Podcast
Questions and Answers
What does PALACE stand for?
What does PALACE stand for?
Password Authorisation Levels Access Control Enforcement
Which of the following are NOT e-Commerce controls: (Select all that apply)
Which of the following are NOT e-Commerce controls: (Select all that apply)
- Connecting to the internet could facilitate unauthorized access
- The audit team should review the system's life cycle and the overall process (correct)
- Customer information and inventory records should be regularly backed up
- Sensitive data must be encrypted to prevent unauthorized access
Which of the following are considered "Business Continuity Controls"?
Which of the following are considered "Business Continuity Controls"?
- Having alternative processing, planning, documenting, and the testing facilities (correct)
- Must have a list of files and data to be recovered (correct)
- Must have virus protection installed and working (correct)
- Must have various and regular backups (correct)
- All of the above (correct)
What is the primary control activity for completeness of inventory transactions?
What is the primary control activity for completeness of inventory transactions?
The audit team should review the system's life cycle and the overall process during the implementation of software.
The audit team should review the system's life cycle and the overall process during the implementation of software.
What does "SCRUM" stand for?
What does "SCRUM" stand for?
What is the main concern of the auditor when examining the occurrence of inventory transactions?
What is the main concern of the auditor when examining the occurrence of inventory transactions?
What are the two primary concerns auditors have when examining the completeness of inventory transactions?
What are the two primary concerns auditors have when examining the completeness of inventory transactions?
What is the purpose of the control "No movement of stock without authorisation and a document"?
What is the purpose of the control "No movement of stock without authorisation and a document"?
Which of the following is NOT a risk related to the purchase cycle?
Which of the following is NOT a risk related to the purchase cycle?
What is the purpose of performing a "re-performance" test during an audit?
What is the purpose of performing a "re-performance" test during an audit?
What is the primary concern of the auditor during the "matching" test?
What is the primary concern of the auditor during the "matching" test?
Which of the following is NOT a risk related to the revenue cycle?
Which of the following is NOT a risk related to the revenue cycle?
The validity of revenue transactions is tested by making sure all customers are properly identified and authenticated before sales are made.
The validity of revenue transactions is tested by making sure all customers are properly identified and authenticated before sales are made.
How is the "completeness" of revenue transactions tested?
How is the "completeness" of revenue transactions tested?
The effectiveness of IT systems can be directly assessed by auditors through the use of CAATs.
The effectiveness of IT systems can be directly assessed by auditors through the use of CAATs.
List three primary areas of concern for auditors examining the "accuracy" of the revenue cycle?
List three primary areas of concern for auditors examining the "accuracy" of the revenue cycle?
What is the primary purpose of "cut-off" testing on the revenue cycle?
What is the primary purpose of "cut-off" testing on the revenue cycle?
What is the purpose of "classification" testing on the revenue cycle?
What is the purpose of "classification" testing on the revenue cycle?
What is the purpose of "completeness" testing of the revenue cycle?
What is the purpose of "completeness" testing of the revenue cycle?
What is the purpose of the "Existence and Rights/Obligations" assertion for accounts receivable?
What is the purpose of the "Existence and Rights/Obligations" assertion for accounts receivable?
What is the purpose of "Valuation" testing on accounts receivable?
What is the purpose of "Valuation" testing on accounts receivable?
How should an auditor test the "existence" and "rights/obligations" assertions of accounts receivable?
How should an auditor test the "existence" and "rights/obligations" assertions of accounts receivable?
What is the purpose of performing "re-performance" testing on the purchases cycle?
What is the purpose of performing "re-performance" testing on the purchases cycle?
What is the primary purpose of "matching" testing in the purchases cycle?
What is the primary purpose of "matching" testing in the purchases cycle?
List three key areas where an auditor would focus to test the occurrence assertion of purchases?
List three key areas where an auditor would focus to test the occurrence assertion of purchases?
What is the main purpose of "cut-off" testing for purchases?
What is the main purpose of "cut-off" testing for purchases?
What is the primary focus of the "completeness" assertion for purchases?
What is the primary focus of the "completeness" assertion for purchases?
What is the main purpose of "accuracy" testing in the purchases cycle?
What is the main purpose of "accuracy" testing in the purchases cycle?
What is the purpose of "cut-off" testing for payments?
What is the purpose of "cut-off" testing for payments?
What is the purpose of "completeness" testing in the payments cycle?
What is the purpose of "completeness" testing in the payments cycle?
What is the purpose of "accuracy" testing for payments?
What is the purpose of "accuracy" testing for payments?
What is the main concern when auditors examine the "classification" of purchases?
What is the main concern when auditors examine the "classification" of purchases?
What is the primary responsibility of an auditor during an inventory count?
What is the primary responsibility of an auditor during an inventory count?
Besides physically inspecting the inventory, what are three other key activities an auditor should perform during an inventory count?
Besides physically inspecting the inventory, what are three other key activities an auditor should perform during an inventory count?
What is the main purpose of "rights and obligations" testing for inventory?
What is the main purpose of "rights and obligations" testing for inventory?
What is the purpose of "completeness" testing for inventory?
What is the purpose of "completeness" testing for inventory?
What is the purpose of "valuation" testing in the inventory cycle?
What is the purpose of "valuation" testing in the inventory cycle?
How does an auditor test the accuracy of an inventory valuation?
How does an auditor test the accuracy of an inventory valuation?
How does an auditor test the "classification" assertion of inventory?
How does an auditor test the "classification" assertion of inventory?
What is a key control to be in place to prevent unauthorized movement of inventory?
What is a key control to be in place to prevent unauthorized movement of inventory?
Why are strong internal controls crucial for ensuring the accuracy of inventory records?
Why are strong internal controls crucial for ensuring the accuracy of inventory records?
What is the primary concern when auditors examine the "completeness" of inventory transactions?
What is the primary concern when auditors examine the "completeness" of inventory transactions?
Besides physical inspection of inventory, what are three key aspects of testing the accuracy of inventory transactions?
Besides physical inspection of inventory, what are three key aspects of testing the accuracy of inventory transactions?
Flashcards
IT System Maintenance Controls
IT System Maintenance Controls
Controls used to prevent unauthorized changes to programs, data, terminals, and files, and to correct errors or changes in user requirements, ensuring data integrity after system changes.
Program Change Standards
Program Change Standards
Formal rules and procedures for modifying computer programs.
Access Controls
Access Controls
Mechanisms to restrict access to IT systems and data.
Passwords (PALACE)
Passwords (PALACE)
Signup and view all the flashcards
Segregation of Duties
Segregation of Duties
Signup and view all the flashcards
Application Controls: Validity
Application Controls: Validity
Signup and view all the flashcards
Application Controls: Completeness
Application Controls: Completeness
Signup and view all the flashcards
Input Controls
Input Controls
Signup and view all the flashcards
Processing Controls
Processing Controls
Signup and view all the flashcards
Output Controls
Output Controls
Signup and view all the flashcards
Master File Controls
Master File Controls
Signup and view all the flashcards
CAATs (Computer Assisted Auditing Techniques)
CAATs (Computer Assisted Auditing Techniques)
Signup and view all the flashcards
E-Commerce Controls
E-Commerce Controls
Signup and view all the flashcards
Implementation of Software
Implementation of Software
Signup and view all the flashcards
Revenue Recognition
Revenue Recognition
Signup and view all the flashcards
Key Controls (Revenue)
Key Controls (Revenue)
Signup and view all the flashcards
Substantive Analytical Procedures (Revenue)
Substantive Analytical Procedures (Revenue)
Signup and view all the flashcards
Substantive Tests of Detail (Revenue)
Substantive Tests of Detail (Revenue)
Signup and view all the flashcards
Purchase Requisition
Purchase Requisition
Signup and view all the flashcards
GRN (Goods Received Note)
GRN (Goods Received Note)
Signup and view all the flashcards
Inventory Cycle
Inventory Cycle
Signup and view all the flashcards
Inventory Count
Inventory Count
Signup and view all the flashcards
Net Realizable Value (NRV)
Net Realizable Value (NRV)
Signup and view all the flashcards
Study Notes
Week 5 - IT Controls
- System maintenance controls prevent unauthorized changes to programs, data, terminals and files. Standards for program changes, requests, forms, testing, and documentation are used.
- Organizational and management controls establish a framework for computer activities, including responsibility levels, staff practices, division of duties, virus controls, and supervision. IT departments should be separate, and transactions shouldn't be authorized by IT staff. Training on systems and databases is essential.
- Access controls restrict physical access to IT infrastructure (servers, data centers, network equipment) to authorized personnel based on roles (segregation of duties). VPNs secure remote user access, and logon IDs are used for authorization, logging unauthorized attempts.
- Computer operating controls schedule processing using correct programs and data files, ensuring procedures are applied consistently. Hardware checks and duty divisions are included.
- System development controls use software from reputable companies, process data, require training, and ensure new system conversions are correctly performed with post-implementation reviews and backups.
Access Controls
- Only authorized personnel can access physical IT infrastructure.
- Access is granted based on the role/segregation of duties.
- VPNs ensure secure remote user access.
- Authorization of users through logon IDs.
- A log of unauthorized attempts is maintained.
Computer Operating Controls
- Controls include scheduling processing and using the correct programs and data files.
- Procedures are applied correctly and consistently.
- Hardware checks and division of duties are part of the operating procedures.
System Development Controls
- Software must come from reputable companies.
- Conversion controls ensure data transfer with balancing of old and new files, backup of the new system, and implementation review. Required training is provided.
Business Continuity Controls
- List of files and data to be recovered.
Week 7 - Revenue and Receipts Cycle
- Revenue Process Risks: Early revenue recognition, holding books open past the accounting period, including false sales, problems with related party transactions, overstating receivables, and other income.
- Key Controls: Adequate segregation of duties, proper authorization of sales, adequate records of receiving, authorising, processing, dispatching, invoicing, and recording. Documents are sequentially prenumbered and monthly statements and reconciliations are performed.
- Inherent Risks: Nature of business and other industry-related factors.
Week 8 - Purchases Cycle
- Inspect (Documents), Observe (Actions), Inquire (Missing Documents), Re-Perform (Numbers and Calculations), Test, Matching (Documents): Purchase requisitions, purchase orders, receiving of goods (GRNs), recording of purchases, payment preparation, recording of payments.
- Test of Controls: All documents are sequentially prenumbered and inspections/signatures confirm procedures.
- Inherent Risks: Management bias and incentive to misstate expenses, complexity of expenditures, inadequate controls, incorrect cut-offs, and understating accounts payable.
Week 9 - Inventory Cycle
- Planning (Order), Receipt, Issue, Inventory Adjustment Forms, Inventory Records: Key processes and documents related to inventory management.
- Inherent Risks: Volume and complexity of manufacturing, changes in staff and systems, net realisable value (NRV).
Inventory Controls (Week 9/10)
- Inventory is located at multiple sites with 'Goods in Transit'.
- Staff are trained to do the inventory tasks accurately and correctly with controls to prevent obsolete or damaged goods.
- Controls to ensure no double-counting and omission of inventory, and procedures exist to account for inclusion of the same inventory more than once, to prevent damage, loss, or theft of stock. Segregation of duties and reconciliation procedures are essential.
- Controls for the efficient production planning and scheduling of the inventory tasks.
ISA 501 (Week 9/10)
- Before Inventory Count: Contact with the client and previous auditor, review of procedures, verification of locations where inventory is stored. Third party arrangements must be made.
- During Inventory Count: Inquire on segregation of duties, team numbers, no movement, and no production is scheduled. Inspecting count sheets verifies completeness, sequences, and descriptions of goods. Verify inventory is allocated to counting teams, ensuring it's all included, avoiding duplication in the count and identifying those that shouldn't be valued (e.g., damaged, obsolete stock).
- Testing of Controls: Cut-off, inspection of documents (e.g., GRNs, GDNs, purchase invoices), verifying sequential pre-numbering and supplier invoices/payroll. Inventory is also checked for correct classification, condition (obsolete, slow-moving, excess), and net realisable value (NRV).
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Related Documents
Description
This quiz covers essential IT controls for maintaining system integrity and security. Topics include system maintenance, organizational controls, access restrictions, and operational procedures. Understanding these controls is crucial for effective IT management and risk mitigation.