ACCT 323 CH 8 Learnsmart

Ace your homework & exams now with Quizwiz!

A service organization's Type ______ report provides information on the suitability of the design of controls.

1

A service organization's Type ______ report provides information on the operating effectiveness of controls.

2

Internet transactions are secured through public-key encryption and ______ that verify the identities of individuals or servers.

Certificate Authorities

parity check

Data are processed and transmitted by the system in arrays of bits

data encryption

Data are stored and transmitted in code to make it difficult for unauthorized individuals to read the information

Private lines

Data are transmitted over secure telephone lines that are owned by the organization

application programmers

Design flowcharts of the computer programs required by the system, code the required programs, and test the programs

Identify substantive procedures that can be performed with audit software.

Examine the client's records for quality, completeness, and valid conditions Rearrange data and perform analyses Select random audit samples

True or false: The electronic processing of information has obscured, and in some cases, eliminated the audit trail.

False

Computer ______ is composed of physical elements, primarily a central processing unit (CPU).

Hardware

Message Acknowledgment Techniques

Helps ensure that the receiving device receives a complete message

telecommunications specialists

Maintain and enhance IT networks and network connections

Online transaction processing systems ______.

May post transactions in batches or real time

When performing a financial statement audit, the auditors' consideration of IT controls relate most directly to which of the following steps?

Obtain an understanding of the client Perform further audit procedures Assess the risks of material misstatement

data entry

Prepare and verify input data for processing

Identify characteristics of a decentralized processing system.

Processing is usually performed with commercial off-the-shelf packages Computers are operated by end users with little computer experience

Program and file library

Protect computer programs, master files and other records from loss, damage and unauthorized use

data control group

Review and tests all input procedures, monitors processing, reviews exception reports, and reviews and distributes all IT output

data control

Reviews and tests all input procedures, monitors processes and reviews IT logs

System programmers

Troubleshoot the operating system in use, implement new software releases

Identify the ways that auditors may access and analyze client records.

Use the auditors' generalized audit software on the client's IT-based system Obtain a copy of the client's records that may be analyzed on the auditors' computer Download the client's data to be analyzed on the auditors' computer

Appropriate physical controls for IT equipment include ______.

a fire-suppression system limited access proper personnel screening

Specialized hardware and software that allow different IT devices to connect with each other to share data, software, and other hardware resources is called ______.

a network

Auditing around the computer is ______.

acceptable when the system is relatively simple

Due to the increasing volume of digital information and the Internet, organizations should consider using information security standards such as ISO 27002 in evaluating their systems for proper ______.

access security

General control activities include activities to control ______.

access to programs and data the development of new programs changes to existing programs

A primary approach to assess control activities is to test the manual follow-up activities by inspecting the exception reports generated by the system and review the way in which the exceptions were handled.

application

A system in which like transactions are processed periodically as a group is called ______ processing.

batch

A log that consists of suggestions for changes in programs is called a(n) (__) (__) log

change request

in its simplest configuration, a (____/____) architecture logically separates the processing function from the input and output functions

client/server

An advantage to the use of (__) programs is that the auditor may test the client's program with both live and test data.

controlled

Processes and procedures that restrict and monitor input, processing, and output to provide reasonable assurance that organization objectives are being met are referred to as ______.

controls

The role of internal auditors in an IT environment include all of the following tasks except ______.

day-to-day maintenance of the controls

systems analyst

design the info systems based on the needs of various user depts

Virtualized client/server infrastructure ______.

dynamically allocate computer resources turn a single physical computer server into multiple virtual machines

A system that enables a company and its customers to use telecommunication link to exchange business data electronically over a private line of communication is known as ______.

electronic data interchange

One of the most common techniques to protect the privacy and integrity of digital information and ensure private secure communication is the use of

encryption

An environment in which a department is responsible for developing and running an IT system with minimal support from the central information systems department is known as ______ computing.

end user

Most manual follow-up activities consist of review and analysis of outputs that have been generated in the form of ______ reports.

exception

True or false: The integration of functions in an IT-based system diminishes the importance of internal controls.

false

Which of the following is NOT a common authentication technique used today?

firewalls

To test the reliability of the client's programs and perform many specific auditing functions, many CPA firms use (__) audit software.

generalized

The use of information technology

generally reduces the paper trail makes it easier to alter data affects the fundamental manner of transactions

A set of dummy records and files included in an IT system enabling test data to be processed simultaneously with live input is called ______.

integrated test facility

To test the effectiveness of general controls for development of new programs and systems, the auditors may ______.

interview personnel that developed the program inspect the documentation of the tests performed before the program was implemented

To develop new systems many firms use a multiphased, structured method called the systems development (___) (___) approach

life cycle

A test of the reasonableness of a field of data, using a predetermined upper and/or lower limit is called a ______ test.

limit

Client devices can communicate with servers over (___) area networks that generally operate within geographic areas of less than one mile or (___) area networks such as the Internet.

local, wide

To reduce data redundancy and inconsistent data it is best to ______.

maintain a database system

Cyber criminals may gain access to an organization's system and destroy the data using (__) or, demand money for releasing the system using (__)

malware, ransomware

General control activities include all of the following except ______.

manual checks of computer output

An application control activity that analyzes outputs generated in the form of exception reports is called a ______ activity.

manual follow-up

Specialized hardware and software that allow different IT devices to connect with each other to share data, software, and other hardware resources is called a(n)

network

Commercially available software created for a variety of users in the same industry is known as ______ software.

off-the-shelf

QuickBooks, a commercially available software is known as ______ software.

off-the-shelf

Analysis of exception reports may be especially effective for testing application control activities when ______ is used.

off-the-shelf software with no modifications

A(n) ______ system coordinates and controls hardware components.

operating

The two major types of software are the (___) system and (___) software.

operating, application

The computer operators should have access to ______.

operations manuals only

User control activities appraise the reliability of ______ from the information systems department by extensive review and testing.

output

The role of internal auditors in an IT environment include ______.

participation in the design of the IT-based system testing controls to ensure they are operating properly

The transformation of input into output is called

processing

A graphic representation of the major steps and logic of a computer program is called a(n) flowchart.

program

Application control activities may be classified as (__) control activities and (__) follow-up activities

programmed, manual

system software

programs that control and coordinate hardware components

To test general controls over program changes the auditors may ______.

review documentation of changes to the log of manager approvals

operating system

software that coordinates and controls hardware components

application software

software that performs a specific task

Requiring user involvement in the purchase, development, and testing of programs before they are implemented is an example of a(n) (__) (__) control.

system development

Auditors document their understanding of IT-based system controls by using ______.

systems flowcharts internal control questionnaires written narrative

In a computerized system ______.

the computer operator should not have detailed knowledge of the programs

As part of organizational controls, at least ______ information systems employees should be present whenever the IT facility is in use.

two

An information technology control activity that is performed to test the accuracy and completeness of IT reports is called a(n) (__) control activity

user

A comparison of data against a master file or table for accuracy is called a ______ test.

validity

In an IT-based system ______.

work normally divided among many employees may be performed electronically controls and written into the computer program


Related study sets

Chapter 44-Nursing Care of the Child With an Alteration in Mobility/Neuromuscular or Musculoskeletal Disorder

View Set

Exam 1 - Advanced Health Assessment

View Set

Marketing Test 1 Questions 13-24

View Set