IT AUDIT
24 Questions
0 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is a consequence of reducing human involvement in IT-based processes?

  • Increased recognition of misstatements
  • Improved audit trail visibility
  • Loss of opportunity to detect unusual transactions (correct)
  • Enhanced manual approval protocols
  • How can IT-based systems impact traditional authorization processes?

  • They eliminate the need for any authorization
  • They increase the complexity of approval processes
  • They automate some transactions without manual approvals (correct)
  • They require more manual interventions
  • What issue arises from the reduced separation of duties in IT environments?

  • More thorough oversight of IT operations
  • Increased need for manual audits
  • Consolidation of multiple roles into one individual (correct)
  • Better compliance with IT regulations
  • Why is it important to have knowledgeable personnel for IT systems?

    <p>To ensure proper installation and maintenance of the system</p> Signup and view all the answers

    Which component is essential for the governance and management of enterprise IT according to COBIT?

    <p>Connection between control requirements and business risks</p> Signup and view all the answers

    What does reduced audit trail visibility imply for an organization?

    <p>Increased likelihood of undetected fraud</p> Signup and view all the answers

    What key separation is often needed within IT duties?

    <p>Functions like systems development should be separate from day-to-day operations</p> Signup and view all the answers

    What characteristic of COBIT 5 enhances its effectiveness in IT governance?

    <p>Integration of governance and management aspects</p> Signup and view all the answers

    What is a potential risk associated with reliance on IT systems?

    <p>Systematic versus random errors</p> Signup and view all the answers

    How does information technology impact the audit trail?

    <p>It converts the paper trail to an electronic format</p> Signup and view all the answers

    What is a common risk regarding unauthorized access in information technology?

    <p>Increased potential for remote access</p> Signup and view all the answers

    What does the need for separation of IT duties primarily address?

    <p>Preventing fraud and ensuring checks and balances</p> Signup and view all the answers

    Which of the following is considered a type of IT General Control?

    <p>Controls over data centre and network operations</p> Signup and view all the answers

    How does a reduced audit trail affect internal controls?

    <p>It diminishes the capacity to trace actions related to transactions</p> Signup and view all the answers

    What is the primary purpose of IT Application Controls?

    <p>To ensure input data is complete, accurate, and valid</p> Signup and view all the answers

    Which of the following is a risk associated with loss of data?

    <p>Complete data loss if files are altered</p> Signup and view all the answers

    What is a major concern when implementing IT systems without proper experience?

    <p>Increased vulnerability to errors</p> Signup and view all the answers

    What does the term 'Auditing Through the Computer' refer to?

    <p>Auditing where the auditor directly interfaces with the application software</p> Signup and view all the answers

    What aspect of IT systems increases the risk of systematic errors?

    <p>Automation of tasks</p> Signup and view all the answers

    In the Test Data Approach, which consideration is essential for auditors?

    <p>Test data should include all relevant conditions that the auditor wants tested</p> Signup and view all the answers

    Which of the following is a risk associated with reliance on IT?

    <p>Unauthorized access to systems and data</p> Signup and view all the answers

    What is a crucial aspect of Separation of IT Duties?

    <p>Dividing responsibilities among different individuals to reduce risk</p> Signup and view all the answers

    Why is IT experience considered essential in auditing IT environments?

    <p>To properly evaluate application performance and compliance</p> Signup and view all the answers

    What is the role of policies and procedures in IT General Controls?

    <p>To support the effective functioning of application controls</p> Signup and view all the answers

    Study Notes

    Audit Practice & Procedures II: Information Technology and the Audit Process

    • Information Technology (IT) has improved internal control by enabling access to high-quality business transactions and larger volumes of information.

    Information Technology (IT) & Internal Control

    • IT has improved internal control.
    • How? Access to high-quality business transactions.
    • How? Access to larger volumes of information.
    • Question: Do improvements experienced as a result of IT present any risks?

    IT Systems and Risks

    • Risks to hardware and data.
    • Reduced audit trail.
    • Need for IT experience and separation of IT duties.

    Risks of Information Technology

    Risks to Hardware and Data

    • Reliance on the functioning capabilities of hardware and software.
    • Evaluation of the risk of system crashes.
    • Systematic versus random errors.
    • Errors in computer software can result in incorrect processing for all transactions processed.
    • Unauthorized access.
    • Potential for unauthorized on-line access from remote locations is increased.
    • Loss of data. Increased risk of total data loss in the event the data file is altered or destroyed.

    Reduced Audit Trail

    • Visibility of audit trail. The use of IT often converts the traditional paper trail to an electronic audit trail.
    • Reduced human involvement. The replacement of traditional manual processes with computer-performed processes reduces opportunities for employees to recognize misstatements resulting from transactions that might have appeared unusual to experienced employees.
    • Lack of traditional authorization. IT-based systems can be programmed to initiate certain types of transactions automatically without obtaining traditional manual approvals.

    Need for IT Experience & Separation of IT Duties

    • Reduced separation of duties. As organizations convert from manual to computer processes, computers do many duties that were traditionally segregated, such as authorization and record keeping.
    • Need for IT experience. Even when companies purchase simple off-the-shelf accounting software packages, it is important to have personnel with knowledge and experience to install, maintain, and use the system.
    • Separation of Duties in IT Function/Dept.:
      • IT management (Oversight)
      • Systems development (Application Design).
      • Operations (day-to-day operations).
      • Data control (input/output control personnel).

    IT Governance

    • COBIT (Control Objectives for Information and Related Technology) is an IT governance framework and supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks.
    • COBIT 5 is a business framework for the governance and management of enterprise IT.
    • Developed by ISACA (Information Systems Audit and Control Association).
    • Used globally by those who have the primary responsibility for business processes and technology.

    Auditing Standards IT Controls

    • Types of controls. General Controls; Application Controls.
    • Used to address many of the risks associated with reliance on IT.

    IT General Controls

    • Policies and procedures that relate to many applications.
    • Support the effective functioning of application controls.
    • Controls over data centre and network operations.
    • System software acquisition, change and maintenance.
    • Access security. Includes: Application system acquisition, development, and maintenance.
    • Physical security of assets
    • Authorization for access to computer programs and data files

    IT Application Controls

    • Controls that relate to specific computer software applications and the individual transactions, for example, the general ledger. Includes: Controls over the input, processing, and output functions.
    • Necessary conditions for data inputs: Complete, accurate and valid.
    • Internal processing should produce correct outputs.

    Auditing Around the Computer Versus Auditing Through the Computer

    • Internal Controls

      • Credit is approved for sales on account.
      • Payroll is processed only for individuals currently employed.
      • Column totals for the cash disbursements journal are subtotaled automatically by the computer.
    • Auditing Around the Computer Approach

      • Select a sample of sales transactions from the sales journal and obtain the related customer sales order to determine that the credit manager’s initials are present, indicating approval of sales on account.
      • Select a sample of payroll disbursements from the payroll journal and verify by reviewing human resource department files that the payee is currently employed.
      • Obtain a printout of the cash disbursements journal and manually foot each column to verify the accuracy of the printed column totals.
    • Auditing Through the Computer Approach

      • Obtain a copy of the client's sales application program and related credit limit master file and process a test data sample of sales transactions to determine whether the application software properly rejects those test sales transaction that exceed the customer’s credit limit amount and accepts all other transactions.
      • Create a test data file of valid and invalid employee ID numbers and process that file using a controlled copy of the client’s payroll application program to determine that all invalid employee ID numbers are rejected and that all valid employee ID numbers are accepted.
      • Obtain an electronic copy of the cash disbursements journal transactions and use generalized audit software to verify the accuracy of the column totals.

    Information Technology (IT) Auditing: Generalized Audit Software (GAS)

    • Uses: Verify extensions and footings; Examine records for quality, completeness, consistency, and correctness; Compare data on separate files; Summarize or resequence data and do analyses; Select audit samples; Print confirmation requests; Compare data obtained through other audit procedures with company records.
    • Description: Verify the accuracy of the client's computations by calculating information independently; Scan all records using specified criteria; Determine that information in two or more data files agrees; Change or aggregate data; Select samples from machine-readable data; Print data for sample items selected for confirmation testing; Compare machine-readable data with audit evidence gathered manually, which is converted to machine-readable form.
    • Examples: Foot accounts receivable trial balance; Review payroll files for terminated employees; Compare changes in accounts receivable balances between two dates using sales and cash receipts in transaction files; Resequence inventory items by location to facilitate physical observation; Randomly select accounts receivable for confirmation; Print customer name, address, and account balance information from master files; Compare confirmation responses with accounts receivable master files.

    Auditing Through the Computer; Testing Categories

    • Test data approach
    • Parallel simulation
    • Embedded audit module approach

    Auditing in Complex IT Environments (Categories of Testing): Test Data Approach

    • Auditors process their own test data using the client's computer system and application program to determine whether the automated controls correctly process the test data.
    • Test data considerations:
      • Test data should include all relevant conditions that the auditor wants tested.
      • Application programs tested by auditors' test data must be the same as those the client used throughout the year.
      • Test data must be eliminated from the client's records.

    Auditing in Complex IT Environments (Categories of Testing): Parallel Simulation

    • To determine the effectiveness of automated controls.
    • To obtain evidence about electronic account balances.
    • Parallel simulation is a process of simulating data processing with a set of data (from client) and comparing the results of simulation with that of client's system results.

    Auditing in Complex IT Environments (Categories of Testing): Embedded Audit Module Approach

    • Auditors insert an audit module in the client's application system to identify specific types of transactions.

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Related Documents

    IT Auditing PDF

    More Like This

    IT Audit
    5 questions

    IT Audit

    VictoriousInsight avatar
    VictoriousInsight
    IT Audit Basics
    20 questions

    IT Audit Basics

    VictoriousInsight avatar
    VictoriousInsight
    IT Auditing and Security Controls Quiz
    5 questions
    IT Audit and Governance Controls
    11 questions
    Use Quizgecko on...
    Browser
    Browser