Acc415 S5
Acc415 S5
Acc415 S5
Table 6–1 lists some of the benefits and risks of using IT for an entity’s internal control. The
risks to internal control vary depending on the nature and characteristics of the entity’s information
system. For example, where multiple users may access a common database, a lack of control at a
single user entry point may compromise the security of the entire database. This may result in
improper changes to or destruction of data. When IT personnel or users can gain access to privileges
beyond those necessary to perform their assigned duties, a breakdown in segregation of duties can
occur, resulting in unauthorized transactions or changes to programs or data.
MCQ
1) Proper monitoring within an internal control framework may include all of the following
except:
• A. An external auditor.
.
Continue….
• Concluding on the Achieved Level of Control Risk
the auditor should reach a conclusion on the achieved level of control risk
• B. Reconciliation.
• C. Confirmation.
• D. Analytical procedures.
• Answer A