IT Auditing Flashcards
Which of the following most likely represents a significant deficiency in the internal control structure?
The systems programmer designs systems for computerized applications and maintains output controls.
In a well-designed system of internal control, the following duties must be segregated: systems analysis, programming, computer operations, transaction authorization, library functions, and data control. If the systems programmer is both designing systems for computerized applications and maintaining output controls, the duties of programming and data control have not been adequately segregated.
An auditor most likely would introduce test data into a computerized payroll system to test internal controls related to the
Discovery of invalid employee I.D. numbers.
Test data are used by auditors to test the controls over data processing. In this case, test data would most likely be used to test the internal controls that prevent invalid employee I.D. numbers from being input.
An auditor who wishes to capture an entity’s data as transactions are processed and continuously test the entity’s computerized information system most likely would use which of the following techniques?
Embedded audit module.
An embedded audit module is a program inserted into the client’s system to capture designated transactions, such as large or unusual transactions, for later review by the auditor.
It enables the auditor to continuously test the client’s computerized information system.
In auditing an entity’s computerized payroll transactions, an auditor would be least likely to use test data to test controls concerning
Control and distribution of unclaimed checks.
“Test data” would not be helpful in evaluating physical security controls over unclaimed checks or other documents.
An auditor would least likely use computer software to
Assess EDP control risk.
Computer software would not be used to assess EDP control risk. Assessments of control risk are a matter of auditor judgment; the use of computer software will not facilitate that judgment.
Which of the following controls is a processing control designed to ensure the reliability and accuracy of data processing?
Limit tests and validity check tests are both processing controls designed to ensure the reliability and accuracy of data processing. While the Study Text has included both as examples of input controls, they can also be utilized as processing controls.
If a control total were computed on each of the following data items, which would best be identified as a hash total for a payroll EDP application?
Department numbers.
A hash total is a meaningless total computed to verify the accuracy and completeness of input. Assigned department numbers, when totaled, would provide an example of a hash total.
A primary advantage of using generalized audit software packages to audit the financial statements of a client that uses an EDP system is that the auditor may
Access information stored on computer files while having a limited understanding of the client’s hardware and software features.
Generalized audit software programs perform common audit tasks, such as footing a file, sorting, extracting, and summarizing. They allow an auditor to access information stored on computer files even with only a limited understanding of the client’s hardware and software.
Which of the following is an essential element of the audit trail in an electronic data interchange (EDI) system?
Activity logs that indicate failed transactions.
The audit trail is the means by which an accounting transaction can be traced through an accounting information system. In an EDI system, the audit trail would include activity logs that indicate failed transactions, as they identify the disposition of those transactions.
