Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Auditing & Attestation > IT Auditing > Flashcards

IT Auditing Flashcards

1
Q

What are the increased risks involving information technology?

A
  • No automatic judgment or discretion
  • No physical trace or “natural” audit trail for online transactions
  • High concentration of duties leads to a poor separation of duties
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Control activities to look for when auditing IT:

A

General Controls

Application Controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Refer to the system that is built around IT.

A

General Controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Any weakness in general controls will have a _______ effect on the entire system.

A

Pervasive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

When auditing IT, which duties should be separate for general controls?

A
  • Separate IT from users of output
  • IT Department should never authorize or initiate transactions
  • IT Department only processes transactions
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

There must be procedures to review, test, approve, and document…

A
  • Systems & changes to systems

- Programs & changes to programs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Hardware/Software controls such as firewalls, virus protections, and anti-hacking software are all part of…

A

General Controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Types of General Controls

A 
Hardware/Software Controls
Access Controls
IT Department's Separation of Duties
Changes made to systems & programs
Physical Safeguards
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Proper Separation of Duties within IT consists of…

A 
C - Control Group
O - Operations
P - Programmers
A - Analysts
L - Librarians
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Group of employees that are responsible for I/C within IT

A

Control Group

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Employee that keeps the mater files, the programs, & the documentation

A

Librarian

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Application Controls consist of what types of controls?

A
  • Input
  • Processing
  • Output
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Ensures all transactions are properly initiated, authorized, and approved. Includes things such as control totals, record counts, & hash totals.

A

Input Controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

are an input control. They are a nonsense total; for example, the sum of the digits of an invoice number. A hash total is similar to a control total and is used to verify processing (or output) compared to input.

A

Hash Totals

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

a specific type of input control, consisting of a single digit at the end of an identification code that is computed from the other digits in a field. If the identification code is mis-keyed, a formula or algorithm will reveal that the check digit is not correct, and the field will not accept the entry.

A

Check Digit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

controls that apply to all systems components, processes, and data for an organization or IT environment. The objectives are to ensure the proper development and implementation of applications, as well as integrity of programs, data files, and computer operations.

A

General IT Controls

17
Q

refers to the transactions and data relating to each computer-based application system and are, therefore, specific to each such application.

A

Application Controls

18
Q

What are the objectives of Application Controls?

A

The objectives of application controls, which may be manual or programmed, are to ensure the completeness and accuracy of the records and the validity of the entries made therein.

19
Q

Application controls consist of…

A

input controls, processing controls, and output controls.

20
Q

an edit check of logical correctness of the relationships among the values in an input data set, or the value of an input item with the values of a related data item in a master file.

A

Reasonableness Check

21
Q

used to edit data during input or processing to validate data. The data is above an amount, below an amount, or between two amounts.

A

A limit test or limit check

22
Q

an organization or segment of an organization that provides services to user entities that are relevant to those user entities’ internal control over financial reporting.

A

Service Organization

23
Q

Report on management’s description of a service organization’s internal control system and the suitability of DESIGN of controls.

A

Service Organization: Type 1 Report

24
Q

As an auditor, you cannot use a Type 1 report as…

A

a basis for reducing your assessed level of control risk

25
Q

Report on management’s description of a service organization’s internal control system and the suitability of DESIGN & OPERATING EFFECTIVENESS of controls.

A

Service Organization: Type 2 Report

26
Q

Which type of report would be suitable for an auditor to lower the assessed level of control risk?

A

Type 2 Report

Auditing & Attestation (6 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions