Information Systems - Execution Flashcards
WHAT audit technique would best help to identify payroll overpayments for the previous year?
Generalized audit software
i.e. features include mathematical computations, stratification, statistical analysis, sequence checking, duplicate checking and re-computations
WHAT would be considered highly reliable source of evidence for an IS auditor?
A confirmation letter received from a third party verifying an account balance
True or False.
An IS auditor should always be considered a more reliable source of evidence than a confirmation letter from a third party.
True
WHY? - Because the letter is the result of an analysis of the process and may not be based on authoritative audit techniques
HOW would an IS auditor use source code comparison software in evaluating program change controls?
To examine source program changes without information from IS personnel
i.e. This provides the IS auditor an objective, independent and relatively complete assurance of program changes, because the source code comparison identifies the changes
WHAT is the MAIN purpose of meeting with auditees prior to formally closing a review?
To gain agreement on the findings AND responses from management
WHAT would best help an IS auditor identify whether there have been any unauthorized program changes since the last authorized program update?
Automated code comparison
i.e. the process of comparing two versions of the same program to determine whether the two correspond
WHAT should an IS auditor do if they have reason to suspect fraud after their initial investigation?
Report the matter to the audit committee
What auditing technique should an IS auditor use to detect duplicate invoice records within an invoice master file?
Computer-assisted audit techniques
They enable the IS auditor to review the entire invoice file to look for those items that meet the selection criteria
What is the MAIN requirement that a data mining and auditing software tool should meet?
That it accurately captures data from the organization’s systems without causing excessive performance problems
i.e. The most critical requirement is that the tool works effectively on the systems of the organization being audited
WHAT would BEST help an IS auditor analyze audit trails on critical servers to discover potential anomalies in user or system behavior?
Trend/variance detection tools
WHY? - Because they look for anomalies in user or system behavior, such as invoices with increasing invoice numbers
WHAT IS auditing technique would successfully identify overlapping key controls in business application systems?
Replacing manual monitoring with an automated auditing solution
i.e. this would help analysts discover unnecessary or overlapping key controls in existing systems
What auditing method would best assist an IS auditor (concerned with fraud) in auditing controls over sales returns?
Discovery
I.e. An IS auditor should use the following method in trying to determine whether a type of event has occurred
WHAT should be the first action of an IS auditor during a dispute with management over audit findings?
Revalidate the supporting evidence for the finding
Note: If, after revalidating and retesting, there are unsettled disagreements, those issues should be included in the report
WHAT would be considered a “MOST” reliable support for testing employee access to a large financial system?
A list of accounts with access levels generated by the system
i.e. This evidence is objective, because it was generated by the system rather than by an individual
What would testing the controls that support management policies and procedures help the IS Auditor determine?
THAT the control is operating as designed
i.e. IS auditors want reasonable assurance that the controls they are relying on are effective