AIS Chapter 14_3

A major advantage of _____ is that they are understandable to auditors, users, and computer personnel and thus facilitate communication between these different parties

Flowcharting

RACI non first columns identify _____ that receive assignment

Functions

_______ can review transactions/output files

GAS

An auditor uses _____ to search computer files for unusual items

Generalized Audit Software (GAS)

___ has evolved with computer system development

IS Auditing

_____ is when an application program performs an embedded audit routine function such as data collection at the same time as it processes data for normal purposes

In-line code

______ can help ensure that program application control statements that appear in the source language listing of a program actually execute when the program runs

Mapping

In the COBIT's Maturity Model, ______ level is when errors are likely because there is a high degree of reliance on the knowledge of individuals

Repeatable but Intuitive

In the COBIT's Maturity Model, ______ level is when processes have developed to the stage where similar procedures are followed by different people undertaking the same task but there is no (1) formal training or (2) communication of standard procedures

Repeatable but Intuitive

____ is when an auditor desk checks the processing logic of a payroll program

Review of system documentation

In an Audit Program, the list of procedures shout be based on _____

Risk

____ is the use of in-line code to randomly select transactions for later audit analysis

Sample Audit Review File

What decisions are made in the first phase (Initial Review and Audit Plan Preparation)?

(1) Identify specific areas to investigate (based on risk) (2) Staffing the audit project team (3) Identification of useful project technology (4) Budget development (time and cost) (5) Creation of audit program (list of procedures-should be risk based)

What 4 things can an organization determine from the COBIT Maturity Model?

(1) Organization's current status - wHERE IT IS TODAY (2) "Best-in-class" of industry - The bench mark (3) International Standard - Additional Standard (4) Organization's strategy for improvement - Where it wants to be

What are the COBIT Domains listed in the Upper Right corner of the navigation diagram?

(1) Plan and Organize (2) Acquire and Implement (3) Deliver and Support (4) Monitor

ACL Functions:

(1) Recalculate account balances for verification (2)Analyze accounts receivable (3) Identify trends and exceptions

System Development Audits focuses on processed us by _____ (2)

-Analyst -Programmers

What are IT resources listed in the Lower Right corner of the navigation diagram?(4)

-Applications -Information -Infrastructure -People

What are 5 types of RACI chart Roles?

-CEO -CFO -CIO -Executives -Process Owners

_____ to _____ go together because increase maturity and capability is synonymous with increased risked management an efficiency

-COBIT Maturity Model -IT Management Process

What are 4 types of RACI Chart Functions?

-Compliance -Audit -Risk -Security

Using IT in Audit Benefits: (8)

-Computer-generated working papers -Project information generated more easily -Eliminate manual routines and calculations -Analytical review calculations improved -Standard audit correspondence easily modified -Morale and productivity improved -Increased cost effectiveness -Increased independence from IS personnel

Compliance Testing is testing to:

-Confirm the existence of internal controls -Assess the effectiveness of internal controls -Check the continuity of operation of internal controls

____ and ____ of activities are shown in a RACI chart

-Documentation -Assignment

What is the Information Criteria listed in the Upper left corner of the navigation diagram?

-Effectiveness -Efficiency -Confidentiality -Integrity -Availability -Compliance -Reliability

The second phase of the IS Audit General Approach (Detailed Review and Control Evaluation) focuses on ____(3)

-Fact Finding -Documentation Review -Operational Data Capture

Auditing through the computer verifies ____ and ____

-General Controls -Application Controls

____ and ____ can only be used if they already exist in the application

-ITF -Embedded Audit Modules

Tracing is useful in verifying _____ within an _____ program

-Internal Controls -Application

(1) COBIT Maturity Model and (2) IT Management Process go together because increased ______ and ____ is synonymous with increased ____ and _____

-Maturity and capability -Risk Management and efficiency

ACL asses files in their ___ format without any need to _____

-Native -Convert

The 3rd phase of the IS Audit General Approach (Compliance Testing and Analysis of Results) captures evidence to evaluate whether controls ________ and _____

-Operate as documented -Are efficient and effective

Test Data: (1) Test when? (2)Test data may become ____ (3) All conditions may not be ____ (4) Need to ensure ____

-Point-in-time -Obsolete -Covered -Regular program is sued

Test Data is when an auditor _____. (3)

-Prepares input ( valid and invalid) -Processes transactions -Test output with expected results

Auditing Around the Computer ignores _____ and focuses on whether _____

-Processing -Outputs are expected based on inputs

Integrated Test Facility processes test data with _____ transactions against _____

-REAL -Live master files

What are the 4 phases of Program Change Control in the System Development Process?

-Request -Approval -Testing -Migration to production

What is the primary audit technique in System Development Process Audits?

-Review and testing of related documentation

PCA0B encourages a ______ approach to testing effectiveness of internal controls within the scope of _______

-Risk-based -External audit

In parallel simulation, _____ and ____ are compared for control purposes

-Simulated output -Regular output

______ and ___ are similar auditing technologies

-Snapshotting -Extended Record

What are IT Governance focus areas listed in the Lower left corner of the navigation diagram? (5)

-Strategic Alignment -Performance Measurement -Value Delivery -Risk Management -Resource Management

What are the 3 types of Process audits?

-System Development Process -Computer Service Center Audits -Service Oriented Architecture (SOA)

What 3 areas do System Development Process Audits focus on?

-Systems Development Standards -Project Management -Program Change Control

______ (3) can test processing controls

-Test date -ITF -Parallel Simulation

Parallel Simulation Section of Interest:

-Update work-inprocess (WIP) records

Auditing with the computer includes _____ in the auditing process

-Usage of IT

Parallel Simulation permits _______ and is appropriate where transactions are sufficiently important to require a ______ audit

-Validation -100%

___ is PC Audit software that allows the field auditor to connect a PC to a client;s accounting system and then extract and analyze data

ACL

______ COBIT Domain focuses on acquiring, implementing, and maintaing IT resources

Acquire and Implement

______ COBIT Domain focuses on the company's overall strategies for identifying IT requirements

Acquire and Implement

______ are listed in the first column of a RACI chart

Activities

______ audit involves reviewing controls in each of these areas

Application

_____ are limits or reasonableness tests

Audit Hooks (rules)

The outcome/ product of the initial review phase of an information systems audit is ____

Audit Program

____ is a detailed list of the audit process to be applied on a particular audit

Audit Program

___ is when an auditor uses a computer program to extract data records from a master file

Audit Software

______ is what the process owner needs from other processes

Process Inputs

______ is used to evaluate the maturity of an organizations IT Governance processes

COBIT Maturity Model

_____ is testing to confirm the existence, assess the effectiveness, and check the continuity of operation of internal controls

Compliance Testing

_____ audits ensure the general integrity of the environment in which the application will function

Computer Service Center

_____ audits occur before any application audits

Computer Service Center

____ is when an auditor prepares an analytic flowchart to review controls in the payroll application system

Control flowcharting

In the COBIT's Maturity Model, ______ level is when procedures are the formalization of existing practices (not sophisticated)

Defined Process

In the COBIT's Maturity Model, ______ level is when procedures have been standardized, documented, and communicated through gaining and mandated that theses processes be followed but unlikely to detect deviations

Defined Process

______ COBIT Domain focuses on the processes involved in delivering, supporting, training, and security relating to IT applications

Deliver and Support

_____ is when the auditor manually processes test or real data through the logic of a computer program

Desk Checked

The essence of a formal systems development process is ____

Documentation

______ can select transactions for an audit

Embedded Audit Model

____ are when data items that are exceptions to auditor specified edit tests included in a program are written to a special audit file

Embedded Audit Routines

_____ is special auditing routines included in regular computer programs so that TRANSACTION data can be subjected to audit analysis

Embedded Audit Routines

____ is when a payroll program is modified to collect data pertaining to overtime pay

Extended recrod

_____ are what the process owner has to deliver

Process Outputs

In the COBIT's Maturity Model, ______ level is when the overall approach to management is disorganized

Initial/AD Hoc

In the COBIT's Maturity Model, ______ level is when there is evidence that the enterprise has recognized that issues exist and need to be addressed but there is no standardized process. Only approaches applied individually or on a base-by-case basis

Initial/Ad Hoc

____ is when payroll transactions for fictitious employees are processed concurrently with valid payroll transactions

Integrated Test Facility (ITF)

In a COBIT Navigation Diagram, _____ corner is a pentangle figure of IT Governance focus areas that is listed as primary or secondary

Lower-left

In a COBIT Navigation Diagram, _____ corner is a 3-D bar chart of IT resources

Lower-right

In the COBIT's Maturity Model, ______ level is when automation and tools are used in a limited or fragmented way

Managed and Measurable

In the COBIT's Maturity Model, ______ level is when management monitors and measures compliance with procedure and takes action where processes appear not to be working effectively

Managed and Measurable

In the COBIT's Maturity Model, ______ level is when processes are under constant improvement and provide good practice

Managed and Measurable

_____ is the execution of a program with test data as input is mapped to indicate how extensively the input tested individual program statements

Mapping

____ COBIT Domain the assessing process includes internal and external auditing

Monitor and Evaluate

______ COBIT Domain deals with the company's strategies for assessing how effectively IT helps satisfy the company's objectives

Monitor and Evaluate

____ provides a description of the process, together with key goals and metics in the form of a "waterfall" diagram

Navigation Diagram

In the COBIT's Maturity Model, ______ level is when there is complete lack of any recognizable process

Nonexistenet

In the COBIT's Maturity Model, ______ level is when the enterprise has not even recognized that there is an issue to be addressed

Nonexistent

In the COBIT's Maturity Model, ______ level is when IT is used in an integrated way to automate the workflow

Optimized

In the COBIT's Maturity Model, ______ level is when IT is used in an integrated way to automate the workflow, providing tools to improve quality and effectiveness, making the enterprise quick to adapt

Optimized

In the COBIT's Maturity Model, ______ level is when an enterprise is quick to adapt

Optimized

In the COBIT's Maturity Model, ______ level is when processes have been refined to a level of good practice, based on the results of continuous improvement and maturity modeling with other enterprises

Optimized

____ are measurable indicators of the process that achieves the foals of an IT process

Outcome measures

_____ are targets to be achieved

Outcome measures

______ are representations of the goals of an IT process

Outcome measures

_____ is used to maintain audit working papers and audit schedules

PC software (PC spreadsheet package)

___ is the redundant processing of all input data by a separate program

Parallel Simulation

____ is when depreciation calculations are verified by processing the fixed-asset master file with an audit program

Parallel Simulation

___ wil show whether a tool will likely be reached or not

Performance Indicators

_____ are measures that indicated that a process is achieving its business requirements by monitoring the performance of the enables of the process

Performance Indicators

___ are process oriented and express how all resources are utilized

Performance indicators

______are lead indicators of whether a goal will likely be reached or not

Performance indicators

______ COBIT Domain deals with how the company as a whole uses its IT infrastructure to achieve its goals and objectives

Plan and Organize

____ is when a payroll program is modified to output data pertaining to overtime pay

Snap shot

___ is a common debugging technique

Snapshotting

Although ______ can ensure that certain program steps have been executed, they do not ensure that execution was performed in the proper sequence.

Software measurement packages (MAPPING DOES)

ITF: (1) Test data is identified by _____ (2) Testdata/Fictitious transactions must be excluded from ____

Special Codes; Output reports

______ direct verification of balances contained in financial statements

Substantive testing

_______ is auditor determined programmed edit tests for audit transaction analysis are included in a program as it is initially developed

System Control Audit Review File (Scarf)

______ controls directly affect the reliability of the application programs that are developed

System Development Process

The nature of an application audit will be influenced by the amount of audit involvement in the ____

Systems Development Process

____ is when payroll transactions with both valid and invalid employee identification umbers

Test data

_____ is when a payroll program is followed to determine if certain edit tests are performed in the correct order

Tracing

What is listed in each corner of the COBIT Navigation Diagram?

UL: Information Criteria UR: COBIT Domains LL: IT Governance Focus Areas LR: IT Resources

In a COBIT Navigation Diagram, _____ corner is a 3-D bar chart of INFORMATION CRITERIA that is listed as Primary or Secondary

Upper-Left

In a COBIT Navigation Diagram, _____ corner identifies the four COBIT domains in button-like graphics with the relevant domain with an enlarged button

Upper-Right

______ is the verification of entries in the books of account by examination of documentary evidence (invoices, debit/credit notes, statements, receipts)

Vouching

Audits of the systems development process are more common to ______

large organizations