• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/37

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

37 Cards in this Set

  • Front
  • Back
External auditors are primarily responsible to
shareholders and investors.
The American Accounting Association (AAA) defines auditing as:
A systematic process of objectively obtaining and evaluating evidence.
Regarding assertions about economic actions and events.
Auditing involves
collecting, reviewing, and documenting audit evidence.
According to the IIA, the purpose of an internal audit is to:
Evaluate the adequacy and effectiveness of a company’s internal control system; and
Determine the extent to which assigned responsibilities are carried out.
The IIA’s five audit scope standards outline the internal auditor’s responsibilities:
Review the reliability and integrity of operating and financial information and how it is identified, measured, classified, and reported.

Determine if the systems designed to comply with these policies, plans, procedures, laws, and regulations are being followed.

Review how assets are safeguarded, and verify their existence.

Examine company resources to determine how effectively and efficiently they are used.

Review company operations and programs to determine if they are being carried out as planned and if they are meeting their objectives.
Five different types of audits are commonly performed.
financial, internal control, operational, information systems, management
Financial audit
Examines reliability and integrity of accounting records (financial and operating).
Information systems audit
Reviews the controls of an AIS to assess:
Compliance with internal control policies and procedures; and
Effectiveness in safeguarding assets.
Operational or management audit
Concerned with economical and efficient use of resources and accomplishment of established goals and objectives.
All audits follow a similar sequence of activities and may be divided into four stages:
Planning
Collecting evidence
Evaluating evidence
Communicating audit results
Audit planning
Purpose: Determine why, how, when, and by whom the audit will be performed.
The first step in audit planning is to establish the
scope and objectives of the audit.
There are three types of risk when conducting an audit
Inherent risk
Control risk
Detection risk
The following are among the most commonly used evidence collection methods:
Observation
Review of documentation
Discussions
Physical examination
Confirmation
Re-performance
Vouching
An audit designed to evaluate AIS internal controls would make greater use of:
Observation
Review of documentation
Discussions
Re-performance
An audit of financial information would focus on:
Physical examination
Confirmation
Vouching
Analytical review
Re-performance
A risk-based audit approach is a four-step approach to internal control evaluation that provides a logical framework for carrying out an audit. Steps are:
Determine the threats (errors and irregularities) facing the AIS.
Identify control procedures implemented to minimize each threat by preventing or detecting such errors and irregularities.
Evaluate the control procedures.
Evaluate weaknesses (errors and irregularities not covered by control procedures) to determine their effect on the nature, timing, or extent of auditing procedures and client suggestions.
IT Auditing Objective
Review & evaluate internal controls that protect the AIS.
6 Objectives of IT Auditing
Objective 1: Overall Security
Objective 2:
Software Development
and Acquisition
Objective 3:
Software Modification
Objective 4: Computer Processing
Objective 5: Source Data
Objective 6:
Data Files
IT Auditing – Objective 1: Overall Security Threats include
Hardware & files – theft, damage, unauthorized access
Software & Data – theft, destruction, modification, unauthorized access
Interruption of business activities
Disclosure of confidential data
IT Auditing – Objective 2: Software Dvlp. & Acq. Threats include
Errors due to misunderstanding AIS specifications
Careless programming
Unauthorized instruction codes inserted into legitimate programs
IT Auditing – Objective 3: Software Modification Threats include
Careless programming
Unauthorized program codes
Unauthorized access to programming codes
IT Auditing – Objective 4: Computer Processing Threats include
Inability to flag bad data during processing
Inability to correct bad data after identification
The updating of programs introduces errors into data
Improper distribution of processed data
IT Auditing – Objective 5: Source Data
Threats include
Inaccurate source data
Unauthorized source data (e.g., ghost employees and vendors)
IT Auditing – Objective 6: Data Files
Threats include
Data loss due to hardware or software malfunction
Data loss due to accidental deletion
Data loss due to intentional acts
P =
Time it takes an attacker to break through the organization’s preventive controls.
D =
Time it takes to detect that an attack is in progress.
C =
Time to respond to the attack.
Effective segregation of accounting duties is achieved when the following functions are separated:
Authorization
Recording
Custody
segregation of accounting duties
Authorization
Approving transactions and decisions.
Recording
Preparing source documents; maintaining journals, ledgers, or other files; preparing reconciliations; and preparing performance reports.
Custody
Handling cash, maintaining an inventory storeroom, receiving incoming customer checks, writing checks on the organization’s bank account.
CUSTODIAL FUNCTIONS
Handling cash
Handling inventories, tools, or fixed assets
Writing checks
Receiving checks in mail
RECORDING FUNCTIONS
Preparing source documents
Maintaining journals, ledgers, or other files
Preparing reconciliations
Preparing performance reports
EXAMPLE OF PROBLEM: A person who has custody of cash receipts and the recording for those receipts can steal some of the cash and falsify accounts to conceal the theft.
SOLUTION: The pink fence (segregation of custody and recording) prevents employees from falsifying records to conceal theft of assets entrusted to them.
EXAMPLE OF PROBLEM: A person who has custody of checks for transactions that he has authorized can authorize fictitious transactions and then steal the payments.
SOLUTION: The green fence (segregation of custody and authorization) prevents employees from authorizing fictitious or inaccurate transactions as a means of concealing a theft.
AUTHORIZATION FUNCTIONS
Authorization of transactions