chapter 24

Created by

Linelyn Dolar

Cards (10)

auditor focuses upon all IT functions, particularly the controls over input, processing and output.
Auditing through
Major types of computer fraud
Salami technique
Trojan horse
Virus programs
Trapdoors
both a pervasive effect and an account-specific effect on the likelihood of material misstatements
Inherent and Control risk
Audit procedure applicable to evaluating the internal controls in IT systems:
Review of the system
Tests of compliance
Evaluation to determine the extent Of the substantive tests
Sources of programs are:
auditor written programs
auditee programs
utility programs
generalized computer audit programs
Audit procedures performed by generalized audit software
Testing client calculations
Making additional calculations
Extracting data from the client files
Examining records which meet criteria specified by the auditor
Selecting audit samples
Comparing data that exist on separate files
Summarizing data
Comparing data obtained through other audit procedures with client records
Identify weaknesses in internal control
Prepare flowcharts of client transaction cycles and of client programs
Prepare graphic displays of data for easier analysis
Correspondence (engagement letters, representation letters, attorney's letters)
Three concurrent techniques
Integrated test facilities
Snapshots
System control audit review files (SCARF)
This uses audit software embedded in the client's system, called an embedded audit module, to gather information at predetermined points in a system
System control audit review file
Seven steps in the use of audit workstation
determine data needed
write extract routine
run extract programs
download extracted file
perform analysis
prepare report
workpapers
involves lagging or specifically marking or highlighting certain transactions by the auditor at the time of their input
Tagging and tracing transactions