Chapter 8 Flashcards

Question 1

Q

Definition of Hardware and Software?

Answer

A

Hardware -
Digital computer and peripheral equipment

Software -
Various programs and routines for operating the system

Question 2

Q

Advantages and disadvantages of IT-Based Systems

Answer

A

May enhance reliability of financial information
- Process transactions uniformly
- Reduce human errors

May increase certain risks
Program defects may result in all transactions being processed incorrectly
Errors/fraud may not be as easily detectable

Question 3

Q

Systems possesses one or more of the following elements:

Answer

A

Batch processing
Online capabilities
Database storage
IT networks
End user computing

Question 4

Q

The principle hardware component is known as the (CPU)

Answer

A

Central Processing Unit

Uses a series of on and off circuits to communicate (binary language)

Question 5

Q

Application software includes programs designed to perform a specific data processing task. True or false?

Question 6

Q

Describe peripheral devices

Answer

A

Devices for inputting information (e.g., input terminals, scanners, electronic cash registers, bar code readers)
Devices for secondary storage (e.g., magnetic tape, magnetic disk, optical disk drives)
Devices for information output (e.g., display terminals, printers)

Question 7

Q

Define batch processing

Answer

A

Input data gathered and processed periodically in discrete groups. Often more efficient than other types of systems, but do not always provide up-to-minute information.

Example: Accumulate all of a day’s sales transactions and process them as a “batch” at end of day

Question 8

Q

Define IT Networks

Answer

A

Computers linked together through telecommunication links that enable computers to communicate information back and forth. Allows distributed data processing - resources, data, and programs shared by a large number of users based on their specifications (LAN and WAN)

Question 9

Q

Disadvantages of Database storage

Answer

A

Redundant information stored in several files

Increased storage costs

May cause data inconsistencies due to file discrepancies

Question 10

Q

Describe the three methods used to establish networks

Answer

A

Internet – exchange of information through remote locations

Intranet – internet software for use in closed networks

Extranet – intranets that include external business partners

Question 11

Q

Names of two types of Online Systems

Answer

A

Online transaction processing (OLTP):

Process various types of transactions
Individual transactions entered directly from the originators at remote locations

Online analytical processing (OLAP)
-Enables user to query a system for various analyses

Examples: Data warehouses, decision support systems, expert systems

Question 12

Q

Define End User Computing

Answer

A

User departments are responsible for the development and execution of certain IT applications. Involves a decentralized processing system – user department generates and uses its own information.

(non-programmers can create working applications to better integrate themselves into computing environment for problem-solving)

Question 13

Q

Define Electronic Data Interchange (EDI)

Answer

A

enable company and customers/suppliers to exchange business data electronically over a private line of communication (more secure than the internet) – must have strong IT controls to ensure privacy (e.g., firewalls, data encryption)

Question 14

Q

More automation reduces potential for human errors and increases potential for systematic errors. True or false?

Question 15

Q

Is audit trail necessary in printed form?

Answer

A

Not often in printed form, but definitely still necessary.

Question 16

Q

Define an End-user Application

Answer

A

designed with end user in mind for a specific, custom purpose. NOT a personal computer.

Question 17

Q

IT Responsibilities can be broken down into (there are a ton!)

Answer

A

Information systems Management

Systems Analysis

Application Programming

Database Administration

Data entry

IT Operations

Program and File Librarians

Data control

Telecommunication Specialists

systems Programming

Question 18

Q

Define Telecommunication Specialists

Answer

A

Responsible for maintaining and enhancing IT networks (including monitoring for improper access)

Question 19

Q

Which IT responsibility supervises the operation of the department and report to vice president of finance/controller, or serve on vice president level as CIO reporting directly to president

Answer

A

Information Systems Management

Question 20

Q

Which IT responsibility reviews and tests all input procedures, monitors processes, reviews exception reports, reprocesses exceptions, and reviews and distributes IT logs (also reviews operator intervention and library usage logs)?

Answer

A

Data Control

Question 21

Q

History shows the person responsible for frauds in many situations set up the system and controlled its modifications. True or False?

Answer

A

True, so segregation of duties.

 Programming separate from controlling data entry
 Computer operator from functions having custody or detailed knowledge of programs

Question 22

Q

Define IT Operations

Answer

A

Run and monitor central computers, maintain detailed log of all operator intervention (NOTE: vital for IT operations to be separate from programming to prevent unauthorized program changes)

Question 23

Q

Which responsibility is defined as follows: Prepare and verify input data for processing (today, typically done by user departments)

Answer

A

Data Entry

Question 24

Q

Which responsibility is responsible for designing the information system?

Answer

A

Systems Analysis

Question 25

Q

Organizational controls is NOT effective in mitigating collusion, true or false?

Question 26

Q

What is internal auditing in IT interested in?

Answer

A

evaluating the overall efficiency and effectiveness of information systems operations and related controls throughout the company

Question 27

Q

Computer operators ____ (should or should not) have access to programming.

Answer

A

should not

Question 28

Q

Describe Programmed Control Activities

Answer

A

written into programs to ensure accuracy of input and processing

Question 29

Q

Adequate security controls to safeguard hardware, files, and programs against loss, damage, and unauthorized access. True or false?

Answer

A

True

Examples: User ID and password controls – changed and updated for personnel changes regularly with a log of failed access attempts; Data transmission controls to prevent access/changes to transmitted network information – e.g., encryption, private network lines; Physical controls – e.g., employee badges, locks

Question 30

Q

How might one control unauthorized changes to data, introduction of unauthorized data or programs, unauthorized viewing of data, and viruses?

Answer

A

Firewalls, physical control over terminals, password systems, data encryption, antivirus software

Question 31

Q

If Use of IT does not significantly impact audit trail, audit ____ (through/around) the computer

Answer

A

around (manual testing to compare with computer output)

Question 32

Q

How might one control unauthorized access?

Answer

A

Physical Controls/Segregation of Duties

Question 33

Q

How might one control Destruction or infrastructure of data

Answer

A

Segregation of Duties/ program and user controls

Question 34

Q

How might one control Unauthorized changes?

Answer

A

Controls over access, segregation of duties, testing of programs, backup copies

Question 35

Q

If much of audit trail is eectornically embedded, audit ____ (through/around) the computer

Question 36

Q

Define a Generalized Audit Software

Answer

A

programs are computer programs that can be used to test reliability of client’s programs and perform other audit procedures digitally. Pretty much automate substantive procedures

Question 37

Q

Define the “Tagging and Tracing Approach”

Answer

A

Auditor inserts an audit module in the
client’s application system to identify
specific types of transactions. Allows auditors to continuously audit
transactions processed by the client, unlike
the other two methods which contain irregular testing

Question 38

Q

Auditors processing their own “dummy” test data using the client’s system simultaneously. This approach if known as the

Answer

A

Test Data Approach -

Test data should include all relevant conditions that the auditor wants tested.
Application programs tested by the auditors’ test data must be the same as
those the client used throughout the year.
Test data must be eliminated from the client’s records.

Question 39

Q

Sometimes o The auditor uses auditor-controlled generalized audit software to perform parallel operations to the client’s software by using the same data files. This is known as the

Answer

A

Parallel Simulation Approach

Question 40

Q

Once auditor has access to client records, can apply substantive procedures to them using generalized audit software to

Answer

A

Examine client’s records for overall quality, completeness, and valid conditions
Rearrange data and perform analyses
Select audit samples
Compare data on separate files
Compare results of audit procedures with client’s records

Question 41

Q

The auditor’s auditing of the inputs and outputs of the system without verification of the processing of the data is which type of audit technique?

Answer

A

Auditing around the computer

Question 42

Q

Processing fictitious and real data separately through the entity’s IT system is which type of audit technique?

Answer

A

Test Data Method

Question 43

Q

Program written by the auditor to perform a specific task for a particular entity is which type of audit technique?

Answer

A

Custom Audit Software

Question 44

Q

How might audit software be used to observe the physical count or make appropriate test counts?

Answer

A

By determining which items are to be counted from the inventory files

Question 45

Q

How might audit software be used to compare the client’s physical count data to inventory records?

Answer

A

By comparing the quantity of each item counted to the quantity on hand in inventory file

Question 46

Q

How might audit software be used to Test the mathematical accuracy of inventory?

Answer

A

By multiplying the inventory quantity by the cost per unit to verify the total cost

Question 47

Q

How might audit software be used to confirm existence located in public warehouses?

Answer

A

By listing said items and printing their confirmations

Question 48

Q

How might audit software be used to test purchase and sales cutoff?

Answer

A

Extract a sample of items for which the date of the purchase is on, or immediately before, date of physical count

Question 49

Q

How might audit software be used to perform a lower-cost-or-market test by obtaining a list of current costs per item from vendors

Answer

A

Compare the current costs per unit to the cost per unit in the inventory file; print out extended value of item, user the lover of the two unit costs, and add extended amounts

Question 50

Q

How might one mitigate destruction of data?

Answer

A

Program and user controls

Question 51

Q

How might one mitigate unauthorized changes?

Answer

A

Controls over access and backup companies

Question 52

Q

How might one mitigate destruction of infrastructure or data?

Answer

A

Physical and user controls

Question 53

Q

How might one mitigate introduction of unauthorized data or programs

Answer

A

firewalls and password systems

Question 54

Q

How might one mitigate unauthorized access to data or programs?

Answer

A

physical controls over terminals and testing of user programs and applications

Question 55

Q

Can firewalls be used to mitigate the risk of viruses in electronic commerce?

Question 56

Q

Can Controls over Access be used to mitigate the risk of unauthorized changes to computer programs?

Question 57

Q

Backup copies can be used to mitigate risk of _____

Answer

A

destruction of data

Question 58

Q

PHysical controls may be used to mitigate the risk of unauthorized access in computer operations

Question 59

Q

The computer operator may also be the librarian without adversely affecting control over a computer system.. True or false?

Question 60

Q

Programs designed to perform specific data processing tasks are known as application software. True or false?

Question 61

Q

A weakness in internal control would exist if the data control group also operated the computer.True or False?

Question 62

Q

Data stored on a device with direct access must be stored sequentially. True or false?

Question 63

Q

Application control activities include controls over making changes to programs and systems

Answer

A

False. Application control activities include both programmed control activities, which are written into the computer programs, and manual follow-up activities performed on the exception reports that are generated by the system

Question 64

Q

Segregation of duties is not a feasible method to help establish control over computer systems. True or False?

Answer 53

A

False. Should be filed at a separate location

Answer 54

A

false. Echo check is a Message acknowledgment technique in which in which the receiving device sends a message that verifies a transmission back to the sending device.

Answer 55

A

False. For magnetic tapes, internal labels that are machine-readable are used in conjunction with gummed-paper external labels to prevent operators from accidentally processing the wrong file

Answer 56

A

False, advanced computer systems actually make it easier to find audit trail

Answer 57

A

Tests of account balances and transactions designed to detect any material misstatements in the financial statements. The nature, timing, and extent of substantive procedures are determined by the auditors’ assessment of risks and their consideration of the client’s internal control.

Answer 58

A

Posting of a transaction, as it occurs, to several files, without intermediate printouts.

Answer 59

A

validity test

Answer 60

A

An integrated test facility is a subsystem of dummy records and files built into the regular IT-based system. These dummy files permit test data to be processed simultaneously with regular (live) input without adversely affecting the live data files or output.

Answer 61

A

false. Program analysis techniques have been developed that can generate computer-made flowcharts of other programs. A trained auditor can examine the flowcharts to test the logic of application programs and to ensure that the client’s program documentation describes the program that is actually being used.

Answer 62

A

programmed control activities

Answer 63

A

No, part of obtaining understanding of computer system

Answer 64

A

suppliers or business partners, or customers

Answer 65

A

Real-Time Processing

Answer 66

A

e-commerce

Answer 67

A

The controls appear adequate.

Answer 68

A

Yes, once again they are

Narrative
Systems flowchart
Program flowchart
Internal control questionnaires

Answer 69

A

Reliance too much on hardware and software
Unauthorized access
Data loss
Systematic vs Random errors (glitches)

Answer 70

A

to test if something was correctly input.

Answer 71

A

Step 1 – Consider IT system in planning

Step 2 – Obtain an understanding of the client’s IT environment

Brainscape's Knowledge GenomeTM

Chapter 8 Flashcards

Brainscape's Knowledge Genome^TM