AUD 9 - Information Technology Flashcards Preview

CPA AUDIT > AUD 9 - Information Technology > Flashcards

Flashcards in AUD 9 - Information Technology Deck (26):
1

Benefits of IT (5)

MCCAT

  • Monitoring - electronic controls can be monitored by the computer software itself.
  • Consistency - computers process data the same way every time.
  • Circumvention - controls are difficult to circumvent when programmed properly & exceptions are unlikely to be permitted.
  • Analysis - data can be accessed for analytical procedures more conveniently (w/ proper software).
  • Timeliness - electronic processing & updating is normally more efficient.

2

Risks of IT (6)

MCFOLA

  • Manual Intervention - knowleadgeable individuals can sometimes alter files by bypassing the appropriate programs.
  • Changes in Programs - severe consequences without detection are possible if unauthorized program changes occur.
  • Failure to Change - programs are sometimes not updated for new laws, rules, or activities. 
  • Overreliance - without clear output, IT systems are often assumed to be working when they are not.
  • Loss of Data - catastropic data loss is possible if appropriate controls aren't in place. 
  • Access - destruction & alteration of large amounts of data are possible if unauthorized access occurs.

3

What are the two IT risks of major concern to the auditor?

  1. Unauthorized Access to a computer system can cause more damage to the accounting system as a whole than in a maunal system where it is difficult for one person to access all the different records of the system.
  2. The Audit Trail is an electronically visible trail of evidence enabling one to trace info contained in statments or reports back to the original source.

4

In what two ways may Data be processed?

 

Processing of Transaction (2)

  1. Online Transaction Processing - means that the database is updated as soon as a transaction is received, keeps the business up-to-date the moment transactions are keyed or transmitted into the system. 
  2. Batch Processing - the accumulation of info about similar events or transactions so that they could be entered into the acctg system at one time.
  • Increases efficiency of processing transactions
  • Allows for greater control over input process
  • DELAYS the availability of info (time delay)

5

The linking of computers (Network) may be done in what three different ways?

(Network Configurations)

  1. LAN - communication network that serves several users within a specified geographical area. 
  2. VAN - links different companies' computer files together.
  3. WAN - a computer network connecting different remote locations that may range from short distances, building floors, or regions.

6

Network Topology (5)

Topology refers to the shape of a network, or the network's layout. 

  1. Bus
  2. Star
  3. Ring
  4. Tree
  5. Mesh

7

Electronic Ecommerce

(E-Commerce)

The conduct of business, generally involving the buying & selling of products, including billing & payment, using electronic communication (EDI) between the computers of different entities such as suppliers & customers.

8

 What is Electronic Data Interchange (EDI)?

&

What are three special considerations related to EDI?

EDI is the electronic interchange of business information between suppliers & consumers using a standardized format. 

 

Three special considerations related to EDI:

  1. Strict Standards are needed for the form of data so that it will be understood by computers at both end.
  2. Translation Software is needed by each computer on both ends so that it can convert data between the standard used for EDI & the form needed for processing internally.
  3. Unauthorized Access considerations. Requires the use of encryptions & firewalls

9

Computer/Internet Risks

Virus

Trojan Horse

Worm

Hoax Virus

Killer Application

Phishing

Firewall

Virus - a program with the ability to reproduce by modifying other programs to include a copy of itself.

Trojan Horse - is a purposefully hidden malicious or damaging code within an authorized computer program.

Worm - a program that duplicates itself over a network so as to infect many computers with viruses. 

Hoax Virus - a widely distributed e-mail message warning of a virus that doesn't exist.

Killer Application - simply refers to a program that is extremely useful, & is not anything dangerous. 

Phishing - is the act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private info that will be used for identity theft. 

Firewall - a tool for establishing security which prevents unauthorized users from accessing data.

10

Controls

 

What are the 2 broad types of Controls?

Controls - in an operation of computer systems, management must focus on two broad types of controls:

  • General Controls - these relates to the overall integrity of the system. Controls include policies, procedures, & practices established by management to provide reasonable assurance that specific objectives will be achieved.
  • Application Controls - these are specific to individual programs & uses of the system.

11

General Controls

 

What are the 5 elements of General Control?

 

(Personnel,File Security,Contingency Planning,Computer Facilities,Acces Ctrls)

General Controls - these relates to the overall integrity of the system. Controls include policies, procedures, & practices established by management to provide reasonable assurance that specific objectives will be achieved.

  1. Personnel Policies
    • Control Clerks & Librarians
      • Has Custody responsibilities
    • Data Input Clerks & Computer Operators
      • Has Recording responsibilities
    • System Analysts & Programmers
      • Has Authorization responsibilties
  2. File Security
    • Back Up
      • Grandfather/father/son retention system
    • Lock Out
    • Read-Only
  3. Contingency Planning
    • Hot Site (computers ready to go)
    • Cold Site (no computer waiting)
    • Mirrored Web Server - off site
    • Documentation - if no segregation of duties
    • Hardware Controls
      • Parity Check - counts the number of bits/characters
      • Echo Check - sends back to originator for check/confirmation of correct info
  4. Computer Facilities - Fire/Insurance
  5. Access Controls - biometrics

12

Application Controls (Program Controls)

 

What are the 3 elements of Application Controls?

Application Controls - specific to individual programs & users

  1. Inputs
    • Field Checks -Data is validated to correvct length, character types, format (valid Lic#)
    • Validity Check - Compared with acceptable entries (valid SS#)
    • Limit Test - SS #s not greater than 9
    • Check Digits - identification numbers based on formula
    • Financial Total
    • Record Conts
    • Hash - A meaning less total
    • Non financial Totals
    • Edit Checks - Verify that each individual entry is appropriate & generates a list of rejected transactions.
  2. Processing
    • Systems & software documentation
    • Error-checking compiler
    • Test Data
    • Change Control measures
    • System Testing
    • User Acceptance Testing
  3. Output
    • Distribution lists
    • Shredders
    • System testing

13

Application Controls - Input

Data can be verified in what 4 ways?

 

Form of Data Verified (4)

Application Controls - specific to individual programs & users

  • Form of Data Verified:
    • Field Checks - Data is validated to correvct length, character types, format (valid Lic#)
    • Validity Check - Compared with acceptable entries (valid SS#)
    • Limit Test - SS #s not greater than 9
    • Check Digits - identification numbers based on formula

14

Application Controls - Input

 

Control Totals (3)

Application Controls - specific to individual programs & users

  • Control Totals:
    • Record Counts - number of items being input
    • Financial Total - total of column of entries in currency
    • Hash - A meaning less total

15

Parity Check

vs.

Echo Check

Parity & Echo checks are a type of Hardware Control whichis considered a General Control of a company. 

 

Parity Check - A hardware control that makes certain that each byte has either an odd or even number of bits in the "1" or "on" position, depending on whether the machine is designed as odd or even parity, respectively. 

 

Echo Check - A hardware control that has one computer re-transmit data back to the computer from which it originated to make certain that the data received matches the data transmitted. 

16

Data Structure

 

 

Bit>Byte>Character>Field>Record>FIle>Database

Bit - A single switch is either 1 or 0

Byte - A group of 8 bits representing a character

Character - A letter, number, punctuation mark

Field - a group of related characters representing a unit of information (column)

Record - a collection of related info, many fields (rows)

File - a group of related records

Database - a collection of files

17

eXtensible Business Reporting Language (XBRL)

XBRL - is a specification for publishing financial information in the XML format. It is designed to provide a standard set of XML tags for exchanging accounting information & financial informations between companies & analysts.

  • XBRL can handle data in different languages & accounting standards
  • The SEC mandated ALL public companies must file FS in XBRL.

 

18

What are the 5 Computer Assisted Audit Techniques (CAAT)?

 

TESTED

 

 

  1. Test Data (phony data)
  2. Controlled Reprocessing
  3. Integrated Test Facility/Test Data
  4. Transaction Tagging
  5. Parallel Simulation

19

Computer Assisted Audit Techniques (CAAT)

Test Data

An audit technique involving the use of data supplied by auditor being processed by client's programs enabling the auditor to determine if outcomes match expectations & if all errors included in the data were properly identified & addressed by the client's software. 

  • Data: Auditors
  • Program: Client's

20

Computer Assisted Audit Techniques (CAAT)

Controlled Reprocessing

An audit technique involving the use of the auditor's computers to run the client's data using the client's programs to make certain that the results are the same as those derived by the client & verifying that all data given to the auditor represents all data processed by the client.

  • Data: Client's
  • Program: Client's (BUT Auditor's computer)

21

Computer Assisted Audit Techniques (CAAT)

Integrated Test Facility

An audit technique in which data developed by the auditor is processed by the client's programs as if it related to a separate division to determine if the client's software provides the results tha the auditor knows should be reported. 

  • Data: Auditor & Client
  • Program: Client's

22

Computer Assisted Audit Techniques (CAAT)

Transaction Tagging

An audit technique that involves flagging specific client transactions with some type of tag & tracing the processing of them through the client's programs to determine if the programs are processing the transactions correctly.

  • Data: Client's (tagged)
  • Program: Client's

23

Computer Assisted Audit Techniques (CAAT)

Parallel Simulation

An audit technique in which the client's data is processed using the auditor's programs to determine if the results are the same as those reported by the client. 

  • Data: Client's
  • Program: Auditor's

24

"Auditing Around the Computer"

A means of testing whether or not a computer system is functioning properly by examining the data input & the printed output to see if the output reflects appropriate results.

25

Audit Trail (3)

Audit Trail is an electronically visible trail of evidence enabling one to trace information contained in stmts or reports back to the original input.

 

An audit trail is important for three major reasons:

  1. Monitoring purposes
  2. Deterrent to fraud
  3. Query answering

26

Trust Services

 

Web Trust & Sys Trust Service

Trust Services are governed by SSAE & represent attest engagements in which a CPA assesses a clients commercial interet site & reports on whether the system meets certain principles. Examples are:

  • Webtrust Services - A service provided by accountants designed to provide assurance about the existance of companies doing business on the Internet & about the reliability of key business information on its website.
  • Sys Trust Services - A service provided by accountants desiged to provide assurance about the ability of an entity's data processing system to maintain information secure, private, & confidential & about its ability to provide assurance about the integrity of the processing of the data.