IT Audit Controls Flashcards
(19 cards)
What is the purpose of limit tests?
To determine whether the data under review are all within some predetermined range.
Define “check digit.”
An arithmetic manipulation of a numeric field that captures the information content of that field and then gets “tacked” onto the end of that numeric field.
Define “batch totals.”
The sum of a particular field in a collection of items used as a control total to ensure that all data has been entered into a system
What is the purpose of missing data checks?
To determine whether there are any omissions from fields in which data should have been present
What is the purpose of processing application controls?
To ensure the processing of data is accurate and as authorized.
Define “application controls.
Information processing controls that apply to the processing of specific computer applications (controls around input, processing, and output)
List the three types of control totals.
Batch totals, Hash totals, Record count
What is the purpose of output application controls?
To ensure the output data (and the distribution of any related reports) is accurate and as authorized.
What is the purpose of output application controls?
To ensure the output data (and the distribution of any related reports) is accurate and as authorized
Define “customized audit software.”
Programs specifically written to access the files of a particular client. The cost might be modest, but the benefits are limited to the specific client for whom the software was written
Define “Integrated Test Facility (ITF).”
A fictitious division or department within the client created for the purpose of processing the “dummy” (test) data along with the client’s “live” data.
What is Data Mining Software?
Commercially available software (such as ACL or Idea) used to access a client’s electronic data and perform a broad range of audit tasks (such as performing analytical procedures and sampling for confirmation work, etc.).
What is the purpose of test data procedures?
To process known errors to see if the client’s system catches them. The auditor only needs to include those errors that are important to the auditor (that is, the auditor need not include every possible type of error). There may be a danger of contaminating the client’s database with the test data.
Define “tagging transactions.”
The process of adding an electronic tagging to specific client transactions and tracing them through the client’s system.
Define “generalized audit software.”
Audit software designed to access and test data files of many audit clients. Such audit software is not unique to a specific audit client.The cost is usually expensive to develop, but that cost can be spread over many audit clients. The cost per client may justify that large initial cost of development
Define “parallel simulation.”
The processing of the client’s actual data using the auditor’s software and then comparing the auditor’s output to the client’s output for agreement
Define “Real Time Processing.”
The processing of data whereby the data files are immediately updated
Define “Value Added Network (VAN).”
A network maintained by an independent company that facilitates Electronic Data Interchange (EDI) transactions between the buying and selling companies.
Define “Electronic Data Interchange (EDI).”
Direct computer-to-computer communication between a buyer and seller designed to achieve greater efficiency and less paperwork (a paper audit trail may not even exist).
