Term
| According to PCAOB AS-5, auditors should evaluate ____ |
|
Definition
| The nature and complexity of the business's IS |
|
|
Term
| According to PCAOB AS-5, does a company's use of IT affect the ICFR? |
|
Definition
| YES; the nature and characteristic of the IT & IS affect ICFR |
|
|
Term
| What techniques are used when auditing through the computer? with the computer? |
|
Definition
Through the computer: IS audit
With the computer: CAAT |
|
|
Term
| IS Audit (through the computer) |
|
Definition
| reviews and evaluates internal controls that protect the system |
|
|
Term
| what are the 4 primary objectives evaluated during an IS audit? (SPPC) |
|
Definition
1) Overall Security
2) Program development & acquisition
3) Program modification/change management
4) Computer processing |
|
|
Term
| What are the risks involved in computer processing |
|
Definition
-fail to detect erroneous input
-improperly correct input errors
-process erroneous input
-improperly distribute/disclose output |
|
|
Term
| What are the 2 types of audit tests performed of computer processing |
|
Definition
1) Processing test data
2) Concurrent audit techinques |
|
|
Term
| What are the 5 concurrent audit techniques (CHISS) |
|
Definition
1) Integrated test facility (ITF)
2) Snapshot technique
3) System control audit review file (SCARF)
4) Audit hooks
5) Continuous and Intermittent Simulation (CIS) |
|
|
Term
|
Definition
| audit test of computer processing that processes a hypothetical series of valid and invalid transactions (should reject invalid transactions) |
|
|
Term
| Concurrent audit techniques |
|
Definition
| use embedded modules to gather data during regular operating hours |
|
|
Term
| What are some advantages/disadvantages of concurrent audit techniques |
|
Definition
-employees are often unaware of the testing
-concurrent testing will not affect actual data
-it is more complex/requires more experience |
|
|
Term
|
Definition
| creation of a series of 'dummy' files in the client's system; conceptually similar to processing test data only it is concurrent |
|
|
Term
|
Definition
Examines the way that transactions are processed;
selected transactions are marked with a code so that when they come up, a snaposhot is taken before and after processing |
|
|
Term
| System Control Audit Review File (SCARF) |
|
Definition
uses embedded modules to continuously monitor transaction activity;
collects data on transactions with a special audit significance;
auditor periodically receives printout of transactions |
|
|
Term
|
Definition
flag suspicious transactions as they occur and update the auditor via real-time notification;
usually geared toward fraudulent activities |
|
|
Term
| Continuous and Intermittent simulation (CIS) |
|
Definition
Embeds an audit module in the DBMS that continuously examines all transactions that update DBMS using similar criteria to SCARF;
processes specified data independently and compares results with those obtained by DBMS |
|
|
Term
| What is auditing 'with' the computer |
|
Definition
| when the auditor uses the computer to perform substantive tests of transactions and balances |
|
|
Term
| What are the 7 functions of CAAT? |
|
Definition
(FRSCRVD)
1) Data retrieval
2) calculations
3) validating data (edit checks)
4) reformatting
5) file operations
6) statistics
7) reports |
|
|
Term
| Based on the auditors specifications, CAS ______. CAS is best suited for examination of _____ files. |
|
Definition
CAS generates programs that perform the audit function;
best suited for examination of large files |
|
|
Term
| What are the main risks in using spreadsheets |
|
Definition
1) Spreadsheets are often outside of AIS controls
2) Data entry errors
3) Less structured controls |
|
|
Term
| What are the types of spreadsheet errors |
|
Definition
1) Human errors (ie. typing + instead of - )
2) Logic errors: enter incorrect formula b/c or wrong reasoning/logic
3) Omission errors: important data missing from analysis/calculations; very difficult to detect (ie. sum didn't include all items); |
|
|
Term
| What are some ways to control spreadsheet use? |
|
Definition
-Protect the spreadsheet
-Proper layout (ie. input worksheet, etc)
-Test/audit spreadsheet
-monitor spreadsheet size |
|
|
Term
|
Definition
IS audit objective;
-protect computer programs, data, equipment, & communications from unauthorized access, modification, destruction |
|
|
Term
| Program modification/change management |
|
Definition
IS audit objective;
-ensures modifications and changes to programs have management's authorization & approval |
|
|
Term
| Program development/acquisition |
|
Definition
IS audit objective
-is program development/acquisition performed in accordance with management's authorization |
|
|
Term
|
Definition
| Is the processing of transactions, files, reports, & other computer records accurate and complete |
|
|
