Learning Objective 1. The Impact of Information Technology on the Audit Process. Describe how IT improves internal control.

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Learning Objective 1. The Impact of Information Technology on the Audit Process. Describe how IT improves internal control."

Transcription

1 Learning Objective 1 The Impact of Information Technology on the Audit Process Describe how IT improves internal control. Chapter How Information Technologies Enhance Internal Control Learning Objective 2 Computer replace manual. Higher-quality information is available. Identify risks that arise from using an IT-based accounting system Assessing Risks of Information Technologies Learning Objective 3 Risks to hardware and data Reduced audit trail Need for IT experience and separation of IT duties Explain how general and application reduce IT risks

2 Internal Controls Specific to Information Technology Relationship Between General and Administrative Controls Risk of unauthorized change to application software Risk of system crash General Cash receipts application Sales applications Payroll application Application Other cycle application Risk of unauthorized master file update GENERAL CONTROLS Risk of unauthorized processing General Controls Administration of the IT function Segregation of IT duties Systems development Administration of the IT Function The perceived importance of IT within an organization is often dictated by the attitude of the board of directors and senior management. Physical and online security Backup and contingency planning Hardware Segregation of IT Duties Systems Development Chief Information Officer or IT Manager Security Administrator Typical test strategies Systems Development Operations Data Control Pilot testing Parallel testing

3 Physical and Online Security Backup and Contingency Planning Physical Controls: Keypad entrances Badge-entry entry systems Security cameras Security personnel Online Controls: User ID control Password control Separate add-on security software One key to a backup and contingency plan is to make sure that all critical copies of software and data files are backed up and stored off the premises Hardware Controls Application Controls These are built into computer equipment by the manufacturer to detect and report equipment failures. Input Processing Output Input Controls Batch Input Controls These are designed by an organization to ensure that the information being processed is authorized, accurate, and complete. Financial total Hash total Record count

4 Processing Controls Output Controls Validation test Sequence test These focus on detecting errors after processing is completed rather than on preventing errors. Arithmetic accuracy test Data reasonableness test Completeness test Learning Objective 4 Describe how general affect the auditor s s testing of application. Impact of Information Technology on the Audit Process Effects of general on control risk Effects of IT on control risk and substantive tests Auditing in less complex IT environments Auditing in more complex IT environments Learning Objective 5 Test Data Approach Use test data, parallel simulation, and embedded audit module approaches when auditing through the computer Test data should include all relevant conditions that the auditor wants tested. Application programs tested by the auditor s s test data must be the same as those the client used throughout the year. Test data must be eliminated from the client s s records

5 Test Data Approach Test Data Approach Master files Input test Transactions to test Key control Procedures Application Programs (Assume Batch System) Transaction files (contaminated?) Control test test Auditor makes comparisons Auditor-predicted of of key key control procedures based on on an an understanding of of internal control Contaminated master files Control test Differences between actual outcome and and predicted result Parallel Simulation Parallel Simulation The auditor uses auditor-controlled software to perform parallel operations to the client s software by using the same data files. Production transactions Auditor-prepared program Master file Client application system programs Auditor Client Auditor makes comparisons between client s s application system output and the auditor-prepared program output Exception report noting differences Embedded Audit Module Approach Learning Objective 6 Auditor inserts an audit module in the client s s application system to capture transactions with characteristics that are of specific interest to the auditor. Identify issues for e-commercee systems and other specialized IT environments

6 Issues for Different IT Environments Issues for microcomputer environments Issues for network environments End of Chapter 12 Issues for database management systems Issues for e-commerce e systems Issues when clients outsource IT

The Impact of Information Technology on the Audit Process

The Impact of Information Technology on the Audit Process The Impact of Information Technology on the Audit Process Chapter 12 2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 12-1 Learning Objective 1 Describe how IT improves internal

More information

PART 10 COMPUTER SYSTEMS

PART 10 COMPUTER SYSTEMS PART 10 COMPUTER SYSTEMS 10-1 PART 10 COMPUTER SYSTEMS The following is a general outline of steps to follow when contemplating the purchase of data processing hardware and/or software. The State Board

More information

CHAPTER 11 COMPUTER SYSTEMS INFORMATION TECHNOLOGY SERVICES CONTROLS

CHAPTER 11 COMPUTER SYSTEMS INFORMATION TECHNOLOGY SERVICES CONTROLS 11-1 CHAPTER 11 COMPUTER SYSTEMS INFORMATION TECHNOLOGY SERVICES CONTROLS INTRODUCTION The State Board of Accounts, in accordance with State statutes and the Statements on Auditing Standards Numbers 78

More information

SESSION 8 COMPUTER ASSISTED AUDIT TECHNIQUE

SESSION 8 COMPUTER ASSISTED AUDIT TECHNIQUE SESSION 8 COMPUTER ASSISTED AUDIT TECHNIQUE Learning objective: explain the use of computer assisted audit techniques in the context of an audit discuss and provide relevant examples of the use of test

More information

Control Matters. Computer Auditing. (Relevant to ATE Paper 8 Auditing) David Chow, FCCA, FCPA, CPA (Practising)

Control Matters. Computer Auditing. (Relevant to ATE Paper 8 Auditing) David Chow, FCCA, FCPA, CPA (Practising) Computer Auditing Control Matters (Relevant to ATE Paper 8 Auditing) David Chow, FCCA, FCPA, CPA (Practising) The introduction of a computerized or electronic data processing (EDP) accounting system has

More information

INTERNATIONAL STANDARD ON AUDITING 401 AUDITING IN A COMPUTER INFORMATION SYSTEMS ENVIRONMENT CONTENTS

INTERNATIONAL STANDARD ON AUDITING 401 AUDITING IN A COMPUTER INFORMATION SYSTEMS ENVIRONMENT CONTENTS INTERNATIONAL STANDARD ON AUDITING 401 AUDITING IN A COMPUTER INFORMATION SYSTEMS ENVIRONMENT (This Standard is effective, but will be withdrawn when ISA 315 and 330 become effective) * CONTENTS Paragraph

More information

SECTION 15 INFORMATION TECHNOLOGY

SECTION 15 INFORMATION TECHNOLOGY SECTION 15 INFORMATION TECHNOLOGY 15.1 Purpose 15.2 Authorization 15.3 Internal Controls 15.4 Computer Resources 15.5 Network/Systems Access 15.6 Disaster Recovery Plan (DRP) 15.1 PURPOSE The Navajo County

More information

INFORMATION TECHNOLOGY CONTROLS

INFORMATION TECHNOLOGY CONTROLS CHAPTER 14 INFORMATION TECHNOLOGY CONTROLS SCOPE This chapter addresses requirements common to all financial accounting systems and is not limited to the statewide financial accounting system, ENCOMPASS,

More information

Accounts Payable Outsourcing Audit April 2014

Accounts Payable Outsourcing Audit April 2014 Accounts Payable Outsourcing Audit April 2014 Craig Terrell, Interim City Auditor Lee Hagelstein, Internal Auditor Accounts Payable Outsourcing Audit Table of Contents Page Executive Summary...1 Audit

More information

Module 7: Computer auditing

Module 7: Computer auditing Module 7: Computer auditing Module 7: Computer auditing Overview In this module, you learn about the effects that computer processing has on both the control environment and the audit of financial systems.

More information

INFORMATION SYSTEM AUDITING AND ASSURANCE

INFORMATION SYSTEM AUDITING AND ASSURANCE CHAPTER INFORMATION SYSTEM AUDITING AND ASSURANCE As more and more accounting and business systems were automated, it became more and more evident that the field of auditing had to change. As the systems

More information

auditing in a computer-based

auditing in a computer-based auditing in a computer-based RELEVANT TO cat paper 8 and ACCA QUALIFICATION PAPERs f8 The accounting systems of many companies, large and small, are computer-based; questions in all ACCA audit papers reflect

More information

Solutions to Student Self Assessment Questions

Solutions to Student Self Assessment Questions Solutions to Student Self Assessment Questions Chapter 9 Testing and evaluation of systems Questions Two questions are placed within the text: (9.1) Case study 9.1 Broomfield plc: sales and trade receivables

More information

Reasons Why Computers Can Cause Control Problems

Reasons Why Computers Can Cause Control Problems Core Concepts of ACCOUNTING INFORMATION SYSTEMS Moscove, Simkin & Bagranoff Chapter 5 Computer Controls for Accounting Information Systems Developed by: S. Bhattacharya, Ph.D. Florida Atlantic University

More information

KANSAS CITY, MISSOURI RESPONSES TO THE FISCAL YEAR 2013 AUDIT MANAGEMENT LETTER

KANSAS CITY, MISSOURI RESPONSES TO THE FISCAL YEAR 2013 AUDIT MANAGEMENT LETTER KANSAS CITY, MISSOURI RESPONSES TO THE FISCAL YEAR 2013 AUDIT MANAGEMENT LETTER Material Weaknesses (0) No material weaknesses were reported for FY 2013. Significant Deficiencies (1) Grant Receivable Accounting

More information

Internal Controls. A short presentation from Your Internal Audit Department

Internal Controls. A short presentation from Your Internal Audit Department Internal Controls A short presentation from Your Internal Audit Department The Old Internal Audit Department The New Internal Audit Department We re here to help! Teach + Train = Change Our goal: Promote

More information

IT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results

IT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results Acquire or develop application systems software Controls provide reasonable assurance that application and system software is acquired or developed that effectively supports financial reporting requirements.

More information

IT - General Controls Questionnaire

IT - General Controls Questionnaire IT - General Controls Questionnaire Internal Control Questionnaire Question Yes No N/A Remarks G1. ACCESS CONTROLS Access controls are comprised of those policies and procedures that are designed to allow

More information

Electronic Audit Evidence (EAE) and Application Controls. Tulsa ISACA Chapter December 11, 2014

Electronic Audit Evidence (EAE) and Application Controls. Tulsa ISACA Chapter December 11, 2014 Electronic Audit Evidence (EAE) and Application Controls Tulsa ISACA Chapter December 11, 2014 Agenda Recent IT-related PCAOB inspection themes: Internal control over financial reporting Multi-location

More information

4 Testing General and Automated Controls

4 Testing General and Automated Controls 4 Testing General and Automated Controls Learning Objectives To understand the reasons for testing; To have an idea about Audit Planning and Testing; To discuss testing critical control points; To learn

More information

How to set up a people based. accounting system that makes your. small business work for you. Thomas G. Post. Certified Public Accountant 281-351-2688

How to set up a people based. accounting system that makes your. small business work for you. Thomas G. Post. Certified Public Accountant 281-351-2688 How to set up a people based accounting system that makes your small business work for you. By Thomas G. Post Certified Public Accountant 281-351-2688 www.texastaxman.com 1 Title How to set up a people

More information

Main Reference : Hall, James A. 2011. Information Technology Auditing and Assurance, 3 rd Edition, Florida, USA : Auerbach Publications

Main Reference : Hall, James A. 2011. Information Technology Auditing and Assurance, 3 rd Edition, Florida, USA : Auerbach Publications Main Reference : Hall, James A. 2011. Information Technology Auditing and Assurance, 3 rd Edition, Florida, USA : Auerbach Publications Suggested Reference : Senft, Sandra; Gallegos, Frederick., 2009.

More information

External Audit Reviews. Report by Director of Finance

External Audit Reviews. Report by Director of Finance THE HIGHLAND COUNCIL AUDIT AND STANDARDS COMMITTEE 4 DECEMBER 2003 Agenda Item Report No External Audit Reviews Report by Director of Finance SUMMARY The pages that follow contain a report from the Council's

More information

5:31-7 Appendix B LOCAL AUTHORITIES - ACCOUNTING AND AUDITING IF ANY ARE NOT APPLICABLE, INSERT N/A AS YOUR ANSWER. FIRE DISTRICT YEAR UNDER AUDIT

5:31-7 Appendix B LOCAL AUTHORITIES - ACCOUNTING AND AUDITING IF ANY ARE NOT APPLICABLE, INSERT N/A AS YOUR ANSWER. FIRE DISTRICT YEAR UNDER AUDIT 5:31-7 Appendix B LOCAL AUTHORITIES - ACCOUNTING AND AUDITING AUDIT QUESTIONNAIRE FOR FIRE DISTRICT AUDITS EACH QUESTION MUST BE ANSWERED. PLEASE CIRCLE YES OR NO. IF ANY ARE NOT APPLICABLE, INSERT N/A

More information

General Computer Controls

General Computer Controls 1 General Computer Controls Governmental Unit: University of Mississippi Financial Statement Date: June 30, 2007 Prepared by: Robin Miller and Kathy Gates Date: 6/29/2007 Description of computer systems

More information

Structure of organisations Hierarchical = rigid, slow decision making Flat = flexible, autonomous

Structure of organisations Hierarchical = rigid, slow decision making Flat = flexible, autonomous This booklet is intended to support your existing revision in your final approach to the first A2 ICT exam. Continue using the past papers, revision materials and revision exercises that you are already

More information

CONTROLLING COMPUTER-BASED INFORMATION SYSTEMS, PART I

CONTROLLING COMPUTER-BASED INFORMATION SYSTEMS, PART I CHAPTER CONTROLLING COMPUTER-BASED INFORMATION SYSTEMS, PART I The basic topic of internal control was introduced in 3. These next two chapters discuss the implications of automating the accounting information

More information

Promotes the goal, vision, and beliefs of the Agency Participates in planning using complex influence strategies

Promotes the goal, vision, and beliefs of the Agency Participates in planning using complex influence strategies OVERALL RESPONSIBILITIES: The is responsible for efficient management of the Agency s Accounting Department in adherence with Generally Accepted Accounting Principles, Ministry of Community and Social

More information

Guideline on risk management and other aspects of internal control in central securities depository

Guideline on risk management and other aspects of internal control in central securities depository until further notice 1 (11) Applicable to central securities depositories Guideline on risk management and other aspects of internal control in central securities depository By virtue of section 4, paragraph

More information

Guideline on risk management and other aspects of internal control in stock exchange

Guideline on risk management and other aspects of internal control in stock exchange until further notice 1 (11) Applicable to stock exchanges Guideline on risk management and other aspects of internal control in stock exchange By virtue of section 4, paragraph 2, of the Act on the Financial

More information

The City of New York Office of the Comptroller Bureau of Financial Audit EDP Audit Division

The City of New York Office of the Comptroller Bureau of Financial Audit EDP Audit Division The City of New York Office of the Comptroller Bureau of Financial Audit EDP Audit Division WILLIAM C. THOMPSON, JR. Comptroller Follow-Up Report on the New York City Fire Department Arson Information

More information

Internal Control Guide & Resources

Internal Control Guide & Resources Internal Control Guide & Resources Section 5- Internal Control Activities & Best Practices Managers must establish internal control activities that support the five internal control components discussed

More information

FINANCIAL ADMINISTRATION MANUAL

FINANCIAL ADMINISTRATION MANUAL Issue Date: September 2009 Effective Date: Immediate Chapter: Accounting for Expenditures Responsible Agency: Office of the Comptroller General Directive No: 706-3 Directive Title: ACCOUNTING CONTROLS

More information

SOLUTION: AUDIT AND INTERNAL REVIEW, MAY 2014

SOLUTION: AUDIT AND INTERNAL REVIEW, MAY 2014 SOLUTION 1(a) (a) The Auditing guideline points out that the amount or quantity of audit evidence required for the auditor to achieve the level of assurance is a matter of professional judgment. The factors

More information

Silent Safety: Best Practices for Protecting the Affluent

Silent Safety: Best Practices for Protecting the Affluent Security Checklists Security Checklists 1. Operational Security Checklist 2. Physical Security Checklist 3. Systems Security Checklist 4. Travel Protocol Checklist 5. Financial Controls Checklist In a

More information

DETAIL AUDIT PROGRAM Information Systems General Controls Review

DETAIL AUDIT PROGRAM Information Systems General Controls Review Contributed 4/23/99 by Steve_Parker/TBE/Teledyne@teledyne.com DETAIL AUDIT PROGRAM Information Systems General Controls Review 1.0 Introduction The objectives of this audit are to review policies, procedures,

More information

Payroll Systems and Technology. CPP Study Class 2014 - Chapter 12

Payroll Systems and Technology. CPP Study Class 2014 - Chapter 12 Payroll Systems and Technology CPP Study Class 2014 - Chapter 12 Objectives of a Computerized Payroll System Customers: EE s we pay Other dept s Upper mgmt Government agencies System Provides: Paychecks

More information

SRI LANKA AUDITING PRACTICE STATEMENT 1013 ELECTRONIC COMMERCE EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS

SRI LANKA AUDITING PRACTICE STATEMENT 1013 ELECTRONIC COMMERCE EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS SRI LANKA AUDITING PRACTICE STATEMENT 1013 ELECTRONIC COMMERCE EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS (This Statement is effective for all the audits commencing on or after 01 April 2010) CONTENTS

More information

AUDITING IN COMPUTER ENVIRONMENT. What is audit in a computer environme nt?

AUDITING IN COMPUTER ENVIRONMENT. What is audit in a computer environme nt? AUDITING IN COMPUTER ENVIRONMENT What is audit in a computer environme nt? Wherever computer based accounting system, large or small are operated by an enterprise, or by a third party on behalf of the

More information

INTERNATIONAL AUDITING PRACTICE STATEMENT 1013 ELECTRONIC COMMERCE EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS

INTERNATIONAL AUDITING PRACTICE STATEMENT 1013 ELECTRONIC COMMERCE EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS INTERNATIONAL PRACTICE STATEMENT 1013 ELECTRONIC COMMERCE EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS (This Statement is effective) CONTENTS Paragraph Introduction... 1 5 Skills and Knowledge... 6 7 Knowledge

More information

Common Questions on Segregation of Duties

Common Questions on Segregation of Duties Common Questions on Segregation of Duties Why should duties be segregated? What duties should be segregated? How can management determine if duties are properly segregated? What if management has inadequate

More information

Cash Receipts Internal Controls

Cash Receipts Internal Controls 3 3 Start If gift is stock If gift is credit card If gift is cash/check Mail opened, checks stamped FDO Community Foundation, totals logged & verified 1 Administrative Assistant & mail verifier Cash Receipts

More information

Information Technology General Controls Review (ITGC) Audit Program Prepared by:

Information Technology General Controls Review (ITGC) Audit Program Prepared by: Information Technology General Controls Review (ITGC) Audit Program Date Prepared: 2012 Internal Audit Work Plan Objective: IT General Controls (ITGC) address the overall operation and activities of the

More information

Basic Concepts of Accounting Subsidiary Subsidiary Special Special Inform Infor a m tion Ledgers Ledger Journals Jour Systems

Basic Concepts of Accounting Subsidiary Subsidiary Special Special Inform Infor a m tion Ledgers Ledger Journals Jour Systems COMPUTERIZED ACCOUNTING SYSTEMS Basic Concepts of Accounting Information Systems Subsidiary Ledgers Special Journals Computerized accounting systems Manual accounting systems Example Advantages Sales journal

More information

Information Technology Auditing for Non-IT Specialist

Information Technology Auditing for Non-IT Specialist Information Technology Auditing for Non-IT Specialist IIA Pittsburgh Chapter October 4, 2010 Agenda Introductions What are General Computer Controls? Auditing IT processes controls Understanding and evaluating

More information

Internal Control Systems and Maintenance of Accounting and Other Records for Interactive Gaming & Interactive Wagering Corporations (IGIWC)

Internal Control Systems and Maintenance of Accounting and Other Records for Interactive Gaming & Interactive Wagering Corporations (IGIWC) Internal Control Systems and Maintenance of Accounting and Other Records for Interactive Gaming & Interactive Wagering Corporations (IGIWC) 1 Introduction 1.1 Section 316 (4) of the International Business

More information

The Information Systems Audit

The Information Systems Audit November 25, 2009 e q 1 Institute of of Pakistan ICAP Auditorium, Karachi Sajid H. Khan Executive Director Technology and Security Risk Services e q 2 IS Environment Back Office Batch Apps MIS Online Integrated

More information

5:30-8 LOCAL FINANCE BOARD - FINANCIAL ADMINISTRATION. 5: Electronic data processing systems for financial, revenue, and property tax accounting

5:30-8 LOCAL FINANCE BOARD - FINANCIAL ADMINISTRATION. 5: Electronic data processing systems for financial, revenue, and property tax accounting 5:30-8 LOCAL FINANCE BOARD - FINANCIAL ADMINISTRATION 5:30-8.1 Electronic data processing systems for financial, revenue, and property tax accounting (a) Local units utilizing electronic data processing

More information

IT Enabled System : Opportunities & Challenges for Assurance Professionals

IT Enabled System : Opportunities & Challenges for Assurance Professionals IT Enabled System : Opportunities & Challenges for Assurance Professionals Acknowledgements: - ISACA - ITGI - Wikipedia - The Economist - ICMAB - SCB March 31, 2011; ICAB (Chartered Accountant Bhaban)

More information

Information Technology General Controls (ITGCs) 101

Information Technology General Controls (ITGCs) 101 Information Technology General Controls (ITGCs) 101 Presented by Sugako Amasaki (Principal Auditor) University of California, San Francisco December 3, 2015 Internal Audit Webinar Series Webinar Agenda

More information

Managing the Risk of Employee Theft

Managing the Risk of Employee Theft This tool accompanies Lessons for Financial Success available at mgma.com/lessons. Lessons is a free, easy-to-use guide for office administrators and physicians who manage their own practices but may not

More information

Developing Effective Internal Controls Using the COSO Model

Developing Effective Internal Controls Using the COSO Model Developing Effective Internal Controls Using the COSO Model Office of State Controller Internal Controls in a COSO Environment Seminar Raleigh, North Carolina March 2007 Mark S. Beasley Director, ERM Initiative

More information

PRACTICE NOTE 1013 ELECTRONIC COMMERCE - EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS

PRACTICE NOTE 1013 ELECTRONIC COMMERCE - EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS PRACTICE NOTE 1013 ELECTRONIC COMMERCE - EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS (Issued December 2003; revised September 2004 (name change)) PN 1013 (September 04) PN 1013 (December 03) Contents Paragraphs

More information

Interim Audit Report. Borough of Broxbourne Audit 2010/11

Interim Audit Report. Borough of Broxbourne Audit 2010/11 Interim Audit Report Borough of Broxbourne Audit 2010/11 The Audit Commission is an independent watchdog, driving economy, efficiency and effectiveness in local public services to deliver better outcomes

More information

Management Assertions. Cash and Financial Investments. Cash Controls CASH CONTROLS. Generally two broad categories:

Management Assertions. Cash and Financial Investments. Cash Controls CASH CONTROLS. Generally two broad categories: Cash and Financial CHAPTER 10 Management Assertions When auditors test cash, what management assertion/s are they MOST interested in? Existence WHAT ABOUT THE OTHERS:C- E-C-R-V-P? Completeness YES, but

More information

ACCOUNTING INFORMATION SYSTEMS

ACCOUNTING INFORMATION SYSTEMS ACCOUNTING INFORMATION SYSTEMS Controls and Processes SECOND EDITION LESLIE TURIHIER WILEY MODULE 1 Introduction to AIS INTRODUCTION Defines business processes, AIS, and all foundational concepts.

More information

Office of the State Controller. Self-Assessment of Internal Controls. Computer Security Cycle. Objectives and Risks

Office of the State Controller. Self-Assessment of Internal Controls. Computer Security Cycle. Objectives and Risks Office of the State Controller Self-Assessment of Internal Controls Computer Security Cycle Objectives and Risks Agency Year-End Objectives Risks Definition and communication of organizational structure,

More information

Appendix VIII SAS 70 Examinations of EBT Service Organizations

Appendix VIII SAS 70 Examinations of EBT Service Organizations Appendix VIII SAS 70 Examinations of EBT Service Organizations Background States must obtain an examination by an independent auditor of the State electronic benefits transfer (EBT) service providers (service

More information

Accounting Building Business Skills. Learning Objectives. Learning Objectives. Paul D. Kimmel. Chapter Six: Accounting Sub-systems

Accounting Building Business Skills. Learning Objectives. Learning Objectives. Paul D. Kimmel. Chapter Six: Accounting Sub-systems Accounting Building Business Skills Paul D. Kimmel Chapter Six: Accounting Sub-systems PowerPoint presentation by Christine Langridge Swinburne University of Technology, Lilydale 2003 John Wiley & Sons

More information

FORM 20A.9 SAMPLE AUDIT PROGRAM FOR TESTING IT CONTROLS. Date(s) Completed. Workpaper Reference

FORM 20A.9 SAMPLE AUDIT PROGRAM FOR TESTING IT CONTROLS. Date(s) Completed. Workpaper Reference FORM 20A.9 SAMPLE AUDIT PROGRAM FOR TESTING IT CONTROLS Workpaper Reference Date(s) Completed Organization and Staffing procedures used to define the organization of the IT Department. 2. Review the organization

More information

Certified Information Systems Auditor (CISA)

Certified Information Systems Auditor (CISA) Certified Information Systems Auditor (CISA) Course Introduction Course Introduction Module 01 - The Process of Auditing Information Systems Lesson 1: Management of the Audit Function Organization of the

More information

Internal Controls Business and Finance Policy #1.11

Internal Controls Business and Finance Policy #1.11 OBJECTIVE To ensure that university funds are used in a responsible and appropriate manner consistent with the university s mission, applicable law and ethical practice. POLICY Applies to: Any and all

More information

QUESTION THREE a) Write brief notes on the following auditing techniques: i. Inspection; (4 marks)

QUESTION THREE a) Write brief notes on the following auditing techniques: i. Inspection; (4 marks) QUESTION ONE Working papers provide the audit evidence. They can be categorized into: i. Auditors prepared working papers. ii. Client s schedules used as working papers. iii. Audit programmes. Working

More information

GUIDELINES FOR THE MANAGEMENT OF OPERATIONAL RISK FOR CREDIT UNIONS

GUIDELINES FOR THE MANAGEMENT OF OPERATIONAL RISK FOR CREDIT UNIONS SUPERVISORY AND REGULATORY GUIDELINES Guidelines Issued: 22 December 2015 GUIDELINES FOR THE MANAGEMENT OF OPERATIONAL RISK FOR CREDIT UNIONS 1. INTRODUCTION 1.1 The Central Bank of The Bahamas ( the Central

More information

Planning/Administrative. Management & Organization. Application Level Accuracy and Completeness. EDI Systems Audit Program

Planning/Administrative. Management & Organization. Application Level Accuracy and Completeness. EDI Systems Audit Program EDI Systems Audit Program A Planning/Administrative 1 Review the Letter of Understanding and create the APM (Audit Planning Memorandum) accordingly. A-1 DB 02/03 2 Gain a high-level understanding of Auditee

More information

Good Internal Controls for Small Businesses

Good Internal Controls for Small Businesses Good for Small Businesses SOX and the Importance of Good for Small Businesses MENDELSON CONSULTING Mario Nowogrodzki, CPA.CITP America s QuickBooks Specialists www.qbspecialists.com MARIO NOWOGRODZKI,

More information

NEIAF June 18, 2015. IS Auditing 101

NEIAF June 18, 2015. IS Auditing 101 NEIAF June 18, 2015 IS Auditing 101 http://www.gao.gov/fiscam/overview Planning Understand the Overall Audit Objectives and Related Scope of the Information System Controls Audit Understand the Entity

More information

Hong Kong Auditng. Economic Theory and Practice. Ferdinand A. GUL. Second Edition. City University of Hong Kong Press

Hong Kong Auditng. Economic Theory and Practice. Ferdinand A. GUL. Second Edition. City University of Hong Kong Press Hong Kong Auditng Economic Theory and Practice Second Edition Ferdinand A. GUL City University of Hong Kong Press OettaBDtsdl CDuapteeir C DDt GUt 1. Development of the Auditing Profession 1 1 Early Developments

More information

ESKICAS1 Computerised accounting software

ESKICAS1 Computerised accounting software Overview This is the ability to select and use a computerised accounting or bookkeeping software application to input and process data for orders and invoices, receipts and payments and prepare management

More information

Internal Controls Best Practices

Internal Controls Best Practices Internal Controls Best Practices This list includes the most common internal controls applied by small to medium sized businesses to their operations. It includes controls that apply to the processes most

More information

DeltaV Capabilities for Electronic Records Management

DeltaV Capabilities for Electronic Records Management January 2013 Page 1 DeltaV Capabilities for Electronic Records Management This paper describes DeltaV s integrated solution for meeting FDA 21CFR Part 11 requirements in process automation applications

More information

STATEMENT OF JOHN E. MCCOY II DEPUTY ASSISTANT INSPECTOR GENERAL FOR AUDITS U.S. DEPARTMENT OF HOMELAND SECURITY BEFORE THE

STATEMENT OF JOHN E. MCCOY II DEPUTY ASSISTANT INSPECTOR GENERAL FOR AUDITS U.S. DEPARTMENT OF HOMELAND SECURITY BEFORE THE STATEMENT OF JOHN E. MCCOY II DEPUTY ASSISTANT INSPECTOR GENERAL FOR AUDITS U.S. DEPARTMENT OF HOMELAND SECURITY BEFORE THE COMMITTEE ON OVERSIGHT AND GOVERNMENT REFORM SUBCOMMITTEE ON GOVERNMENT ORGANIZATION,

More information

Advertising Agency Control Objectives and Questionnaire Media Rating Council, Inc. December 18, 2006

Advertising Agency Control Objectives and Questionnaire Media Rating Council, Inc. December 18, 2006 370 Lexington Avenue Suite 902 New York, NY 10017 Tel: (212) 972-0300 Fax: (212) 972-2786 www.mediaratingcouncil.org Advertising Agency Control Objectives and Questionnaire Media Rating Council, Inc. December

More information

STATE OF NEW YORK OFFICE OF THE STATE COMPTROLLER 110 STATE STREET ALBANY, NEW YORK 12236. February 25, 2011

STATE OF NEW YORK OFFICE OF THE STATE COMPTROLLER 110 STATE STREET ALBANY, NEW YORK 12236. February 25, 2011 THOMAS P. DiNAPOLI COMPTROLLER STATE OF NEW YORK OFFICE OF THE STATE COMPTROLLER 110 STATE STREET ALBANY, NEW YORK 12236 STEVEN J. HANCOX DEPUTY COMPTROLLER DIVISION OF LOCAL GOVERNMENT AND SCHOOL ACCOUNTABILITY

More information

ERP Systems: Audit and Control Risks

ERP Systems: Audit and Control Risks ERP Systems: Audit and Control Risks Jennifer Hahn Deloitte & Touche ISACA Spring Conference April 26, 1999 Session Learning Objectives At the end of this session, the participant should be able to: Understand

More information

The Practice of Internal Controls. Cornell Municipal Clerks School July 16, 2014

The Practice of Internal Controls. Cornell Municipal Clerks School July 16, 2014 The Practice of Internal Controls Cornell Municipal Clerks School July 16, 2014 Page 1 July 18, 2014 Cash Receipts (Collection procedures) Centralize cash collections within a department or for the local

More information

AV Parking System Review

AV Parking System Review Exhibit 1 AV Parking System Review May 6, 2011 Report No. 11-01 Office of the County Auditor Evan A. Lukic, CPA County Auditor Table of Contents Contents EXECUTIVE SUMMARY... 3 OBJECTIVES, SCOPE AND PROCEDURES...

More information

FMCF certification checklist 2014-15 (incorporating the detailed procedures) 2014-15 certification period. Updated May 2015

FMCF certification checklist 2014-15 (incorporating the detailed procedures) 2014-15 certification period. Updated May 2015 FMCF certification checklist 2014-15 (incorporating the detailed procedures) 2014-15 certification period Updated May 2015 The Secretary Department of Treasury and Finance 1 Treasury Place Melbourne Victoria

More information

Operational Risk Publication Date: May 2015. 1. Operational Risk... 3

Operational Risk Publication Date: May 2015. 1. Operational Risk... 3 OPERATIONAL RISK Contents 1. Operational Risk... 3 1.1 Legislation... 3 1.2 Guidance... 3 1.3 Risk management process... 4 1.4 Risk register... 7 1.5 EBA Guidelines on the Security of Internet Payments...

More information

Antifraud program and controls assessment grid*

Antifraud program and controls assessment grid* Advisory Services Antifraud program and * Fraud risks & controls February 2008 *connectedthinking 2008 PricewaterhouseCoopers LLP. All rights reserved. PricewaterhouseCoopers refers to PricewaterhouseCoopers

More information

Control Objectives, Threats, and Procedures

Control Objectives, Threats, and Procedures Control Objectives, Threats, and Procedures Adequate internal controls are needed to meet the following objectives: 1. All payroll transactions are properly authorized. 2. All recorded payroll transactions

More information

Connecting the dots: IT to Business

Connecting the dots: IT to Business Connecting the dots: IT to Business Jason Wood, CPA, CISA, CIA, CITP, CFF April 2015 1 Speaker Bio Jason Wood Over 18 years of international business experience in planning, conducting, and quality reviewing

More information

Application controls testing in an integrated audit

Application controls testing in an integrated audit Application controls testing in Application controls testing in an integrated audit Learning objectives Describe types of controls Describe application controls and classifications Discuss the nature,

More information

SOA ISO Statement of Applicability

SOA ISO Statement of Applicability SOA ISO 27001 2005 Statement of Applicability A.5 Security A.5.1 Information Security A.5.1.1 A.5.1.2 Information security policy document Review of the information security policy A.6 Organisation of

More information

Module # 3 Physical Controls to Deter Employee Theft and Fraud

Module # 3 Physical Controls to Deter Employee Theft and Fraud Module # 3 Physical Controls to Deter Employee Theft and Fraud The physical controls assessment questions are designed to assess the probability of a fraudulent event occurring within the organization

More information

Performance Audit of the San Diego Convention Center s Information Technology Infrastructure JULY 2012

Performance Audit of the San Diego Convention Center s Information Technology Infrastructure JULY 2012 Performance Audit of the San Diego Convention Center s Information Technology Infrastructure JULY 2012 Audit Report Office of the City Auditor City of San Diego This Page Intentionally Left Blank July

More information

Internal Control Systems

Internal Control Systems D. INTERNAL CONTROL 1. Internal Control Systems 2. The Use of Internal Control Systems by Auditors 3. Transaction Cycles 4. Tests of Control 5. The Evaluation of Internal Control Component 6. Communication

More information

Audit Report. Effectiveness of IT Controls at the Global Fund Follow-up report. GF-OIG-15-20b 26 November 2015 Geneva, Switzerland

Audit Report. Effectiveness of IT Controls at the Global Fund Follow-up report. GF-OIG-15-20b 26 November 2015 Geneva, Switzerland Audit Report Effectiveness of IT Controls at the Global Fund Follow-up report GF-OIG-15-20b Geneva, Switzerland Table of Contents I. Background and scope... 3 II. Executive Summary... 4 III. Status of

More information

Internal Control Systems

Internal Control Systems Business and Information Process Rules, Risks, and Controls Internal Control Systems Internal controls encompass a set of rules, policies, and procedures an organization implements to provide reasonable

More information

Payroll Direct Deposit

Payroll Direct Deposit 2011-A03 Program Evaluation and Audit Payroll Direct Deposit Process Review and Cost-Benefit 17 December 2010 INTRODUCTION Background The Council operates under a biweekly pay period system. The Metropolitan

More information

Circular to All Licensed Corporations on Information Technology Management

Circular to All Licensed Corporations on Information Technology Management Circular 16 March 2010 Circular to All Licensed Corporations on Information Technology Management In the course of our supervision, it has recently come to our attention that certain deficiencies in information

More information

IT Application Controls Questionnaire

IT Application Controls Questionnaire IT Application Controls Questionnaire Internal Control Questionnaire Question Yes No N/A Remarks A1.a. MULTIPLE USER PROCESSING INPUT CONTROLS Input controls are the procedures and methods utilized by

More information

San Francisco Chapter. Information Systems Operations

San Francisco Chapter. Information Systems Operations Information Systems Operations Overview Operations as a part of General Computer Controls Key Areas of focus within Information Systems Operations Key operational risks Controls generally associated with

More information

City of Madison Information Technology Recommended Internal Controls for MS Access

City of Madison Information Technology Recommended Internal Controls for MS Access City of Madison Information Technology Recommended Internal Controls for MS Access Many Access applications contain data that feed other applications at a higher level of the information system, which

More information

Information System Audit. Arkansas Administrative Statewide Information System (AASIS) General Controls

Information System Audit. Arkansas Administrative Statewide Information System (AASIS) General Controls Information System Audit Arkansas Administrative Statewide Information System (AASIS) General Controls ARKANSAS DIVISION OF LEGISLATIVE AUDIT April 12, 2002 April 12, 2002 Members of the Legislative Joint

More information

Data Security Systems Internal Control Questionnaire

Data Security Systems Internal Control Questionnaire Data Security Systems Internal Control Questionnaire I. GENERAL DATA SECURITY SYSTEM A. Does security system management: 1. Determine how access levels are granted? 2. Define when access is granted unless

More information

Corporate Property Automated Information System CPAIS. Privacy Impact Assessment

Corporate Property Automated Information System CPAIS. Privacy Impact Assessment Corporate Property Automated Information System CPAIS Privacy Impact Assessment May 2003 CONTENTS Background...3 Access to the Data...5 Maintenance of Administrative Controls...9 1 Introduction The Office

More information

System Security Plan Template

System Security Plan Template Institutional and Sector Modernisation Facility ICT Standards System Security Plan Template Document number: ISMF-ICT/3.03 - ICT Security/MISP/SD/SSP Template Version: 1.20 Project Funded by the European

More information

Information Systems and Technology

Information Systems and Technology As public servants, it is our responsibility to use taxpayers dollars in the most effective and efficient way possible while adhering to laws and regulations governing those processes. There are many reasons

More information