Information Systems - Execution 2 Flashcards
True or False.
WHEN Internal Controls are strong, a higher confidence coefficient can be adopted, which will enable the use of a smaller sample size
FALSE.
When internal controls are strong, a lower confidence coefficient can be adopted, which will enable the use of a smaller sample size.
What would an IS auditor use to discover potential anomalies in user or system behavior (E.g., analyze audit trails on critical servers)?
Trend/variance Detection Tools
What is the “Primary” requirement that a data mining and auditing software tool?
That it accurately captures data from the organization’s systems without causing excessive performance problems
What should an IS Auditor do first during a dispute with a department manager over audit findings?
Revalidate the supporting evidence for the finding
i.e., conclusions drawn by an IS auditor should be adequately supported by evidence
What procedure would successfully identify overlapping key controls in business application systems?
Replacing manual monitoring with an automated auditing solution
- This could assist analysts to discover unnecessary or overlapping key controls in existing systems.
What tool would be most useful for an IS auditor in accessing and analyzing digital data to collect relevant audit evidence from diverse software environments?
Computer-assisted auditing techniques or “CAATs”
What auditing method would best ensure the effectiveness of controls related to interest calculation for an accounting system?
Reperformance
What auditing technique would best assist in testing for the existence of dual control when auditing the wire transfer systems of a bank?
Observation
Why? - Because “Dual Control” requires that two people carry out an operation.
What advantage would the IS auditor have by directly extracting data from a general ledger system?
Greater assurance of data validity
What sampling method would be most appropriate for testing automated invoice authorization controls to ensure that exceptions are not made for specific users?
Stratified random sampling
Why? - Because this method ensures that all sampling units in each subgroup have a known, nonzero chance of selection
What audit technique would be best to use for an IS auditor evaluating the control design effectiveness related to an automated billing process?
Walkthrough
Why? - Because this involves a combination of inquiry and inspection of evidence with respect to business process controls and as the most effective basis for evaluation of the “design of the control”
