Podcast
Questions and Answers
What is the primary reason for segregating functions of system development and computer operations?
What is the primary reason for segregating functions of system development and computer operations?
- To enhance the usability of the programs
- To prevent computer-related fraud (correct)
- To reduce the need for documentation
- To ensure faster system development
Which group is responsible for testing and modifying the program to ensure it operates as intended?
Which group is responsible for testing and modifying the program to ensure it operates as intended?
- The management team
- The computer operators
- The user department and CIS department (correct)
- The systems analyst alone
What is a crucial element of data recovery controls to prevent loss of computer files?
What is a crucial element of data recovery controls to prevent loss of computer files?
- Only backing up files weekly
- Daily copying of files to tape or disks (correct)
- Restricting access to all employees
- Keeping files in a single storage location
What control is essential to protect data files and programs from unauthorized alteration?
What control is essential to protect data files and programs from unauthorized alteration?
What is the Grandfather, Father, Son practice used for?
What is the Grandfather, Father, Son practice used for?
What is the goal of monitoring controls in a computer information system?
What is the goal of monitoring controls in a computer information system?
Which of the following is not an acceptable practice for systems development?
Which of the following is not an acceptable practice for systems development?
Who should have limited access to the computer system?
Who should have limited access to the computer system?
What is a primary assumption behind the auditing around the computer method?
What is a primary assumption behind the auditing around the computer method?
What approach is also referred to as the 'black box approach'?
What approach is also referred to as the 'black box approach'?
What is a defining feature of Computer-Assisted Audit Techniques (CAATs)?
What is a defining feature of Computer-Assisted Audit Techniques (CAATs)?
Which method involves examining documents and reports while ignoring data processing procedures?
Which method involves examining documents and reports while ignoring data processing procedures?
How does an auditor confirm the reliability of the system when auditing around the computer?
How does an auditor confirm the reliability of the system when auditing around the computer?
What condition must be met for auditing around the computer to be applicable?
What condition must be met for auditing around the computer to be applicable?
Which approach allows for manual testing when there is no visible evidence?
Which approach allows for manual testing when there is no visible evidence?
What is typically required for successful application control testing?
What is typically required for successful application control testing?
What is the purpose of implementing appropriate controls in a system?
What is the purpose of implementing appropriate controls in a system?
How does the segregation of duties differ between manual processing and a CIS environment?
How does the segregation of duties differ between manual processing and a CIS environment?
What role do compensating controls play in a CIS environment?
What role do compensating controls play in a CIS environment?
Which of the following statements about systems generated transactions is true?
Which of the following statements about systems generated transactions is true?
What is a significant vulnerability of data in a CIS environment compared to a manual system?
What is a significant vulnerability of data in a CIS environment compared to a manual system?
Which of the following control procedures remain applicable in a CIS environment?
Which of the following control procedures remain applicable in a CIS environment?
Why are independent checking procedures important in a CIS environment?
Why are independent checking procedures important in a CIS environment?
Which of the following statements about the characteristics of a sound internal control system is correct?
Which of the following statements about the characteristics of a sound internal control system is correct?
What is the primary purpose of the test data technique?
What is the primary purpose of the test data technique?
What does an auditor do with the test data during the audit process?
What does an auditor do with the test data during the audit process?
What is a key limitation of the test data technique?
What is a key limitation of the test data technique?
How does the integrated test facility (ITF) enhance the auditing process?
How does the integrated test facility (ITF) enhance the auditing process?
What type of data does the auditor create for the test data technique?
What type of data does the auditor create for the test data technique?
What outcome does the auditor look for when comparing the results of processed test data?
What outcome does the auditor look for when comparing the results of processed test data?
Which of the following best describes the relationship between the test data technique and the integrated test facility?
Which of the following best describes the relationship between the test data technique and the integrated test facility?
Why does the ITF use dummy or fictitious units for testing?
Why does the ITF use dummy or fictitious units for testing?
What is the main objective of using Integrated Test Facility (ITF) during an audit?
What is the main objective of using Integrated Test Facility (ITF) during an audit?
What precaution must auditors take when employing ITF?
What precaution must auditors take when employing ITF?
How does Parallel Simulation differ from ITF?
How does Parallel Simulation differ from ITF?
What types of software can assist auditors in Parallel Simulation?
What types of software can assist auditors in Parallel Simulation?
What is a key feature of generalized audit software?
What is a key feature of generalized audit software?
What is the primary risk associated with using ITF during an audit?
What is the primary risk associated with using ITF during an audit?
What is the goal of comparing results in Parallel Simulation?
What is the goal of comparing results in Parallel Simulation?
Which statement is true regarding purpose written programs in auditing?
Which statement is true regarding purpose written programs in auditing?
Study Notes
Internal Controls in a CIS Environment
- Data security is crucial, only authorized people should have access to data files and programs.
- Segregation of duties is vital, but may be less strict in a CIS environment due to computer programing.
- Some transactions are automatically generated by the CIS system, eliminating the need for input documents.
- CIS environment is more vulnerable to changes and data loss compared to handwritten records, as changes can happen without a trace.
- The elements of internal control are the same, but implementation methods for CIS are different.
Systems Development and Documentation Controls
- Software development and changes must be approved by management and the user department.
- Programs must be tested extensively and modified by both the user and CIS department.
- Adequate documentation is essential to facilitate program use and future changes.
Access Controls
- All computer systems require security controls to protect equipment, files, and programs.
- Access should be limited to authorized employees and operators.
- Passwords and other controls are necessary to protect data from unauthorized alterations.
Data Recovery Controls
- To prevent data loss, back up files must be regularly maintained and stored off-site.
- Daily backups and updates are essential to quickly recover files in case of disaster.
- The "Grand-father, father, son" method is used for file retention, keeping multiple generations of master files.
Monitoring Controls
- Monitoring controls ensure CIS controls are functioning effectively as planned.
- Auditor's objectives and scope remain the same when auditing a CIS environment.
- Testing methods must be adjusted due to the changes in processing and storing financial information.
Auditing Around the Computer (Black Box Approach)
- The auditor examines input documents and reports to test the system's reliability without directly examining the program.
- This method relies on reconciling input and output, assuming accurate processing if they match.
- Suitable only when visible input documents and detailed output allow tracing individual transactions.
Computer-Assisted Audit Techniques (CAATs) (White Box Approach)
- Used when manual testing is impractical due to the lack of visible evidence.
- Auditor directly audits the client's computer program using CAATs.
- Common CAATs include test data, integrated test facility, and parallel simulation.
Test Data Technique
- Designed to test internal control procedures within a program.
- Auditor creates fictitious transactions with valid and invalid conditions.
- The auditor knows the expected output, allowing them to compare the processing results with their predetermined output.
Integrated Test Facility (ITF)
- Overcomes the disadvantage of test data by integrating test data with actual transactions.
- A dummy unit is created within the system to process test data alongside regular transactions.
- Provides assurance that the tested program is the one actively used by the client.
Parallel Simulation
- Auditor creates a simulated program that mimics key aspects of the program being reviewed.
- Transactions are reprocessed using both the real and simulated programs.
- The output is compared to determine the reliability of the client's program.
Generalized Audit Software (GAS) and Purpose Written Programs
- GAS are widely available packages for common audit tasks.
- Purpose written programs are designed for specific audit tasks.
- Both are used in parallel simulation to perform specific audit activities.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Related Documents
Description
This quiz explores the vital aspects of internal controls within a Computerized Information System (CIS) environment. It covers data security, segregation of duties, and the unique challenges posed by automation and documentation. Test your understanding of creating effective controls and protocols in modern systems.