Shared Flashcard Set

Details

IT Audit Q1
N/A
26
Accounting
Graduate
02/21/2012

Additional Accounting Flashcards

 


 

Cards

Term
IT Auditing
Definition
The process of collecting & evaluating evidence to determine whether information systems and IT environments
o Adequately safeguard assets
o Maintain data and system integrity
o Provide relevant and reliable information
o Achieve organizational goals effectively
o Consume resources efficiently
o Have in effect internal controls that provide reasonable assurance that operational and control objectives will be met
Term
Audit Risk
Definition
The risk that the auditor gives a clean opinion on the adequacy of controls when there is actually a material weakness in controls or draws the wrong conclusion based on the audit evidence.
Term
Information Risk
Definition
the risk that the information gathered from the company is false or misleading
Term
Inherent Risk
Definition
Risk that exists because of the environment that without controls is more likely to have material misstatements, errors, or frauds than others
Term
Control Risk
Definition
The risk that a control is not functioning properly
Term
IT Control Objective
Definition
A statement of desired result or purpose to be achieved by implementing control procedures in a particular IT activity
Term
Internal Control (word for word)
Definition
The policies, procedures, practices and organizational structures designed to provide reasonable assurance that business objectives will be achieved and that undesired events will be prevented or detected and corrected.
Term
General Controls
Definition
Controls that cover the entire data processing or IT environment and impact all systems. They are pervasive, in line with the control culture, and sensitive to management.
Term
Application Controls
Definition
Specific to individual applications in the system. Primarily applied to input, processing, and output.
Term
Role of IT Auditing
Definition
o Provide technical assistance to financial, compliance, and performance audits
o Perform separate IT audits
o Perform integrated IT audits
o Performa technical and IT operational audits
o Help meet the mission of the audit function
Term
Types of IT Audits
Definition
o General Control Examinations
o Application Systems Audits
o System Underdevelopment Audits
o Technical or Special Topic Audits
Term
ISACA IT Auditing Standards S2
Definition
o Professional independence: in appearance and fact
o Organizational Independence : The IS audit function should be independent of the area or activity being reviewed to permit objective completion of the audit assignment.
Term
Audit Criteria
Definition
Standards used to determine whether something meets expectations. They serve as a basis upon which one measure or compares against something. Keep in mind how it is evidenced
o Generally accepted
o Recognized
o Understandable
o Defendable
o Authoritative
Term
Impact of Technology on Internal Controls
Definition
Does not change high level control objectives however it leads to a new mix of internal controls due to:
o High importance of tech and new risks with it call for new IC
o Changes in risk and exposures
o Changes in implementation of controls
o New ways to monitor controls
Term
Impact of Technology on Auditing
Definition
o Changes the audit and control environment
o Changes the risks and exposures
o Changes some audit evidence
o Impacts the analysis of evidence
o Increases the importance of control reviews for information reliability assessments during pre-audit work
Term
CobiT control model or CobiT Framework (what is CobiT, what is the CobiT framework? What are the three components of the CobiT framework?)
Definition
Generally accepted IT control objectives and control practices for use by managers and auditors. It is a control model for business enterprise that uses technology and needs to manage the IT environment. The 3 components are
o Business requirements for information or information criteria
o IT Resources
o IT processes
Term
Objectives of IT Governance
Definition
o IT is aligned with the business and enables the business to maximize benefit
o IT Resources are Safeguarded
o IT resources are used in a responsible and ethical manner
o IT-related risks are addressed through appropriate controls and managed to minimize risk and exposure
o IT performance is measured and evaluated for ROI
Term
What does management need to do to manage and control IT
Definition
o Employ fundamentals of corporate & IT Governance
o Clear understanding of strategic value of technology
o Align it strategies and business strategies
o Cascade it strategies down w/in the business entity
o Implement performance measurement and IT resources management
o Develop strategic plans with corporate IT strategies in sync
o Adopt a control framework that also addresses IT controls
Term
System Integrity
Definition
The system process data in a reliable manner and provides reliable and relevant information
Term
Data Integrity
Definition
reliability of the data with respect to accuracy, completeness, neutrality or consistency, validity, and verifiability
Term
Reasons why IT systems and processing environments need to be controlled:
Definition
Both systems and processing environments need to be controlled because they each have their own set of requirements and risks that if not addressed will not allow either to function properly
Term
Management and Audit’s responsibilities for control:
Definition
o Management needs to design, implement, and exercise appropriate and adequate internal controls that provide reasonable assurance that business and control objectives will be met
o Auditors assess adequacy and provide an opinion on it
Term
• Role of the ISACA IT Auditing Standards and Guidelines and the auditor’s responsibility regarding the IT Auditing Standards and Guidelines
Definition
Inform management of what he profession expects of auditors while outlining the minimum level of expectable performance for auditors.
Term
Closing the loop framework
Definition
A. Define Control Objectives
B. Indentify control criteria
C. Develop audit objectives
D. Define audit criteria
E. Build audit steps
F. Develop audit results
Term
Four fundamental types of documentation needed by an organization
Definition
o Policies (rule of the road)
o Procedure (how to)
o Narrative Explanation of process system
o System of record (Recording data)
Term
Assurance Mechanisms
Definition
Provide feedback as to whether controls are in place and in effect.
Supporting users have an ad free experience!