Module 9: Data Analysis

Question 1

Computer Assisted Audit Techniques: It is used to __ and __ data during an __ __ or ____

Answer 1

gather, analyze, IS audit, review

Question 2

Computer Assisted Audit Techniques: IS auditors use CAATs to gather information dependently (T or F)

Answer 2

False. independently

Question 3

Computer Assisted Audit Techniques: Provide a means to gain access and analyze data for a ___ __ ___ and to ___ ___ ___ ___

Answer 3

predetermined audit objectives, report the audit findings

Question 4

Computer Assisted Audit Techniques: Reporting from results in CAATS emphasizes on the?

Answer 4

reliability of the records produced and maintained in the system

Question 5

Computer Assisted Audit Techniques: Although CAATS are useful, IS auditors may resort to manual auditing when needed (T or F)

Answer 5

False. It is nearly impossible to audit large organizations manually

Question 6

Computer Assisted Audit Techniques: Give examples of CAATS

Answer 6

1. General Audit Software
2. Test Data
3. Utility Software
4. Debugging and Scanning Software
5. Software tracing and mapping
6. Expert Systems

Question 7

refers to standard software that has the capability to directly read and access data from various database platforms, flat-file systems and ASCII formats

Answer 7

Generalized Audit Software

Question 8

Generalized Audit Software: GAS has the capability to directly read and access data from what formats?

Answer 8

1. Database platforms
2. flat-file systems
   3.ASCII formats

Question 9

Generalized Audit Software: GAS provides two things to is auditors which are?

Answer 9

1. Independent means to gain access to data for analysis
2. The ability to use high level problem solving software to invoke functions to be performed on data files

Question 10

Generalized Audit Software What are the functions supported by GAS

Answer 10

1. File Access
2. File Reorganization
3. Data Selection
4. Statistical Function
5. Arithmetical Functions

Question 11

Generalized Audit Software:File Reorganization enables ___ ___ ___ and ___ with another file

Answer 11

indexing, sorting, merging, linking

Question 12

Generalized Audit Software: Statistical function enables ___ ___ and __ ___

Answer 12

sampling, stratification, frequency analysis

Question 13

Generalized Audit Software: Data selection enables ___ ___ ____ and ___ ___

Answer 13

global filtration conditions, selection criteria

Question 14

Generalized Audit Software: Enables the reading of different __ ___ and ___ ___

Answer 14

record formats, file structures

Question 15

Generalized Audit Software: Arithmetical Functions enables ___ ___ and ____

Answer 15

arithmetic operators, functions

Question 16

involve an IS auditor using a sample set of data to
assess whether logic errors exist in a program and
whether the program meets its objectives

Answer 16

Test data

Question 17

Test Data: Is test data real data or not

Answer 17

Not

Question 18

Test Data: Test data assesses 2 things whether

Answer 18

1. logic errors exist
2. program meets its objectives

Question 19

Test Data: the results of the test are compared to?

Answer 19

predetermined expectations

Question 20

a subset of software such as report
generators of the database management system

Answer 20

Utility software

Question 21

Utility software provides evidence about?

Answer 21

System Control Effectiveness

Question 22

The review of an
application system

Answer 22

Debugging/Tracing/Mapping

Question 23

Debugging/Tracing/Mapping will provide information about?

Answer 23

internal control built in the systems

Question 24

Gives direction and
valuable information
to all levels of auditors
while carrying out the
audit

Answer 24

Expert systems

Question 25

Expert Systems: It gives direction to lower level auditors only (T or F)

Answer 25

False, all levels

Question 26

Expert Systems: Expert systems are built on the knowledge base of?

Answer 26

Senior auditors and managers

Question 27

What are the Audit application of CAATS?

Answer 27

❑ Tests of the details of transactions and balances
❑ Analytical review procedures
❑ Compliance tests of IS general controls
❑ Compliance tests of IS application controls
❑ Network and OS vulnerability assessments
❑ Penetration testing
❑ Application security testing and source code security scans

Question 28

Things to consider for CAATs:
❑ Ease of use for ___ ___ __ audit staff
❑ ___ requirements
❑ Complexity of ___ __ ___
❑ ____ of uses
❑ ____ requirements
❑____ efficiencies
❑ Effort required to bring the ___ ___ into the CAATs for analysis

Answer 28

1. Existing and future
2. Training
3. coding and maintenance
4. flexibility
5. Installation
6. Processing
7. source data

Question 29

Things to consider for CAATs:
❑ Ensuring the ____ of ___ ___ by safeguarding their ____
❑ Recording the ___ ___ of data
downloaded at __ ___ __ to
sustain the ___ of the review
❑ Obtaining ____ to install the software
on the auditee servers
❑ ____ of the software
❑ _____ of the data being
processed

Answer 29

1. integrity, imported data, authenticity
2. time stamp, critical processing points, credibility
3. permission
4. Reliability
5. Confidentiality

Question 30

Things to consider for CAATs: what is the main thing to do before using caats?

Answer 30

Cost benefit analysis

Question 31

When using CAAT, what are considerations?

Answer 31

1. Documentations should be referenced to the audit program
2. IS auditor should have read-only access to production data
3. Data manipulation should be in a controlled environment to avoid unauthorized updating

Question 32

Continuous Auditing and Monitoring: Enables an IS auditor to perform tests and assessments in a real-time or near-real-time environment

Answer 32

Continuous Auditing

Question 33

Continuous Auditing and Monitoring: Used by an organization to observe the performance of one or many
processes, systems or types of data

Answer 33

Continuous Monitoring

Question 34

Continuous Auditing and Monitoring: They should be independent of each other (T or F)

Answer 34

True

Question 35

Continuous Auditing and Monitoring: What is the precursor of Continuous Monitoring

Answer 35

Continuous Auditing

Question 36

Types of Automated Evaluation Techniques: involves embedding hooks in application systems to function as
red flags and induce IS security and auditors to act before an
error or irregularity gets out of hand

Answer 36

Audit Hooks

Question 37

Types of Automated Evaluation Techniques: When is Audit Hooks useful and what is its complexity?

Answer 37

1. When only select transactions or processes need to be examined
2. Low

Question 38

Types of Automated Evaluation Techniques: During a process run of a transaction, the computer system simulates the instruction execution of the application. As each transaction is entered, the simulator decides whether the
transaction meets certain predetermined criteria and, if so, audits the transaction

Answer 38

Continuous and intermittent simulation

Question 39

Types of Automated Evaluation Techniques:

Question 40

Types of Automated Evaluation Techniques:

Question 41

Types of Automated Evaluation Techniques: how are transactions tagged in snapshots

Answer 41

by applying identifies to input data

Question 42

Types of Automated Evaluation Techniques: When is snapshots useful and what is its complexity?

Answer 42

1. When an audit trail is required
2. Medium

Question 43

Types of Automated Evaluation Techniques: Dummy entities are set up and included in an auditee’s
production files. An IS auditor can make the system either
process live transactions or test transactions during regular
processing runs and have these transactions update the records
of the dummy entity

Answer 43

Integrated Test Facility

Question 44

Types of Automated Evaluation Techniques: In integrated test facility when is it useful and its comlexity?

Answer 44

1. When it is not beneficial to use test data
2. High

Question 45

Types of Automated Evaluation Techniques: The use of this technique involves embedding specially written
audit software in the organization’s host application system so
the application systems are monitored on a selective basis

Answer 45

Systems
Control Audit
Review File
and
Embedded
Audit Modules

Question 46

Types of Automated Evaluation Techniques: When is using Systems
Control Audit Review File and Embedded Audit Modules useful and its complexity

Answer 46

1. when regular monitoring cannot be interrupted
2. Very High