403 Chapter 8


Terms in this set (...)

Local Area Network
A network that interconnects computers in a limited area such as schools, computer laboratories, and office buildings.
Example of Local Area Network
Connecting computers and printers within a building
End user computing
makes the user department responsible for the execution and development of certain IT applications. It includes decentralized processing system, in which the user department both uses and generates its own information
Distributed data processing network
An arrangement of communication links to share programs and centralized data among various users. Connected through wireless links
System Software
Controls and manages computer hardware, such as debuggers, drivers, compliers and performs in background
Application Software
Designed to perform a specific task, such as media player, spreadsheets, its used performing many activities
User control activities
activities that are performed by a user to test the completeness and accuracy of computer processed transactions and to ensure that the programming aspect of an accounting system has operated efficiently
Manual application control activities
activities which involve review and analysis of outputs that have been generated in the form of exceptions reports
Internal file labels
identifiers which provide a name for data recorded in a storage medium. They are machine readable and placed at beginning and end of disk file or tape.
External file labels
both the operator readable and machine readable identification characters that are used by the tape library vision system. Placed on outside of disk pack or tape to identify contents
Why are internal and external file labels used?
They are designed to prevent the operator from processing the wrong files.
General control activities
controls that apply to all IT applications, application control activities and user control activities relating to a specific application
Example of general control activities are
developing and customizing systems and programs, changing existing programs and systems, and access to programs and data and IT operations
Application control activities
applicable to the processing of individual applications such as updating of general ledger accounts.
Examples of application control activities
use of IT records, process and report transactions and other financial data.
Separation of duties in a manual system...
Duties are separated to ensure independent records are reconciled and maintained
Separation of duties in a information systems...
many records are reconciled and maintained by a computer system
Online real time system
a system in which input devices are in direct contact with the computer system and all relevant files are automatically updated in real time
records that describe the structure, purpose, maintenance, operation and required data for a computer program, hardware device or operating system.
System documentation
defines the procedures for data entry, reviewing output and reprocessing incorrect data.
Auditors use the client's documents for the following purposes?
Understanding internal controls, proper planning of audit procedures, documentation for background necessary for building test data, ensuring proper checks and balances
Segregation of duties
No one person should initiate transactions, approve transactions, record transactions, reconcile balances, handle assets and review reports
Importance of segregation of duties..
essential for internal control; mitigates the risk of both inappropriate and erroneous actions.
Data control group in an information systems department responsibilities
refers to day to day operation control such as preparation of batch control totals, review of computer activity logs, errors of reprocessing and distributing outputs
data control group of the internal auditors responsibilities
usually don't preform day to day operation control activities rather they test and evaluate the existing control and make recommendation for improvement.
Record counts
refers to the total of transactions and documents processed; is often compared with the total determined before processing the transactions and documents
Purpose of record counts
serves as a control and compares the predetermined totals of transaction with the computer developed total to find or detect omission or loss of records during processing.
Limit test
refers to the test of reasonableness of a field of data, considering a predetermined upper and lower limit. It compares the output of computer processing with a minimum and maximum level of output determined before processing
Validity test
refers to the comparison of data against a master file or a table of accuracy
Hash total
refers to an arbitrary total that doesn't have any value or meaning outside our intended use in which it was created. refer to the sums of data that can't be added such as unit prices, invoice numbers.
System flowcharts
are techniques for documenting internal controls in audit working papers; overall graphic presentation that shows the flow of documents and operation in data processing application
Program flowchart
graphic representation of the major steps and logic of a computer program
Data Transmission controls
help in preventing unauthorized access or change in information at the time of transmission
Types of data transmission controls
1. Parity check - ensures data processing and transmission with the use of numeric and alphabetic characters to verify the integrity of in the information while processing and transmission

2. Data encryption - refers to coding of data to make it difficult for unauthorized access to read the information

3. Message acknowledge - techniques may be used to ensure that the receiving device receives the complete message ex; echo check

4. private lines - are telephone lines that are owned by the organization to transmit data as a secure medium
Controls that should be established over the operation of a work station to prevent use by unauthorized personnel
1. Maintain a log of computer activities for management review

2. ensuring require authorization code to be entered to get access to menus that control specific files and programs

3. use of microcomputer after working hours should be restricted through locking away critical program
involves the use of electronic devices such as telegraph, telephone, radio, microwave communication - to ensure proper transmission
Distributed data processing system
is a system that utilizes communication links to share data and programs among various users in remote locations throughout an organization.
Electronic data interchange
is used as a technical representation of a business conversation between two organizations; refers to a structured transmission of business data among organization through electronic means
How does EDI affect a company's audit trail?
It replaces business documents from hard copy to standard electronic format, for example, a hard copy of bills of lading, checks, purchase orders
Is it probable that the use of IT will eventually eliminate the audit trial, making it impossible to trace individual transactions from their origin to the summary totals in the financial statements?
It is not expected to ever happen in a system used by a business entity. Valid business reasons should exist for the inclusion of an audit trial even in the most sophisticated IT systems. Gov't require you maintain an audit trial and their are management audit trials.
Do auditors usually begin their consideration of internal control over IT activities with a review of general or application control activities?
They review general control activities, as application control cannot be considered effective in the absence of general control activities.
Tagging and tracing
is concerned with the examination of computer generated steps of details while processing "tagged transactions"
What is the purpose of tagging and tracing?
Input transactions with an indicator before processing using the tagging and tracing techniques
Characteristics of a satisfactory plan of organization for an information systems department?
1. the information systems manager supervises the operation and reports to vp
2. there should be an organizational and physical separation of the computer processing unit within the data processing unit
3. the data control group that reviews the information systems department should be separate
Batch processing
data are collected and processed periodically in a sequence as one lot ex. a whole days sales
online real time processing
transactions are processed immediately and updated instantly ex atm
How do user operated computer differ from large computers?
user operated computers are termed as microcomputers which are less flexible and easy to operate. microcomputers are smaller, slower in processing data and have smaller storage capacity
when are the auditors concerned with internal control over the use of user operated computers?
whenever the client uses it for processing and accessing financial data
Generalized audit software
used to test the reliability of the client's programs as well as to perform many specific audit functions - it helps in examining the overall quality of client's records, rearranging data and performing analysis, selecting audit samples, and comparing data on separate files
Advantages of ITF (integrated test facility)
it allows continuous testing of the system, dummy files facilitate test data to processed simulations with live input, it may be built into both batch and online real time it systems, auditors monitor all output related to dummy department
disadvantages of itf
someone may manipulate the real data files by transferring data from dummy files, real files can be contaminated with fictitious data
What controls should the company maintain to ensure the accuracy of processing done by a service center?
the service center processes the company's files and records, after which it becomes crucial for the company to establish controls to test the accuracy of the service center. They should also test the computation perfumed at service center
how do auditors assess internal control over applications processed for an audit client by a service center?
auditors of a client should visit the service center to get an understanding of the center's internal control when information required is not available in the service auditor's report
what is a service auditor's report on the processing of transactions by a service organization
the service center usually engaged their auditors to review their controls and submit the report to users or users auditors. these reports are called service auditors reports
what two types of reports are provided by service auditors
report on controls placed in operation, test of operating effectiveness
how do user auditors use each type of report
a report on controls placed in operation and test of operating effectiveness provides a basis for the users' auditors to mitigate their assessments of control risk.