Week 5 - IT Controls
44 Questions
0 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to Lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What does PALACE stand for?

Password Authorisation Levels Access Control Enforcement

Which of the following are NOT e-Commerce controls: (Select all that apply)

  • Connecting to the internet could facilitate unauthorized access
  • The audit team should review the system's life cycle and the overall process (correct)
  • Customer information and inventory records should be regularly backed up
  • Sensitive data must be encrypted to prevent unauthorized access

Which of the following are considered "Business Continuity Controls"?

  • Having alternative processing, planning, documenting, and the testing facilities (correct)
  • Must have a list of files and data to be recovered (correct)
  • Must have virus protection installed and working (correct)
  • Must have various and regular backups (correct)
  • All of the above (correct)

What is the primary control activity for completeness of inventory transactions?

<p>Recording all inventory that has been received</p> Signup and view all the answers

The audit team should review the system's life cycle and the overall process during the implementation of software.

<p>True (A)</p> Signup and view all the answers

What does "SCRUM" stand for?

<p>Segregation of Duty, Custody of Assets, Reconciliation, Unused Stationary, Management Supervision</p> Signup and view all the answers

What is the main concern of the auditor when examining the occurrence of inventory transactions?

<p>That all recorded inventory exists and there is no theft of goods</p> Signup and view all the answers

What are the two primary concerns auditors have when examining the completeness of inventory transactions?

<p>Recording all inventory that has been received and ensuring that all inventory is accounted for</p> Signup and view all the answers

What is the purpose of the control "No movement of stock without authorisation and a document"?

<p>This control helps prevent unauthorized movement or loss of inventory.</p> Signup and view all the answers

Which of the following is NOT a risk related to the purchase cycle?

<p>Late payment of invoices from the vendor (B)</p> Signup and view all the answers

What is the purpose of performing a "re-performance" test during an audit?

<p>To verify the accuracy of calculations and the accuracy of the work that the client has already done</p> Signup and view all the answers

What is the primary concern of the auditor during the "matching" test?

<p>To verify that all documents and transactions are linked together correctly</p> Signup and view all the answers

Which of the following is NOT a risk related to the revenue cycle?

<p>Failing to record purchases in the proper period (D)</p> Signup and view all the answers

The validity of revenue transactions is tested by making sure all customers are properly identified and authenticated before sales are made.

<p>True (A)</p> Signup and view all the answers

How is the "completeness" of revenue transactions tested?

<p>Checking if the company has recorded all sales and related receipts and transactions.</p> Signup and view all the answers

The effectiveness of IT systems can be directly assessed by auditors through the use of CAATs.

<p>True (A)</p> Signup and view all the answers

List three primary areas of concern for auditors examining the "accuracy" of the revenue cycle?

<ol> <li>Checking if the prices and quantities on invoices are correct. 2. Making sure the calculation of sales, discounts, and commissions are accurate. 3. Ensuring the proper classification of revenue transactions.</li> </ol> Signup and view all the answers

What is the primary purpose of "cut-off" testing on the revenue cycle?

<p>To verify that all revenues and expenses have been recorded in the correct accounting period, preventing revenue being recorded either too early or too late.</p> Signup and view all the answers

What is the purpose of "classification" testing on the revenue cycle?

<p>To ensure that all revenue transactions have been properly categorized and recorded in the appropriate accounts.</p> Signup and view all the answers

What is the purpose of "completeness" testing of the revenue cycle?

<p>To verify if the company has captured and recorded all of its revenue and that no sales have been missed.</p> Signup and view all the answers

What is the purpose of the "Existence and Rights/Obligations" assertion for accounts receivable?

<p>To confirm that the company actually owns the accounts receivable it has recorded and that it has a legal right to collect those receivables.</p> Signup and view all the answers

What is the purpose of "Valuation" testing on accounts receivable?

<p>To ensure that the allowance for uncollectible accounts is sufficient to cover potential losses from customers who may not be able to pay.</p> Signup and view all the answers

How should an auditor test the "existence" and "rights/obligations" assertions of accounts receivable?

<p>By sending confirmation letters to customers and reviewing the contracts and agreements in relation to accounts receivable.</p> Signup and view all the answers

What is the purpose of performing "re-performance" testing on the purchases cycle?

<p>To verify the accuracy of calculations done by the client when dealing with purchase orders and invoices.</p> Signup and view all the answers

What is the primary purpose of "matching" testing in the purchases cycle?

<p>To confirm a complete chain of documentation, ensuring every step in the purchase cycle from purchase requisition to receiving of goods is properly linked and documented.</p> Signup and view all the answers

List three key areas where an auditor would focus to test the occurrence assertion of purchases?

<ol> <li>Verifying the existence of a purchase order, delivery note, and invoice to support a particular purchase. 2. Checking if the purchase occurred within the correct accounting period. 3. Evaluating if the purchase was recorded by the appropriate company.</li> </ol> Signup and view all the answers

What is the main purpose of "cut-off" testing for purchases?

<p>To ensure that all purchases are recorded in the correct accounting period, preventing purchases from being recorded either too early or too late.</p> Signup and view all the answers

What is the primary focus of the "completeness" assertion for purchases?

<p>To confirm that all purchases made by the company have been recorded in the accounting system.</p> Signup and view all the answers

What is the main purpose of "accuracy" testing in the purchases cycle?

<p>To ensure that all purchases are recorded at the correct amount and with the right details.</p> Signup and view all the answers

What is the purpose of "cut-off" testing for payments?

<p>To ensure that all payments made by the company are recorded in the correct accounting period, preventing payments from being recorded either too early or too late.</p> Signup and view all the answers

What is the purpose of "completeness" testing in the payments cycle?

<p>To verify that all payments made by the company have been accounted for and that no payments have been missed.</p> Signup and view all the answers

What is the purpose of "accuracy" testing for payments?

<p>To confirm that all payments made by the company have been recorded at the correct amount and with the correct details.</p> Signup and view all the answers

What is the main concern when auditors examine the "classification" of purchases?

<p>They are verifying that all purchases have been allocated to the correct expense accounts.</p> Signup and view all the answers

What is the primary responsibility of an auditor during an inventory count?

<p>To verify that all inventory recorded in the company's records is physically present and accounted for.</p> Signup and view all the answers

Besides physically inspecting the inventory, what are three other key activities an auditor should perform during an inventory count?

<ol> <li>Obtain copies of the inventory count sheets. 2. Trace the inventory count sheets back to the physical inventory. 3. Inquire about the inventory held by third parties and possibly visit those locations.</li> </ol> Signup and view all the answers

What is the main purpose of "rights and obligations" testing for inventory?

<p>To ensure that the company owns the inventory it possesses and that other parties' inventory is not included.</p> Signup and view all the answers

What is the purpose of "completeness" testing for inventory?

<p>To verify that all inventory belonging to the company has been recorded and that no inventory has been omitted from the records.</p> Signup and view all the answers

What is the purpose of "valuation" testing in the inventory cycle?

<p>To ensure that the value of inventory is properly determined and reflected in the company's financial statements.</p> Signup and view all the answers

How does an auditor test the accuracy of an inventory valuation?

<p>Through reviewing details such as purchase invoices, reviewing calculations, and comparing the inventory valuation to the lower of cost or net realizable value.</p> Signup and view all the answers

How does an auditor test the "classification" assertion of inventory?

<p>By verifying that all inventory items have been assigned to the correct categories based on their nature, such as raw materials, work in progress, or finished goods.</p> Signup and view all the answers

What is a key control to be in place to prevent unauthorized movement of inventory?

<p>A system that requires authorization and documentation for any movement of inventory.</p> Signup and view all the answers

Why are strong internal controls crucial for ensuring the accuracy of inventory records?

<p>It is important to prevent errors, fraud, and theft of inventory and ensure that it is accurately valued for financial reporting.</p> Signup and view all the answers

What is the primary concern when auditors examine the "completeness" of inventory transactions?

<p>Ensuring that all the inventory that has been received has been properly recorded in the accounting system.</p> Signup and view all the answers

Besides physical inspection of inventory, what are three key aspects of testing the accuracy of inventory transactions?

<ol> <li>Verifying that the costs associated with purchases and other inventory adjustments are accurately recorded. 2. Evaluating the accuracy of any inventory adjustments. 3. Ensuring the valuation of inventory items is accurate, using methods such as net realizable value calculations.</li> </ol> Signup and view all the answers

Flashcards

IT System Maintenance Controls

Controls used to prevent unauthorized changes to programs, data, terminals, and files, and to correct errors or changes in user requirements, ensuring data integrity after system changes.

Program Change Standards

Formal rules and procedures for modifying computer programs.

Access Controls

Mechanisms to restrict access to IT systems and data.

Passwords (PALACE)

A security mechanism to limit access to IT infrastructure.

Signup and view all the flashcards

Segregation of Duties

Dividing responsibilities among different people to prevent fraud and errors.

Signup and view all the flashcards

Application Controls: Validity

Ensuring the accuracy and legitimacy of transaction data, checking ID numbers, and credit card info before accepting orders.

Signup and view all the flashcards

Application Controls: Completeness

Checking for missing data in transaction processing.

Signup and view all the flashcards

Input Controls

Controls ensuring data entered into a system meets specified criteria.

Signup and view all the flashcards

Processing Controls

Controls ensuring data is processed accurately and only valid transactions are processed.

Signup and view all the flashcards

Output Controls

Controls ensuring outputs from a system are accurate and complete.

Signup and view all the flashcards

Master File Controls

Controls over standing data, ensuring accuracy and completeness of important data, such as customer and supplier details.

Signup and view all the flashcards

CAATs (Computer Assisted Auditing Techniques)

Techniques to improve audit efficiency and accuracy, often automating data analysis.

Signup and view all the flashcards

E-Commerce Controls

Measures to ensure the security and integrity of e-commerce transactions.

Signup and view all the flashcards

Implementation of Software

Processes for safely introducing new software and databases, ensuring data integrity throughout the transition.

Signup and view all the flashcards

Revenue Recognition

The process of recording revenue when a sale is completed and the company has fulfilled its obligations.

Signup and view all the flashcards

Key Controls (Revenue)

Procedures to manage the revenue process, preventing fraud and errors.

Signup and view all the flashcards

Substantive Analytical Procedures (Revenue)

Data analysis techniques and comparisons to identify potential issues and make estimations.

Signup and view all the flashcards

Substantive Tests of Detail (Revenue)

Detailed testing of individual transactions and balances in the revenue cycle.

Signup and view all the flashcards

Purchase Requisition

A document requesting goods or services to be purchased.

Signup and view all the flashcards

GRN (Goods Received Note)

A document that confirms receipt of goods.

Signup and view all the flashcards

Inventory Cycle

The series of processes for managing inventory from ordering to tracking to adjusting stock levels.

Signup and view all the flashcards

Inventory Count

Physical check of inventory balance and counting to confirm the accuracy of inventory.

Signup and view all the flashcards

Net Realizable Value (NRV)

The estimated selling price of inventory minus any costs to complete or sell it.

Signup and view all the flashcards

Study Notes

Week 5 - IT Controls

  • System maintenance controls prevent unauthorized changes to programs, data, terminals and files. Standards for program changes, requests, forms, testing, and documentation are used.
  • Organizational and management controls establish a framework for computer activities, including responsibility levels, staff practices, division of duties, virus controls, and supervision. IT departments should be separate, and transactions shouldn't be authorized by IT staff. Training on systems and databases is essential.
  • Access controls restrict physical access to IT infrastructure (servers, data centers, network equipment) to authorized personnel based on roles (segregation of duties). VPNs secure remote user access, and logon IDs are used for authorization, logging unauthorized attempts.
  • Computer operating controls schedule processing using correct programs and data files, ensuring procedures are applied consistently. Hardware checks and duty divisions are included.
  • System development controls use software from reputable companies, process data, require training, and ensure new system conversions are correctly performed with post-implementation reviews and backups.

Access Controls

  • Only authorized personnel can access physical IT infrastructure.
  • Access is granted based on the role/segregation of duties.
  • VPNs ensure secure remote user access.
  • Authorization of users through logon IDs.
  • A log of unauthorized attempts is maintained.

Computer Operating Controls

  • Controls include scheduling processing and using the correct programs and data files.
  • Procedures are applied correctly and consistently.
  • Hardware checks and division of duties are part of the operating procedures.

System Development Controls

  • Software must come from reputable companies.
  • Conversion controls ensure data transfer with balancing of old and new files, backup of the new system, and implementation review. Required training is provided.

Business Continuity Controls

  • List of files and data to be recovered.

Week 7 - Revenue and Receipts Cycle

  • Revenue Process Risks: Early revenue recognition, holding books open past the accounting period, including false sales, problems with related party transactions, overstating receivables, and other income.
  • Key Controls: Adequate segregation of duties, proper authorization of sales, adequate records of receiving, authorising, processing, dispatching, invoicing, and recording. Documents are sequentially prenumbered and monthly statements and reconciliations are performed.
  • Inherent Risks: Nature of business and other industry-related factors.

Week 8 - Purchases Cycle

  • Inspect (Documents), Observe (Actions), Inquire (Missing Documents), Re-Perform (Numbers and Calculations), Test, Matching (Documents): Purchase requisitions, purchase orders, receiving of goods (GRNs), recording of purchases, payment preparation, recording of payments.
  • Test of Controls: All documents are sequentially prenumbered and inspections/signatures confirm procedures.
  • Inherent Risks: Management bias and incentive to misstate expenses, complexity of expenditures, inadequate controls, incorrect cut-offs, and understating accounts payable.

Week 9 - Inventory Cycle

  • Planning (Order), Receipt, Issue, Inventory Adjustment Forms, Inventory Records: Key processes and documents related to inventory management.
  • Inherent Risks: Volume and complexity of manufacturing, changes in staff and systems, net realisable value (NRV).

Inventory Controls (Week 9/10)

  • Inventory is located at multiple sites with 'Goods in Transit'.
  • Staff are trained to do the inventory tasks accurately and correctly with controls to prevent obsolete or damaged goods.
  • Controls to ensure no double-counting and omission of inventory, and procedures exist to account for inclusion of the same inventory more than once, to prevent damage, loss, or theft of stock. Segregation of duties and reconciliation procedures are essential.
  • Controls for the efficient production planning and scheduling of the inventory tasks.

ISA 501 (Week 9/10)

  • Before Inventory Count: Contact with the client and previous auditor, review of procedures, verification of locations where inventory is stored. Third party arrangements must be made.
  • During Inventory Count: Inquire on segregation of duties, team numbers, no movement, and no production is scheduled. Inspecting count sheets verifies completeness, sequences, and descriptions of goods. Verify inventory is allocated to counting teams, ensuring it's all included, avoiding duplication in the count and identifying those that shouldn't be valued (e.g., damaged, obsolete stock).
  • Testing of Controls: Cut-off, inspection of documents (e.g., GRNs, GDNs, purchase invoices), verifying sequential pre-numbering and supplier invoices/payroll. Inventory is also checked for correct classification, condition (obsolete, slow-moving, excess), and net realisable value (NRV).

Studying That Suits You

Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

Quiz Team

Description

This quiz covers essential IT controls for maintaining system integrity and security. Topics include system maintenance, organizational controls, access restrictions, and operational procedures. Understanding these controls is crucial for effective IT management and risk mitigation.

More Like This

IT Auditing and Security Controls Quiz
5 questions
IT Security and Access Control
10 questions

IT Security and Access Control

TemptingEnlightenment4085 avatar
TemptingEnlightenment4085
ERP System Controls
15 questions
Use Quizgecko on...
Browser
Browser