-Information Technology Flashcards Preview

CPA AUD Flashcards > -Information Technology > Flashcards

Flashcards in -Information Technology Deck (26)
Loading flashcards...
1
Q

When is an audit of IT not required?

A

An audit of IT is NOT required if:

  • Controls are redundant to another department.
  • The system does not appear to be reliable and testing controls would not be an efficient use of time.
  • Costs exceed benefit.

See more @ another71.com/flashcards

2
Q

When can an audit of IT be performed without directly interacting with the system?

A

An audit of IT can be performed without directly interacting with the system when:

  • System isn’t complex or complicated.
  • System output is detailed.
3
Q

What is the role of a Database Administrator?

A
  • Maintains database
  • Restricts access
  • Responsible for IT internal control
4
Q

What is the role of a Systems Analyst?

A

The role of a systems analyst includes:

  • Recommending changes or upgrades
  • Liaison between IT and users
5
Q

What is the role of the Data Librarian?

A

The Data Librarian is:

  • Responsible for storage
  • Holds system documentation
6
Q

What is the benefit of Generalized Audit Software in an audit?

A
  • Uses computer speed to quickly sort data and files, which leads to a more efficient audit
  • Compatible with different client IT systems
  • Extracts evidence from client databases
  • Tests data without auditor needing to spend time learning the IT system in detail
  • Client-tailored or commercially produced
7
Q

What is a Relational Database?

A

A Relational Database is a group of related spreadsheets. Information is retrieved through Queries.

8
Q

What is a Data Definition Language?

A

A Data Definition Language is a language that:

  • Defines a database
  • Gives information on database structure
  • Maintains tables, which can be joined together
  • Establishes database constraints.
9
Q

What functions are performed by a Data Manipulation Language?

A

A Data Manipulation Language maintains and queries a database.

Client uses DML to get the information needed by auditor.

10
Q

What functions are performed by a Data Control Language?

A

A Data Control Language controls a database and restricts access to the database.

11
Q

What is a Check Digit?

A

A check digit is a numerical character consistently added to a set of numbers.

It makes it more difficult for a fraudulent account to be set up or go undetected.

12
Q

What is the purpose of a Code Review?

A

A Code Review tests a program’s processing logic. It is advantageous because auditor gains a greater understanding of the program.

13
Q

What is the purpose of a Limit Test?

A

A Limit Test examines data and looks for reasonableness using upper and lower limits to determine if data fits the correct range.

Did anyone score higher than 100%?

14
Q

What is the Test Data Method?

A

Auditor processes data with client’s computer; fake transactions are used to test program control procedures.

Each control needs to be tested only once.

The problem with this method is that fake data could combine with real data.

15
Q

How can Operating Systems Logs be utilized during an audit?

A

Auditor can review logs to see which applications were run and by whom.

16
Q

What is the purpose of Access Security Software?

A

Access Security Software is helpful in online environments. It restricts computer access - may use encryption.

17
Q

How can Library Management Software assist with an audit?

A

Library Management Software logs any changes to system/applications etc.

18
Q

How can Embedded Audit Modules in software be utilized in an audit?

A

Embedded Audit Modules in software can be used in an audit to:

  • Assist with audit calculations
  • Enable continuous monitoring in an audit environment that is changing

Weakness: requires implementation into the system design

Example: SCARF - Collects information based on some criteria and can be analyzed at a later time (necessary because the audit environment is continually changing)

19
Q

What is an Audit Hook?

A

An Audit Hook is an application instruction that gives auditor control over the application.

20
Q

What is the purpose of Transaction Tagging?

A

Transaction Tagging allows logging of company transactions and activities.

21
Q

How do Extended Records assist in audit trail creation?

A

Extended Records add audit data to financial records.

22
Q

How does Real Time Processing affect an audit?

A
  • Destroys prior data when updated
  • Also known as Destructive Updating
  • Requires well-documented Audit Trail
23
Q

What is the risk of Auditing System outputs versus Application outputs?

A

If the auditor only audits the outputs of a computer system and doesn’t audit the software applications, an error in the applications could be missed.

24
Q

What is a compiler?

A

A compiler is a software that translates source program (similar to English) into a language that the computer can understand.

25
Q

How is Parallel Simulation utilized during an audit?

A
  • Client data is processed using Generalized Audit Software (GAS).
  • Sample size can be expanded without significantly increasing the audit cost.
  • GAS output is compared to client output.
26
Q

What does auditing internal control in a company’s IT environment accomplish?

A
  • Plan the rest of audit - Shorter audit trails that may expire- Less documentation
  • Assess the level of Control Risk - Unauthorized access to systems or data is more difficult to catch
  • Systems access controls add another layer to separation of duties analysis
  • Focus should be on the general controls - new systems development - current systems changes - and program or data access control or computer ops control changes