Learning Objective 1. The Impact of Information Technology on the Audit Process. Describe how IT improves internal control.

Transcription

1 Learning Objective 1 The Impact of Information Technology on the Audit Process Describe how IT improves internal control. Chapter How Information Technologies Enhance Internal Control Learning Objective 2 Computer replace manual. Higher-quality information is available. Identify risks that arise from using an IT-based accounting system Assessing Risks of Information Technologies Learning Objective 3 Risks to hardware and data Reduced audit trail Need for IT experience and separation of IT duties Explain how general and application reduce IT risks

2 Internal Controls Specific to Information Technology Relationship Between General and Administrative Controls Risk of unauthorized change to application software Risk of system crash General Cash receipts application Sales applications Payroll application Application Other cycle application Risk of unauthorized master file update GENERAL CONTROLS Risk of unauthorized processing General Controls Administration of the IT function Segregation of IT duties Systems development Administration of the IT Function The perceived importance of IT within an organization is often dictated by the attitude of the board of directors and senior management. Physical and online security Backup and contingency planning Hardware Segregation of IT Duties Systems Development Chief Information Officer or IT Manager Security Administrator Typical test strategies Systems Development Operations Data Control Pilot testing Parallel testing

3 Physical and Online Security Backup and Contingency Planning Physical Controls: Keypad entrances Badge-entry entry systems Security cameras Security personnel Online Controls: User ID control Password control Separate add-on security software One key to a backup and contingency plan is to make sure that all critical copies of software and data files are backed up and stored off the premises Hardware Controls Application Controls These are built into computer equipment by the manufacturer to detect and report equipment failures. Input Processing Output Input Controls Batch Input Controls These are designed by an organization to ensure that the information being processed is authorized, accurate, and complete. Financial total Hash total Record count

4 Processing Controls Output Controls Validation test Sequence test These focus on detecting errors after processing is completed rather than on preventing errors. Arithmetic accuracy test Data reasonableness test Completeness test Learning Objective 4 Describe how general affect the auditor s s testing of application. Impact of Information Technology on the Audit Process Effects of general on control risk Effects of IT on control risk and substantive tests Auditing in less complex IT environments Auditing in more complex IT environments Learning Objective 5 Test Data Approach Use test data, parallel simulation, and embedded audit module approaches when auditing through the computer Test data should include all relevant conditions that the auditor wants tested. Application programs tested by the auditor s s test data must be the same as those the client used throughout the year. Test data must be eliminated from the client s s records

5 Test Data Approach Test Data Approach Master files Input test Transactions to test Key control Procedures Application Programs (Assume Batch System) Transaction files (contaminated?) Control test test Auditor makes comparisons Auditor-predicted of of key key control procedures based on on an an understanding of of internal control Contaminated master files Control test Differences between actual outcome and and predicted result Parallel Simulation Parallel Simulation The auditor uses auditor-controlled software to perform parallel operations to the client s software by using the same data files. Production transactions Auditor-prepared program Master file Client application system programs Auditor Client Auditor makes comparisons between client s s application system output and the auditor-prepared program output Exception report noting differences Embedded Audit Module Approach Learning Objective 6 Auditor inserts an audit module in the client s s application system to capture transactions with characteristics that are of specific interest to the auditor. Identify issues for e-commercee systems and other specialized IT environments

6 Issues for Different IT Environments Issues for microcomputer environments Issues for network environments End of Chapter 12 Issues for database management systems Issues for e-commerce e systems Issues when clients outsource IT