Information Technology Flashcards Preview

Agency Law > Information Technology > Flashcards

Flashcards in Information Technology Deck (26)
Loading flashcards...
1
Q
When is an audit of IT NOT required?
A
Controls are redundant to another department

The system does not appear to be reliable and testing controls would not be an efficient use of time

Costs exceed benefit
2
Q
When can an audit of IT be performed without directly interacting with the system?
A
System isn't complex or complicated

System output is detailed
3
Q
What is the role of a Database Administrator?
A
Maintains database

Restricts access

Responsible for IT internal control
4
Q
What is the role of a Systems Analyst?
A
Recommends changes or upgrades

Liaison between IT and users
5
Q
What is the role of the data Librarian?
A
Responsible for disc storage

Holds system documentation
6
Q
What is the benefit of Generalized Audit Software in an audit?
A
Uses computer speed to quickly sort data and files- which leads to a more efficient audit

Compatible with different client IT systems

Extracts evidence from client databases

Tests data without auditor needing to spend time learning the IT system in detail

Client-tailored or commercially produced
7
Q
What is a Relational Database?
A
Group of related spreadsheets

Retrieves information through Queries
8
Q
What is a Data Definition Language?
A
A language that defines a database and gives information on database structure.

It maintains tables- which can be joined together.

It establishes database constraints.
9
Q
What functions are performed by a Data Manipulation Language?
A
Maintains and queries a database

Auditor needs information- so client uses DML to get the information needed
10
Q
What functions are performed by a Data Control Language?
A
A Data Control Language controls a database and restricts access to the database.
11
Q
What are Check Digits?
A
A numerical character consistently added to a set of numbers.

It makes it more difficult for a fraudulent account to be set up or go undetected.
12
Q
What is the purpose of a Code Review?
A
A Code Review tests a program's processing logic.

Advantageous because auditor gains a greater understanding of the program.
13
Q
What is the purpose of a Limit Test?
A
Examines data and looks for reasonableness using upper and lower limits to determine if data fits the correct range.

Did anyone score higher than 100%?
14
Q
What is the Test Data Method?
A
Auditor processes data with client's computer - fake transactions are used to test program control procedures.

Each control needs to only be tested once

Problem with this method - fake data could combine with real data.
15
Q
How can Operating Systems Logs be utilized during an audit?
A
Auditor can review logs to see which applications were run and by whom.
16
Q
What is the purpose of Access Security Software?
A
Helpful in online environments

Restricts computer access - may use encryption.
17
Q
How can Library Management Software assist with an audit?
A
Library Management Software logs any changes to system/applications etc.
18
Q
How can Embedded Audit Modules in software be utilized in an audit?
A
Assist with audit calculations

Enable continuous monitoring in an audit environment that is changing

Weakness: requires implementation into the system design

Example: SCARF - Collects information based on some criteria and can be analyzed at a later time (necessary because the audit environment is continually changing)
19
Q
What is an Audit Hook?
A
An Audit Hook is an application instruction that gives auditor control over the application.
20
Q
What is the purpose of Transaction Tagging?
A
Transaction Tagging allows logging of company transactions and activities.
21
Q
How do Extended Records assist in audit trail creation?
A
Extended Records add audit data to financial records.
22
Q
How does Real Time Processing affect an audit?
A
Destroys prior data when updated

aka Destructive Updating

Requires well-documented Audit Trail
23
Q
What is the risk of auditing System outputs versus Application outputs?
A
If the auditor only audits the outputs of a computer system and doesn't also audit the software applications- an error in the applications could be missed.
24
Q
What is a Compiler?
A
Software that translates source program (similar to English) into a language that the computer can understand
25
Q
How is Parallel Simulation utilized during an audit?
A
Client data is processed using Generalized Audit Software (GAS)

Sample size can be expanded without significantly increasing the audit cost

GAS output compared to client output
26
Q
What does auditing internal control in a company's IT environment accomplish?
A
Plan the rest of audit- Shorter audit trails that may expire- Less documentation

Assess the level of Control Risk - Unauthorized access to systems or data is more difficult to catch

Systems access controls adds another layer to separation of duties analysis

Focus should be on the general controls- new systems development- current systems changes- and program or data access control or computer ops control changes