Podcast
Questions and Answers
What is the primary reason for segregating functions of system development and computer operations?
What is the primary reason for segregating functions of system development and computer operations?
Which group is responsible for testing and modifying the program to ensure it operates as intended?
Which group is responsible for testing and modifying the program to ensure it operates as intended?
What is a crucial element of data recovery controls to prevent loss of computer files?
What is a crucial element of data recovery controls to prevent loss of computer files?
What control is essential to protect data files and programs from unauthorized alteration?
What control is essential to protect data files and programs from unauthorized alteration?
Signup and view all the answers
What is the Grandfather, Father, Son practice used for?
What is the Grandfather, Father, Son practice used for?
Signup and view all the answers
What is the goal of monitoring controls in a computer information system?
What is the goal of monitoring controls in a computer information system?
Signup and view all the answers
Which of the following is not an acceptable practice for systems development?
Which of the following is not an acceptable practice for systems development?
Signup and view all the answers
Who should have limited access to the computer system?
Who should have limited access to the computer system?
Signup and view all the answers
What is a primary assumption behind the auditing around the computer method?
What is a primary assumption behind the auditing around the computer method?
Signup and view all the answers
What approach is also referred to as the 'black box approach'?
What approach is also referred to as the 'black box approach'?
Signup and view all the answers
What is a defining feature of Computer-Assisted Audit Techniques (CAATs)?
What is a defining feature of Computer-Assisted Audit Techniques (CAATs)?
Signup and view all the answers
Which method involves examining documents and reports while ignoring data processing procedures?
Which method involves examining documents and reports while ignoring data processing procedures?
Signup and view all the answers
How does an auditor confirm the reliability of the system when auditing around the computer?
How does an auditor confirm the reliability of the system when auditing around the computer?
Signup and view all the answers
What condition must be met for auditing around the computer to be applicable?
What condition must be met for auditing around the computer to be applicable?
Signup and view all the answers
Which approach allows for manual testing when there is no visible evidence?
Which approach allows for manual testing when there is no visible evidence?
Signup and view all the answers
What is typically required for successful application control testing?
What is typically required for successful application control testing?
Signup and view all the answers
What is the purpose of implementing appropriate controls in a system?
What is the purpose of implementing appropriate controls in a system?
Signup and view all the answers
How does the segregation of duties differ between manual processing and a CIS environment?
How does the segregation of duties differ between manual processing and a CIS environment?
Signup and view all the answers
What role do compensating controls play in a CIS environment?
What role do compensating controls play in a CIS environment?
Signup and view all the answers
Which of the following statements about systems generated transactions is true?
Which of the following statements about systems generated transactions is true?
Signup and view all the answers
What is a significant vulnerability of data in a CIS environment compared to a manual system?
What is a significant vulnerability of data in a CIS environment compared to a manual system?
Signup and view all the answers
Which of the following control procedures remain applicable in a CIS environment?
Which of the following control procedures remain applicable in a CIS environment?
Signup and view all the answers
Why are independent checking procedures important in a CIS environment?
Why are independent checking procedures important in a CIS environment?
Signup and view all the answers
Which of the following statements about the characteristics of a sound internal control system is correct?
Which of the following statements about the characteristics of a sound internal control system is correct?
Signup and view all the answers
What is the primary purpose of the test data technique?
What is the primary purpose of the test data technique?
Signup and view all the answers
What does an auditor do with the test data during the audit process?
What does an auditor do with the test data during the audit process?
Signup and view all the answers
What is a key limitation of the test data technique?
What is a key limitation of the test data technique?
Signup and view all the answers
How does the integrated test facility (ITF) enhance the auditing process?
How does the integrated test facility (ITF) enhance the auditing process?
Signup and view all the answers
What type of data does the auditor create for the test data technique?
What type of data does the auditor create for the test data technique?
Signup and view all the answers
What outcome does the auditor look for when comparing the results of processed test data?
What outcome does the auditor look for when comparing the results of processed test data?
Signup and view all the answers
Which of the following best describes the relationship between the test data technique and the integrated test facility?
Which of the following best describes the relationship between the test data technique and the integrated test facility?
Signup and view all the answers
Why does the ITF use dummy or fictitious units for testing?
Why does the ITF use dummy or fictitious units for testing?
Signup and view all the answers
What is the main objective of using Integrated Test Facility (ITF) during an audit?
What is the main objective of using Integrated Test Facility (ITF) during an audit?
Signup and view all the answers
What precaution must auditors take when employing ITF?
What precaution must auditors take when employing ITF?
Signup and view all the answers
How does Parallel Simulation differ from ITF?
How does Parallel Simulation differ from ITF?
Signup and view all the answers
What types of software can assist auditors in Parallel Simulation?
What types of software can assist auditors in Parallel Simulation?
Signup and view all the answers
What is a key feature of generalized audit software?
What is a key feature of generalized audit software?
Signup and view all the answers
What is the primary risk associated with using ITF during an audit?
What is the primary risk associated with using ITF during an audit?
Signup and view all the answers
What is the goal of comparing results in Parallel Simulation?
What is the goal of comparing results in Parallel Simulation?
Signup and view all the answers
Which statement is true regarding purpose written programs in auditing?
Which statement is true regarding purpose written programs in auditing?
Signup and view all the answers
Study Notes
Internal Controls in a CIS Environment
- Data security is crucial, only authorized people should have access to data files and programs.
- Segregation of duties is vital, but may be less strict in a CIS environment due to computer programing.
- Some transactions are automatically generated by the CIS system, eliminating the need for input documents.
- CIS environment is more vulnerable to changes and data loss compared to handwritten records, as changes can happen without a trace.
- The elements of internal control are the same, but implementation methods for CIS are different.
Systems Development and Documentation Controls
- Software development and changes must be approved by management and the user department.
- Programs must be tested extensively and modified by both the user and CIS department.
- Adequate documentation is essential to facilitate program use and future changes.
Access Controls
- All computer systems require security controls to protect equipment, files, and programs.
- Access should be limited to authorized employees and operators.
- Passwords and other controls are necessary to protect data from unauthorized alterations.
Data Recovery Controls
- To prevent data loss, back up files must be regularly maintained and stored off-site.
- Daily backups and updates are essential to quickly recover files in case of disaster.
- The "Grand-father, father, son" method is used for file retention, keeping multiple generations of master files.
Monitoring Controls
- Monitoring controls ensure CIS controls are functioning effectively as planned.
- Auditor's objectives and scope remain the same when auditing a CIS environment.
- Testing methods must be adjusted due to the changes in processing and storing financial information.
Auditing Around the Computer (Black Box Approach)
- The auditor examines input documents and reports to test the system's reliability without directly examining the program.
- This method relies on reconciling input and output, assuming accurate processing if they match.
- Suitable only when visible input documents and detailed output allow tracing individual transactions.
Computer-Assisted Audit Techniques (CAATs) (White Box Approach)
- Used when manual testing is impractical due to the lack of visible evidence.
- Auditor directly audits the client's computer program using CAATs.
- Common CAATs include test data, integrated test facility, and parallel simulation.
Test Data Technique
- Designed to test internal control procedures within a program.
- Auditor creates fictitious transactions with valid and invalid conditions.
- The auditor knows the expected output, allowing them to compare the processing results with their predetermined output.
Integrated Test Facility (ITF)
- Overcomes the disadvantage of test data by integrating test data with actual transactions.
- A dummy unit is created within the system to process test data alongside regular transactions.
- Provides assurance that the tested program is the one actively used by the client.
Parallel Simulation
- Auditor creates a simulated program that mimics key aspects of the program being reviewed.
- Transactions are reprocessed using both the real and simulated programs.
- The output is compared to determine the reliability of the client's program.
Generalized Audit Software (GAS) and Purpose Written Programs
- GAS are widely available packages for common audit tasks.
- Purpose written programs are designed for specific audit tasks.
- Both are used in parallel simulation to perform specific audit activities.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Related Documents
Description
This quiz explores the vital aspects of internal controls within a Computerized Information System (CIS) environment. It covers data security, segregation of duties, and the unique challenges posed by automation and documentation. Test your understanding of creating effective controls and protocols in modern systems.