Audit chap 12.txt

  1. Effective management of information technologies in an organization embraces the view point that

    A. Most technologies reduce existing risk conditions
    B. Technologies reduce some types of risks while eintroducing new types of risks to be managed
    C. Technolohies generally increase an organizations overrall net risk
    D. The objective of technology implementations is to increase profitability on a net basis
  2. Which of the following is generally not considered a category of IT general controls?

  3. As general IT controls weaken, the auditor is most likely to

  4. Which of the following is an example of an application control?

  5. Which of the followinng client IT systems generally can be audited without examing or directly testing the computer programs of the system

  6. Your client's sales application ensures that all credit sales transactions in the sales jounral have an assigned bill of lading number; however, the system does not ensure that all bill of lading numbers have an assigned sales invoice number. Your company may have control deficiency related to the

  7. Before processing the system validates the sequence of items to identify any breaks in sequence of input documents. This automated control is primarily designed to ensure the

  8. An auditor will use the test data approach to obtain certain assurances with respect to the

  9. Changes in internal control resulting form the intergration og IT into accounting systems
    Computer controls replace manual controls, higher quality info is available
  10. Specific risks to IT systems inclulde:
    • -risks to hardware and data
    • -reduce audit trail
    • -need for IT experience and seperation of duties
  11. It is critical to physically protect hardware, software, and related data b.c with out physical protection, it may not fuction or may function imporperly
    Reliance on the functioning capabilites of hardware and software
  12. Replacing manual procedures with tech based, the risk of random error from human_____ however systematic error ______b/c once proceudres are programmed in to a computer software, computer processes info consitently unitl changed
    Decreases, increases
  13. It based accounting systems allow online access to materfiles, software, etc. There then is potential for ________
    Unauthorized (illegitimate) access
  14. Much data from IT stored in centralized electronic files, this increases the risk of ________
    Loss data files or destruction of entire data files
  15. IT emliminates souce doc and records that allow organization to trace accounting info, this loss is called the______ which makes it harder to compare output infor with hard copy data
    Loss of the audit trail
  16. IT system employees may deal with one part and not see any other process, and empolyees regard the output as correct b/c the computer produced it
    Reduced human involvement
  17. Advanced IT systems can often intitiate transactions automatically, there fore __________ depends of software procedures and accurate master files used to make the decision
    Proper authorization (lack of traditional authorization)
  18. IT sytems reduce the traditional ______and create a need for additional IT experience
    Seperation of duties
  19. Contorls that relate to all parts of the IT function
    General controls
  20. Controls related to a specific use of IT, such as the inputting, processing, and outputting of sales or cash reciepts
    Application controls
  21. Six catergories of general controls
    Administration of the IT functions, Speration of ITduties, systems development, physical and online security,back up of contingency planning, hardware controls
  22. 3 catergories of aplication controls
    Input controls, processing controls, output contols
  23. The board of directors' and senior mangagment's attitude about IT affect the perceived importance of IT within an organization, (chief info officer reports to senior managment and board)
    Administration of the IT function
  24. To respond to the risk of combining traditional custody, authorization, and record keeping responsibilities by having the computer perform those tasks, well controlled organizations respond by _________
    Seperating key duties within IT
  25. The _______should be responsible for oversight of the IT functions to ensure that activites are carried out consitent with the IT strategic plan
    CIO or IT manager (IT management)
  26. _____________independently verify the quality of input and the reasonableness of output
    Data input/output control personnel
  27. Thsi includes purchasing and developing in house software that meets the organizations needs, and testing all software to ensre that the new software is compatible with existing hardware and software
    System development
  28. A companys computer testing approach that involves implementeing new system in just one part of the organization, while maintaining the old system at other locations
    Pilot testing
  29. A companys computer testing approach thatninvolvex operating the old and new systems simultaneously
    Parallel testing
  30. Security contols inculde both ------&-----
    Physical controls and online access controls
  31. Proper ------- over computer equipment restict access to hardware, software and back up files, common controls are badge entry, secuirit cameras, keypad entrances, security personnel
    Physical controls
  32. Proper user ID and paswords controk access to software and related data files, and reduce the likelihood of unauthorized changes. These types of controls are
    Online accexx controls
  33. Power failure, fire, exessive heat, water damage, these may all be helped by
    Backup and contingency plannign
  34. Controls built into the computer equipment by the manufacturer to detect and report equipment failure
    Hardware controls
  35. Application controsl done by people
    Manual controls
  36. Application controls done by the computer
    Automated controls
  37. Controls designed by an organization to ensure that inforation to be processes by the computer is authorized, accurate, and complete
    Input controls
  38. Contorls designed to ensure that data input into the system re accurately an completly processed
    Processing controls
  39. Controls designed to ensure that computer generated data are valid, accurate, complete, and distributed only to authorized people
    Output controls
  40. Three catergories of application controls
    Input, processing, output controls
  41. Batch input controls
    Financial total, hash total, record count
  42. Processing controls (5)
    Validation test, sequence test, arithmetic accuracy test, data reasonableness test, completness
  43. ________create the potential for material misstatements across all system applications regardless of the quality of individual application controls.
    Ineffective general controls
  44. Clients changes to _____affect the auditor;s relaiance on automated controls
    (application) software
  45. Auditors obtain information about general and application controls through the following ways
    • -Interviews with IT and key users
    • -examination of system documentation (flow charts, manuals etc)
    • -reviews of detailed questionnaries completed by IT staff
  46. Auditing without relying on and testing automated controls embedded in computer application programs, which is acceptable when the auditor has access to readable source documents that can be reconciled to detailed listings of output or when sufficient nonautomated controls exist
    Auditing around the computer
  47. Auditing around the computer is effective b/c these sytems often prduce sufficent _________to permit auditors to compare source documents such as vendors' and sales invoices to output
    Audit trails
  48. Auditing by testing automated internal controls and account balances electronically, generally b/c effective general controls exist
    Auditing around the computer
  49. Auditors use three categories of testing approaches when auditing through the computer
    Test data approach, parallel simulation, and embedded audit module approach
  50. A method of auditing an IT system that uses the auditors test data to determine whether the clients computer program corretly processes valid and invalid transactions
    Test data approach
  51. An audit testing approach that involves the auditors use of audti software, either purchased or programmed by the auditor, to replicate some part of a clients application system
    Parallel simulation testing
  52. Computer programs used by auditors that provide data retrevial, data manipulation, and reporting capabilities specifically oriented to the needs of auditors
    Generalized audit software (GAS)
  53. A method of auditing transactions pocessed by IT whereby the auditor embeds a modeule in the clients applicaition software to identify transactions with characteristics that are of interest to the auditor, the auditor is then able to analzye these transactions on a real time continuous basis as client transactions are processed
    Embedded audit module approach
  54. Networks that connect computer equipment, data files, software, and peripheral equipment within a local area, such as a single building or a small cluster of building, for intracompany use
    Local area networks (LANs)
  55. Networks that connect computer equipment, databases, software, and peripheral equipment that reside in many geographic locations, such as client offices located around the world
    Wide area networks (WANs)
  56. Hardware and software systmes that allow clients to oestablilsh and maintain databses shared by multiple applications
    Database management systems
  57. Systems that integrate numerous aspects of an organizations activities into one accounting information system
    Enterprise resource planning (ERP) systems
  58. A system of hardwaare and software that monitors and controls the flow of e-commerce communications by channeling all network connections through a contorl gateway
  59. Computer programs that change a standard message or data file into one that is coded, then decoded using a decryption programs
    Encryption techniques
  60. Electronic certificates that are used to authenticate the validity of individulas and companies conductions business electornically
    Digital signitures
  61. A third party entity that manages and supplies software applications or software-related services to customers through the internet
    Application service providers (ASPs)
Card Set
Audit chap 12.txt