CH 3 AUDITING & IT

Question 1

What should be included for the Auditor’s address?

Answer 1

The City and State where located

Question 2

What is Management Responsible for in regards to the Financial Statements?

Answer 2

Preparation and Fair Presentation of Financial Statements in accordance with the Applicable Financial Reporting Framework

Question 3

What is Management Responsible for in regards to Internal Control?

Answer 3

Internal Control Design, Implementation, Maintenance

Question 4

What are the headings in the Audit Report for an Unmodified Opinion?

Answer 4

(TIM-AA) Title; Introduction; Management Responsibility; Auditor Responsibility; Audit Opinion

Question 5

What are the headings in the Audit Report for an Modified Opinion?

Answer 5

(TIMA-BA) Title; Introduction; Management Responsibility; Auditor Responsibility; Basis for (Modified) Opinion; Audit Opinion

Question 6

In an Unmodified Opinion with Emphasis-of-Matter / Other-Matter sections, what is the order of the headings?

Answer 6

(TIM-AA EMO) Title; Introduction; Management Responsibility; Auditor Responsibility; Audit Opinion; Emphasis-of-Matter; Other-Matter

Question 7

What are the requirements for referencing a Component Auditor in the Audit Report?

Answer 7

Component Financial Statements must be prepared using same Financial Reporting Framework as the Group Financial Statements; Component Auditor must have performed audit in accordance with GAAS or PCAOB Standards.

Question 8

What must the Group Engagement Partner do if they assume responsibility for the Component Auditor’s work?

Answer 8

Perform additional audit procedures; Be involved in Component Auditors work; Perform Risk Assessment procedures; Assess Risk of Material Misstatement

Question 9

What standards govern SSARS engagements?

Answer 9

Compilations are governed by SSARS (Statements on Standards for Accounting and Review Services)

Question 10

Which clients can have compilation engagements?

Answer 10

Non-SEC (non-public) registrants only.

Question 11

What is a Compilation?

Answer 11

Accountant puts together financial statements with information PROVIDED BY MANAGEMENT. No opinion is expressed and no assurances are given. Independence is not required.

Question 12

What disclosures are required for Compilation engagements?

Answer 12

Disclosures not necessary must state that they are not included

Question 13

What standards govern Review engagements?

Answer 13

SSARS (Statements on Standards for Accounting and Review Services)

Question 14

What type of assurance is given in a Review engagement?

Answer 14

Reviews give limited assurance.

Question 15

What procedures are required for Review engagements?

Answer 15

Analytical procedures are required for reviews. Compare results to documented predictions.

Question 16

What is a Review engagement?

Answer 16

Financial statements are presented with no opinion expressed- and limited assurances are given. Independence is required for a review engagement.

Question 17

What is a Forecast?

Answer 17

A prospective financial statement that uses normal circumstances. General and limited use allowed.

Question 18

What is a Projection?

Answer 18

A prospective financial statement using hypothetical situations. Only limited use by the client is allowed.

Question 19

What are the requirements for Agreed Upon Procedures?

Answer 19

Independence is required; Only limited use by the client is allowed.

Question 20

What disclosures are required for remote likelihood of losses?

Answer 20

No disclosure required.

Question 21

What disclosure is required for a probable loss contingency?

Answer 21

Accrue if estimable. Emphasis-of-Matter paragraph if not estimable.

Question 22

What disclosure is made if a loss contingency is reasonably possible?

Answer 22

Auditor assesses need for Emphasis-of-Matter paragraph based on loss likelihood.

Question 23

How is a gain contingency reported?

Answer 23

Gain contingencies are not reported.

Question 24

How does an immaterial GAAP issue affect the audit opinion?

Answer 24

It doesn’t. Opinion is Unmodified.

Question 25

How does a very material GAAP issue affect the Audit Report?

Answer 25

Modified-Adverse Opinion is issued. Emphasis-of-Matter paragraph is added after Opinion paragraph.

Question 26

How do GAS standards compare to GAAS?

Answer 26

GAS is more strict than GAAS.

Question 27

What is required under the Single Audit Act?

Answer 27

Funding Threshold is $750,000. An audit performed under governmental auditing standards (GAS). A report on internal control is required. GAAS and GAS don’t require the I/C report.

Question 28

When is an audit of IT NOT required?

Answer 28

Controls are redundant to another department

The system does not appear to be reliable and testing controls would not be an efficient use of time

Costs exceed benefit

Question 29

When can an audit of IT be performed without directly interacting with the system?

Answer 29

System isn’t complex or complicated

System output is detailed

Question 30

What is the role of a Database Administrator?

Answer 30

Maintains database

Restricts access

Responsible for IT internal control

Question 31

What is the role of a Systems Analyst?

Answer 31

Recommends changes or upgrades

Liaison between IT and users

Question 32

What is the role of the data Librarian?

Answer 32

Responsible for disc storage

Holds system documentation

Question 33

What is the benefit of Generalized Audit Software in an audit?

Answer 33

Uses computer speed to quickly sort data and files- which leads to a more efficient audit

Compatible with different client IT systems

Extracts evidence from client databases

Tests data without auditor needing to spend time learning the IT system in detail

Client-tailored or commercially produced

Question 34

What is a Relational Database?

Answer 34

Group of related spreadsheets

Retrieves information through Queries

Question 35

What is a Data Definition Language?

Answer 35

A language that defines a database and gives information on database structure.

It maintains tables- which can be joined together.

It establishes database constraints.

Question 36

What functions are performed by a Data Manipulation Language?

Answer 36

Maintains and queries a database

Auditor needs information- so client uses DML to get the information needed

Question 37

What functions are performed by a Data Control Language?

Answer 37

A Data Control Language controls a database and restricts access to the database.

Question 38

What are Check Digits?

Answer 38

A numerical character consistently added to a set of numbers.

It makes it more difficult for a fraudulent account to be set up or go undetected.

Question 39

What is the purpose of a Code Review?

Answer 39

A Code Review tests a program’s processing logic.

Advantageous because auditor gains a greater understanding of the program.

Question 40

What is the purpose of a Limit Test?

Answer 40

Examines data and looks for reasonableness using upper and lower limits to determine if data fits the correct range.

Did anyone score higher than 100%?

Question 41

What is the Test Data Method?

Answer 41

Auditor processes data with client’s computer - fake transactions are used to test program control procedures.

Each control needs to only be tested once

Problem with this method - fake data could combine with real data.

Question 42

How can Operating Systems Logs be utilized during an audit?

Answer 42

Auditor can review logs to see which applications were run and by whom.

Question 43

What is the purpose of Access Security Software?

Answer 43

Helpful in online environments

Restricts computer access - may use encryption.

Question 44

How can Library Management Software assist with an audit?

Answer 44

Library Management Software logs any changes to system/applications etc.

Question 45

How can Embedded Audit Modules in software be utilized in an audit?

Answer 45

Assist with audit calculations

Enable continuous monitoring in an audit environment that is changing

Weakness: requires implementation into the system design

Example: SCARF - Collects information based on some criteria and can be analyzed at a later time (necessary because the audit environment is continually changing)

Question 46

What is an Audit Hook?

Answer 46

An Audit Hook is an application instruction that gives auditor control over the application.

Question 47

What is the purpose of Transaction Tagging?

Answer 47

Transaction Tagging allows logging of company transactions and activities.

Question 48

How do Extended Records assist in audit trail creation?

Answer 48

Extended Records add audit data to financial records.

Question 49

How does Real Time Processing affect an audit?

Answer 49

Destroys prior data when updated

aka Destructive Updating

Requires well-documented Audit Trail

Question 50

What is the risk of auditing System outputs versus Application outputs?

Answer 50

If the auditor only audits the outputs of a computer system and doesn’t also audit the software applications- an error in the applications could be missed.

Question 51

What is a Compiler?

Answer 51

Software that translates source program (similar to English) into a language that the computer can understand

Question 52

How is Parallel Simulation utilized during an audit?

Answer 52

Client data is processed using Generalized Audit Software (GAS)

Sample size can be expanded without significantly increasing the audit cost

GAS output compared to client output

Question 53

What does auditing internal control in a company’s IT environment accomplish?

Answer 53

Plan the rest of audit- Shorter audit trails that may expire- Less documentation

Assess the level of Control Risk - Unauthorized access to systems or data is more difficult to catch

Systems access controls adds another layer to separation of duties analysis

Focus should be on the general controls- new systems development- current systems changes- and program or data access control or computer ops control changes