Term
|
Definition
The systematic process of obtaining and evaluating evidence regarding assertions about economic actions and events in order to determine how well they correspond with established criteria |
|
|
Term
|
Definition
Examines the reliability and integrity of: Financial transactions, accounting records, and financial statements. |
|
|
Term
internal information system |
|
Definition
Reviews the controls of an AIS to assess compliance with: Internal control policies and procedures and effectiveness in safeguarding assets |
|
|
Term
internal operational audit |
|
Definition
Economical and efficient use of resources and the accomplishment of established goals and objectives |
|
|
Term
internal compliance audit |
|
Definition
Determines whether entities are complying with: Applicable laws, regulations, policies, and procedures |
|
|
Term
internal investigative audit |
|
Definition
Incidents of possible fraud, misappropriation of assets, waste and abuse, or improper governmental activities. |
|
|
Term
|
Definition
Planning, Collecting Evidence, Evaluating, and communicating Audit Results |
|
|
Term
3 types of risk in an audit |
|
Definition
inherent(without controls), control(risk a misstatement will not be caught by internal controls), and detection risk (misstatement will not be caught by auditors) |
|
|
Term
|
Definition
auditor seeks that no material error exists in the information or process audited |
|
|
Term
How to communicate audit conclusion? |
|
Definition
written report to mgmt, audit committee, board of directors |
|
|
Term
4 Steps for risk-based audit |
|
Definition
1. determine threats 2. identify control procedures (prevent, detect, or correct) 3. evaluate control procedures 4. evaluate control weaknesses |
|
|
Term
Purpose of an information systems audit? |
|
Definition
review and evaluate the internal controls that protect the system |
|
|
Term
Objectives of information systems audit |
|
Definition
Overall information security Program development and acquisition Program modification Computer processing Source files Data files |
|
|
Term
4 types of information systems threats |
|
Definition
Accidental or intentional damage to system assets Unauthorized access, disclosure, or modification of data and programs Theft Interruption of crucial business activities |
|
|
Term
Program Development and Acquisition |
|
Definition
Inadvertent programming errors due to misunderstanding system specifications or careless programming Unauthorized instructions deliberately inserted into the programs Controls: Management and user authorization and approval, thorough testing, and proper documentation |
|
|
Term
|
Definition
Source Code Comparison, Reprocessing, Parallel Simulation |
|
|
Term
|
Definition
systems fail to detect: Erroneous input Improper correction of input errors Process erroneous input Improperly distribute or disclose output |
|
|
Term
Two disadvantages of processing test data |
|
Definition
auditor must spend considerable time understanding the system and preparing the test transactions and auditor must ensure test data does not affect company files and database |
|
|
Term
Concurrent Audit Techniques (Computer Processing) |
|
Definition
continually monitor the system and collect audit evidence while live data are processed Use embedded audit modules (program code segments that perform audit functions, report test results, and store evidence collected for auditor review) |
|
|
Term
Integrated Test Facility (type of concurrent audit) |
|
Definition
inserts fictitious inputs, company employees unaware of testing, tests while system is live and allow auditor to compare processed data with expected results to verify controls |
|
|
Term
Snapshot Technique (type of concurrent audit) |
|
Definition
master files before and after update are stored for specially marked transactions |
|
|
Term
System Control Audit Review File (SCARF) (type of concurrent audit) |
|
Definition
concurrent audit technique that monitors all transactions and collects data on those that meet certain characteristics specified by the auditor |
|
|
Term
Audit Hooksn(type of concurrent audit) |
|
Definition
notify auditors of questionable transactions |
|
|
Term
Continuous and Intermittent Simulation (type of concurrent audit) |
|
Definition
embeds an audit module in DBMS that examines all transactions that update the database similar to SCARF, if transaction has special audit significance stored in CIS module and independently processes data and compares to DBMS |
|
|
Term
Source Data and Data Files concern what? |
|
Definition
accuracy, integrity, and security of data |
|
|
Term
Computer-assisted audit techniques (CAATS) |
|
Definition
refer to audit oft ware often called generalized audit software that uses auditor-supplied specifications to generate a program that performs audit functions that simplify the process |
|
|
Term
Characteristics of Auditing |
|
Definition
systematic process, involves collection and review of evidence, and involves use of established criteria |
|
|
Term
why should internal auditor participate in internal control reviews during the design of new systems? |
|
Definition
more economical, minimizes need for expensive modifications after system is implemented, and permits design of audit trails |
|
|
Term
Definition of risk based approach |
|
Definition
four-step approach to internal control evaluation that provides a logical framework for carrying out an audit |
|
|
Term
Procedures to detect unauthorized program changes? |
|
Definition
source code comparison, parallel simulation, reprocessing |
|
|
Term
|
Definition
computer technique that assists an auditor in understanding program logic by identifying all occurrences of specific variables |
|
|
Term
What is the focus of an operational audit? |
|
Definition
all aspects of information systems management |
|
|