Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
44 Cards in this Set
- Front
- Back
|
Transaction cycles: Expenditure Cycle |
Incurs expenses Time lag btw components due to credit relationship with suppliers -Physical Component: Acquisition of goods -Financial Component: Cash disbursements to the suppliers More subsystems: payroll, purchases, accounts payable and fixed assets |
|
|
Transaction cycles: Conversion Cycle |
Where value added is provided -The production system: Planning, scheduling, and control of product through manufacturing process -The cost accounting system: Monitors the flow of cost information related to production |
|
|
Transaction cycles: Revenue Cycle |
When you get paid Time lag btw components due to credit relationship with customers Physical Component: sales order processing Financial Component: Cash receipts |
|
|
Billing Schemes |
involves paying falsevendors by submitting invoices for fictitious goods. shell company fraud includes a false vendor set-up and falsepurchase orders. pass through fraud involves both a legitimate and false vendorpurchase (at a much higher price). pay-and-return scheme involves double payment with the clerkintercepting the vendor reimbursement check. |
|
|
RAID |
-An example of fault tolerance -Redundant arrays of independent disks (RAID): Involves using parallel disks that contain redundant elements of data and applications. If one disk fails, the lost data are automatically reconstructed from the redundant components stored on the other disks |
|
|
Assest Function |
External auditor expressing an unqualified opinion in the form of a formal audit report regarding the presentation of the financial statements. |
|
|
Data Mining |
The process of selecting, exploring and modeling large amounts of data to uncover relationships and global patterns that exist in large databases but are hidden among the vast amount of facts. |
|
|
Data Warehouse |
A centralized relational database management system that has been designed specifically to meet the needs of data mining. It contains operational data bout current events as well as events that have transpired over many years. |
|
|
XBRL |
extensible Business Reporting Language(XBRL): the internet standard specifically designed for business reporting and information exchange. Objective:To facilitate the publication, exchange, and processing of financial and business information. It is a derivative of another internet standard called XML (extensible Markup Language) |
|
|
XML |
It is a metalanguage for describing markup languages. Can be used to model the data structure of an organization's internal database. End- user computer can recognize XML and process accordingly, relieving some of the burden currently placed on web servers., unlike HTML |
|
|
3 major subsystem of accounting |
1) Transaction processing system (TPS)- Supports daily business operations (operations management) 2) General ledger/ Financial reporting system (GL/ FRS)- produces reports (Middle management) 3) Management reporting system(MIS)- Information for decision making |
|
|
Substantive tests |
Tests that determine whether database contents fairly reflect the organization's transactions |
|
|
Grandfather-father- son (GFS) |
A Back up technique: Begins when the current master file (the father) is processed against the transaction file to produce a new updated master file (the son). Son is a physically different file from the father. with the next batch of transaction the son becomes the current master file ( the new father and the original father becomes the backup file (grandfather) |
|
|
Test Of Control |
*This is often called an IT test * Its is part of the attestation function the firms do to non audit clients * They wort with the firms financial audit staff to preform this * The purpose of the task, Rather than the task itself, defines the service being rendered * Tests of controls are often used as “dual-purpose” tests, i.e., both compliance and substantive tests of transactions are performed. |
|
|
IT Spoofing |
Form of masquerading to gain unauthorized access to a web server an/or to perpetrate an unlawful act without revealing one's identity |
|
|
Echo Check |
Technique that involves the receiver of the message returning the message to the sender |
|
|
Parity Check |
Technique that incorporates an extra bit into the structure of a bit string when it is created or transmitted |
|
|
Public key encryption |
Technique that uses tow encryption keys: One for encoding the message and the other for decoding it |
|
|
private key |
To encode a message, the sender provides the encryption algorithm with the key, which is used to produce a cipher text message. The message enter the communication channel and is transmitted to the receiver's location, where it is stored. The receiver decodes the message with a decryption program that uses the same key the sender employs. |
|
|
Firewalls |
*organizations connected to the Internet or other public networks often implement an electronic firewall to protect their intranet from outside intruders * A firewall is a system that enforces access control between the two networks To accomplish this: 1) All traffic between the outside network and the organization's intranet must pass through the firewall 2) Only authorized traffic between the organization and the outside, is allowed to pass through the firewall 3) The firewall must be immune to penetration from both outside and inside the oragnization |
|
|
Network-level firewalls |
*provide efficient but low security access control *This type of firewall consists of a screening router that examines the source and destination address that are attached to incoming message packets |
|
|
Application-level firewalls |
Provide a higher level of customization network security, but they add overhead to connectivity *These systems are configured to run security applications called proxies that permit routine services, such as e-mail, to pass through the firewall, but they can perform sophistication functions, such as user authentication for specific tasks |
|
|
Bio metric devices |
*A user authentication procedures which measure various personal characteristics, such as fingerprints, voice prints, retina prints, or signature characteristics * When and individual attempts to access the database they are scanned |
|
|
Test of controls pg 646 |
a phase in IT auditing to determine whether adequate internal controls are in place and functioning properly The level of risk ascribed to internal controls, during the test of controls phase, will affect the nature and extent of substantive testing that needs to be preformed in the third phase |
|
|
Computer-aided audit tools and techniques (CAATTs) |
The evidence-gathering technique used in the test of controls it is a specialized computer audit technique |
|
|
Substantive testing |
tend to be physical, labor-intensive activities such as counting cash, counting inventories in a warehouse and verifying the existence of stock certificates in a safe |
|
|
Management assertions |
Claims made by management regarding the content of their issued financial statements 1) Existence: Inventories listed on the balance sheet exist 2) Completeness: Accounts payable include all obligations to vendors for the period 3) Rights and Obligations: Plant and equipment listed in the balance sheet are owned by the entity 4) Valuation or allocation: Accounts receivable are stated at net realizable value 5) Classification and Understandability: Contingencies not reported in financial accounts are properly disclosed in footnotes |
|
|
Application controls |
ensure the validity, completeness, and accuracy of financial transactions examples: 1) A cash disbursements batch balancing routine that verifies that the total payments to vendors reconciles with the total posing to the accounts payable subsidiary ledger 2) An accounts receivable check digit procedure that validates customer account numbers on sales transactions 3) A payroll system limit check that identifies employee time card records with reported hours worked in excess of predetermined normal limit |
|
|
Blind Copy |
Contains no quantity or price information about the products being received. The purpose of the blind copy is to force the receiving clerk to count and inspect inventories prior to completing the receiving report. |
|
|
Valid vendor file |
This provides an important control by listing only approved vendors. The purpose is to ensure that the organization purchases inventories only from authorized vendors. This helps o reduce certain vendor fraud schemes |
|
|
Receiving Report |
States the quantity and condition of the inventories * one copy accompanies the physical inventories to the finished good warehouse for safekeeping * another is filed in the open/ closed PO file to close out the PO *Another is sent to the set up account payable function where it is filed in the AP pending file *Another is sent to the inventory control for updating the inventory records * Another is placed in the receiving report file |
|
|
Three way match |
AP clerk reconciles the invoice, purchase order and receiving report (three-way match) and prepares an AP packet, a folder containing the reconciled supporting documents |
|
|
Advantages of distributed data processing |
1) Cost Reductions 2) Improved cost control responsibility 3) Improved user satisfaction 4) Backup |
|
|
Disadvantages of distributed data processing |
1) Mismanagement of organization-wide resources 2) Hardware and software incompatibility 3) Redundant tasks 4) Consolidating incompatible activities 5) Hiring qualified professionals 6) Lack of standards |
|
|
Advantages of Centralized Data Processing |
Because the computing resources (IT personnel, hardware, software, and data) are centrally located and accessible by all authorized users, the centralized data processing configuration lends itself to intra-organization communication and data sharing between user departments |
|
|
Section 302
|
focuses on internal controls and requires corporatemanagement, including the CEO to:– Certify financial and other information contained inquarterly and annual reports.
– Certify the internal controls over financial reporting. – State responsibility for internal control design and providereasonable assurance as to the reliability of the financialreporting process. – Disclose any recent material changes in internal controls. |
|
|
Section 404
|
requires management of public companies toassess the effectiveness of internal controls over financialreporting.
Annual report must: – Describe the flow of transactions, including IT aspects. – Assess design and operating effectiveness of IC related to materialaccounts. – Assess potential for fraud and evaluate controls designed to preventor detect it. – Evaluate and conclude on the adequacy of controls over thefinancial statement reporting process. – Evaluate general controls that correspond to COSO internal controlframework.
|
|
|
Risk of Material Misstatement
|
RMM = Inherent Risk x Control Risk
It is the risk that some event, process or activity will lead to a materialmisstatement in the financial statements and not be prevented or detected,timely. Implementing new systems or significant changes to existing system areconsidered high-risk in all instances. Custom software is inherently more risky than off the shelf (OTS) software |
|
|
System Flowchart |
Flowchartsused to show threlationship between the key elements---Input sources, programs, and output products--of computer systems |
|
|
Data flow diagram (DFD) |
use of a set of symbols in diagram to represent the process sequences of a current or proposed system |
|
|
Control Environment |
1. Commitment to integrity & ethical values
2. Board of Directors is independent from management & exercisesoversight of development and performance of internal control. 3. Management has structures, reporting lines and appropriate authorities &responsibilities in the pursuit of objectives. 4. Has a commitment to attract, develop, and retain competent individualsin alignment with objectives 5. The Organization holds individuals accountable for their internal controlresponsibilities in the pursuit of objectives. |
|
|
Electronic Data Interchange (EDI) Controls
|
uses computer-to computertechnologies to automate B2B purchases.
*Absence of human intervention presents a unique twist totraditional control problems including: 1)Ensuring transactions are authorized and valid 2)Preventing unauthorized access to data files 3) Maintaining an audit trail of transactions * Techniques to deal with these issues: 1)Transaction authorization and validation including the use ofpasswords, IDs, customer and vendor files 2) Access controls, including establishing vendor and customer files 3) EDI audit trail including a control log which records transactions |
|
|
Audit Objectives & Procedures for EDI
|
• Audit objectives are to determine: (1) all transactions are authorized, valid and in compliance withagreements; (2) no unauthorized data access and (3) controlsare in place to ensure a complete audit trail of transactions.
• Tests of authorization and validation controls: – Review procedures for verifying trading partner ID codes. – Review agreements with VAN and trading partner files. * Tests of access controls:– Verify and test that access is limited appropriately. * Tests of audit trail c appropriately ontrols:– Verify existence of transaction logs and review a sample oftransactions. |
|
|
CIA |
1) confidentiality 2) Integrity 3) Availability |
