IS 414 CH. 11 (VOCAB) Flashcards
Auditing
Is the systematic process of obtaining and evaluating evidence regarding assertions about economic actions and events in order to determine how well they correspond with established criteria.
Internal auditing
Is an independent, objective assurance and consulting activity designed to add value and improve organizational effectiveness and efficiency, including assisted in the design and implementation of an AIS.
Types of Internal Audits
Financial internal audits; Information systems or internal control audit; operational audit; compliance audit; investigative audit
Financial audit
Examines the reliability and integrity of financial transactions, accounting records, and financial statements.
Informational systems or internal control
Reviews the control of AIS to assess its compliance with internal control policies and procedures and its effectiveness in safeguarding assets. The audits usually evaluate system input and output; processing controls; backup and recovery plans; system security; and computer facilities
Operational audit
Is concerned with the economical and efficient use of resources and accomplishment of established goals and objectives
Compliance audit
Determines whether entities are complying with applicable laws, regulations, policies and procedures. The audits often results in recommendations to improve processes and controls used to ensure compliance with regulations
Investigative audit
Examines incidents of possible fraud, misappropriation of assets, waste and abuse, or improper governmental activities.
Inherent Risk
Susceptibility to significant control problems in the absence of internal control
Control risk
Is the risk that a material misstatement will get through the internal control structure and into the financial statements.
Detection risk
Is the risk that auditors and their audit procedures will fail to detect a material error or misstatement.
Confirmation
Written communication with independent third parties to confirm the accuracy of information, such as customer account balances
Reperformance
Performing calculations again to verify quantitative information
Vouching
Comparing accounting journals and ledger entries with documentary evidence to verify that a transaction is valid, accurate, properly authorized, and correctly recorded
Analytical Review
Examination of the relationships between different sets of data; abnormal or unusual relationships and trends are investigated.
Materiality
Amount of an error, fraud, or omission that would affect the decision of a prudent user of financial information.
Reasonable Assurance
Obtaining complete assurance tat information is correct is prohibitively expensive, so auditors accept a reasonable degree of risk that the audit conclusion is incorrect.
Systems Review
An internal control evaluation step that determines if necessary control procedures are actually in place.
Test of Controls
Tests to determine whether existing controls work as intended.
Compensating Controls
Control procedures that compensate for the deficiency in other controls.
Source Code Comparison
Program Software that compares the current version of a program with its source code; differences should have been properly authorized and correctly incorporated.
Reprocessing
Using source code to reprocess data and comparing the output with the company’s output; discrepancies are investigated to see if unauthorized program changes were made
Parallel Simulation
Using auditor-written software to process data and comparing the output with the company’s output; discrepancies are investigated to see if unauthorized program changes were made.
Test Data Generator
Software that, based on program specifications, generates a set of data used to test program logic.
Concurrent Audit Techniques
Software that continuously monitors a system as it processes live data and collects, evaluates, and reports information about system reliability.
Embedded Audit Model
Program code segments that perform audit functions, report test results, and store the evidence collected for auditor review.
Integrated Test Facility (ITF)
Inserting a dummy entity in a company’s system; processing test transactions to update them will not affect actual records.
Snapshot Technique
Marking transactions with a special code, recording them and their master file records before and after processing, and storing the data to later verify that all processing steps were properly executed.
Systems Control Audit Review File (SCARF)
Using embedded audit modules to continuously monitor transactions, collect data on transactions with special audit significance, and store the data to later identify and investigate questionable transactions.
Audit Log
A file containing transactions that have audit significance.
Audit Hooks
Audit routines that notify auditors of questionable transactions, often as the occur.
Continuous and Intermittent Simulation (CIS)
Embedding an audit module in a DBMS that uses specified criteria to examine all transactions that update the database.
Automated Flowcharting
Programs Software that interprets a program’s source code and generates a flowchart of the program’s logic.
Automated Decision Table
Programs Software that interprets a program’s source code and generates a decision table of the program’s logic.
Scanning Routine
Software that searches a program for the occurrence of specified items.
Mapping Programs
Software that identifies unexcused program code.
Program Tracking
Sequentially printing all executed program steps, intermingled with output, so a program’s execution sequence can be observed.
Input Controls Matrix
A matrix that shows control procedures applied to each input record field; used to document the review of source data controls
Computer-Assisted Audit Techniques (CAATs)
Audit software that uses auditor-supplied specifications to generate a program that performs audit functions.
Generalized Audit Software (GAS)
Audit software that uses auditor-supplied specification to generate a program that performs audit functions.
