ACCT 323 CH 8 Learnsmart
A service organization's Type ______ report provides information on the suitability of the design of controls.
1
A service organization's Type ______ report provides information on the operating effectiveness of controls.
2
Internet transactions are secured through public-key encryption and ______ that verify the identities of individuals or servers.
Certificate Authorities
parity check
Data are processed and transmitted by the system in arrays of bits
data encryption
Data are stored and transmitted in code to make it difficult for unauthorized individuals to read the information
Private lines
Data are transmitted over secure telephone lines that are owned by the organization
application programmers
Design flowcharts of the computer programs required by the system, code the required programs, and test the programs
Identify substantive procedures that can be performed with audit software.
Examine the client's records for quality, completeness, and valid conditions Rearrange data and perform analyses Select random audit samples
True or false: The electronic processing of information has obscured, and in some cases, eliminated the audit trail.
False
Computer ______ is composed of physical elements, primarily a central processing unit (CPU).
Hardware
Message Acknowledgment Techniques
Helps ensure that the receiving device receives a complete message
telecommunications specialists
Maintain and enhance IT networks and network connections
Online transaction processing systems ______.
May post transactions in batches or real time
When performing a financial statement audit, the auditors' consideration of IT controls relate most directly to which of the following steps?
Obtain an understanding of the client Perform further audit procedures Assess the risks of material misstatement
data entry
Prepare and verify input data for processing
Identify characteristics of a decentralized processing system.
Processing is usually performed with commercial off-the-shelf packages Computers are operated by end users with little computer experience
Program and file library
Protect computer programs, master files and other records from loss, damage and unauthorized use
data control group
Review and tests all input procedures, monitors processing, reviews exception reports, and reviews and distributes all IT output
data control
Reviews and tests all input procedures, monitors processes and reviews IT logs
System programmers
Troubleshoot the operating system in use, implement new software releases
Identify the ways that auditors may access and analyze client records.
Use the auditors' generalized audit software on the client's IT-based system Obtain a copy of the client's records that may be analyzed on the auditors' computer Download the client's data to be analyzed on the auditors' computer
Appropriate physical controls for IT equipment include ______.
a fire-suppression system limited access proper personnel screening
Specialized hardware and software that allow different IT devices to connect with each other to share data, software, and other hardware resources is called ______.
a network
Auditing around the computer is ______.
acceptable when the system is relatively simple
Due to the increasing volume of digital information and the Internet, organizations should consider using information security standards such as ISO 27002 in evaluating their systems for proper ______.
access security
General control activities include activities to control ______.
access to programs and data the development of new programs changes to existing programs
A primary approach to assess control activities is to test the manual follow-up activities by inspecting the exception reports generated by the system and review the way in which the exceptions were handled.
application
A system in which like transactions are processed periodically as a group is called ______ processing.
batch
A log that consists of suggestions for changes in programs is called a(n) (__) (__) log
change request
in its simplest configuration, a (____/____) architecture logically separates the processing function from the input and output functions
client/server
An advantage to the use of (__) programs is that the auditor may test the client's program with both live and test data.
controlled
Processes and procedures that restrict and monitor input, processing, and output to provide reasonable assurance that organization objectives are being met are referred to as ______.
controls
The role of internal auditors in an IT environment include all of the following tasks except ______.
day-to-day maintenance of the controls
systems analyst
design the info systems based on the needs of various user depts
Virtualized client/server infrastructure ______.
dynamically allocate computer resources turn a single physical computer server into multiple virtual machines
A system that enables a company and its customers to use telecommunication link to exchange business data electronically over a private line of communication is known as ______.
electronic data interchange
One of the most common techniques to protect the privacy and integrity of digital information and ensure private secure communication is the use of
encryption
An environment in which a department is responsible for developing and running an IT system with minimal support from the central information systems department is known as ______ computing.
end user
Most manual follow-up activities consist of review and analysis of outputs that have been generated in the form of ______ reports.
exception
True or false: The integration of functions in an IT-based system diminishes the importance of internal controls.
false
Which of the following is NOT a common authentication technique used today?
firewalls
To test the reliability of the client's programs and perform many specific auditing functions, many CPA firms use (__) audit software.
generalized
The use of information technology
generally reduces the paper trail makes it easier to alter data affects the fundamental manner of transactions
A set of dummy records and files included in an IT system enabling test data to be processed simultaneously with live input is called ______.
integrated test facility
To test the effectiveness of general controls for development of new programs and systems, the auditors may ______.
interview personnel that developed the program inspect the documentation of the tests performed before the program was implemented
To develop new systems many firms use a multiphased, structured method called the systems development (___) (___) approach
life cycle
A test of the reasonableness of a field of data, using a predetermined upper and/or lower limit is called a ______ test.
limit
Client devices can communicate with servers over (___) area networks that generally operate within geographic areas of less than one mile or (___) area networks such as the Internet.
local, wide
To reduce data redundancy and inconsistent data it is best to ______.
maintain a database system
Cyber criminals may gain access to an organization's system and destroy the data using (__) or, demand money for releasing the system using (__)
malware, ransomware
General control activities include all of the following except ______.
manual checks of computer output
An application control activity that analyzes outputs generated in the form of exception reports is called a ______ activity.
manual follow-up
Specialized hardware and software that allow different IT devices to connect with each other to share data, software, and other hardware resources is called a(n)
network
Commercially available software created for a variety of users in the same industry is known as ______ software.
off-the-shelf
QuickBooks, a commercially available software is known as ______ software.
off-the-shelf
Analysis of exception reports may be especially effective for testing application control activities when ______ is used.
off-the-shelf software with no modifications
A(n) ______ system coordinates and controls hardware components.
operating
The two major types of software are the (___) system and (___) software.
operating, application
The computer operators should have access to ______.
operations manuals only
User control activities appraise the reliability of ______ from the information systems department by extensive review and testing.
output
The role of internal auditors in an IT environment include ______.
participation in the design of the IT-based system testing controls to ensure they are operating properly
The transformation of input into output is called
processing
A graphic representation of the major steps and logic of a computer program is called a(n) flowchart.
program
Application control activities may be classified as (__) control activities and (__) follow-up activities
programmed, manual
system software
programs that control and coordinate hardware components
To test general controls over program changes the auditors may ______.
review documentation of changes to the log of manager approvals
operating system
software that coordinates and controls hardware components
application software
software that performs a specific task
Requiring user involvement in the purchase, development, and testing of programs before they are implemented is an example of a(n) (__) (__) control.
system development
Auditors document their understanding of IT-based system controls by using ______.
systems flowcharts internal control questionnaires written narrative
In a computerized system ______.
the computer operator should not have detailed knowledge of the programs
As part of organizational controls, at least ______ information systems employees should be present whenever the IT facility is in use.
two
An information technology control activity that is performed to test the accuracy and completeness of IT reports is called a(n) (__) control activity
user
A comparison of data against a master file or table for accuracy is called a ______ test.
validity
In an IT-based system ______.
work normally divided among many employees may be performed electronically controls and written into the computer program
