Information Technology Flashcards
Controls are redundant to another department
The system does not appear to be reliable and testing controls would not be an efficient use of time
Costs exceed benefit
Auditing and IT
System isn’t complex or complicated
System output is detailed
Auditing and IT
Maintains database
Restricts access
Responsible for IT internal control
Auditing and IT
Recommends changes or upgrades
Liaison between IT and users
Auditing and IT
Responsible for disc storage
Holds system documentation
Auditing and IT
Uses computer speed to quickly sort data and files- which leads to a more efficient audit
Compatible with different client IT systems
Extracts evidence from client databases
Tests data without auditor needing to spend time learning the IT system in detail
Client-tailored or commercially produced
Auditing and IT
Group of related spreadsheets
Retrieves information through Queries
Auditing and IT
A language that defines a database and gives information on database structure.
It maintains tables- which can be joined together.
It establishes database constraints.
Auditing and IT
Maintains and queries a database
Auditor needs information- so client uses DML to get the information needed
Auditing and IT
A Data Control Language controls a database and restricts access to the database.
Auditing and IT
A numerical character consistently added to a set of numbers.
It makes it more difficult for a fraudulent account to be set up or go undetected.
Auditing and IT
A Code Review tests a program’s processing logic.
Advantageous because auditor gains a greater understanding of the program.
Auditing and IT
Examines data and looks for reasonableness using upper and lower limits to determine if data fits the correct range.
Did anyone score higher than 100%?
Auditing and IT
Auditor processes data with client’s computer - fake transactions are used to test program control procedures.
Each control needs to only be tested once
Problem with this method - fake data could combine with real data.
Auditing and IT
Auditor can review logs to see which applications were run and by whom.
Auditing and IT
Helpful in online environments
Restricts computer access - may use encryption.
Auditing and IT
Library Management Software logs any changes to system/applications etc.
Auditing and IT
Assist with audit calculations
Enable continuous monitoring in an audit environment that is changing
Weakness: requires implementation into the system design
Example: SCARF - Collects information based on some criteria and can be analyzed at a later time (necessary because the audit environment is continually changing)
Auditing and IT
An Audit Hook is an application instruction that gives auditor control over the application.
Auditing and IT
Transaction Tagging allows logging of company transactions and activities.
Auditing and IT
Extended Records add audit data to financial records.
Auditing and IT
Destroys prior data when updated
aka Destructive Updating
Requires well-documented Audit Trail
Auditing and IT
If the auditor only audits the outputs of a computer system and doesn’t also audit the software applications- an error in the applications could be missed.
Auditing and IT
Software that translates source program (similar to English) into a language that the computer can understand
Auditing and IT
Client data is processed using Generalized Audit Software (GAS)
Sample size can be expanded without significantly increasing the audit cost
GAS output compared to client output
Auditing and IT
Plan the rest of audit- Shorter audit trails that may expire- Less documentation
Assess the level of Control Risk - Unauthorized access to systems or data is more difficult to catch
Systems access controls adds another layer to separation of duties analysis
Focus should be on the general controls- new systems development- current systems changes- and program or data access control or computer ops control changes
Auditing and IT
