Computer Auditing and Information Technology Practice Flashcards

Flashcards defining key technical and procedural terminology for auditing in a computerized environment, including control types, system roles, and electronic trading risks.

Computer Environment

Any particular and unique combination of hardware, software and personnel.

Data Centre

A centrally located, physically protected area that houses technical equipment like servers, routers, and modems on which computer systems are run.

Integrated Software

Applications that work together, such as a credit sale automatically updating inventory records, the debtor ledger, and the general ledger.

Reliable Reporting in Computer Speak

The production of information by the information system which is valid, accurate and complete.

Internal Controls

The process designed, implemented and maintained by those charged with governance, management and other personnel to provide reasonable assurance about the achievement of an entity’s objectives regarding financial reporting reliability, operational efficiency, and legal compliance.

Five Components of Internal Control (ISA 315)

The control environment; the company’s risk assessment procedures; the information system; control activities; and monitoring of controls.

General Controls

Controls which establish an overall framework of computer activity and span across all applications, such as policies for staff competence and integrity.

Application Controls

Controls relevant to a specific task within a cycle of the accounting system, such as a procedure requiring a foreman to authorize overtime in the payroll cycle.

Systems Analysts

Personnel responsible for liaising with users to understand their needs and documenting functional specifications for new applications and enhancements.

Programmers

Personnel who write programme code based on specifications supplied by business analysts, document technical specifications, and debug programmes.

Database Administrators (DBA)

Personnel with specialized skills to develop, maintain, and manage the database/store of information.

Helpdesk Operators

Personnel who receive calls from users to log problems, resolve Easy-to-solve "First Tier" problems, and perform routine duties like checking backups.

Least Privilege Principle

An access control principle where employees are given access to only those aspects of the system necessary for the proper performance of their duties.

Fail Safe Principle

A principle requiring that if a control fails, whatever is being protected should remain safe, such as a system shutting down completely if logical access control software malfunctions.

Defence in Depth

A protection principle where security is not left to one control only, but rather to a combination of controls.

Logical Access Controls

Preventive measures designed to prevent unauthorized electronic access to data and programmes through a workstation or terminal.

Authentication

The process of verifying that the user of an identification is the owner of the ID, often achieved through passwords, biometric data, or dongles.

Multi-factor Authentication

A combination of unique techniques, such as a password used with a dongle or random number generator, used where strict access control is required.

Masterfile

A file used to store only standing information and balances, such as a debtor's name, address, credit balance, and amount owed.

Isolation of Responsibilities

A control activity achieved by making specific employees responsible for each function, enhanced in computerized systems by programming a log of who did what and when.

Batching

A technique to control activity on a group of transactions to ensure all were processed accurately and no invalid transactions were added.

Financial Totals

A batch control total calculated from fields holding monetary amounts.

Hash Totals

A batch control total derived from numeric fields, such as invoice numbers, that are meaningless except for control purposes.

Record Counts

A batch control total representing the total number of records or documents in a batch.

Real-time Processing

A system where transaction data is entered and the relevant masterfiles are updated immediately as each transaction occurs.

Check Digit

A redundant character added to an account or part number generated by manipulating other numerical characters to detect keying errors.

Audit Trails

Listings of transactions, summaries, and lists of tables or factors used in processing that provide a record of computer activity.

CAATs

Computer Assisted Audit Techniques; making use of a computer to assist in carrying out audit procedures.

Auditing Around the Computer

An approach that treats the computer system as a "black box" and relies on review and comparison of input and output documents only.

Auditing Through the Computer

An approach concerned with testing the computer system and the controls built into it, primarily using a "test of controls" approach.

Auditing With the Computer

An approach using the computer to assist in substantive testing and the production of electronic workpapers and financial statements.

Test Data

A CAAT requiring the auditor to create a set of correct and incorrect transactions to enter into the system to see if the programme controls detect the errors.

Integrated Test Facility (ITF)

A CAAT where an artificial (dummy) unit is created on the client's system to feed test transactions through for processing along with normal data.

Parallel Simulation

A CAAT involving running the client’s real data through a trusted system set up by the auditor and comparing results with the client's system.

Embedded Audit Facility

An audit module inserted into the client's application programme to identify specific transactions of interest or reperform validation controls in real-time.

LAN (Local Area Network)

A data communications system linking independent resources within a small geographic area, such as a building, usually via cable.

WAN (Wide Area Network)

A communications system similar to a LAN but extending over a wider geographic area, often requiring bridges, routers, and gateways.

VAN (Value Added Network)

Business entities that offer shared links to expensive transmission systems, functioning like a telephone exchange for electronic data.

VPN (Virtual Private Network)

A network that uses public telecommunication infrastructure to provide secure access to an organization's network by creating an encrypted "tunnel."

Distributed Processing

The decentralization of computer processing and storage among devices sharing a data communication network.

Database

A pool of interrelated data managed and stored to minimize duplication and provide for sharing of common data among different programmes and users.

EDI (Electronic Data Interchange)

The ability of a user to transact or trade electronically with other parties via links between their computer systems.

EFT (Electronic Funds Transfer)

The transfer of money from one account to another based on an electronic instruction.

Firewall

A combination of hardware and software that acts as an access control gateway between a company's network and an external network like the Internet.

Trojan Horse

Malicious code that performs an unexpected and unknown function, such as copying passwords as they are entered by users.

Logic or Time Bomb

Malicious code designed to set off an action when a specific condition or date occurs.

Phishing

The practice of sending authentic-looking emails to trick recipients into giving away confidential information like bank account numbers.

Pharming

The illegal practice of re-directing a website’s traffic to an alternate, bogus site to steal confidential information.