Information Technology Flashcards
System Flowchart
A graphic representation of a data processing application that depicts the interaction of all the computer programs for a given system, rather than the logic for an individual computer program
Program Flowchart
A graphic representation of the logic (processing steps) of a computer program
Internal Control Flowchart/Document Flowchart
A graphic representation of the flow of documents from one department to another, showing the source flow and final disposition of the various copies of all documents
Decision Table
Decision Tables use a matrix format that lists set of conditions, and the actions that result from various combinations of these decisions
Data Flow Diagram (DFD)
Presents logical flows of data and functions in a system. For example, a data flow diagram for the delivery of goods to a customer would include a symbol for the warehouse from which the goods are shipped and a symbol representing the customer. It would not emphasize details such as computer processing and paper outputs.
T/F
If a transaction is incorrectly processed, the auditor should suggest a way to fix the control, and re-process the transaction.
FALSE
Suggesting fixes is out of the scope of an audit and is dangerously close to consulting services.
The auditor should consider the effect that the issue will have on control risk. The auditor also should obtain an understanding of how the incorrect processing of transactions is resolved.
Ineffective general controls by themselves ____ (always/never/could) ____ (cause/allow) misstatements
Ineffective general controls by themselves never cause misstatements but they could allow misstatements.
What represents a disadvantage for an entity that keeps microcomputer-prepared data files rather than manually prepared files?
It is usually easier for unauthorized persons to access and alter the files. Manual files only need to be physically secure; but computer data needs to be both physically and logically secure.
When reviewing the extent and nature of the risks to internal controls associated with IT, an auditor should consider what?
1) Whether the entity has responded adequately to the risks arising from IT by establishing effective controls
2) Whether controls over IT systems are effective when they maintain the integrity of information and the security of the data such systems process
Describe a Completeness Test and how it is useful
A completeness check is a verification that all data required to process a given type of transaction has been entered in the required data fields. If missing data is detected, the operator is generally prompted to enter or complete the submission before it will be accepted for processing. This is a control that prevents errors.
How are Application Controls Classified?
Input Controls
Processing Controls
Output Controls
The extent and nature of the risk to internal control associated with IT are dependent on the nature and characteristics related to the entity’s
information system
Application controls pertain to
processing of individual applications in an IT environment
Input controls relate most appropriately to (3 items)
rejection, correction, and resubmission of data that was initially incorrect
There are four basic categories of input to be controlled
1) transaction entries
2) file maintenance transactions
3) inquiry transaction entries
4) error correction transactions.
