Information Technology Flashcards Preview

CPA - Auditing > Information Technology > Flashcards

Flashcards in Information Technology Deck (26)
Loading flashcards...
1
Q

When is an audit of IT NOT required?

A

Controls are redundant to another department

The system does not appear to be reliable and testing controls would not be an efficient use of time

Costs exceed benefit

2
Q

When can an audit of IT be performed without directly interacting with the system?

A

System isn’t complex or complicated

System output is detailed

3
Q

What is the role of a Database Administrator?

A

Maintains database

Restricts access

Responsible for IT internal control

4
Q

What is the role of a Systems Analyst?

A

Recommends changes or upgrades

Liaison between IT and users

5
Q

What is the role of the data Librarian?

A

Responsible for disc storage

Holds system documentation

6
Q

What is the benefit of Generalized Audit Software in an audit?

A

Uses computer speed to quickly sort data and files- which leads to a more efficient audit

Compatible with different client IT systems

Extracts evidence from client databases

Tests data without auditor needing to spend time learning the IT system in detail

Client-tailored or commercially produced

7
Q

What is a Relational Database?

A

Group of related spreadsheets

Retrieves information through Queries

8
Q

What is a Data Definition Language?

A

A language that defines a database and gives information on database structure.

It maintains tables- which can be joined together.

It establishes database constraints.

9
Q

What functions are performed by a Data Manipulation Language?

A

Maintains and queries a database

Auditor needs information- so client uses DML to get the information needed

10
Q

What functions are performed by a Data Control Language?

A

A Data Control Language controls a database and restricts access to the database.

11
Q

What are Check Digits?

A

A numerical character consistently added to a set of numbers.

It makes it more difficult for a fraudulent account to be set up or go undetected.

12
Q

What is the purpose of a Code Review?

A

A Code Review tests a program’s processing logic.

Advantageous because auditor gains a greater understanding of the program.

13
Q

What is the purpose of a Limit Test?

A

Examines data and looks for reasonableness using upper and lower limits to determine if data fits the correct range.

Did anyone score higher than 100%?

14
Q

What is the Test Data Method?

A

Auditor processes data with client’s computer - fake transactions are used to test program control procedures.

Each control needs to only be tested once

Problem with this method - fake data could combine with real data.

15
Q

How can Operating Systems Logs be utilized during an audit?

A

Auditor can review logs to see which applications were run and by whom.

16
Q

What is the purpose of Access Security Software?

A

Helpful in online environments

Restricts computer access - may use encryption.

17
Q

How can Library Management Software assist with an audit?

A

Library Management Software logs any changes to system/applications etc.

18
Q

How can Embedded Audit Modules in software be utilized in an audit?

A

Assist with audit calculations

Enable continuous monitoring in an audit environment that is changing

Weakness: requires implementation into the system design

Example: SCARF - Collects information based on some criteria and can be analyzed at a later time (necessary because the audit environment is continually changing)

19
Q

What is an Audit Hook?

A

An Audit Hook is an application instruction that gives auditor control over the application.

20
Q

What is the purpose of Transaction Tagging?

A

Transaction Tagging allows logging of company transactions and activities.

21
Q

How do Extended Records assist in audit trail creation?

A

Extended Records add audit data to financial records.

22
Q

How does Real Time Processing affect an audit?

A

Destroys prior data when updated

aka Destructive Updating

Requires well-documented Audit Trail

23
Q

What is the risk of auditing System outputs versus Application outputs?

A

If the auditor only audits the outputs of a computer system and doesn’t also audit the software applications- an error in the applications could be missed.

24
Q

What is a Compiler?

A

Software that translates source program (similar to English) into a language that the computer can understand

25
Q

How is Parallel Simulation utilized during an audit?

A

Client data is processed using Generalized Audit Software (GAS)

Sample size can be expanded without significantly increasing the audit cost

GAS output compared to client output

26
Q

What does auditing internal control in a company’s IT environment accomplish?

A

Plan the rest of audit- Shorter audit trails that may expire- Less documentation

Assess the level of Control Risk - Unauthorized access to systems or data is more difficult to catch

Systems access controls adds another layer to separation of duties analysis

Focus should be on the general controls- new systems development- current systems changes- and program or data access control or computer ops control changes