Auditing and Internal Control
What is the purpose of an IT audit?
Response: The purpose of an IT audit is to provide an independent assessment of some technology- or systems-related object, such as proper IT implementation, or controls over computer resources. Because most modern accounting information systems use IT, IT plays a significant role in a financial (external audit), where the purpose is to determine the fairness and accuracy of the financial statements.
Discuss the concept of independence within the context of a financial audit. How is independence different for internal auditors?
Response: The auditor cannot be an advocate of the client, but must independently attest to whether GAAP and other appropriate guidelines have been adequately met. Independence for internal auditors is different because they are employed by the organization, and cannot be as independent as the external auditor. Thus internal auditors must use professional judgment and independent minds in performing IA activities.
What are the conceptual phases of an audit? How do they differ between general auditing and IT auditing?
Response: The three conceptual phases of auditing are:
i. Audit planning,
ii. Tests of internal controls, and
iii. Substantive tests.
Conceptually, no difference exists between IT auditing and general auditing. IT auditing is typically a subset of the overall audit; the portion that involves computer technology is the subset.
Distinguish between the internal and external auditors.
Response: External auditors represent the interests of third-party stakeholders in the organization, such as stockholders, creditors, and government agencies. External auditing is conducted by certified public accountants who are independent of the organization’s management. Internal auditors represent the interests of management. Internal auditing tasks include conducting financial audits, examining an operation’s compliance with legal obligations, evaluating operational efficiency, detecting and pursuing fraud within the firm, and conducting IT audits. External auditors also conduct IT audits as a subset of financial audits.
What are the four primary elements described in the definition of auditing?
a. auditing standards
b. systematic process
c.management assertions and audit objectives
d. obtaining evidence
Explain the concept of materiality.
Response: Materiality refers to the size of the effect of a transaction. From a cost-benefit point of view, a threshold is set above which the auditor is concerned with the correct recording and effects of transactions. Rather than using standard formulas, auditors use their professional judgment to determine materiality.
How does the Sarbanes-Oxley Act of 2002 affect management’s responsibility for internal controls?
Response: The Sarbanes-Oxley Act (S-OX) specifically holds management responsible for internal controls. S-OX requires an annual report on internal controls that is the responsibility of management; external auditors must attest to the integrity of the report. Management must assess the effectiveness of the internal control structure and procedures for financial reporting as of the end of the most recent fiscal year and identify any control weaknesses. An attestation by external auditors reports on management’s assessment statement.
What are the four broad objectives of internal control?
a. to safeguard the assets of the firm
b. to ensure the accuracy and reliability of accounting records and information c. to promote efficiency in the firm’s operations
d. to measure compliance with management’s prescribed policies and procedures
What are the four modifying assumptions that guide designers and auditors of internal control systems?
Response: Management responsibility, reasonable assurance, methods of data...
Please join StudyMode to read the full document