Week 5 - System Work

Question 1

Walkthrough tests

Cradle to grave

Answer 1

Walkthroughs arw audits of accounting systems that gauge reliability
Cradle to grave - start to finish

Question 2

Controls are designed to

Answer 2

Prevent
Detect or
Correct

Question 3

Prevention

Answer 3

Locks, access controls, training

Question 4

Detection

Answer 4

Incorrect debtor number

Question 5

Correction

Answer 5

Back ups

Question 6

Internal controls

Answer 6

Financial reporting
Effectiveness and efficiency of operations
Compliance with laws and regs

Question 7

5 components of Internal controls (IC)

Answer 7

Control environment 
Risk assessment process 
Information system 
Control activities 
Monitoring

Question 8

Control environment

Answer 8

Enforcement to integrity and ethical values 
Commitment to competence = right skils 
Active governors/NEDs 
Management approach to risks/style
HR policies and practices

Question 9

Risk assessment process

Answer 9

All about reducing risks to acceptable level 
Health of employees 
Privacy of personal info 
Losses from computer abuse - hacking 
Management of change

Question 10

Info system

Answer 10

Relevant and timely info
Financial and non-financial
Communication

Question 11

Control activities

Answer 11

Authorisation
General and application controls
Segregation of duties

Question 12

Monitoring

Answer 12

Assess current perfromance of controls
Relevance over time
Who is responsible?

Question 13

Accounting control systems

Answer 13

Major classes of transactions
How transactions are initiated
Significant accounting records
The accounting and financial reporting process

Question 14

2 broad control classifications

Answer 14

General controls over the environment in which the company operates
Application controls - ensure an individual application runs smoothly and accurately

Question 15

General controls

Answer 15

Systems development/maintenance controls
Organisational controls
Security
Quality assurance

Question 16

Systems development

Answer 16

If systems develop/maintenance controls are strong, it is easier to control individual applications
The info should be maintained, allowing transactions to be traced forward&backward through the system

Question 17

Organisational control

Answer 17

Organisation charts
Segregation of duties
Authorisation and approval
Supervision controls

Question 18

Segregation of duties

Answer 18

Authorisation of transactions
Execution of transactions
Custody of assets
Recording of transactions and assets

Question 19

Security - physical

Answer 19

Fire damage/water damage
Power failure
Pollution
Intrusion by unathorised personnel

Question 20

Security - info/data

Answer 20

Restriction of access to data
Information/audit trails
File and program libraries
Holding data and program in secure places outside of the computer complex
Use if three generations of backups or file dumping systems

Question 21

Quality assurance

Answer 21

Independent of other functions
Existence provides some reassurance
E.g. internal audit department
More and more towards software

Question 22

Application controls

Answer 22

Data collected is genuine, accurate and complete
Data accepted is processed so it remains ^
Data stored temp/permanently is ^
Ouput data/info is ^

Question 23

Data controls incl:

Answer 23

Data capture/input contros 
Processing controls 
Output controls 
Database controls 
E-commerce controls

Question 24

Data capture controls - boundary

Answer 24

Cryptographic control 
Plastic cards 
Personal identificatiin numbers - pins 
Digital signatures - encrypted 
Firewalls

Question 25

Cryptographic controls

Answer 25

The study of secure communications techniques that allow only the sender and intended recipient of a message to view its contents

Question 26

Data capture controls - audit trails

Answer 26

First records of the info/audit trail are st the boundary where identify and authenticity of the user is first recorded

Question 27

Data capture controls - audit trail | Records include

Answer 27

``` Data to which access is requested Actions users wish to take Terminal at which access is sought Records of access decision No. Of sign-on attempts and Time of start/finish ```

Question 28

Input controls

Answer 28

``` Design of source documentation Design of product Use if check-digits Sequence checking Limit/reasonableness tests One-for-one checking for criticsl data items Batch control ```

Question 29

Processing controls

Answer 29

``` Run-to-run controls to ensure continuity Labels - internal&external Madter file data must be genuine Programs tested regularly Continual sequence and accuracy checks Back ups ```

Question 30

Output controls

Answer 30

Outputs distributed to the correct users - confidential information Needs to be genuine, accurate and complete - depends on access and processing controls Exception reporting Review for errors

Question 31

Database

Answer 31

Collection of data thst is shared&used by a number of diff applications for diff purposes Issues: loss of control over data by data preparaton personnel After-the-event authorisation Power of database administrator Audit trial is particularly important

Question 32

Auditor approach systems & controls | 6 stages

Answer 32

1 Receipt of order 2 Authorisation of order 3 Despatch of gds and entry in stock records 4 Invoicing of goods despatched and entry in sales record 5 entry in debtors ledger/bank revords 6 entry in genersl or nominal records

Question 33

Adv of flowcharts

Answer 33

Enable understanding of systems by auditors and client staff Force the auditor to understand how the company controls operations Pinpoint unnecessary procedures/docs

Question 34

Disadv of flowcharts

Answer 34

Time-consuming & difficult to alter Narrative descriptions may be more appropriate Considerable use of symbols - hard to understand