Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AUD > Information Technology > Flashcards

Information Technology Flashcards

1
Q

When is an audit of IT NOT required?

A

Controls are redundant to another department

The system does not appear to be reliable and testing controls would not be an efficient use of time

Costs exceed benefit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

When can an audit of IT be performed without directly interacting with the system?

A

System isn’t complex or complicated

System output is detailed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the role of a Database Administrator?

A

Maintains database

Restricts access

Responsible for IT internal control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the role of a Systems Analyst?

A

Recommends changes or upgrades

Liaison between IT and users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the role of the data Librarian?

A

Responsible for disc storage

Holds system documentation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the benefit of Generalized Audit Software in an audit?

A

Uses computer speed to quickly sort data and files- which leads to a more efficient audit

Compatible with different client IT systems

Extracts evidence from client databases

Tests data without auditor needing to spend time learning the IT system in detail

Client-tailored or commercially produced

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is a Relational Database?

A

Group of related spreadsheets

Retrieves information through Queries

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is a Data Definition Language?

A

A language that defines a database and gives information on database structure.

It maintains tables- which can be joined together.

It establishes database constraints.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What functions are performed by a Data Manipulation Language?

A

Maintains and queries a database

Auditor needs information- so client uses DML to get the information needed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What functions are performed by a Data Control Language?

A

A Data Control Language controls a database and restricts access to the database.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are Check Digits?

A

A numerical character consistently added to a set of numbers.

It makes it more difficult for a fraudulent account to be set up or go undetected.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the purpose of a Code Review?

A

A Code Review tests a program’s processing logic.

Advantageous because auditor gains a greater understanding of the program.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is the purpose of a Limit Test?

A

Examines data and looks for reasonableness using upper and lower limits to determine if data fits the correct range.

Did anyone score higher than 100%?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the Test Data Method?

A

Auditor processes data with client’s computer - fake transactions are used to test program control procedures.

Each control needs to only be tested once

Problem with this method - fake data could combine with real data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

How can Operating Systems Logs be utilized during an audit?

A

Auditor can review logs to see which applications were run and by whom.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is the purpose of Access Security Software?

A

Helpful in online environments

Restricts computer access - may use encryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

How can Library Management Software assist with an audit?

A

Library Management Software logs any changes to system/applications etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

How can Embedded Audit Modules in software be utilized in an audit?

A

Assist with audit calculations

Enable continuous monitoring in an audit environment that is changing

Weakness: requires implementation into the system design

Example: SCARF - Collects information based on some criteria and can be analyzed at a later time (necessary because the audit environment is continually changing)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is an Audit Hook?

A

An Audit Hook is an application instruction that gives auditor control over the application.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is the purpose of Transaction Tagging?

A

Transaction Tagging allows logging of company transactions and activities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

How do Extended Records assist in audit trail creation?

A

Extended Records add audit data to financial records.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

How does Real Time Processing affect an audit?

A

Destroys prior data when updated

aka Destructive Updating

Requires well-documented Audit Trail

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is the risk of auditing System outputs versus Application outputs?

A

If the auditor only audits the outputs of a computer system and doesn’t also audit the software applications- an error in the applications could be missed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What is a Compiler?

A

Software that translates source program (similar to English) into a language that the computer can understand

25
Q

How is Parallel Simulation utilized during an audit?

A

Client data is processed using Generalized Audit Software (GAS)

Sample size can be expanded without significantly increasing the audit cost

GAS output compared to client output

26
Q

What does auditing internal control in a company’s IT environment accomplish?

A

Plan the rest of audit- Shorter audit trails that may expire- Less documentation

Assess the level of Control Risk - Unauthorized access to systems or data is more difficult to catch

Systems access controls adds another layer to separation of duties analysis

Focus should be on the general controls- new systems development- current systems changes- and program or data access control or computer ops control changes

27
Q

When would an auditor most likely assess control risk at the maximum in an electronic data processing environment?

A

Note: Assessed control risk at the maximum level means that there is a high risk that controls will NOT catch a misstatement. In other words, controls are bad

In this situation, control risk would be assessed at max when fixed asset transactions are few in number, but large in dollar amount

28
Q

What would be a major reason for maintaining an audit trail for a computer system?

A

The following would be reasons for maintaining an audit trail for a computer system:

  1. Deterrent to fraud
  2. Monitoring purposes
  3. Query answering
29
Q

What controls would an auditor most likely be concerned with in a distributed data processing system?

A

Note: A distributed data processing system is a decentralized system - means people can access the system from different places

In this situation, an auditor would be most concerned with access controls

30
Q

What activities would an auditor initially focus on if they anticipates assessing control risk at a low level in a computerized environment?

A

Note: Assessed control risk at a low level means that there is a low risk that controls will NOT catch a misstatement. In other words, controls are good

In this situation, the auditor would initially focus on general control activities since these are the foundation of the company. If the general controls are bad; then all other controls are bad also

31
Q

What types of client IT systems generally can be only audited by directly testing the IT programs of the systems?

(Auditing through the computer)

A

The following situations would require an auditor to audit through the computer:

  1. A system that affects a number of essential master files and produces a limited output
  2. A system that updates a few essential master files and produces no printed output other than final balances
  3. A system that performs relatively complicated processing and produces very little detailed output
32
Q

What are the various types of Computerized Audit Tools (CAAT) for test of controls?

A

Test of controls can be divided into the following categories of technique:

  1. Program analysis

a. Code review
b. Comparison programs
c. Flowcharting software
d. Program tracing and mapping
e. Snapshot

  1. Program testing

a. Test data
b. Integrated test facility (ITF)
c. Parallel simulation
d. Controlled reprocessing

  1. Continuous testing

a. Embedded audit modules & audit hooks
b. Systems control audit review files (SCARF)
c. Extended records
d. Transaction tagging

  1. Review of operating systems and other systems

a. Job accounting data/operating systems logs
b. Library management software
c. Access control & security software

33
Q

What are techniques for program analysis?

Program analysis includes:

a. Code review
b. Comparison programs
c. Flowcharting software
d. Program tracing and mapping
e. Snapshot

A

Techniques for program analysis allow the auditor to gain an understanding of the client’s program. Because these techniques ordinarily are relatively time-consuming and require a high level of computer expertise, they are infrequently used in financial statement audits

34
Q

What is code review?

One technique of Program analysis:

a. Code review
b. Comparison programs
c. Flowcharting software
d. Program tracing and mapping
e. Snapshot

A

Code review is a technique that involves actual analysis of the logic of the program’s processing routines.

The primary advantage is that the auditor obtains a detailed understanding of the program

Difficulties with the approach include the fact that it is extremely time-consuming, it requires a very high level of computer expertise, and difficulties involved with making certain that the program being verified is in fact the program in use throughout the accounting period

35
Q

What are comparison programs?

One technique of Program analysis:

a. Code review
b. Comparison programs
c. Flowcharting software
d. Program tracing and mapping
e. Snapshot

A

Comparison programs allow the auditor to compare computerized files. For example, they can be used in a program analysis to determine that the auditor has the same version of the program that the client is using

36
Q

What is flowcharting software?

One technique of Program analysis:

a. Code review
b. Comparison programs
c. Flowcharting software
d. Program tracing and mapping
e. Snapshot

A

Flowcharting software is used to produce a flowchart of a program’s logic and may be used both in mainframe and microcomputer environments.

A difficulty involved is that the flowcharts of large programs become extremely involved

37
Q

What is program tracing and mapping?

One technique of Program analysis:

a. Code review
b. Comparison programs
c. Flowcharting software
d. Program tracing and mapping
e. Snapshot

A

Program tracing is a technique in which each instruction executed is listed along with control information affecting that instruction

Program mapping identifies sections of code that can be “entered” and thus are executable

These techniques allow an auditor to recognize logic sequences or dormant section of code that may be a potential source of abuse

The techniques are infrequently used because they are extremely time-consuming

38
Q

What is a snap shot?

One technique of Program analysis:

a. Code review
b. Comparison programs
c. Flowcharting software
d. Program tracing and mapping
e. Snapshot

A

The snap shot technique in essence “takes a picture” of the status of program execution, intermediate results, or transaction data at specified processing points in the program processing

This technique helps an auditor analyze the processing logic of specific programs

39
Q

What are techniques for program testing?

Program testing includes:

a. Test data
b. Integrated test facility (ITF)
c. Parallel simulation
d. Controlled reprocessing

A

Program testing involves the use of auditor-controlled actual or simulated data. The approach provides direct evidence about the operation of programs and programmed controls

40
Q

What is test data?

One technique of Program testing:

a. Test data
b. Integrated test facility (ITF)
c. Parallel simulation
d. Controlled reprocessing

A

Test data is a set of dummy transactions that is developed by the auditor and processed by the client’s computer programs to determine whether the controls which the auditor intends to test (not necessarily all controls) to restrict control risk are operating effectively

Some of these dummy transactions may include errors to test effectiveness of programmed controls and to determine how transactions are handled (i.e. time tickets with invalid job numbers). When using test data, each control generally need only be tested once

Several problems include:

a. Making certain the test data is NOT included in the client’s accounting records
b. Determining that the program tested is actually used by the client to process data
c. Adequately developing test data for every possible control
d. Developing adequate data to test key controls may be extremely time-consuming

41
Q

What is an integrated test facility (ITF)?

One technique of Program testing:

a. Test data
b. Integrated test facility (ITF)
c. Parallel simulation
d. Controlled reprocessing

A

The integrated test facility introduces dummy transactions into a system in the midst of live transactions and is usually built into the system during the original design

One way to accomplish this is to incorporate a simulated or subsidiary into the accounting system with the sole purpose of running test data through it. The test data approach is similar and therefore its limitations are also similar, although the test approach does not run simultaneously through the live system

The running of dummy transactions in the midst of live transactions makes the task of keeping the two transaction types separate more difficult

42
Q

What is parallel simulation?

One technique of Program testing:

a. Test data
b. Integrated test facility (ITF)
c. Parallel simulation
d. Controlled reprocessing

A

Parallel simulation processes actual client data through an auditor’s generalized audit software program and frequently, although not necessarily, the auditor’s computer. After processing the data, the auditor compares the output obtained with output obtained from the client

The method verifies processing of actual transactions (as opposed to test data and ITF that use dummy transactions) and allows the auditor to verify actual client results

This method allows an auditor to simply test portions of the system to reduce the overall time and concentrate on key controls

The limitations of this method include:

a. The time it takes to build an exact duplicate of the client’s system
b. Incompatibility between the auditor and client software
c. Tracing differences between the two sets of outputs to differences in the programs may be difficult
d. The time involved in processing large quantities of data

43
Q

What is controlled reprocessing?

One technique of Program testing:

a. Test data
b. Integrated test facility (ITF)
c. Parallel simulation
d. Controlled reprocessing

A

Controlled reprocessing is a variation of parallel simulation, but processes actual client data through a copy of the client’s application program

As with parallel simulation, this method uses actual transactions and the auditor compares the output with output obtained from the client

Limitations of this method include:

a. Determining that the copy of the program is identical to that currently being used by the client
b. Keeping current with changes in the program
c. The time involved in reprocessing large quantities of data

44
Q

What are techniques for continuous (or concurrent) testing?

Continuous testing includes:

a. Embedded audit modules & audit hooks
b. Systems control audit review files (SCARF)
c. Extended records
d. Transaction tagging

A

Advanced computer systems, particularly those utilizing EDI, sometimes do not retain permanent audit trials, thus requiring capture of audit data as transactions are processed

Such systems may require audit procedures that are able to identify and capture audit data as transactions as they occur

45
Q

What are embedded audit modules?

One technique of Continuous testing:

a. Embedded audit modules & audit hooks
b. Systems control audit review files (SCARF)
c. Extended records
d. Transaction tagging

A

Embedded audit modules are programmed routines incorporated into an application program that are designed to perform an audit function such as a calculation, or logging activity

Because embedded audit modules require that the auditor be involved in system design of the application to be monitored, this approach is often not practical

46
Q

What are audit hooks?

One technique of Continuous testing:

a. Embedded audit modules & audit hooks
b. Systems control audit review files (SCARF)
c. Extended records
d. Transaction tagging

A

An audit hook is an exit point in an application program that allows an auditor to subsequently add an audit module (or particular instructions) by activating the hook to transfer control to an audit module

47
Q

What are Systems control audit review files (SCARF)?

One technique of Continuous testing:

a. Embedded audit modules & audit hooks
b. Systems control audit review files (SCARF)
c. Extended records
d. Transaction tagging

A

A SCARF is a log, usually created by an embedded audit module, used to collect information for subsequent review and analysis

The auditor determines the appropriate criteria for review and the SCARF selects that type of transaction, dollar limit, or other characteristic

48
Q

What are extended records?

One technique of Continuous testing:

a. Embedded audit modules & audit hooks
b. Systems control audit review files (SCARF)
c. Extended records
d. Transaction tagging

A

This technique attaches additional data that would not otherwise be saved to regular historic records and thereby helps to provide a more complicated audit trial. The extended record information may subsequently be analyzed

49
Q

What is transaction tagging?

One technique of Continuous testing:

a. Embedded audit modules & audit hooks
b. Systems control audit review files (SCARF)
c. Extended records
d. Transaction tagging

A

Tagging is a technique in which an identifier providing a transaction with a special designation is added to the transaction record. The tag is often used to allow logging of transactions or snapshot of activities

50
Q

What are techniques for review of operating systems and other systems software?

Review of operating systems and other systems include:

a. Job accounting data/operating systems logs
b. Library management software
c. Access control & security software

A

Systems software may perform controls for computer systems. Related audit techniques range from user-written programs to the use of purchasing operating systems monitoring software

51
Q

What are job accounting data/operating systems logs?

One technique of Review of operating & other systems software:

a. Job accounting data/operating systems logs
b. Library management software
c. Access control & security software

A

These logs, created by either the operating system itself or additional software packages that track particular functions, include reports of the resources used by the computer system

Because these logs provide a record of the activity of the computer system, the auditor may be able to use them to review the work processed, to determine whether unauthorized applications were processed, and to determine that authorized applications were processed properly

52
Q

What is Library management software?

One technique of Review of operating & other systems software:

a. Job accounting data/operating systems logs
b. Library management software
c. Access control & security software

A

This software logs changes in programs, program modules, job control language, and other processing activities

Auditors may review these logs

53
Q

What are access control and security software?

One technique of Review of operating & other systems software:

a. Job accounting data/operating systems logs
b. Library management software
c. Access control & security software

A

This software supplements the physical and control measures relating to the computer and is particularly helpful in online environments or in systems with data communications because of difficulties of physically securing computers

Access control and security software restricts access to computers to authorized personnel through techniques such as only allowing certain users with “read-only” access or through use of encryption

An auditor may perform tests of the effectiveness of the use of such software

54
Q

When would an auditor most likely introduce test data into a computerized payroll system to test controls?

A

An auditor would most likely do this when they are trying to test controls related to discovery of invalid employee I.D. numbers because with test data, you are testing the controls built into the computer

55
Q

Which computer-assisted auditing technique allows fictitious and real transactions to be processed together without the client operating personnel being aware of the testing process?

A

Integrated test facility allows the auditor to run dummy data through the client’s system with real transactions without the client knowing

56
Q

In which situation would an auditor LEAST likely use computer software?

A

An auditor would not use computer software to assess computer control risk because a computer can do practically anything EXCEPT make human decisions.

Assessing control risk is a decision that the auditor makes, NOT the computer. Also, when doing substantive testing, you would do audit procedures that addresses the assertions of whatever account that your auditing.

Now, an auditor can program a computer to do some type of calculation or algorithm to compute control risk, but the point is that the auditor has to tell or direct the computer to do this. The computer cannot just tell you whether controls or operating effectively or if an account balance is fairly stated at year-end; this all requires the decision of an auditor

57
Q

What computer audit technique is used when dummy transactions are developed by the auditor and processed by the client’s computer programs, generally for batch processing system?

A

Test Data computer audit technique is used

58
Q

What computer audit technique may include a simulated division of subsidiary into the accounting system with the purpose of running fictitious transactions through it?

A

Integrated Test Facility computer audit technique is used because fictitious transactions are used

59
Q

What computer audit technique uses a generalized audit software package prepared by the auditors?

A

Parallel simulation

AUD (9 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions