IAAUDCIS CHAPTER 7: COMPUTER ASSISTED AUDIT TOOLS & TECHNIQUES

Question 1

Systems that uses physical source document in initiating transactions

Answer 1

Source Document Control

Question 2

Coding controls that checks the integrity of data codes used in processing

Answer 2

Data coding controls

Question 3

Control digit added to the code when it is originally assigned that allows the integrity of the code to be established during subsequent processing

Answer 3

Check Digits

Question 4

an effective method of managing high volumes of transaction data through a system.
reconciles output produced by the system with the input originally entered into the system.

Answer 4

Batch Controls

Question 5

Intended to detect errors in transaction data before the data are processed.

Answer 5

Validation Controls

Question 6

Involves programmed procedures that examine the characteristics of the data in the field.

Answer 6

Field Interrogation

Question 7

used to examine the contents of a field for the presence of blank spaces

Answer 7

Missing Data Checks

Question 8

determine whether the correct form of data is in the field

Answer 8

Numeric-Alphabetic Data Checks

Question 9

used to verify that certain fields are filled with zeros

Answer 9

Zero-Value Checks

Question 10

Determine if the value on the field exceeds an authorized limit

Answer 10

Limit Checks

Question 11

Assign upper and lower limits to acceptable data values

Answer 11

Range Checks

Question 12

Compare actual values in a field against known acceptable values

Answer 12

Validity Checks

Question 13

identify keystroke errors in key fields by testing the internal validity of the code

Answer 13

Check Digit

Question 14

Procedures validate the entire record by examining the interrelationship of its field

Answer 14

Record Interrogation

Question 15

Determine if a value in one field, which has already passed a limit check and a range check is reasonable when considered along with other data fields in the record

Answer 15

Reasonable Checks

Question 16

Tests to see if the sign of a field is correct for the type of record being processed.

Answer 16

Sign Check

Question 17

Determine if a record is out of order

Answer 17

Sequence Order

Question 18

Purpose is to ensure that the correct file is being processed by the system

Answer 18

File Interrogation

Question 19

Verify that the file processed is the one the program by the system (file name and serial number is a match)

Answer 19

Internal Label Checks

Question 20

Verify that the version of the file processed is correct

Answer 20

Version Checks

Question 21

prevents a file from being deleted before it expires

Answer 21

Expiration Date Check

Question 22

When errors are detected in a batch, they must be corrected and the records resubmitted for reprocessing. This must be a controlled process to ensure that errors are dealt with completely and correctly.

Answer 22

Input Error Correction

Question 23

When a keystroke error is detected or an illogical relationship, the system should halt the data entry procedure until the user corrects the errors

Answer 23

Immediate Correction

Question 24

The records flagged as errors are removed from the batch and placed in a temporary error holding file until the errors can be investigated.

Answer 24

Create an Error File

Question 25

Cease processing and return the entire batch to data control to evaluate, correct and resubmit.

Answer 25

Reject the entire batch

Question 26

Centralized procedures to manage the data input for all of the organization’s transaction processing systems.
Eliminates the need to recreate redundant routines for each new application

Answer 26

Generalized Data Input Systems (GDIS)

Question 27

5 major components of GDIS

Answer 27

Generalized Validation Module (GVM)
Validated Data File
Error File
Error Reports
Transaction Log

Question 28

performs standard validation routines that are common to many different applications

Answer 28

Generalized Validation Module (GVM)

Question 29

where input data that are validated by the GVM are stored

Answer 29

Validated Data File

Question 30

Error records detected during validation are stored in this file, corrected and then resubmitted to GVM

Answer 30

Error File

Question 31

Standardized error reports are distributed to users to facilitate error correction

Answer 31

Error Reports

Question 32

permanent record of all validated transactions

Answer 32

Transaction Log

Question 33

Classes of Processing Controls

Answer 33

Run-to-run Controls
Operator Intervention
Audit Trail Controls

Question 34

use batch figures to monitor the batch as it moves from one programmed procedure to another.

Answer 34

Run-to Run Controls

Question 35

Run-to-Run Control Types

Answer 35

Recalculate Control Totals
Transaction Codes
Sequence Checks

Question 36

Increases the potential for human error

Answer 36

Operation Intervention

Question 37

Ways to preserve Audit Trails

Answer 37

Transaction Logs
Log of Automatic Transactions
Listing of Automatic Transactions
Unique Transaction Identifiers
Error Listing

Question 38

Ensures that the system output is not lost, misdirected or corrupted and that the privacy is not violated.

Answer 38

Output Controls

Question 39

print run program produces hard copy output from the output file
complex systems that requires operator intervention

Answer 39

Print Programs

Question 40

Two types of exposures that print programs deal with:

Answer 40

Production of unauthorized copies of output
Employee browsing of sensitive data

Question 41

When output reports are removed from the printer… primary control is “Supervision”

Answer 41

Bursting

Question 42

Proper disposal of aborted copies and carbon copies removed during Bursting

Answer 42

Waste

Question 43

Responsible for verifying the accuracy of compute output before it is distributed to the users

Answer 43

Data Control

Question 44

It has primary risks that includes reports being lost, stolen or misdirected in transit to the user.

Answer 44

Report Distribution

Question 45

2 Types of Exposure

Answer 45

Exposures from equipment failure
Exposures from subversive acts where the output message is intercepted in transmit between the sender and receiver.

Question 46

2 approaches of testing computer application controls

Answer 46

Black Box
White Box

Question 47

Control-testing techniques provide information about the accuracy and completeness of an application’s processes.

Answer 47

Testing Computer Applications Controls

Question 48

Testing AROUND the computer
Do NOT rely on a detailed knowledge of the application’s internal logic
Seek to understand the functional characteristics of the application

Answer 48

Black Box

Question 49

Testing THROUGH the computer
Relies on an in-depth understanding of the internal logic of the application being tested.

Answer 49

White Box

Question 50

White Box Test Methods

Answer 50

Authenticity Test
Accuracy Test
Completeness Tests
Redundancy Tests
Access Tests
Audit Trail Tests
Rounding Error Tests

Question 51

verify that an individual, a programmed procedure, or a message attempting to access a system is authentic

Answer 51

Authenticity Test

Question 52

ensure that the system process only data values that conform to specified procedures

Answer 52

Accuracy Test

Question 53

identify missing data within a single record and entire records missing from a batch

Answer 53

Completeness Test

Question 54

Determine that an application process each record only once

Answer 54

Redundancy Test

Question 55

ensure that the application prevents authorized users from unauthorized access to data

Answer 55

Access Test

Question 56

Ensure that the application creates an adequate audit trail
Produces complete transaction listings, and generates error files and reports for all exceptions.

Answer 56

Audit Trail Test

Question 57

Verify the correctness of rounding procedures

Answer 57

Rounding Error Tests

Question 58

CAATTs

Answer 58

Computer Audit Tools and Techniques

Question 59

Types of Computer Audit Tools and Techniques (CAATTs)

Answer 59

Test Data Method
Creating Test Data
Base Case System Evaluation
Tracing
Integrated Test Facility
Parallel Simulation
GAS

Question 60

used to establish application integrity by processing specially prepared sets of input data through production applications that are under review.

Answer 60

Test Data Method

Question 61

Auditors must prepare a complete set of both valid and invalid transactions

Answer 61

Creatin Test Data

Question 62

When the set of test data in use is comprehensive

Answer 62

Base Case System Evaluation (BCSE)

Question 63

Performs an electronic walk-through of the application’s internal logic
Requires a detailed understanding of the applications internal logic

Answer 63

Tracing

Question 64

Advantages of Test Data Techniques

Answer 64

Employed through computer testing
Employed with only minimal disruption to the organization
Requires only minimal computer expertise on the part of auditors

Question 65

Disadvantages of Test Data Techniques

Answer 65

Must rely on computer services
Audit evidence collected by independent means is more reliable than the one supplied by the client
Provides a static picture of application integrity at a single point in time
High cost of implementation, results in auditing enfficiency

Question 66

Disadvantages of Test Data Techniques

Answer 66

Must rely on computer services
Audit evidence collected by independent means is more reliable than the one supplied by the client
Provides a static picture of application integrity at a single point in time
High cost of implementation, results in auditing inefficiency

Question 67

An automated technique that enables the auditor to test an application’s logic and controls during its normal operation

Answer 67

Integrated Test Facility (ITF)

Question 68

Auditors writes or obtain a copy of the program that stimulates key features or processes to be reviewed or tested

Answer 68

Parallel Simulation