Information Technology Auditing: chapter 1

Study online at quizlet.com/_4l7kek

1. advisory services Services offered to improve client's 10. Audit Risk Probability that auditor will render
operational effectiveness and efficiency. unqualified (clean) opinion on financial
statements that are, in fact, materially
2. advisory services SOX greatly restricts the types of non-
misstated.
restrictions audit services auditors may render to
audit clients. 11. audit rules Strict rules must be followed.
Unlawful to provide many accounting, Defined by SEC, FASB, AICPA and SOX.
financial, internal audit, management,
12. Control risk Likelihood the control structure is flawed
human resource or legal services
(CR) because controls are either absent or
unrelated to the audit.
inadequate to prevent or detect errors.
3. attest services 1- Written assertions and practitioner's
13. corrective Fix the identified problems.
requirements written report.
controls
2- Formal establishment of measurement
criteria. 14. COSO- Policies and procedures to ensure actions to
3- Limited to examination, review, and control deal with identified risk.
application of agreed-upon procedures. activities

4. Audir Risk Model AR = IR x CR x DR 15. COSO- 1- IT Controls

Control 2- Physical Controls relate primarily to
Components used to determine the Activities - human activities employed in accounting
scope, nature and timing of substantive Categories systems.
tests 16. COSO - 1- Management integrity and ethical values,
5. auditing Specific guidance provided by AICPA control 2- Organizational structure,
standards Statements on Auditing Standards (SASs) environment 3- Board of director participation
as authoritative interpretations of GAAS. 4- Management's philosophy and operating
First one issued in 1972. style.
If recommendations are not followed, 17. COSO Control activities
auditor must be able to show why a SAS Internal RIsk assessment
does not apply to a given situation. Control Monitoring
6. Auditing 1- general qualification Framework Environment control
Standards 2- field work 18. COSO- Process by which the quality of internal
Classes 3- reporting. monitoring control design and operation can be
7. auditing 1- Audit objectives and audit procedures assessed.
standards based on management assertions 19. COSO- risk a- identify and record all valid financial
(requiremements) 2- Seek evidential matter that assesment- transactions,
corroborates assertions. efficiency b- provide timely information and c-
3- Determine whether internal control adequately measure and record transactions.
weaknesses and misstatements are
20. COSO - risk Identify, analyze and manage financial
material.
assessment reporting risks.
4- Communicate the results of their tests,
including an audit opinion. 21. CR and DR The stronger the internal control structure, the
lower the control risk (CR) and the less
8. Audit planning Includes analysis of audit risk.
substantive testing (DR) the auditor must do.
phase Techniques for gathering evidence:
Substantive tests are labor intensive and time
a- questionnaires,
consuming, which drives up audit costs and
b- management interviews,
cause disruption.
c- reviewing system documentation,
d- observing activities. 22. Detection Risk auditors are willing to take that errors
risk (DR) not detected or prevented by the control
9. Audit process Conducing an audit is a systematic and
structure will not be detected by the auditor.
logical process that applies to all forms
of information systems. 23. Detective Devices, techniques and procedures to
Controls identify and expose undesirable events that
eluded the preventive controls.
24. external audit Similar to a trial by judge. 37. Internal 1- Safeguard assets of the firm.
independence Auditor collects evidence and renders opinion. Control 2- Ensure accuracy and reliability of
Basis of public confidence in financial statements. System accounting records and information.
Objective 3- Promote efficiency in the firm's
25. external Independent attestation performed by an expert (i.e., CPA) who expresses an opinion
operations.
(financial) regarding the fair presentation of financial statements.
4- Measure compliance with management's
audit Required by SEC for all public companies.
prescribed policies and procedures.
26. external vs. 1- External auditors represent outsiders while internal auditors represent organization's
internal interests. Objectives should be achieved regardless
auditors 2- Internal auditors often cooperate with and assist external auditors ofin some aspects
the data processing method used.
of financial audits.
38. IT Audit 1- Audit Planning phase
Extent of cooperation depends upon the independence and competence of the internal
Process 2- Test of Controls Phase
audit staff.
3- Substantive Controls Phase
3- External auditors can rely in part on evidence gathered by internal audit
departments that are organizationally independent 39. and
IT Controls
report to the board
1- General
of directors'
Controls
audit committee. 2- Application Controls
27. Fraud audit investigate anomalies and gather evidence of fraud
40. IT
that
Controls
may lead
- to criminal
Ensure validity, completeness, and accuracy
convictions. Application of financial transactions.
Comtrols Includes check digits, batch balancing and
Recent increase in popularity payroll limits.
28. Generally content://com.hancom.office.editor.hidden.files/provider_files/image_1520935198767.png
41. IT Controls - Apply to all systems and include:
Accepted General 1- IT governance,
Auditing Comtrols 2- IT infrastructure,
Standards 3- Security and access to operating systems
and databases, 4- Application acquisition
29. I/C level of System should provide reasonable assurance that broad objectives are met.
and development
assurance 1- Cost to achieve improved control should not outweigh benefits.
5- Program change procedures.
2- Cost of correcting material weaknesses is offset by benefits.
30. Inherent risk Associated with unique characteristics of client's business or industry. They are needed to support functioning of
(IR) application controls.
31. internal audit Independent appraisal function to examine and evaluate activities within,
42. Management and as a
(ECRVP)
service to, an organization. assertions Existence or Occurrence; Completeness;
32. internal Self-imposed, but auditors represent the interests of the organization. Rights and Obligations;
auditor Valuation or Allocation; Presentation and
independence Disclosure.

33. internal 43. PC -

Perform a wide variety of activities including financial, Access
operational, Only authorized
compliance and personnel have assess to
auditors fraud audits. Controls firm'
s assets.
Auditors may work for the organization or task may be outsourced. Source documents, journals and ledgers
44. PC-

34. Internal Management required by law to establish and maintain Accounting that of
adequate system provide an audit trail.
internal
Control controls. records Information needed for day to day
operations and essential in the financial
35. Internal 1933 and 1934- SEC Acts
audit process.
Control 1976- Copyright Law
history 45. PC-
1977- Foreign Corrupt Practices (FCPA) requires companies registereda- Separate
with the SEC transaction
to: authorization from
Segregation processing.
a- Keep records that fairly and reasonably reflect firm's transactions and financial
position. of duties b- Separate asset custody from
recordkeeping.
b- Maintain a system of internal control that provides reasonable assurance that
organization objectives are met. c- No collusion between individuals with
1992- Committee of Sponsoring Organizations (COSO) incompatible responsibilities.
2002- Sarbanes-Oxley Act of (SOX) requires management
46. PC- of public companies to control for small
Compensating
implement adequate internal control system over their financial
Supervision reporting process.
organizations that cannot achieve adequate
36. Internal 1- Possibility of error segregation of duties.
Controls 2- Circumvention
Limitation 3- Management override
4- Changing conditions.
47. PC - Independent checks to identify errors and 57. who can initiate a-management who suspect employee
Verification misrepresentations in the accounting system. fraud audit fraud
Procedures Management can assess b-the board of directors who suspect
1- the performance of individuals executive fraud.
2- the integrity of the transaction processing
system
3- data correctness.
48. PDC Model Preventive controls
Detective controls
Corrective controls
49. Physical 1- Transaction authorization
controls 2- Segregation of duties
3- Supervision
4- Accounting records
5- Access controls
6- Verification procedures
50. Physical All processed transactions are valid.
Control-
Transaction
authorization
51. Preventive Passive techniques designed to reduce
controls frequency of undesirable events occurring.
More cost effective than detecting and
correcting problems after they occur.
52. Role of audit 1- Subcommittee of the board of directors
committee Usually three members who are outsiders.
2- SOX requires at least one member must be
a "financial expert".
3- Serves as independent "check and
balance" for the internal audit function.
4- SOX mandates that external auditors
report to the audit committee:
Committee hires and fires auditors and
resolve disputes.
53. SOX Section Managers must certify organization's internal
302 controls quarterly and annually.
External auditors must perform certain
procedures quarterly to identify any material
control modifications that may impact
financial reporting.
54. SOX Section Management of public companies to assess
404 the effectiveness of their internal controls in
an annual report.
55. Substantive Third phase focuses on financial data and a
testing phase detailed investigation of specific account
balances and transactions through
substantive tests.
Files may be extracted using Computer-
Assisted-Audit Tools and Techniques
(CAATTs) software.
56. tests of Determine if adequate controls are in place
controls and functioning.
phase