Term
What are the 5 internal audit standards? |
|
Definition
1. Review the reliability and integrity of operating and financial information and how it is identified, measured, classified and reported. 2. Determine if system complies with operating policies, plans, procedures, laws and regulations and they are being followed. 3. Review how assets are safeguarded, and verify existence of assets as appropriate. 4. Examine company resources to determine how effectively and efficiently they are used. 5. Review company operations and programs to determine if they are being carried out as planned and they are meeting objectives. |
|
|
Term
Types of internal audits, their definition and what standard they fall under. |
|
Definition
1. Financial Audits: determine the reliability and integrity of financial records. (#1) 2. Information systems (Internal control) audit: review control of AIS to assess compliance with internal control policies and procedures and the effectiveness of safeguarding assets. (#2 & #3) 3. Operational management audit: concerns economical and efficient use of resources and the accomplishment of established goals and standards. (#4 & #5) |
|
|
Term
Overview of the audit process (4) |
|
Definition
1. Audit planning 2. Collection of audit evidence 3. Evaluation of audit evidence 4. Communication of audit results |
|
|
Term
Types of audit risk & definitions (3)*mentioned in class as important* |
|
Definition
1. Inherent risk: the risk in absence of controls 2. Control risk: the risk that a material mistatement will get through internal controls and into the financial statements. 3. Detection risk: the risk that an auditor and audit procedures will not detect a material error. |
|
|
Term
Steps of the risk-based audit approach (4) |
|
Definition
1. Determine the threats (fruad and errors) facing the AIS 2. Identify controls used to minimize risks 3. Evaluate the controls (test controls) 4. Evaluate weaknesses (fraud and errors not covered by control procedures). If a control deficiency exists are their compensating controls? |
|
|
Term
Objectives of Information System audits (6) |
|
Definition
1. Overall security 2. Program development and acquisition 3. Program modifications have management approved and are tested 4. Computer processing is accurate and complete 5. Source data is accurate 6. Data files are accurate & securely stored |
|
|
Term
Objective 4: What are the options to analyze computer processing? (3) |
|
Definition
1. Processing test data 2. Concurrent audit techniques 3. Analyze program logic |
|
|
Term
Basic difference of Operational (management) audits? |
|
Definition
The scope of an operational audit is much broader, encompassing all aspects of information systems management. Their objectives include evaluating such factors as effectiveness, efficiency and goal achievement. |
|
|
Term
When collecting audit evidence what is commonly the main source of information? |
|
Definition
Conversations with employees and management. |
|
|
Term
Modifications: which method is no longer used, and why? |
|
Definition
Nobody runs parallel systems because it is not cost-effective. |
|
|
Term
What do auditors use to document the review of source data controls?(Objective 5) |
|
Definition
|
|
Term
|
Definition
The review of system documentation and interviewing of appropriate personnel to determine if the necessary procedures are in place. |
|
|
Term
Tests of controls include: (4) |
|
Definition
1. Observing system operations 2. Inspecting documents, records and reports 3. Checking samples of system inputs and outputs 4. Tracing transactions through the system |
|
|
Term
Define: Compensating controls |
|
Definition
Procedures that compensate for control deficiencies |
|
|
Term
What are the 2 things that can go wrong in program development? |
|
Definition
1. Inadvertent errors due to misunderstanding of system specifications or careless programming 2. Unauthorized instructions deliberately inserted into the programs |
|
|
Term
|
Definition
CAS: Computer audit software GAS: Generalized audit software ACL: Audit control language |
|
|
Term
DQ 9.2: Should internal auditors be members of system development teams that design and implement an AIS? Why or why not? |
|
Definition
No, auditor's role in systems development should be limited to an independent review of systems development activities. To maintain the objectivity necessary for performing an independent evaluation function, auditors should not be involved in developing the system. |
|
|
Term
P 9.3: As an internal auditor, you have been assigned to evaluate the controls and operation of a computer payroll system. To test the computer systems and programs, you are to submit independently created test transactions with regular data in a normal production run. A. List four advantages of this technique B. List two disadvantages of this technique |
|
Definition
|
|