Information Technology

Question 1

Controls are redundant to another department

The system does not appear to be reliable and testing controls would not be an efficient use of time

Costs exceed benefit

Answer 1

Auditing and IT

Audit of IT is not required

Question 2

System isn’t complex or complicated

System output is detailed

Answer 2

Auditing and IT

Audit of IT can be performed without directly interacting with the system

Question 3

Maintains database

Restricts access

Responsible for IT internal control

Answer 3

Auditing and IT

Database Admin

Question 4

Recommends changes or upgrades

Liaison between IT and users

Answer 4

Auditing and IT

Systems Analyst

Question 5

Responsible for disc storage

Holds system documentation

Answer 5

Auditing and IT

Librarian

Question 6

Uses computer speed to quickly sort data and files- which leads to a more efficient audit

Compatible with different client IT systems

Extracts evidence from client databases

Tests data without auditor needing to spend time learning the IT system in detail

Client-tailored or commercially produced

Answer 6

Auditing and IT

GAS- Generalized Audit Software

Question 7

Group of related spreadsheets

Retrieves information through Queries

Answer 7

Auditing and IT

Relational Database

Question 8

A language that defines a database and gives information on database structure.

It maintains tables- which can be joined together.

It establishes database constraints.

Answer 8

Auditing and IT

Data Definition language

Question 9

Maintains and queries a database

Auditor needs information- so client uses DML to get the information needed

Answer 9

Auditing and IT

Data Manipulation Language

Question 10

A Data Control Language controls a database and restricts access to the database.

Answer 10

Auditing and IT-Data Control Language

Question 11

A numerical character consistently added to a set of numbers.

It makes it more difficult for a fraudulent account to be set up or go undetected.

Answer 11

Auditing and IT

Check Digits

Question 12

A Code Review tests a program’s processing logic.

Advantageous because auditor gains a greater understanding of the program.

Answer 12

Auditing and IT

Code Review

Question 13

Examines data and looks for reasonableness using upper and lower limits to determine if data fits the correct range.

Did anyone score higher than 100%?

Answer 13

Auditing and IT

Limit Test

Question 14

Auditor processes data with client’s computer - fake transactions are used to test program control procedures.

Each control needs to only be tested once

Problem with this method - fake data could combine with real data.

Answer 14

Auditing and IT

Test Data Method

Question 15

Auditor can review logs to see which applications were run and by whom.

Answer 15

Auditing and IT-Operating Systems Logs

Question 16

Helpful in online environments

Restricts computer access - may use encryption.

Answer 16

Auditing and IT

Access Security Software

Question 17

Library Management Software logs any changes to system/applications etc.

Answer 17

Auditing and IT-Library Management Software

Question 18

Assist with audit calculations

Enable continuous monitoring in an audit environment that is changing

Weakness: requires implementation into the system design

Example: SCARF - Collects information based on some criteria and can be analyzed at a later time (necessary because the audit environment is continually changing)

Answer 18

Auditing and IT

Embedded Audit Modules

Question 19

An Audit Hook is an application instruction that gives auditor control over the application.

Answer 19

Auditing and IT

Grab Transactions

Question 20

Transaction Tagging allows logging of company transactions and activities.

Answer 20

Auditing and IT

Tag and Trace

Question 21

Extended Records add audit data to financial records.

Answer 21

Auditing and IT

Helps create Audit Trails

Question 22

Destroys prior data when updated

aka Destructive Updating

Requires well-documented Audit Trail

Answer 22

Auditing and IT

Question 23

If the auditor only audits the outputs of a computer system and doesn’t also audit the software applications- an error in the applications could be missed.

Answer 23

Auditing and IT

Systems VS Application output

Question 24

Software that translates source program (similar to English) into a language that the computer can understand

Answer 24

Auditing and IT

Compiler

Question 25

Client data is processed using Generalized Audit Software (GAS)

Sample size can be expanded without significantly increasing the audit cost

GAS output compared to client output

Answer 25

Auditing and IT
Parralel Simulation
Controlled Reprocessing is a form that recreates clients system

Question 26

Plan the rest of audit- Shorter audit trails that may expire- Less documentation

Assess the level of Control Risk - Unauthorized access to systems or data is more difficult to catch

Systems access controls adds another layer to separation of duties analysis

Focus should be on the general controls- new systems development- current systems changes- and program or data access control or computer ops control changes

Answer 26

Auditing and IT