer system is related to the standard data elements
how do you determine if internal controls are being operated as designed?
collect client records that document the use of EDP programs which helps determine the performance of tests of controls
What is the disadvantage of preparing micro computer prepared data files vs manually prepared files?
easier for unauthorized person to gain access of the files bc microcomputer is in a single location
What should an auditor be most concerned about when processing sales transactions on the internet?
potential computer disruptions; virus hacks; fluctuations; etc
What is a general control that would most likely help an entity whose systems analyst left the entity in the middle of a major project?
systems documentation; includes narratives and flowcharts; would be prepared for each application system; document the work completed to date and allow an analyst to take over
What duties must be segregated in an internal control system?
systems analysis- designs the system
programming- develops the code to run the program
computer operations- actually runs the program
transaction authorization
library functions- keeps track of the program and data
data control-
security-safeguards
What is a secure passwords?
1) 7 characters
2) special characters
3) uppercase and lowercase
4) unique
Why are access controls a concern to auditors?
links minicomputers in remote locations with a centralized computer; its difficult to control access to minicomputers in remote locations
Inherent Limitation in I/C
faulty judgment
Why should one maintain an audit trail for a computer system?
1) Provides a deterrent to irregularities
2) facilitates monitoring
3) enables queries to be answered (no analytic procedures)
Source Code Comparison Program
A comparison of the compiled object program code with the original program would reveal unauthorized program changes.
-helps reveal unauthorized changes
5 categories of general control (keyword: initially)
1) organization and operation- seg of duties
2) systems development and documentation (doc any changes and adequately; must be authorized)
3) hardware and software
4) access- should be limited to authorized personnel
5) data and procedures- physically protect files
Hardware and Software
built in controls
parity check- how hardware parts interact; bit added to each character so loss may be detected
echo check-transmission; sent and received
diagnostic routines-affecting hardware; check internal operations of hardware components usually when booting up the system
boundary protection-for running multiple jobs concurrently
