Auditing and IT Flashcards
(31 cards)
Auditing I/C in a co.’s IT environment helps to?
- ) Plan the rest of the audit
2. ) Asses the level of Control Risk
What is a problem with auditing IT?
Less documentation
What are 4 things that can affect the assessment of control risk in auditing IT?
- ) Unauthorized access to systems or data is more difficult to catch.
- ) Systems access controls adds another layer to separation of duties analysis
- ) Focus should be on general controls
- ) New systems
Audit of IT is not required when?
- ) Controls are redundant to another department.
- ) The system doesn’t appear to be reliable and testing controls wouldn’t be an efficient use of time.
- ) Cost > Benefit
An audit of IT can be performed without directly interacting with the system if?
- ) System isn’t complex/complicated
2. ) System output is detailed
Who are IT personnel?
- ) Database admin
- ) Systems Analyst
- ) Librarian
What does a database admin do?
- ) Maintains database
- ) Restricts access
- ) Responsible for IT I/C
What does a systems analyst do?
- ) Recommends changes or upgrades
2. ) Liaison between IT and users
What does a librarian do?
- ) Responsible for disc storage
2. ) Holds system documentation
What is generalized audit software
- ) Uses computer speed to quickly sort data and files, which leads to a more efficient audit.
- ) compatible with different client IT systems
- ) Extracts evidence from client databases
- ) Tests data without auditor needing to spend time learning the IT system in detail.
- ) client-tailored or commercially produced.
What are the types of data in Structured Query Lnaguage (SQL)?
- ) Relational database
- ) Data definition language
- ) Data manipulation language
- ) Data control language
What is a relational database?
- A group of related spreadsheets
- Retrieves information through queries
What is data definition language?
- defines a database
- gives information on database structure
- maintains tables - can be joined together
- establishes database constraints
What is data manipulation language?
- maintains and queries a database
- auditor needs information, so client uses DML to get the information needed.
What is data control language?
- controls a database
- restricts access
What are check digits?
- consistently added to a set of numbers
- makes it more difficult for a fraudulent account to be set up or go undetected.
What is code review?
- tests a program’s processing logic
- advantageous because auditor gains a greater understanding of the program
What is a limit test?
- examines data and looks for reasonableness using upper and lower limits.
Wat is the test data method?
- auditor processes data with client’s computer
- fake transactions are used to test program control procedures
- each control needs to only be tested once
What is a problem with test data method?
- fake data could combine with real data
What are operating logs?
- Auditor can review logs to see which applications were run and by whom
What is access security software?
- helpful in online environments
- restricts computer access; may use encryption
What is library management software?
Logs any changes to system/applications, etc.
What are embedded audit modules?
- assist with audit calculations
- enable continuous monitoring in an audit environment that is changing
