Auditing (Ch. 12) Flashcards Preview

Question 1

1

Automated work paper

Answer

allows internal and external auditors to automate and standardize specific audit tests and audit documentation

Question 2

2

Auditing around the computer

Answer

audit approach whereby an auditor follows a company's audit trail up to the point at which accounting data enter the computer and then picks these data up again when they reappear in processed form as computer output

Question 3

3

Auditing through the computer

Answer

audit approach whereby and auditor follows a company's audit trail through the internal computer operations phase of automated data processing

Question 4

4

Auditing with the computer

Answer

audit approach whereby the auditor uses the computer to aid in performing various auditing procedures

Question 5

5

Compliance testing

Answer

procedures performed by auditors to ensure the general and application controls are in place and working as prescribed

Question 6

6

Computer-assisted audit techniques (CAAT)

Answer

use of computer processes or specialized software to perform audit functions, such as sorting data to detect duplicate accounts payable invoice numbers

Question 7

7

Continuous Auditing

Answer

the use of tools that allow auditing to occur even when an auditor is not present. XBRL can support this concept

Question 8

8

Fraud triangle

Answer

includes three elements indicating potential for fraud; Motive, Opportunity, and Rationalization

Question 9

9

Generalized audit software (GAS)

Answer

computer packages that enable auditors to review computer files without continually rewriting processing programs

Question 10

10

General-use software

Answer

used by auditors as productivity tools for improving their work

Question 11

11

Information systems risk assessment

Answer

method used by an auditor to evaluate the desirability of IT-related controls for a particular aspect of business risk

Question 12

12

Information technology (IT) governance

Answer

ensuring that information technology risks are controlled and also that IT in an organization is deployed strategically to meet objectives

Question 13

13

Integrated test facility (ITF)

Answer

used by auditors to test a company's computer programs. A more comprehensive test technique that is used to audit an AIS in an operational setting

Question 14

14

Parallel simulation

Answer

a control testing method used by auditors to create a second system that duplicates a portion of the clients system.

Question 15

15

Program change control

Answer

a set of internal control procedures developed to ensure against unauthorized program changes

Question 16

16

Risk based audit

Answer

an approach that provides auditors with a good understanding of the errors and irregularities that can occur in a company's AIS environment and the related risks and exposures

Question 17

17

Test data

Answer

a set of transactions that examine the range of exception situations that might occur under normal processing conditions

Question 18

18

Third party assurance services

Answer

audit and assessment services offered by independent third parties to provide business users and individual consumers with some level of comfort over Internet transactions. Specialized audits of Internet systems and websites

Question 19

19

CA web trust

Answer

is a third party assurance seal that promotes data, privacy and security. in addition to reliable business, business practices and integrity in processing transactions

Question 20

20

trust services

Answer

include both; web trust and systrust. Assurance services that evaluate the reliability of information systems with respect to their availability, security, integrity and maintainability

Question 21

21

automated working paper software

Answer

These programs can help auditors create common size income statements and balance sheets that show account balances as percentages

Question 22

22

Certified Information Systems Auditor (CISA)

Answer

a certification given by the Informations Systems Audit and Control Association

Question 23

23

COBIT

Answer

Provides auditors and businesses with guidance in managing and controlling for business risk associated with IT environments

Question 24

24

Information Technology (IT) auditing

Answer

Involves evaluating the computers role in achieving audit and control objectives

Question 25

25

Parallel simulation

Answer

The auditor uses live input data, rather than test data, in a program actually written or controlled by the auditor

Question 26

26

Sarbanes-Oxley Act

Answer

An important feature of this legislation is commonly referred to as section 404 reviews

Question 27

27

4 steps performed in a "risk-based" audit approach

Answer

1. Determine the risk- impact and probability
2. Evaluate controls present-has to be operational
3. Evaluate weaknesses
4. Identify control procedures to minimize each threat or lack of control

Question 28

28

5 principles of trust services

Answer

1. Security (unauthorized access)
2. Availability
3. Processing
4. Online Privacy - personal info
5. Protection of confidential info

Question 29

29

5 approaches to continuous auditing

Answer

-continuous simulation
-exception reporting
-audit hooks
-snapshot
-tranaction tagging

Auditing (Ch. 12) Flashcards Preview

AIS > Auditing (Ch. 12) > Flashcards

Automated work paper

allows internal and external auditors to automate and standardize specific audit tests and audit documentation

Auditing around the computer

audit approach whereby an auditor follows a company's audit trail up to the point at which accounting data enter the computer and then picks these data up again when they reappear in processed form as computer output

Auditing through the computer

audit approach whereby and auditor follows a company's audit trail through the internal computer operations phase of automated data processing

Auditing with the computer

audit approach whereby the auditor uses the computer to aid in performing various auditing procedures

Compliance testing

procedures performed by auditors to ensure the general and application controls are in place and working as prescribed

Computer-assisted audit techniques (CAAT)

use of computer processes or specialized software to perform audit functions, such as sorting data to detect duplicate accounts payable invoice numbers

Continuous Auditing

the use of tools that allow auditing to occur even when an auditor is not present. XBRL can support this concept

Fraud triangle

includes three elements indicating potential for fraud; Motive, Opportunity, and Rationalization

Generalized audit software (GAS)

computer packages that enable auditors to review computer files without continually rewriting processing programs

General-use software

used by auditors as productivity tools for improving their work

Information systems risk assessment

method used by an auditor to evaluate the desirability of IT-related controls for a particular aspect of business risk

Information technology (IT) governance

ensuring that information technology risks are controlled and also that IT in an organization is deployed strategically to meet objectives

Integrated test facility (ITF)

used by auditors to test a company's computer programs. A more comprehensive test technique that is used to audit an AIS in an operational setting

Parallel simulation

a control testing method used by auditors to create a second system that duplicates a portion of the clients system.

Program change control

a set of internal control procedures developed to ensure against unauthorized program changes

Risk based audit

an approach that provides auditors with a good understanding of the errors and irregularities that can occur in a company's AIS environment and the related risks and exposures

Test data

a set of transactions that examine the range of exception situations that might occur under normal processing conditions

Third party assurance services

audit and assessment services offered by independent third parties to provide business users and individual consumers with some level of comfort over Internet transactions. Specialized audits of Internet systems and websites

CA web trust

is a third party assurance seal that promotes data, privacy and security. in addition to reliable business, business practices and integrity in processing transactions

trust services

include both; web trust and systrust. Assurance services that evaluate the reliability of information systems with respect to their availability, security, integrity and maintainability

automated working paper software

These programs can help auditors create common size income statements and balance sheets that show account balances as percentages

Certified Information Systems Auditor (CISA)

a certification given by the Informations Systems Audit and Control Association

COBIT

Provides auditors and businesses with guidance in managing and controlling for business risk associated with IT environments

Information Technology (IT) auditing

Involves evaluating the computers role in achieving audit and control objectives

Parallel simulation

The auditor uses live input data, rather than test data, in a program actually written or controlled by the auditor

Sarbanes-Oxley Act

An important feature of this legislation is commonly referred to as section 404 reviews

4 steps performed in a "risk-based" audit approach

1. Determine the risk- impact and probability 2. Evaluate controls present-has to be operational3. Evaluate weaknesses4. Identify control procedures to minimize each threat or lack of control

5 principles of trust services

1. Security (unauthorized access)2. Availability 3. Processing 4. Online Privacy - personal info5. Protection of confidential info

5 approaches to continuous auditing

-continuous simulation-exception reporting-audit hooks-snapshot-tranaction tagging

Decks in AIS Class (3):

1. Determine the risk- impact and probability
2. Evaluate controls present-has to be operational
3. Evaluate weaknesses
4. Identify control procedures to minimize each threat or lack of control

1. Security (unauthorized access)
2. Availability
3. Processing
4. Online Privacy - personal info
5. Protection of confidential info

-continuous simulation
-exception reporting
-audit hooks
-snapshot
-tranaction tagging