MODH - Module H - Information Systems Auditing MODULE H...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
Module H - Information Systems Auditing MODULE H Information Systems Auditing LEARNING OBJECTIVES Review Checkpoints Exercises, Problems and Simulations 1. List and describe the general and application controls in a computerized information system. 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13 52, 53, 54, 55, 57, 58, 59, 60, 61, 62, 66 2. Explain the difference between auditing around the computer and auditing through the computer. 14, 15, 16 51, 65 3. List several techniques auditors can use to perform tests of controls in a computerized information system. 17, 18, 19, 20, 21 64 4. Describe the characteristics and control issues associated with end-user and other computing environments. 22, 23, 24, 25 63 5. Define and describe computer fraud and the controls that an entity can use to prevent it. 26, 27, 28, 29, 30 56 MODH-1
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Module H - Information Systems Auditing SOLUTIONS FOR REVIEW CHECKPOINTS H.1 Given its extensive use, auditors must consider clients’ computerized information systems technology. All auditors should have sufficient familiarity with computers, computerized information systems, and computer controls to be able to complete the audit of simple systems and to work with information system auditors. More importantly, auditors must assess the control risk (and the risk of material misstatement) regardless of the technology used for preparing the financial statements. In a computerized processing environment, auditors must study and test information technology general and application controls. H.2 COBIT (which stands for Control Objectives for Information and Related Technology) represents a set of best practices for information technology management that has achieved general acceptance as the internal control framework for information technology. COBIT’s basic principle is: To provide the information the enterprise requires to achieve its objectives, the enterprise needs to invest in and manage and control IT resources using a structured set of processes to provide the services that deliver the required enterprise information. H.3 The four domains of COBIT (along with a brief description of each) are: 1. Plan and Organize: Summarizes how information and technology can be used within an entity to best achieve its goals and objectives. 2. Acquire and Implement: Focuses on identifying the related IT requirements, acquiring the necessary technology, and implementing the technology within the entity’s business processes. 3. Delivery and Support: Focuses on the execution of applications within the IT system. 4. Monitor and Evaluate: Considers whether the IT system continues to meet the entity’s objectives. H.4 ITGC (information technology general controls) apply to all applications of a computerized information system, while ITAC (information technology application controls) apply to specific business activities within a computerized information system. Thus, ITGC operate at an overall entity level and ITAC operate at a transaction level. H.5
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 01/21/2010 for the course ACC 492 ACC 492 taught by Professor Benmathews during the Spring '09 term at University of Phoenix.

Page1 / 28

MODH - Module H - Information Systems Auditing MODULE H...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online