IT Audit and Governance Controls

Questions and Answers

What is an IT audit?

An IT audit is part of the audit procedures that auditors perform, focusing on the computer-based aspects of an organization’s information system.

Which of the following is NOT an internal control objective?

To ensure the accuracy and reliability of accounting records

To safeguard assets of the entity

To ensure product quality (correct)

To measure compliance with management's prescribed policies

Which internal control principle addresses management's oversight?

Limitations

Preventive Controls

Methods of Data Processing

Management Responsibility (correct)

What are the three types of controls in the PDC Model?

Preventive Controls, Detective Controls, Corrective Controls

Which framework includes Control Environment and Risk Assessment as components?

COSO Internal Control Framework

IT governance focuses on management and assessment of strategic IT resources.

True

What is one key objective of IT governance?

To reduce risk

What are the responsibilities of database administration?

To ensure the security and integrity of the database.

What is one advantage of Distributed Data Processing?

Improved user satisfaction

What problem can arise from a centralized IT structure?

Inadequate documentation.

Which of the following represents a control activity in the COSO framework?

Control Activities

Study Notes

IT Audit Overview

• IT audit evaluates computer-based elements of an organization's information systems.
• Essential in modern systems using advanced technology for data management.

Internal Control Objectives

• Safeguard entity assets.
• Ensure accounting records' accuracy and reliability.
• Promote operational efficiency.
• Measure compliance with management policies and procedures.

Internal Control Principles

• Emphasizes management responsibility for controls.
• Considers methods of data processing and associated limitations:
  • Error potential
  • Circumvention of controls
  • Management override
  • Changing conditions
• Aims for reasonable assurance regarding control efficacy.

Internal Control Models

• PDC Model:
  • Preventive Controls
  • Detective Controls
  • Corrective Controls
• COSO Framework:
  • Control Environment
  • Risk Assessment
  • Information and Communication
  • Monitoring
  • Control Activities

IT Governance

• A part of corporate governance, focusing on strategic IT resource management.
• Main objectives include risk reduction and ensuring IT investments provide value.
• Covered topics include IT function structure, computer center operations, and disaster recovery planning.

Key IT Functions

• Database Administration: Ensures database security and integrity.
• Data Processing: Handles transaction processing, involving data control, computer operations, and data libraries.
• Systems Development and Maintenance: Analyzes user needs, designs new systems, and maintains existing systems.

Centralized IT Structure Challenges

• Separation of systems development and operational functions.
• Database administration divided from other tasks.
• Risks include inadequate documentation and potential for program fraud.

Distributed IT Structure Challenges

• Issues with resource efficiency and audit trails destruction.
• Risks of inadequate segregation of duties and hiring challenges.
• Benefits include cost reductions, improved control, user satisfaction, and backup flexibility.

Controlling Distributed Data Processing

• Implement a corporate IT function for oversight.
• Centralize testing of commercial software and hardware.
• Establish user services and standard-setting bodies.
• Conduct personnel reviews to maintain standards.

Audit Objectives and Procedures

• Objective: Verify appropriate segregation of incompatible IT functions to mitigate risk and foster a conducive working environment.
• Centralized IT Audit Procedures:
  • Review documentation to identify incompatible function assignments.
  • Examine systems documentation and maintenance records of applications.
  • Ensure computer operators lack access to conflicting functions.
• Distributed IT Audit Procedures:
  • Confirm the presence of policies and standards for system design and acquisitions.
  • Verify distribution of corporate standards to all IT units.

Description

This quiz covers essential topics related to IT audit procedures, focusing on the technology aspects of an organization's information systems. It includes internal control objectives and principles critical for safeguarding assets and ensuring the reliability of information. Test your knowledge and understanding of governance controls in the context of IT audits.