ITSAC - Module 7 & 8

Question 1

Future Financial Fiascos

Answer 1

• Enron(2001)
• WorldCom (2002)

Question 2

• is an inventory of all the potential audit areas within an organization
• documents the key business processes and risks of an organization.

Answer 2

audit universe

Question 3

includes the basic functional audit area, organization objectives, key business processes that support those organization objectives, specific audit objectives, risks of not achieving those objectives, and controls that mitigate the risks.

Answer 3

audit universe

Question 4

is also an essential building block to a properly risk-based internal audit process.

Answer 4

audit universe

Question 5

provides a comprehensive list of critical IT processes, which can be used as a starting point.

Answer 5

Control Objectives for Information and Related Technology (COBIT)

Question 6

COBIT

Answer 6

Control Objectives for Information and Related Technology

Question 7

is an authoritative, international set of generally accepted IT practices or control objectives that help employees, managers, executives, and auditors

Answer 7

COBIT

Question 8

supports the need to research, develop, publicize, and promote up-to-date internationally accepted IT control objectives.

Answer 8

COBIT

Question 9

Where to download COBIT 5

Answer 9

www.isaca.org

Question 10

—optimizes the use of organizational resources to effectively address risks.

Answer 10

Governance

Question 11

—plan, build, run, and monitor the activities and processes used by the organization to pursue the objectives established by the board.

Answer 11

management

Question 12

are considered the foundation of the audit function as they assist in developing the process for planning individual audits.

Answer 12

Risk assessments

Question 13

assist auditors in automating the necessary audit functions and integrating information gathered as part of the audit process.

Answer 13

Audit productivity tools

Question 14

Examples of Audit productivity tools

Answer 14

• Audit planning and tracking
• Documentation and presentations Communication
• Data management, electronic working papers, and groupware
• Resource management

Question 15

Shows the structure of the database by illustrating the different data elements (like customers or transactions) and how they are related.

Answer 15

ENTITY RELATIONSHIP DIAGRAM (ERD)

Question 16

Shows how data moves through the system—from the point it enters, how it is processed, where it is stored, and where it goes next.

Answer 16

DATA FLOW DIAGRAM (DFD)

Question 17

Provides a step-by-step visual of the system’s operations, including decisions and actions taken.

Answer 17

FLOWCHART

Question 18

use symbols to describe transaction processing and the flow of data through a system by specifically showing: inputs and outputs; information activities (processing data); data storage; data flows; and decision steps.

Answer 18

Flowcharts

Question 19

Manual or electronic document

Answer 19

|’’’’’’’|
|__/’’’

Question 20

Multiple copies of manual or electronic documents

Answer 20

|_
|’’’’’’’||
|__/’’’

Question 21

Electronic data entry device (e.g., laptop, mobile device)

Answer 21

|
…………
|……….|

Question 22

Electronic operation or processing of data by the computer

Answer 22

……
[…..]

Question 23

Manual operation

Answer 23

_
\_/

Question 24

Data stored electronically in a database

Answer 24

O
|..|

Question 25

Indicates how paper documents are being filed: N: by number D: by date A: alphabetically

Answer 25

........... \\____ /

Question 26

Data stored electronically in magnetic tape (backup purposes)

Answer 26

Q

Question 27

Indicates a type of manual journal or ledger

Answer 27

..... /.../

Question 28

Indicates the direction of a document or processing flow

Answer 28

---------->

Question 29

On-page connector: links processing flows within the same page

Answer 29

O

Question 30

Off-page connector: indicates entry/exit to another page

Answer 30

|''| \/

Question 31

beginning, end, or interruption point in a process

Answer 31

........... (..........)

Question 32

decision being made

Answer 32

/\ \/

Question 33

is a method of gathering and reviewing electronic records.

Answer 33

**Computer assisted audit techniques (CAAT)**

Question 34

is used to simplify or automate the data analysis and audit process, and it involves using computer software to analyze large volumes of electronic data for anomalies.

Answer 34

**CAAT**

Question 35

**Benefits of a CAAT audit are:**

Answer 35

* Makes the audit less disruptive for the taxpayer. Auditor spends less time at the taxpayer’s business premises and can focus on managing audit risks and quantifying compliance issues * Reduces the time to complete the audit. CAAT are efficient in testing for completeness, accumulation, and calculation errors * Increases accuracy of the audit results when a larger population and stratified samples are used * Improves compliance and lessens chance of making errors. Auditors can review more segments of the taxpayer’s business activities systematically using analytic tools

Question 36

When performing _ the auditor obtains source documents that are associated with particular input transactions and reconciles them against output results. Hence, audit supporting documentation is drawn and conclusions are reached without considering how inputs are being processed to provide outputs. The major weakness of the auditing around the computer approach is that it does not verify or validate whether the program logic of the application being tested is correct.

Answer 36

**auditing around the computer**

Question 37

The _ approach includes a variety of techniques to evaluate how the application and their embedded controls respond to various types of transactions (anomalies) that can contain errors. When audits involve the use of advanced technologies or complex applications, the IT auditor must draw upon techniques combined with tools to successfully test and evaluate the application. This audit approach is relevant given technology’s significant increase and its impact on the audit process.

Answer 37

**auditing through the computer**

Question 38

is the examination, analysis, testing, and evaluation of computer-based material conducted to provide relevant and valid information to a court of law. Its tools are increasingly used to support law enforcement, computer security, and computer auditinvestigations.

Answer 38

**Computer forensics**