IT Controls

Question 1

General Controls

Answer 1

Have an impact on the whole IT System

Examples, program change control, restricting access, controls over the implementation of new releases, monitor the use of system utilities that could change financial data or record without leaving an audit trail.

Question 2

Application Controls

Answer 2

These affect specific IT tasks within departments such as payroll.

These are input, processing, and output controls.

Question 3

Echo Check

Answer 3

Transmission of information over phone lines

Question 4

Diagnostic routines

Answer 4

Checks internal operations of hardware components

Question 5

Boundary protection

Answer 5

allows multiple jobs running simultaneously

Question 6

Source code comparison program

Answer 6

tests for unauthorized program changes by comparing the compiled code to the original program

Question 7

Batch totals

Answer 7

Application control- totals that actually mean something such as the total of cash received that day

Question 8

Hash totals

Answer 8

Application control - these are totals that do not have a dollar meaning but can be used to check for mistakes. Example the employee ID numbers being added up so that if one was missing it would be noticed by comparing to a hash total of employee ID numbers.

Question 9

Record count

Answer 9

Application control - keeping track of the number of record processed to determine that the right number of records has been accounted for.

Question 10

Logic checks

Answer 10

These are certain computer checks that can determine if data has been entered incorrectly.

Question 11

Limit tests

Answer 11

Logic check - this would be where a system would not accept if someone tried to enter 300 hours worked in one week.

Question 12

Validity checks

Answer 12

Logic check - this will limit a certain input to only valid responses. For example in the phone number field it would only accept numbers and no letters.

Question 13

Missing data checks

Answer 13

logic check - inputs fields can be required and won’t allow the user to move on until all required fields have been entered.

Question 14

Processing checks

Answer 14

These are processes to verify the processing of data is accurate and authorized.

Question 15

Checkpoints

Answer 15

Processing checks - for long processes a procedures which makes checkpoints so that if a process crashes the entire process does not have to be re-executed.

Question 16

Limit on processing time

Answer 16

processing checks - if a process takes longer than a certain limit, the process shits down because it assumes an error has occurred.

Question 17

Test data

Answer 17

Test of controls procedure- the auditor can put dummy transactions through the system that contain known error to see of the system catches the errors.

Question 18

integrated test facility

Answer 18

test of controls procedure- this involves creating a dummy division within the client’s system and running through dummy data alongside the client’s real data.

Question 19

Parallel simulation

Answer 19

test of controls procedure- this involves processing the client’s data on the auditor’s software to compare the clients output with the auditor’s output.

Question 20

Tagging

Answer 20

this is when the auditor “tags” a transaction in order to follow it through the client’s system.

Question 21

Check digit

Answer 21

specific type of input control, consisting of a single digit at the end of an identification code that is computed from the other digits in a field.