Term
|
Definition
| The systematic process of obtaining and evaluating evidence regarding assertions about economic actions and events in order to determine how well they correspond with established criteria |
|
|
Term
|
Definition
Examines the reliability and integrity of:
Financial transactions, accounting records, and financial statements. |
|
|
Term
| internal information system |
|
Definition
Reviews the controls of an AIS to assess compliance with:
Internal control policies and procedures and effectiveness in safeguarding assets |
|
|
Term
| internal operational audit |
|
Definition
| Economical and efficient use of resources and the accomplishment of established goals and objectives |
|
|
Term
| internal compliance audit |
|
Definition
Determines whether entities are complying with:
Applicable laws, regulations, policies, and procedures |
|
|
Term
| internal investigative audit |
|
Definition
| Incidents of possible fraud, misappropriation of assets, waste and abuse, or improper governmental activities. |
|
|
Term
|
Definition
| Planning, Collecting Evidence, Evaluating, and communicating Audit Results |
|
|
Term
| 3 types of risk in an audit |
|
Definition
| inherent(without controls), control(risk a misstatement will not be caught by internal controls), and detection risk (misstatement will not be caught by auditors) |
|
|
Term
|
Definition
| auditor seeks that no material error exists in the information or process audited |
|
|
Term
| How to communicate audit conclusion? |
|
Definition
| written report to mgmt, audit committee, board of directors |
|
|
Term
| 4 Steps for risk-based audit |
|
Definition
1. determine threats
2. identify control procedures (prevent, detect, or correct)
3. evaluate control procedures
4. evaluate control weaknesses |
|
|
Term
| Purpose of an information systems audit? |
|
Definition
| review and evaluate the internal controls that protect the system |
|
|
Term
| Objectives of information systems audit |
|
Definition
Overall information security
Program development and acquisition
Program modification
Computer processing
Source files
Data files |
|
|
Term
| 4 types of information systems threats |
|
Definition
Accidental or intentional damage to system assets
Unauthorized access, disclosure, or modification of data and programs
Theft
Interruption of crucial business activities |
|
|
Term
| Program Development and Acquisition |
|
Definition
Inadvertent programming errors due to misunderstanding system specifications or careless programming
Unauthorized instructions deliberately inserted into the programs
Controls:
Management and user authorization and approval, thorough testing, and proper documentation |
|
|
Term
|
Definition
| Source Code Comparison, Reprocessing, Parallel Simulation |
|
|
Term
|
Definition
systems fail to detect:
Erroneous input
Improper correction of input errors
Process erroneous input
Improperly distribute or disclose output |
|
|
Term
| Two disadvantages of processing test data |
|
Definition
| auditor must spend considerable time understanding the system and preparing the test transactions and auditor must ensure test data does not affect company files and database |
|
|
Term
| Concurrent Audit Techniques (Computer Processing) |
|
Definition
continually monitor the system and collect audit evidence while live data are processed
Use embedded audit modules (program code segments that perform audit functions, report test results, and store evidence collected for auditor review) |
|
|
Term
| Integrated Test Facility (type of concurrent audit) |
|
Definition
| inserts fictitious inputs, company employees unaware of testing, tests while system is live and allow auditor to compare processed data with expected results to verify controls |
|
|
Term
| Snapshot Technique (type of concurrent audit) |
|
Definition
| master files before and after update are stored for specially marked transactions |
|
|
Term
| System Control Audit Review File (SCARF) (type of concurrent audit) |
|
Definition
| concurrent audit technique that monitors all transactions and collects data on those that meet certain characteristics specified by the auditor |
|
|
Term
| Audit Hooksn(type of concurrent audit) |
|
Definition
| notify auditors of questionable transactions |
|
|
Term
| Continuous and Intermittent Simulation (type of concurrent audit) |
|
Definition
| embeds an audit module in DBMS that examines all transactions that update the database similar to SCARF, if transaction has special audit significance stored in CIS module and independently processes data and compares to DBMS |
|
|
Term
| Source Data and Data Files concern what? |
|
Definition
| accuracy, integrity, and security of data |
|
|
Term
| Computer-assisted audit techniques (CAATS) |
|
Definition
| refer to audit oft ware often called generalized audit software that uses auditor-supplied specifications to generate a program that performs audit functions that simplify the process |
|
|
Term
| Characteristics of Auditing |
|
Definition
| systematic process, involves collection and review of evidence, and involves use of established criteria |
|
|
Term
| why should internal auditor participate in internal control reviews during the design of new systems? |
|
Definition
| more economical, minimizes need for expensive modifications after system is implemented, and permits design of audit trails |
|
|
Term
| Definition of risk based approach |
|
Definition
| four-step approach to internal control evaluation that provides a logical framework for carrying out an audit |
|
|
Term
| Procedures to detect unauthorized program changes? |
|
Definition
| source code comparison, parallel simulation, reprocessing |
|
|
Term
|
Definition
| computer technique that assists an auditor in understanding program logic by identifying all occurrences of specific variables |
|
|
Term
| What is the focus of an operational audit? |
|
Definition
| all aspects of information systems management |
|
|
