1.

Will the audit objective, audit approach and controls assessment change in a computer environment
audit?

Answer: No, according to an article entitled Auditing in a Computer Environment by Paul Lydon, the
audit objective, audit approach and controls assessment will not change in a computer environment
because as for the audit objective, the auditor must obtain sufficient and appropriate audit evidence to
draw reasonable conclusions on which to base the audit opinion; for audit approach, as the auditor must
continue to plan, ascertain, record and evaluate and as for controls assessment, normal procedures
used in a manual system will still exist in a computer controlled environment.

Source: http://www.cpaireland.ie/docs/default-source/Students/exam-related-articles-
2015/p1auditinginacomputerenvironment.pdf?sfvrsn=2

2. What are the audit approaches in a computer environment? Explain each briefly.

Answer: The audit approaches in a computer environment are:

a. Auditing around the computer, which focuses on ensuring that source documentation
was correctly processed and that this was verified by checking the output documentation
to the source documentation.
b. Auditing through the computer is employed when there is a limited amount of source
documentation due to the use of "real time" in computer environments. This involves the
auditor performing tests on the IT controls to evaluate their effectiveness with
considerations on the extent of use, importance to the business and complexity.

Source: http://www.cpaireland.ie/docs/default-source/Students/exam-related-articles-
2015/p1auditinginacomputerenvironment.pdf?sfvrsn=2

3. What are the general controls in an IT audit? How about application controls? Briefly explain each
controls.

Answer: General controls in an IT audit are policies and procedures that relate to many applications and
support the effective functioning of application controls. They maintain the integrity of information and
security of data which include controls over:

 Data center and network operations

 System software acquisition, change and maintenance
 Program change
 Access security
 Application system, acquisition, development and maintenance

Source: http://www.accaglobal.com/gb/en/student/exam-support-resources/professional-
exams-study-resources/p7/technical-articles/auditing-computer-based-environment2.html
 Application controls are designed with the objective of ensuring the accuracy and completeness
of:

 Data input controls

 Data processing controls
 Data output controls

Application controls are designed to:

 Detect errors before, during and after the processing of specific types of
transactions;
 To support the IT system controls; and a
 A sound system of internal control for the entity.

These controls also provide the auditor with the comfort that the recording, processing
and the reports generated by the computer system are performed properly.
Source: http://www.cpaireland.ie/docs/default-source/Students/exam-related-articles-
2015/p1auditinginacomputerenvironment.pdf?sfvrsn=2
4. What are the examples of data input, data processing and data output controls?
Answer:
a. Examples of Data Input Controls:
 Control Totals
 Hash Totals
 Editing Checks
 Key Verification
 Missing Data Check
 Check Digit Verification
 Sequence Check
 Control Totals
 Manual Visual Scanning
b. Examples of Data Processing Controls:
 Reasonableness Checks
 Find Identification Labels
 Before and After Report
 Control Totals
c. Examples of Data Output Controls:
 Visual Scanning
 Reconciliation
Source: http://www.cpaireland.ie/docs/default-source/Students/exam-related-articles-
2015/p1auditinginacomputerenvironment.pdf?sfvrsn=2
5. Briefly define and explain cloud computing.
Answer. Cloud computing is an Internet-based computing in which large groups of remote servers are
networked so as to allow sharing of data-processing tasks, centralized data storage, and online access to
computer services or resources.
Source: http://www.dictionary.com/browse/cloud-computing
Cloud computing has the following five essential characteristics:
 On demand self-service, namely availability of cloud services on demand
 Broad network access, services are accessible over the Internet through a range of devices such
as laptops, smart phones and tablets, etc.
 Resource pooling which allows resources to serve multiple clients, which are configured to meet
clients' individual needs
 Rapid elasticity in which the provider can swiftly scale up and rapidly release services and
resources
 Measured service in which the use of resources by clients can be monitored, controlled and
reported by the provider.
Source: http://www.cpaireland.ie/docs/default-source/Students/exam-related-articles-
2015/p1auditinginacomputerenvironment.pdf?sfvrsn=2

Ass #2
Source:
http://faculty.usfsp.edu/gkearns/Articles_Fraud/Introduction_to_Computer_Audit.pdf