Effective management of information technologies in an organization embraces the view point that
A. Most technologies reduce existing risk conditions
B. Technologies reduce some types of risks while eintroducing new types of risks to be managed
C. Technolohies generally increase an organizations overrall net risk
D. The objective of technology implementations is to increase profitability on a net basis
B.
Which of the following is generally not considered a category of IT general controls?
A.
As general IT controls weaken, the auditor is most likely to
C.
Which of the following is an example of an application control?
C.
Which of the followinng client IT systems generally can be audited without examing or directly testing the computer programs of the system
A.
Your client's sales application ensures that all credit sales transactions in the sales jounral have an assigned bill of lading number; however, the system does not ensure that all bill of lading numbers have an assigned sales invoice number. Your company may have control deficiency related to the
B.
Before processing the system validates the sequence of items to identify any breaks in sequence of input documents. This automated control is primarily designed to ensure the
B.
An auditor will use the test data approach to obtain certain assurances with respect to the
B.
Changes in internal control resulting form the intergration og IT into accounting systems
Computer controls replace manual controls, higher quality info is available
Specific risks to IT systems inclulde:
-risks to hardware and data
-reduce audit trail
-need for IT experience and seperation of duties
It is critical to physically protect hardware, software, and related data b.c with out physical protection, it may not fuction or may function imporperly
Reliance on the functioning capabilites of hardware and software
Replacing manual procedures with tech based, the risk of random error from human_____ however systematic error ______b/c once proceudres are programmed in to a computer software, computer processes info consitently unitl changed
Decreases, increases
It based accounting systems allow online access to materfiles, software, etc. There then is potential for ________
Unauthorized (illegitimate) access
Much data from IT stored in centralized electronic files, this increases the risk of ________
Loss data files or destruction of entire data files
IT emliminates souce doc and records that allow organization to trace accounting info, this loss is called the______ which makes it harder to compare output infor with hard copy data
Loss of the audit trail
IT system employees may deal with one part and not see any other process, and empolyees regard the output as correct b/c the computer produced it
Reduced human involvement
Advanced IT systems can often intitiate transactions automatically, there fore __________ depends of software procedures and accurate master files used to make the decision
Proper authorization (lack of traditional authorization)
IT sytems reduce the traditional ______and create a need for additional IT experience
Seperation of duties
Contorls that relate to all parts of the IT function
General controls
Controls related to a specific use of IT, such as the inputting, processing, and outputting of sales or cash reciepts
Application controls
Six catergories of general controls
Administration of the IT functions, Speration of ITduties, systems development, physical and online security,back up of contingency planning, hardware controls
The board of directors' and senior mangagment's attitude about IT affect the perceived importance of IT within an organization, (chief info officer reports to senior managment and board)
Administration of the IT function
To respond to the risk of combining traditional custody, authorization, and record keeping responsibilities by having the computer perform those tasks, well controlled organizations respond by _________
Seperating key duties within IT
The _______should be responsible for oversight of the IT functions to ensure that activites are carried out consitent with the IT strategic plan
CIO or IT manager (IT management)
_____________independently verify the quality of input and the reasonableness of output
Data input/output control personnel
Thsi includes purchasing and developing in house software that meets the organizations needs, and testing all software to ensre that the new software is compatible with existing hardware and software
System development
A companys computer testing approach that involves implementeing new system in just one part of the organization, while maintaining the old system at other locations
Pilot testing
A companys computer testing approach thatninvolvex operating the old and new systems simultaneously
Parallel testing
Security contols inculde both ------&-----
Physical controls and online access controls
Proper ------- over computer equipment restict access to hardware, software and back up files, common controls are badge entry, secuirit cameras, keypad entrances, security personnel
Physical controls
Proper user ID and paswords controk access to software and related data files, and reduce the likelihood of unauthorized changes. These types of controls are
Online accexx controls
Power failure, fire, exessive heat, water damage, these may all be helped by
Backup and contingency plannign
Controls built into the computer equipment by the manufacturer to detect and report equipment failure
Hardware controls
Application controsl done by people
Manual controls
Application controls done by the computer
Automated controls
Controls designed by an organization to ensure that inforation to be processes by the computer is authorized, accurate, and complete
Input controls
Contorls designed to ensure that data input into the system re accurately an completly processed
Processing controls
Controls designed to ensure that computer generated data are valid, accurate, complete, and distributed only to authorized people
________create the potential for material misstatements across all system applications regardless of the quality of individual application controls.
Ineffective general controls
Clients changes to _____affect the auditor;s relaiance on automated controls
(application) software
Auditors obtain information about general and application controls through the following ways
-Interviews with IT and key users
-examination of system documentation (flow charts, manuals etc)
-reviews of detailed questionnaries completed by IT staff
Auditing without relying on and testing automated controls embedded in computer application programs, which is acceptable when the auditor has access to readable source documents that can be reconciled to detailed listings of output or when sufficient nonautomated controls exist
Auditing around the computer
Auditing around the computer is effective b/c these sytems often prduce sufficent _________to permit auditors to compare source documents such as vendors' and sales invoices to output
Audit trails
Auditing by testing automated internal controls and account balances electronically, generally b/c effective general controls exist
Auditing around the computer
Auditors use three categories of testing approaches when auditing through the computer
Test data approach, parallel simulation, and embedded audit module approach
A method of auditing an IT system that uses the auditors test data to determine whether the clients computer program corretly processes valid and invalid transactions
Test data approach
An audit testing approach that involves the auditors use of audti software, either purchased or programmed by the auditor, to replicate some part of a clients application system
Parallel simulation testing
Computer programs used by auditors that provide data retrevial, data manipulation, and reporting capabilities specifically oriented to the needs of auditors
Generalized audit software (GAS)
A method of auditing transactions pocessed by IT whereby the auditor embeds a modeule in the clients applicaition software to identify transactions with characteristics that are of interest to the auditor, the auditor is then able to analzye these transactions on a real time continuous basis as client transactions are processed
Embedded audit module approach
Networks that connect computer equipment, data files, software, and peripheral equipment within a local area, such as a single building or a small cluster of building, for intracompany use
Local area networks (LANs)
Networks that connect computer equipment, databases, software, and peripheral equipment that reside in many geographic locations, such as client offices located around the world
Wide area networks (WANs)
Hardware and software systmes that allow clients to oestablilsh and maintain databses shared by multiple applications
Database management systems
Systems that integrate numerous aspects of an organizations activities into one accounting information system
Enterprise resource planning (ERP) systems
A system of hardwaare and software that monitors and controls the flow of e-commerce communications by channeling all network connections through a contorl gateway
Firewall
Computer programs that change a standard message or data file into one that is coded, then decoded using a decryption programs
Encryption techniques
Electronic certificates that are used to authenticate the validity of individulas and companies conductions business electornically
Digital signitures
A third party entity that manages and supplies software applications or software-related services to customers through the internet