Information Technology

Question 1

When is an audit of IT NOT required?

Answer 1

• Controls are redundant to another department
• The system does not appear to be reliable and testing controls would not be an efficient use of time
• Costs exceed benefit

Question 2

When can an audit of IT be performed without directly interacting with the system?

Answer 2

System isn’t complex or complicated System output is detailed

Question 3

What is the role of a Database Administrator?

Answer 3

• Maintains database
• Restricts access
• Responsible for IT internal control

Question 4

What is the role of a Systems Analyst?

Answer 4

• Recommends changes or upgrades
• Liaison between IT and users

Question 5

What is the role of the data Librarian?

Answer 5

Responsible for disc storage Holds system documentation

Question 6

What is the benefit of Generalized Audit Software in an audit?

Answer 6

• Uses computer speed to quickly sort data and files- which leads to a more efficient audit
• Compatible with different client IT systems
• Extracts evidence from client databases
• Tests data without auditor needing to spend time learning the IT system in detail
• Client-tailored or commercially produced

Question 7

What is a Relational Database?

Answer 7

• Group of related spreadsheets
• Retrieves information through Queries

Question 8

What is a Data Definition Language?

Answer 8

• A language that defines a database and gives information on database structure.
• It maintains tables- which can be joined together.
• It establishes database constraints.

Question 9

What functions are performed by a Data Manipulation Language?

Answer 9

• Maintains and queries a database
• Auditor needs information- so client uses DML to get the information needed

Question 10

What functions are performed by a Data Control Language?

Answer 10

A Data Control Language controls a database and restricts access to the database.

Question 11

What are Check Digits?

Answer 11

• A numerical character consistently added to a set of numbers.
• It makes it more difficult for a fraudulent account to be set up or go undetected.

Question 12

What is the purpose of a Code Review?

Answer 12

• A Code Review tests a program’s processing logic.
• Advantageous because auditor gains a greater understanding of the program.

Question 13

What is the purpose of a Limit Test?

Answer 13

• Examines data and looks for reasonableness using upper and lower limits to determine if data fits the correct range.
• Did anyone score higher than 100%?

Question 14

What is the Test Data Method?

Answer 14

• Auditor processes data with client’s computer - fake transactions are used to test program control procedures.
• Each control needs to only be tested once
• Problem with this method - fake data could combine with real data.

Question 15

How can Operating Systems Logs be utilized during an audit?

Answer 15

Auditor can review logs to see which applications were run and by whom.

Question 16

What is the purpose of Access Security Software?

Answer 16

• Helpful in online environments
• Restricts computer access - may use encryption.

Question 17

How can Library Management Software assist with an audit?

Answer 17

Library Management Software logs any changes to system/applications etc.

Question 18

How can Embedded Audit Modules in software be utilized in an audit?

Answer 18

• Assist with audit calculations
• Enable continuous monitoring in an audit environment that is changing
• Weakness: requires implementation into the system design
• Example: SCARF - Collects information based on some criteria and can be analyzed at a later time (necessary because the audit environment is continually changing)

Question 19

What is an Audit Hook?

Answer 19

An Audit Hook is an application instruction that gives auditor control over the application.

Question 20

What is the purpose of Transaction Tagging?

Answer 20

Transaction Tagging allows logging of company transactions and activities.

Question 21

How do Extended Records assist in audit trail creation?

Answer 21

Extended Records add audit data to financial records.

Question 22

How does Real Time Processing affect an audit?

Answer 22

Destroys prior data when updated

aka

• Destructive Updating
• Requires well-documented Audit Trail

Question 23

What is the risk of auditing System outputs versus Application outputs?

Answer 23

If the auditor only audits the outputs of a computer system and doesn’t also audit the software applications- an error in the applications could be missed.

Question 24

What is a Compiler?

Answer 24

Software that translates source program (similar to English) into a language that the computer can understand

Question 25

How is Parallel Simulation utilized during an audit?

Answer 25

• Client data is processed using Generalized Audit Software (GAS)
• Sample size can be expanded without significantly increasing the audit cost
• GAS output compared to client output

Question 26

What does auditing internal control in a company’s IT environment accomplish?

Answer 26

• Plan the rest of audit- Shorter audit trails that may expire- Less documentation
• Assess the level of Control Risk - Unauthorized access to systems or data is more difficult to catch
• Systems access controls adds another layer to separation of duties analysis

Focus should be on the general controls

• new systems development
• current systems changes
• program or data access control or computer ops control changes