Internal Controls in a CIS Environment
40 Questions
0 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is the primary reason for segregating functions of system development and computer operations?

  • To enhance the usability of the programs
  • To prevent computer-related fraud (correct)
  • To reduce the need for documentation
  • To ensure faster system development
  • Which group is responsible for testing and modifying the program to ensure it operates as intended?

  • The management team
  • The computer operators
  • The user department and CIS department (correct)
  • The systems analyst alone
  • What is a crucial element of data recovery controls to prevent loss of computer files?

  • Only backing up files weekly
  • Daily copying of files to tape or disks (correct)
  • Restricting access to all employees
  • Keeping files in a single storage location
  • What control is essential to protect data files and programs from unauthorized alteration?

    <p>Access controls using passwords</p> Signup and view all the answers

    What is the Grandfather, Father, Son practice used for?

    <p>File retention in data recovery</p> Signup and view all the answers

    What is the goal of monitoring controls in a computer information system?

    <p>To ensure effective operation of CIS controls</p> Signup and view all the answers

    Which of the following is not an acceptable practice for systems development?

    <p>Systems analysts using the programs they develop</p> Signup and view all the answers

    Who should have limited access to the computer system?

    <p>Authorized operators and employees</p> Signup and view all the answers

    What is a primary assumption behind the auditing around the computer method?

    <p>The input data must reconcile with the output for the computer program to be considered reliable.</p> Signup and view all the answers

    What approach is also referred to as the 'black box approach'?

    <p>Auditing around the computer.</p> Signup and view all the answers

    What is a defining feature of Computer-Assisted Audit Techniques (CAATs)?

    <p>They allow auditors to directly evaluate the client’s accounting programs.</p> Signup and view all the answers

    Which method involves examining documents and reports while ignoring data processing procedures?

    <p>Auditing around the computer.</p> Signup and view all the answers

    How does an auditor confirm the reliability of the system when auditing around the computer?

    <p>By ensuring input data reconciles with output data.</p> Signup and view all the answers

    What condition must be met for auditing around the computer to be applicable?

    <p>Visible input documents and detailed output are available.</p> Signup and view all the answers

    Which approach allows for manual testing when there is no visible evidence?

    <p>Computer-Assisted Audit Techniques.</p> Signup and view all the answers

    What is typically required for successful application control testing?

    <p>The ability to trace transactions through visible input and output.</p> Signup and view all the answers

    What is the purpose of implementing appropriate controls in a system?

    <p>To prevent unauthorized access to data files and programs</p> Signup and view all the answers

    How does the segregation of duties differ between manual processing and a CIS environment?

    <p>CIS allows more functions to be combined due to efficiency</p> Signup and view all the answers

    What role do compensating controls play in a CIS environment?

    <p>They strengthen the internal control despite combined functions</p> Signup and view all the answers

    Which of the following statements about systems generated transactions is true?

    <p>They can be initiated automatically by the CIS</p> Signup and view all the answers

    What is a significant vulnerability of data in a CIS environment compared to a manual system?

    <p>Information can be easily lost without physical records</p> Signup and view all the answers

    Which of the following control procedures remain applicable in a CIS environment?

    <p>Authorization of transactions</p> Signup and view all the answers

    Why are independent checking procedures important in a CIS environment?

    <p>They serve to verify accuracy, completeness, and authorization of transactions</p> Signup and view all the answers

    Which of the following statements about the characteristics of a sound internal control system is correct?

    <p>It requires consistent application of controls for data integrity</p> Signup and view all the answers

    What is the primary purpose of the test data technique?

    <p>To test the effectiveness of internal control procedures</p> Signup and view all the answers

    What does an auditor do with the test data during the audit process?

    <p>Compares the output with his predetermined expected result</p> Signup and view all the answers

    What is a key limitation of the test data technique?

    <p>It does not assure that the tested program is the same used throughout the accounting period</p> Signup and view all the answers

    How does the integrated test facility (ITF) enhance the auditing process?

    <p>By integrating test data with ordinary transactions without client awareness</p> Signup and view all the answers

    What type of data does the auditor create for the test data technique?

    <p>Fictitious transactions with valid and invalid conditions</p> Signup and view all the answers

    What outcome does the auditor look for when comparing the results of processed test data?

    <p>The output should match the auditor’s predetermined expected output</p> Signup and view all the answers

    Which of the following best describes the relationship between the test data technique and the integrated test facility?

    <p>The ITF is a variation of the test data technique that allows better integration</p> Signup and view all the answers

    Why does the ITF use dummy or fictitious units for testing?

    <p>To ensure that the testing process remains hidden from management</p> Signup and view all the answers

    What is the main objective of using Integrated Test Facility (ITF) during an audit?

    <p>To ensure the tested program matches the client's program used in transactions.</p> Signup and view all the answers

    What precaution must auditors take when employing ITF?

    <p>Eliminate the effects of all audit test transactions to prevent data contamination.</p> Signup and view all the answers

    How does Parallel Simulation differ from ITF?

    <p>Parallel Simulation focuses on simulating processes rather than using test inputs.</p> Signup and view all the answers

    What types of software can assist auditors in Parallel Simulation?

    <p>Generalized audit software and purpose written programs.</p> Signup and view all the answers

    What is a key feature of generalized audit software?

    <p>It performs common audit tasks, like calculations and reporting.</p> Signup and view all the answers

    What is the primary risk associated with using ITF during an audit?

    <p>Contaminating the client’s master files with test data.</p> Signup and view all the answers

    What is the goal of comparing results in Parallel Simulation?

    <p>To evaluate the effectiveness of the client’s program against expected outputs.</p> Signup and view all the answers

    Which statement is true regarding purpose written programs in auditing?

    <p>They are designed for specific audit tasks within particular contexts.</p> Signup and view all the answers

    Study Notes

    Internal Controls in a CIS Environment

    • Data security is crucial, only authorized people should have access to data files and programs.
    • Segregation of duties is vital, but may be less strict in a CIS environment due to computer programing.
    • Some transactions are automatically generated by the CIS system, eliminating the need for input documents.
    • CIS environment is more vulnerable to changes and data loss compared to handwritten records, as changes can happen without a trace.
    • The elements of internal control are the same, but implementation methods for CIS are different.

    Systems Development and Documentation Controls

    • Software development and changes must be approved by management and the user department.
    • Programs must be tested extensively and modified by both the user and CIS department.
    • Adequate documentation is essential to facilitate program use and future changes.

    Access Controls

    • All computer systems require security controls to protect equipment, files, and programs.
    • Access should be limited to authorized employees and operators.
    • Passwords and other controls are necessary to protect data from unauthorized alterations.

    Data Recovery Controls

    • To prevent data loss, back up files must be regularly maintained and stored off-site.
    • Daily backups and updates are essential to quickly recover files in case of disaster.
    • The "Grand-father, father, son" method is used for file retention, keeping multiple generations of master files.

    Monitoring Controls

    • Monitoring controls ensure CIS controls are functioning effectively as planned.
    • Auditor's objectives and scope remain the same when auditing a CIS environment.
    • Testing methods must be adjusted due to the changes in processing and storing financial information.

    Auditing Around the Computer (Black Box Approach)

    • The auditor examines input documents and reports to test the system's reliability without directly examining the program.
    • This method relies on reconciling input and output, assuming accurate processing if they match.
    • Suitable only when visible input documents and detailed output allow tracing individual transactions.

    Computer-Assisted Audit Techniques (CAATs) (White Box Approach)

    • Used when manual testing is impractical due to the lack of visible evidence.
    • Auditor directly audits the client's computer program using CAATs.
    • Common CAATs include test data, integrated test facility, and parallel simulation.

    Test Data Technique

    • Designed to test internal control procedures within a program.
    • Auditor creates fictitious transactions with valid and invalid conditions.
    • The auditor knows the expected output, allowing them to compare the processing results with their predetermined output.

    Integrated Test Facility (ITF)

    • Overcomes the disadvantage of test data by integrating test data with actual transactions.
    • A dummy unit is created within the system to process test data alongside regular transactions.
    • Provides assurance that the tested program is the one actively used by the client.

    Parallel Simulation

    • Auditor creates a simulated program that mimics key aspects of the program being reviewed.
    • Transactions are reprocessed using both the real and simulated programs.
    • The output is compared to determine the reliability of the client's program.

    Generalized Audit Software (GAS) and Purpose Written Programs

    • GAS are widely available packages for common audit tasks.
    • Purpose written programs are designed for specific audit tasks.
    • Both are used in parallel simulation to perform specific audit activities.

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Related Documents

    Description

    This quiz explores the vital aspects of internal controls within a Computerized Information System (CIS) environment. It covers data security, segregation of duties, and the unique challenges posed by automation and documentation. Test your understanding of creating effective controls and protocols in modern systems.

    More Like This

    Mastering Internal Controls
    6 questions
    Internal Controls Overview
    37 questions
    Use Quizgecko on...
    Browser
    Browser