Information Technology

Question 1

Four methods of program testing are

Answer 1

• Parallel simulation: actual client data through an auditor’s generalized audit software program
• Test Data: dummy transaction developed by auditor and processed by the client program to determine whether the controls which the auditor intends to test are operating effectively
• Integrated test facility introduces dummy transactions into a client’s system in the midst of live transaction
• Controlled reprocessing: process actual client data through a copy of the client’s application program.

Question 2

Test data

Answer 2

Test data

• A set of dummy transactions is developed by the auditor and processed by the client’s computer programs to determine whether the controls which the auditor intends to test (not necessarily all controls) to restrict control risk are operating effectively. Some of these dummy transactions may include errors to test the effectiveness of programmed controls and to determine how transactions are handled (e.g., time tickets with invalid job numbers).
• When using test data, each control generally need only be tested once.
• when using test data, prepares a set of dummy transactions to determine if the controls purported to be in effect in a program are functioning as intended.
• Several possible problems include:
  
  • (a) Making certain the test data is not included in the client’s accounting records.
  • (b) Determining that the program tested is actually used by the client to process data.
  • (c) Adequately developing test data for every possible control.
  • (d) Developing adequate data to test key controls may be extremely time-consuming.

Question 3

Parallel simulation

Answer 3

• Parallel simulation processes actual client data through an auditor’s generalized audit software program and frequently, although not necessarily, the auditor’s computer
• After processing the data the auditor compares the output obtained with output obtained from the client.
• The method verifies processing of actual transactions (as opposed to test data and ITF that use dummy transactions) and allows the auditor to verify actual client results.
• This method allows an auditor to simply test portions of the system to reduce the overall time and concentrate on key controls.
• Parallel simulation is likely to be more effective in an environment that does not involve continuous auditing
• The limitations of this method include:
  
  • (a) The time it takes to build an exact duplicate of the client’s system
  • (b) Incompatibility between auditor and client software
  • (c) Tracing differences between the two sets of outputs to differences in the programs may be difficult
  • (d) The time involved in processing large quantities of data

Question 4

Integrated test facility

Answer 4

Integrated test facility introduces dummy transactions into a client’s system in the midst of live transaction

This method introduces dummy transactions into a system in the midst of live transactions and is usually built into the system during the original design. One way to accomplish this is to incorporate a simulated division or subsidiary into the accounting system with the sole purpose of running test data through it.

The test data approach is similar and therefore its limitations are also similar, although the test data approach does not run simultaneously through the live system. The running of dummy transactions in the midst of live transactions makes the task of keeping the two transaction types separate more difficult.

Question 5

Controlled reprocessing:

Answer 5

Controlled reprocessing: process actual client data through a copy of the client’s application program.

Controlled reprocessing are likely to be more effective in an environment that does not involve continuous auditing

Question 6

What are the benefits of Generalized Audit Software in an audit?

Answer 6

• Uses computer speed to quickly sort data and files- which leads to a more efficient audit
• Compatible with different client IT systems
• Extracts evidence from client databases
• Tests data without auditor needing to spend time learning the IT system in detail
• Client-tailored or commercially produced

Question 7

What is the role of a Database Administrator?

Answer 7

• Maintains database
• Restricts access to authorized personel
• Responsible for IT internal control
• Authorization - ARC

Question 8

What is the role of a Systems Analyst?

Answer 8

• Recommends changes and purchase of new system
• Design of new system
• Liaison between programming staff and user departments
• Authorization - ARC

Question 9

What is the role of the data Librarian?

Answer 9

• Responsible for custody of the removable media
• Maintenance of program and system documentation
• Custody- ARC

Question 10

What is a Data Definition Language?

Answer 10

A language that defines a database and gives information on database structure. It maintains tables- which can be joined together. It establishes database constraints.

Question 11

What functions are performed by a Data Control Language?

Answer 11

A Data Control Language controls a database and restricts access to the database.

Question 12

What functions are performed by a Data Manipulation Language?

Answer 12

• Maintains and queries a database, including updating, inserting in, modifying and querying (asking for data).
• Auditor needs information- so client uses DML to get the information needed

Question 13

What are Check Digits?

Answer 13

A numerical character consistently added to a set of numbers.

It makes it more difficult for a fraudulent account to be set up or go undetected.

Question 14

What is the purpose of a Code Review?

Answer 14

• A Code Review tests a program’s processing logic.
• Advantageous because auditor gains a greater understanding of the program.
• Difficulities becasue it is extremely time consuming - it requires a very high level of computer expertise, and difficulties involved with making certain that the program being verified is in fact the program in use throughout the accounting period.

Question 15

What is the purpose of a Limit Test?

Answer 15

Examines data and looks for reasonableness using upper and lower limits to determine if data fits the correct range. Did anyone score higher than 100%?

Question 16

What is the purpose of Transaction Tagging?

Answer 16

Transaction Tagging allows logging of company transactions and activities.

Question 17

How can Embedded Audit Modules in software be utilized in an audit?

Answer 17

• Assist with audit calculations
• Enable continuous monitoring in an audit environment that is changing
• Weakness: requires implementation into the system design Example: SCARF - Collects information based on some criteria and can be analyzed at a later time (necessary because the audit environment is continually changing)
• Embedded audit modules are programmed routines incorporated into an application program that are designed to perform an audit function such as a calculation, or a logging activity. Because embedded audit modules require that the auditor be involved in systems design of the application to be monitored, this approach is often not practical.
• An audit hook is an exit point in an application program that allows an auditor to subsequently add an audit module (or particular instructions) by activating the hook to transfer control to an audit module.

Question 18

What is an Audit Hook?

Answer 18

An Audit Hook is an application instruction that gives auditor control over the application.

Question 19

How do Extended Records assist in audit trail creation?

Answer 19

Extended Records add audit data to financial records.

Question 20

What is a Compiler?

Answer 20

Software that translates source program (similar to English) into a language that the computer can understand