Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
36 Cards in this Set
- Front
- Back
|
Five Audit Scope Standards:
|
a. Review the reliability and integrity of operating and financial information and how it is identified, measured, classified, and reported.
b. Determine if the systems designed to comply with operating and reporting policies, plans, procedures, laws and regulations are actually being followed. c. Review how assets are safeguarded, and verify the existence of assets as appropriate. d. Examine company resources to determine how effectively and efficiently they are used. e. Review company operations and programs to determine if they are being carried out as planned and if they are meeting their objectives. |
|
|
Auditing
|
Systematic process of objectively obtaining and evaluating evidence regarding assertions about economic actions and events to ascertain the degree of correspondence between those assertions and established criteria and communicating the results to interested users.
|
|
|
Three Types of Audits:
|
1. Financial Audit
2. Information Systems Audit/Internal Control Audit 3. Operational Audit/Management Audit |
|
|
Financial Audit
|
Examines the reliability and integrity of accounting records (both financial and operating information) and correlated with the first of the five scope standards.
|
|
|
Information Systems Audit/Internal Control Audit
|
Reviews the controls of an AIS to assess its compliance with internal control policies and procedures and its effectiveness in safeguarding assets. Its scope roughly corresponds to the IIA’s 2nd and 3rd standards.
|
|
|
Operational Audit/Management Audit
|
Concerned with the economical and efficient use of resources and the accomplishments of established goals and objectives. Its scope corresponds to the 4th and 5th standards.
|
|
|
Three Types of Risk when conducting an audit
|
1. Inherent Risk
2. Control Risk 3. Detection Risk |
|
|
Inherent Risk
|
The susceptibility to material risk in the absence of controls.
|
|
|
Control Risk
|
The risk that a material misstatement will get through the internal control structure and into the financial statements. Weak controls = higher control risk. Can be determined by reviewing the control environment, testing internal controls, and considering control weaknesses identified in prior audits and evaluating how they have been rectified.
|
|
|
Detection Risk
|
The risk that auditors and their audit procedures will not detect a material error or misstatement.
|
|
|
Materiality
|
What is or isn’t important in a given set of circumstances.
|
|
|
Reasonable Assurance
|
Assurance that no material error exists in the information or process audited. To get full assurance is too expensive, so we find an assurance threshold.
|
|
|
Systems Review
|
Evaluating control procedures by reviewing system documentation and interviewing appropriate personnel to determine if the necessary procedures are in place.
|
|
|
Test of Controls
|
Conducted to determine if control procedures are satisfactorily followed.
|
|
|
Compensation Controls
|
Procedures that compensate for the control deficiency in the system.
|
|
|
ISYS Audits
|
a. Security Provisions
b. Program Development and acquisitions performed with authorization c. Program modifications have approval d. Processing of transactions, files, reports and records is accurate and complete e. Identify source data that are inaccurate or improperly authorized f. Computer data files are accurate, complete and confidential |
|
|
Reprocessing
|
Technique which uses a verified copy of the source code to reprocess data and compare output to system’s output.
|
|
|
Parallel Simulation
|
Same as reprocessing, but auditor writes a program instead of saving a verified copy of the source code.
|
|
|
Test Data Generator Program
|
Automatically prepares test data based on program specifications.
|
|
|
Concurrent Audit Techniques
|
Continually monitor system and collect audit evidence while live data are processed during regular operating hours.
|
|
|
Embedded Audit Modules
|
Segments of program code that perform audit functions. Helps facilitate concurrent auditing.
|
|
|
Integrated Test Facility (ITF)
|
Technique which places a small set of fictitious records in the master files and allows them to be processed in the system as normal to observe how they are processed.
|
|
|
Snapshot Technique
|
Examines the way transactions are processed. Selected transactions are marked with special code that triggers the snapshot process.
|
|
|
System Control Audit Review File (SCARF)
|
Uses embedded modules to continuously monitor transaction activity and collect data on transactions with special audit significance.
|
|
|
Audit Log
|
aka SCARF File. Transactions recorded here include those exceeding a specified dollar limit, involving inactive accounts, deviating from company policy, or containing write-downs of asset values.
|
|
|
Audit Hooks
|
Audit routines that flag suspicious transactions.
|
|
|
Real-time Notification
|
A type of audit hook that displays a message on the auditor’s terminal.
|
|
|
Continuous and Intermittent Simulation (CIS)
|
Embeds an audit module in a database management system. Examines all transactions that update the database using criteria similar to those of SCARF. If the transaction has special audit significance, the module independently processes the data, records the results, and compares them with those obtained by the DBMS.
|
|
|
Aids in Analysis of Program Logic:
|
a. Automated Flowcharting Programs
b. Automated Decision Table Programs c. Scanning Routines d. Mapping Programs e. Program Tracing |
|
|
Automated Flowcharting Programs
|
Interpret program source code and generate a corresponding flowchart.
|
|
|
Automated Decision Table Programs
|
Generates a decision table representing the program logic.
|
|
|
Scanning Routines
|
Search a program for occurrences of a specified variable name or other characteristic combinations.
|
|
|
Mapping Programs
|
Identify unexecuted program code. Could uncover program code that an unscrupulous programmer inserted to erase all computer files when he was terminated.
|
|
|
Program Tracing
|
Prints all application program steps executed during a program run. This list is intermingled with a regular output so auditors can observe the precise sequence of events that unfold during program execution. Helps auditors detect unauthorized program instructions, incorrect logic paths, and unexecuted program code.
|
|
|
Input Controls Matrix:
|
Table which shows the control procedures applied to each field of an input record.
|
|
|
Computer Audit Software (CAS)/Generalized Audit Software (GAS)
|
Programs written especially for auditors. ACL and IDEA are two most popular.
|
