Module 8 Flashcards
What is the auditors responsibilities over internal control over computer systems?
IT remains the same as with manual systems, that is, to obtain an understanding adequate (1) to aid in planning the remainder of the audit and (2) to assess control risk.
How may the auditors consideration of internal control be affected in the computer systems?
1) It may result in transactions trails that exist for a short period of time or only in computer readable form
2) Include program errors that cause mishandling of transactions
3) Include computer controls that need to be tested in addition to segregation of functions
4) Involve increased difficulty in detecting unauthorized access
5) Allow increased management supervisory potential resulting from more timely reports
6) Include less documentation of initiation and execution of transactions
7) Include computer controls that affect the effectiveness of related manual control activities that use computer output
What is CAAT?
Computerized audit tools for Tests of Controls
Test of controls may be divided into the following categories of techniques. what are they?
1- Program Analysis
2- Program testing
3- Continuous testing
4- review of operating systems and other systems software
What are types of program analysis techniques?
These techniques allow the auditor to gain an understanding of the clients program. Because these techniques ordinarily are relativity time consuming, they are infrequently used
1) Code Testing - What it sounds like reviewing computer code. high level of detailed understanding of the computer
2_ Comparison programs - programs that allow the auditor to compare computerized files.
3) Flow-charting software - used to produce a flowchart of the programs logic
4) Program tracing and mapping - program tracing is a technique in which instruction executed is listed along with control information affecting that instruction
5) Snapshot - This technique takes a picture of the status of program execution. IT helps an auditor to analyze to processing logic of specific programs
What are types of techniques for Program Testing?
Program testing involves the use of auditor controlled actual or simulated data.
1) - Test Data - A set of dummy transactions that is developed by the auditor and processed by the client’s computer programs to determine whether the controls which the auditor intends to test to restrict control risk are operating effectively.
2) Integrated Test Facility (ITF) - This method introduces dummy transactions into a system in the midst of live transactions and is usually built into the system during the original design.
3) Parallel Simulation - Tests actual client data through an auditors generalized audit software program. Outputs of both client, and auditor systems is compared.
4) Controlled Reprocessing - A variation of parallel simulation, processes actual client data through a copy of the client’s application program. Outputs are compared.
What are types of techniques for continuous (or concurrent) Testing?
Advanced computer systems, particularly those utilizing EDI, sometimes do not retain permanent audit trails, thus requiring capture of audit data as transactions are processed.
1) Embedded audit modules and audit hooks - programmed routines incorporated into an application program that are designed to perform an audit function such as a calculation, or logging activity.
2) Systems control audit review files (SCARF) - a log, usually created by an embedded audit module, used to collect information for subsequent review and analysis.
3) Extended records - This technique attaches additional data that would not otherwise be saved to regular historic records and thereby helps to provide a more complicated audit trail.
4) Transaction tagging - Tagging is a technique in which an identifier providing a transaction with a special designation is added to a transaction record.
What are types or techniques for review of operating systems and other systems software?
Systems software may perform controls for computer systems. Related audit techniques range from user written programs to the use of purchase operating systems monitoring software
1) Job accounting data / operating system logs - Created by either the operating system or additional software packages, include reports to the resources used by the computer system, the auditor can used them to review the work processed, to determine unauthorized applications were processed
2) Library Management Software - This software logs changes in programs, program modules, job control language, and other processing activities
3) Access control and security software - this software supplements the physical and control measures relating the the computer and is particularly helpful in online environments or in systems with data communications because of difficulties of physically securing computers.It restricts access to computers to authorized personnel through techniques such as only allowing certain uses with read-only access or through encryption
When should an IT Specialist be used?
The auditor considers factors such as:
1- Complexity of entity’s systems and IT controls
2- Significance of changes made to existing systems, or implementation of new systems
3- Extent to which data is shared among systems
4- Extent of entity’s participation in electronic commerce
5- Entity’s use of emerging technologies
6- Significance of audit evidence available only in electronic form
Generalized audit software (GAS) is type of computerized audit tool that does?
The auditor may use various types of software on PC and may include customized grams, utility software, generalized audit software for performing tests of controls and substantive tests. GAS also performs such file maintenance tasks by generally requires a more limited understanding of the client’s hardware and software features.
The following is a list of functions:
1- Record extraction - (AR over a certain credit limit, inventory items with negative balances, uncosted inventory items, transactions with related parties
2- Sorting
3- Summarization - (by account #, inventory turnover statistics, duplicate sales invoices)
4- Field statistics - (net value, total of all debt values, # of records, average value, max value)
5- File comparisons (compare payroll detail to personnel records
6- Gap detection
7- Sampling
8- Calculation
A CPA might find information on the structure of relational database tables through which language interface?
Data Definition Language
