Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
26 Cards in this Set
- Front
- Back
When is an audit of IT NOT required?
|
Controls are redundant to another department The system does not appear to be reliable and testing controls would not be an efficient use of time Costs exceed benefit
|
|
When can an audit of IT be performed without directly interacting with the system?
|
System isn't complex or complicated System output is detailed
|
|
What is the role of a Database Administrator?
|
Maintains database Restricts access Responsible for IT internal control
|
|
What is the role of a Systems Analyst?
|
Recommends changes or upgrades Liaison between IT and users
|
|
What is the role of the data Librarian?
|
Responsible for disc storage Holds system documentation
|
|
What is the benefit of Generalized Audit Software in an audit?
|
Uses computer speed to quickly sort data and files- which leads to a more efficient audit Compatible with different client IT systems Extracts evidence from client databases Tests data without auditor needing to spend time learning the IT system in detail Client-tailored or commercially produced
|
|
What is a Relational Database?
|
Group of related spreadsheets Retrieves information through Queries
|
|
What is a Data Definition Language?
|
A language that defines a database and gives information on database structure. It maintains tables- which can be joined together. It establishes database constraints.
|
|
What functions are performed by a Data Manipulation Language?
|
Maintains and queries a database Auditor needs information- so client uses DML to get the information needed
|
|
What functions are performed by a Data Control Language?
|
A Data Control Language controls a database and restricts access to the database.
|
|
What are Check Digits?
|
A numerical character consistently added to a set of numbers. It makes it more difficult for a fraudulent account to be set up or go undetected.
|
|
What is the purpose of a Code Review?
|
A Code Review tests a program's processing logic. Advantageous because auditor gains a greater understanding of the program.
|
|
What is the purpose of a Limit Test?
|
Examines data and looks for reasonableness using upper and lower limits to determine if data fits the correct range. Did anyone score higher than 100%?
|
|
What is the Test Data Method?
|
Auditor processes data with client's computer - fake transactions are used to test program control procedures. Each control needs to only be tested once Problem with this method - fake data could combine with real data.
|
|
How can Operating Systems Logs be utilized during an audit?
|
Auditor can review logs to see which applications were run and by whom.
|
|
What is the purpose of Access Security Software?
|
Helpful in online environments Restricts computer access - may use encryption.
|
|
How can Library Management Software assist with an audit?
|
Library Management Software logs any changes to system/applications etc.
|
|
How can Embedded Audit Modules in software be utilized in an audit?
|
Assist with audit calculations Enable continuous monitoring in an audit environment that is changing Weakness: requires implementation into the system design Example: SCARF - Collects information based on some criteria and can be analyzed at a later time (necessary because the audit environment is continually changing)
|
|
What is an Audit Hook?
|
An Audit Hook is an application instruction that gives auditor control over the application.
|
|
What is the purpose of Transaction Tagging?
|
Transaction Tagging allows logging of company transactions and activities.
|
|
How do Extended Records assist in audit trail creation?
|
Extended Records add audit data to financial records.
|
|
How does Real Time Processing affect an audit?
|
Destroys prior data when updated aka Destructive Updating Requires well-documented Audit Trail
|
|
What is the risk of auditing System outputs versus Application outputs?
|
If the auditor only audits the outputs of a computer system and doesn't also audit the software applications- an error in the applications could be missed.
|
|
What is a Compiler?
|
Software that translates source program (similar to English) into a language that the computer can understand
|
|
How is Parallel Simulation utilized during an audit?
|
Client data is processed using Generalized Audit Software (GAS) Sample size can be expanded without significantly increasing the audit cost GAS output compared to client output
|
|
What does auditing internal control in a company's IT environment accomplish?
|
Plan the rest of audit- Shorter audit trails that may expire- Less documentation Assess the level of Control Risk - Unauthorized access to systems or data is more difficult to catch Systems access controls adds another layer to separation of duties analysis Focus should be on the general controls- new systems development- current systems changes- and program or data access control or computer ops control changes
|