Exam 12: The Impact of Information Technology on the Audit Process

Parallel simulation is used primarily to test internal controls over the client's IT systems, whereas the test data approach is used primarily for substantive testing.

Which of the following is not an example of an applications control?

General controls include all of the following except:

Auditors often use Generalized Audit Software during their testing of a client's internal controls. For the following uses of the software provide a description and an example. Verify extensions and footings Print confirmation requests Compare data on separate files

General controls in smaller companies are usually less effective than in more complex IT environments.

What are three specific risks to IT systems?

IT has several significant effects on an organization. Which of the following would not be important from an auditing perspective?

Match eight of the terms (a-n) with the definitions provided below (1-8): a. Application controls b. Auditing around the computer c. Auditing through the computer d. Error listing e. General controls f. Generalized audit software g. Hardware controls h. Input controls i. Output controls j. Parallel simulation k. Parallel testing l. Pilot testing m. Processing controls n. Test data approach ________ 1. The new and old systems operate simultaneously in all locations. ________ 2. Controls that relate to all parts of the IT system. ________ 3. Involves the use of a computer program written by the auditor that replicates some part of a client's application system. ________ 4. A method of auditing IT systems which uses data created by the auditor to determine whether the client's computer program can correctly process valid and invalid transactions. ________ 5. Controls such as review of data for reasonableness, designed to assure that data generated by the computer is valid, accurate, complete, and distributed only to authorized people. ________ 6. Controls that apply to processing of transactions. ________ 7. A new system is implemented in one part of the organization while other locations continue to rely on the old system. ________ 8. Controls such as proper authorization of documents, check digits, and adequate documentation, designed to assure that the information to be processed by the computer is authorized, complete, and accurate.

The effectiveness of automated controls depends solely on the competence of the personnel performing the controls.

Old and new systems operating simultaneously in all locations is a test approach known as:

An auditor's flowchart of the client's IT system is a graphical representation that depicts the auditor's:

Which of the following is not an enhancement to internal control that will occur as a consequence of increased reliance on IT?

Output controls focus on preventing errors during processing.

What are the two software testing strategies that companies typically use? Which strategy is more expensive?

Auditors should evaluate which of the following before evaluating application controls because of the potential for pervasive effects.

Which of the following statements related to application controls is correct?

When the auditor is obtaining an understanding of a service center's internal controls the auditor should:

The auditor's objective in determining whether the client's automated controls can correctly handle valid and invalid transactions as they arise is accomplished through the:

What do auditing standards require when a company outsources some of their IT requirements to an Application Service Provider?

Tests of controls are normally performed only if the auditor believes the client's internal control may be effective.