Application controls testing in an integrated audit
|
|
- Ashlynn Morris
- 8 years ago
- Views:
Transcription
1 Application controls testing in Application controls testing in an integrated audit
2 Learning objectives Describe types of controls Describe application controls and classifications Discuss the nature, timing and extent of application control testing Identify when benchmarking of application controls is appropriate Identify application control testing scoping considerations Identify factors impacting reliance on application controls Describe electronic audit evidence
3 Types of controls
4 Entity-level vs. process-level controls Components of internal control Component Entity level Process/transaction level Control environment Risk assessment Monitoring Information and communication Control activities
5 What are the different types of controls? Type of control Manual Automated Manual controls IT-dependent manual control Application controls IT general controls Prevent Detect Support the continued Misstatement in the financial statements Objective of control functioning of automated aspects of prevent and detect controls
6 Application controls vs. ITGCs Application controls Reside within the application and apply to individual transactions IT general controls Controls around the environment which support the application Test of one strategy (but need to assess design and operating effectiveness) Sample of tests across ITGC processes to ensure function of application controls Examples include: Edit checks Validations Calculations Interfaces Authorizations Examples include: Manage Change Logical Access IT Operations
7 Effect of ITGCs on applications controls Program changes Logical access IT operations Spread sheets Edit checks IT-dependent manual controls IT gen neral controls Electronic audit evidence Billing system A/P application Rate Calculations IT general cont trols Application controls Ad hoc reports Payroll system General ledger Tolerances Program changes Logical access IT operations
8 What are application controls?
9 What are Application Controls? Automated controls that affect the processing of individual transactions Can be characterized as either embedded or configurable Embedded control is programmed within an application to be performed Configurable control is performed depending on an application s setup Often more effective than manual controls Test of one strategy may apply s Segregation of duties Manual controls IT-dependent manual controls Controls Embedded controls configurable controls IT general controls foundation Automated controls Application controls Operating systems Databases ERP l controls Company- leve
10 Classifications of application controls Application controls are commonly grouped into five categories Type Description Examples Edit Checks Limit risk of inappropriate input, processing or output of data due to field format Required fields Specific data format on input Validations Limit risk of inappropriate input, processing, or output of Three-way match data due to the confirmation of a test Tolerance limits Calculations Ensure that a computation is occurring accurately Accounts receivable aging Pricing calculations Interfaces Limit risk of inappropriate input, processing or output of Transfer of data between systems data being exchanged from one application to another Error reporting during batch runs Authorizations Limit the risk of inappropriate input, processing or output of key financial data due to unauthorized access to key financial functions or data. Includes: Segregation of incompatible duties Authorization checks, limits and hierarchies Approval to post journal entries Two approvals for check printing
11 Edit check vs. validation The difference between edit checks and validation controls is often confused Edit check Limit risk of inappropriate input, processing or output of data due to field format Validation Limit risk of inappropriate input, processing, or output of data due to the confirmation of a test
12 Edit check example Edit check control: the application requires a unique customer purchase order number to be entered into the sales order
13 Validation example Validation control: the system prevents the entry of incorrect product numbers on sales orders
14 SoD ITGC vs. application level What is the difference between SoD at the ITGC level and SoD at tthe application level? l? Transaction level Request/approve accurate, timely and complete recording of transactions Prepare accurate, timely and complete recording of transactions ti Move programs in and out of production Monitor accurate, timely and complete recording of transactions System change management level Request/approve program development or program change Program the development or change Move programs in and out of production Monitor program development and changes System logical access level Requesting access, approving access, setting up access, and monitoring access violations/violation attempts Performing rights of a privileged user and monitoring use of a privileged user
15 Nature, timing and extent of application controls testing ti
16 Nature, timing, and extent of testing Nature Nature of testing will depend on if the control is embedded or configurable Configurable application control: Inspect configuration of each significant transaction type (can be performed via walkthrough also) Consider override capability Other menu and record level functionality Generally can be viewed within a configuration screen or via a system generated report Embedded application control: Walkthrough of each significant transaction type Consider override capability Positive and negative aspects of control Identify any dependencies on other controls
17 Nature, timing, and extent of testing Timing i and Extent t By recognizing that application controls operate in a systematic ti manner, we may be able to perform testing ti of application controls in conjunction with the walkthrough for each applicable transaction type and processing alternative. We perform tests to obtain evidence that the application controls operated effectively throughout the period of reliance. Testing ITGCs is the most effective way to obtain evidence that the application controls have continued to operate throughout the period.
18 Relationship Between Application Controls and Testing Techniques Characteristic of the Application Control Nature of Type of Application Control Application Control Edit Validation Calculation Interface Authorization Embedded (System is programmed to perform the control as a result of either custom coding or packaged delivery of that functionality.) Re-performance via walkthrough Inspection of authorization Test of 1 Test of 1 Test of 1 Test of 1 Sample Selected Inspected Test of 1 Test of 1 Test of 1 Test of 1 Configurable (System has the capability to perform the control depending on its setup, but may have been configured differently Re-performance via walkthrough h Test of 1 Test of 1 Test of 1 Test of 1 Inspection of authorization Sample Selected
19 Benchmarking of application controls
20 Benchmarking Overview Audit strategy that may be used to extend the benefits of certain tests of application controls into subsequent audit periods A computer will continue to perform a given procedure in exactly the same way until the program is changed Applicable if change controls are effective Can remain applicable if IT general controls are ineffective, provided we can confirm that no changes have occurred to the particular program In most instances, procedures in subsequent years could be limited to a walkthrough and procedures to maintain the benchmark, and would not have to include detailed testing Benchmarks are generally reestablished every three to five years
21 Benchmarking Considerations Benchmarking strategy considerations: The extent to which the application control can be matched to defined programs within an application; The extent to which the application is stable (i.e., there are few changes from period to period); Whether a report of the compilation dates (or other evidence of changes to the programs) of all programs placed in production is available and is reliable. Evidence considerations: Program/module name(s) - Recording only the application name is generally insufficient, as each application typically represents a suite of programs. The specific program(s) should be identified. Location of the program - Indicate where the program/module is located. File size in bytes - Comparing this information with the previous information may indicate whether the program has been changed. Last change date - In most systems, this will be the date of the file in the directory or program library listing. The last change date of the executable program indicates the date of the last change to the program that is actually processing on system. Recognize the possibility that changes could also have been implemented to programs during the period under review prior to the last change date.
22 Application controls testing considerations
23 Application control testing considerations Perform risk assessment and control analysis in collaboration with business auditors Increases combined understanding of business process and risks Determines focus (all applications or a specific application) Assists in identifying optimum combination of controls (manual, y g p (, application, IT dependent) Consider pervasiveness, sensitivity, and frequency Detect vs. Prevent controls Testing schedule Combined meetings vs. IT specific meetings Testing methodology Nature, timing, and extent Determine if ITGCs are effective
24 Factors impacting reliance on application controls
25 Factors that impact reliance on application controls Segregation of duties Application level Functional task level Overrides Who can override controls? How are overrides monitored? ITGC deficiencies Change management deficiencies can lead to incorrect system processing and calculations Logical access deficiencies controls can lead to electronic data manipulation Operations Which controls are affected by batch processing? How are batch jobs monitored? Factors impacting application controls Dependencies Some application controls depend upon others. For example, the three-way match depends on: The application i being configured to force the match Adequate segregation of duties existing within the application Master file access How are master files secured? How are changes to master data controlled? Interfaces What is the flow of data? What controls monitor the timely and effective operation of interfaces?
26 Electronic audit evidence (EAE)
27 What is electronic audit evidence (EAE)? Data generated by or processed through an application, spreadsheet dh and/or end user computing solution, lti be iti in electronic or printed form, used to support audit procedures Data used for analytical a and data analysis a s procedures es Data supporting the performance of internal controls, including key performance indicators Data that t represents substantive ti audit evidence to support assertions for significant accounts Aging list of accounts receivables Spreadsheet specifying hedging transactions List of gains and losses from sales of marketable securities
28 Reliance on EAE Establishing a basis for relying on electronic data includes: Determining the source of the electronic data (i.e., which application produces the data) Determining, through the identification and evaluation of internal controls or through substantive procedures, whether the electronic data is complete and accurate
29 Testing report logic Evaluate to what extent the logic of the report or query guarantees that the report is complete and accurate Test procedures are determined based on risk assessment: What is the origin of the software? Is the report used frequently by the client? Can the client influence the content of the report? Can the client edit the output of the report? Are we sure the data in the underlying database is complete and accurate? T t d b d t l t ti ( i f Test procedures are based on controls testing (e.g., review of client s test documentation) or substantive testing (e.g., reperforming the report, proving footings)
30 Questions?
Electronic Audit Evidence (EAE) and Application Controls. Tulsa ISACA Chapter December 11, 2014
Electronic Audit Evidence (EAE) and Application Controls Tulsa ISACA Chapter December 11, 2014 Agenda Recent IT-related PCAOB inspection themes: Internal control over financial reporting Multi-location
More informationThe Information Systems Audit
November 25, 2009 e q 1 Institute of of Pakistan ICAP Auditorium, Karachi Sajid H. Khan Executive Director Technology and Security Risk Services e q 2 IS Environment Back Office Batch Apps MIS Online Integrated
More informationRisikobaseret tilgang til revision
Risikobaseret tilgang til revision Hvordan får vi egentlig forholdt os praktisk til ISA 315? v/henrik Nørgaard & Thomas Kühn Structure of the Global Audit Methodology September 2013 Page 2 Phase 1 Planning
More informationINTERNATIONAL STANDARD ON AUDITING 401 AUDITING IN A COMPUTER INFORMATION SYSTEMS ENVIRONMENT CONTENTS
INTERNATIONAL STANDARD ON AUDITING 401 AUDITING IN A COMPUTER INFORMATION SYSTEMS ENVIRONMENT (This Standard is effective, but will be withdrawn when ISA 315 and 330 become effective) * CONTENTS Paragraph
More informationPerforming Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained
Performing Audit Procedures in Response to Assessed Risks 1781 AU Section 318 Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained (Supersedes SAS No. 55.)
More informationThe Use of Spreadsheets: Considerations for Section 404 of the Sarbanes-Oxley Act*
The Use of Spreadsheets: Considerations for Section 404 of the Sarbanes-Oxley Act* July 2004 *connectedthinking The Use of Spreadsheets: Considerations for Section 404 of the Sarbanes-Oxley Act Introduction
More informationOBSERVATIONS FROM 2010 INSPECTIONS OF DOMESTIC ANNUALLY INSPECTED FIRMS REGARDING DEFICIENCIES IN AUDITS OF INTERNAL CONTROL OVER FINANCIAL REPORTING
1666 K Street, N.W. Washington, DC 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8430 www.pcaobus.org OBSERVATIONS FROM 2010 INSPECTIONS OF DOMESTIC ANNUALLY INSPECTED FIRMS REGARDING DEFICIENCIES
More informationInformation Technology General Controls (ITGCs) 101
Information Technology General Controls (ITGCs) 101 Presented by Sugako Amasaki (Principal Auditor) University of California, San Francisco December 3, 2015 Internal Audit Webinar Series Webinar Agenda
More informationIT audit updates. Current hot topics and key considerations. IT risk assessment leading practices
IT audit updates Current hot topics and key considerations Contents IT risk assessment leading practices IT risks to consider in your audit plan IT SOX considerations and risks COSO 2013 and IT considerations
More information4 Testing General and Automated Controls
4 Testing General and Automated Controls Learning Objectives To understand the reasons for testing; To have an idea about Audit Planning and Testing; To discuss testing critical control points; To learn
More informationHow To Audit A Company
1666 K Street, NW Washington, D.C. 20006 Telephone: (202) 207-9100 Facsimile: (202)862-8430 www.pcaobus.org STAFF AUDIT PRACTICE ALERT NO. 11 CONSIDERATIONS FOR AUDITS OF INTERNAL CONTROL OVER FINANCIAL
More informationGuide to the Sarbanes-Oxley Act: IT Risks and Controls. Frequently Asked Questions
Guide to the Sarbanes-Oxley Act: IT Risks and Controls Frequently Asked Questions Table of Contents Page No. Introduction.......................................................................1 Overall
More informationArticle: Control Systems and Controls Testing: General Review
Article: Control Systems and Controls Testing: General Review By: Paul Lydon, BA, CPA, MBS (Hons), PGCLTHE, FHEA Current Examiner in P1 Auditing The main duty of auditors is to report to the members on
More informationAN AUDIT OF INTERNAL CONTROL OVER FINANCIAL REPORTING THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL STATEMENTS:
1666 K Street, NW Washington, D.C. 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8430 www.pcaobus.org STAFF VIEWS AN AUDIT OF INTERNAL CONTROL OVER FINANCIAL REPORTING THAT IS INTEGRATED WITH AN
More informationAn Examination of an Entity s Internal Control Over Financial Reporting That Is Integrated With an Audit of Its Financial Statements
Examination of an Entity s Internal Control 1403 AT Section 501 An Examination of an Entity s Internal Control Over Financial Reporting That Is Integrated With an Audit of Its Financial Statements Source:
More informationINTERNATIONAL STANDARD ON AUDITING 330 THE AUDITOR S RESPONSES TO ASSESSED RISKS CONTENTS
INTERNATIONAL STANDARD ON AUDITING 330 THE AUDITOR S RESPONSES TO ASSESSED RISKS (Effective for audits of financial statements for periods beginning on or after December 15, 2009) CONTENTS Paragraph Introduction
More informationSarbanes-Oxley Section 404: Management s Assessment Process
Sarbanes-Oxley Section 404: Management s Assessment Process Frequently Asked Questions ADVISORY Contents 1 Introduction 2 Providing a Road Map for Management 3 Questions and Answers 3 Section I. Planning
More informationNew Audit Standards: How Will They Impact the Audit
New Audit Standards: How Will They Impact the Audit Process? Presented by Robinson, Farmer, Cox Associates The Commonwealth s premier source of financial expertise since 1953. Presentation Objectives Discuss
More informationFraud and Role of Information Technology. September 2008
Fraud and Role of Information Technology September 2008 Agenda IT Value Proposition Slide 2 Prior Interpretations of Internal Control Structure Have Addressed Three Separate Parts Which Were Audited Somewhat
More informationProject Risk and Pre/Post Implementation Reviews
Project Risk and Pre/Post Implementation Reviews Material Changes to the System of Internal Control VGFOA Conference (Virginia Beach, VA) May 20, 2015 Agenda/Objectives Understand why system implementations
More informationThe Importance of IT Controls to Sarbanes-Oxley Compliance
Hosted by Deloitte, PricewaterhouseCoopers and ISACA/ITGI The Importance of IT Controls to Sarbanes-Oxley Compliance 15 December 2003 1 Presenters Chris Fox, CA Sr. Manager, Internal Audit Services PricewaterhouseCoopers
More information10-1. Auditing Business Process. Objectives Understand the Auditing of the Enteties Business. Process
10-1 Auditing Business Process Auditing Business Process Objectives Understand the Auditing of the Enteties Business Process Identify the types of transactions in different Business Process Asses Control
More informationDr. Thomas Nösberger. A short overview
Dr. Thomas Nösberger A short overview Why do we need audits and auditors? Page 2 Importance of Auditing Importance of Auditing Information risk reflects the possibility that the information upon which
More informationTHE AUDITOR S RESPONSES TO ASSESSED RISKS
SINGAPORE STANDARD ON AUDITING SSA 330 THE AUDITOR S RESPONSES TO ASSESSED RISKS This revised Singapore Standard on Auditing (SSA) 330 supersedes SSA 330 The Auditor s Procedures in Response to Assessed
More informationGUIDE TO THE SARBANES-OXLEY ACT: MANAGING APPLICATION RISKS AND CONTROLS. Frequently Asked Questions
GUIDE TO THE SARBANES-OXLEY ACT: MANAGING APPLICATION RISKS AND CONTROLS Frequently Asked Questions Table of Contents Page No. Introduction 1 Section 1: Looking Forward 3 Section 2: General Application
More informationRisk and Controls 101
Risk and Controls 101 Agenda What is a Risk and Control? Controls 101 What is Risk and Control? Control Types Control Execution Control Categories A-123 Process here at LBNL Wrap-up Process Risk Map Control
More information1. FPO. Guide to the Sarbanes-Oxley Act: IT Risks and Controls. Second Edition
1. FPO Guide to the Sarbanes-Oxley Act: IT Risks and Controls Second Edition Table of Contents Introduction... 1 Overall IT Risk and Control Approach and Considerations When Complying with Sarbanes-Oxley...
More informationKANSAS CITY, MISSOURI RESPONSES TO THE FISCAL YEAR 2013 AUDIT MANAGEMENT LETTER
KANSAS CITY, MISSOURI RESPONSES TO THE FISCAL YEAR 2013 AUDIT MANAGEMENT LETTER Material Weaknesses (0) No material weaknesses were reported for FY 2013. Significant Deficiencies (1) Grant Receivable Accounting
More informationContinuous Controls Monitoring ISACA, Houston Chapter. August 17, 2006
Continuous Controls Monitoring ISACA, Houston Chapter August 17, 2006 Purpose of Discussion Understand impact of Continuous Controls Monitoring (CCM) on the Information Systems Audit community To perform
More informationAudit Quality Thematic Review
Thematic Review Professional discipline Financial Reporting Council December 2014 Audit Quality Thematic Review The audit of loan loss provisions and related IT controls in banks and building societies
More informationConnecting the dots: IT to Business
Connecting the dots: IT to Business Jason Wood, CPA, CISA, CIA, CITP, CFF April 2015 1 Speaker Bio Jason Wood Over 18 years of international business experience in planning, conducting, and quality reviewing
More informationCIIA South West Analytics in Internal Audit - Tackling Fraud
CIIA South West Analytics in Internal Audit - Tackling Fraud 10 December 2014 Agenda Intro to Analytics When to use analytics and how to get started Risk Monitoring and Control Automation Common Pitfalls
More informationSolihull Metropolitan Borough Council. IT Audit Findings Report September 2015
Solihull Metropolitan Borough Council IT Audit Findings Report September 2015 Version: Responses v6.0 SMBC Management Response July 2015 Financial Year: 2014/2015 Key to assessment of internal control
More informationAudit Phases. Phase 1: Planning and Risk Identification
Audit Phases Phase 1: Planning and Risk Identification Remember the Audit Risk Model of the client, Susceptibility to fraud Control risk Errors likely to occur In client s financial statements Detection
More informationAuditing Standard 5- Effective and Efficient SOX Compliance
Auditing Standard 5- Effective and Efficient SOX Compliance September 6, 2007 Presented to: The Dallas Chapter of the Institute of Internal Auditors These slides are incomplete without the benefit of the
More informationApplication Testing: Not Just for IT Auditors. Insert Logo Here
Application Testing: Not Just for IT Auditors Huntington Ingalls Industries Who We Are Over a century designing, building, overhauling and repairing ships for the U.S. Navy, the U.S. Coast Guard and world
More informationAssessing Credit Risk
Assessing Credit Risk Objectives Discuss the following: Inherent Risk Quality of Risk Management Residual or Composite Risk Risk Trend 2 Inherent Risk Define the risk Identify sources of risk Quantify
More informationHow To Audit A Financial Statement
INTERNATIONAL STANDARD ON 400 RISK ASSESSMENTS AND INTERNAL CONTROL (This Standard is effective, but will be withdrawn when ISA 315 and 330 become effective) * CONTENTS Paragraph Introduction... 1-10 Inherent
More informationRELEVANT TO FOUNDATION LEVEL PAPER FAU / ACCA QUALIFICATION PAPER F8
RELEVANT TO FOUNDATION LEVEL PAPER FAU / ACCA QUALIFICATION PAPER F8 Audit procedures Audit procedures are an important area of the syllabus, though candidates often use inappropriate audit procedures
More informationC31: Introduction to Application Controls: SAP and JD Edwards Sarah E. Thompson and K. C. Fike, PwC
C31: Introduction to Application Controls: SAP and JD Edwards Sarah E. Thompson and K. C. Fike, PwC Introduction to Application Controls SAP and JD Edwards Presentation Overview o Introductions o Application
More informationCOSO s 2013 Internal Control Framework in Depth: Implementing the Enhanced Guidance for Internal Control over External Financial Reporting
in Depth: Implementing the Enhanced Guidance for Internal Control over External Financial Reporting Table of Contents EXECUTIVE SUMMARY... 3 BACKGROUND... 3 SIGNIFICANT CHANGES AFFECTING INTERNAL CONTROL
More informationThis release of the FISCAM document has been reformatted from the January 1999 version.
United States General Accounting Office This release of the FISCAM document has been reformatted from the January 1999 version. It includes only formatting changes, refers to several different GAO documents,
More informationIT Enabled System : Opportunities & Challenges for Assurance Professionals
IT Enabled System : Opportunities & Challenges for Assurance Professionals Acknowledgements: - ISACA - ITGI - Wikipedia - The Economist - ICMAB - SCB March 31, 2011; ICAB (Chartered Accountant Bhaban)
More informationS24 - Governance, Risk, and Compliance (GRC) Automation Siamak Razmazma
S24 - Governance, Risk, and Compliance (GRC) Automation Siamak Razmazma Governance, Risk, Compliance (GRC) Automation Siamak Razmazma Siamak.razmazma@protiviti.com September 2009 Agenda Introduction to
More informationReporting on Control Procedures at Outsourcing Entities
Auditing Guidance Statement AGS 1042 (July 2002) Reporting on Control Procedures at Outsourcing Entities Prepared by the Auditing & Assurance Standards Board of the Australian Accounting Research Foundation
More informationInspection Observations Related to PCAOB "Risk Assessment" Auditing Standards (No. 8 through No.15)
1666 K Street, N.W. Washington, DC 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8430 www.pcaobus.org Inspection Observations Related to PCAOB "Risk Assessment" Auditing Standards (No. 8 through
More informationKnowledge Management Series. Internal Audit in ERP Environment
Knowledge Management Series Internal Audit in ERP Environment G BALU ASSOCIATES Knowledge Management Series ISSUE-5 ; VOL 1 Internal Audit in ERP Environment APRIL/2012 Editorial Greetings..!!! Raja Gopalan.B
More informationSAP SECURITY CLEARING THE CONFUSION AND TAKING A HOLISTIC APPROACH
SAP SECURITY CLEARING THE CONFUSION AND TAKING A HOLISTIC APPROACH WWW.MANTRANCONSULTING.COM 25 Mar 2011, ISACA Singapore SOD SAS70 Project Controls Infrastructure security Configurable controls Change
More informationauditing in a computer-based
auditing in a computer-based RELEVANT TO cat paper 8 and ACCA QUALIFICATION PAPERs f8 The accounting systems of many companies, large and small, are computer-based; questions in all ACCA audit papers reflect
More informationRisks (Audit Risk Formula)
Risks (Audit Risk Formula) Component of Audit Risk Inherent risk Errors likely to occur In client s financial statements Control risk Detection risk Audit risk Errors not detected by controls Errors that
More informationISACA is responding to the PCAOB questions principally from an information technology (IT) perspective.
3701 Algonquin Road, Suite 1010 Telephone: 847.253.1545 Rolling Meadows, Illinois 60008, USA Facsimile: 847.253.1443 Web Sites: www.isaca.org and www.itgi.org 17 December 2007 Office of the Secretary Public
More informationInternal Auditing & Controls. Examination phase of the internal audit Module 5. Course Name: Internal Auditing & Controls
Course Name: Internal Auditing & Controls Module: 5 Module Title: Examination phase of the internal audit Lecture and handouts prepared by Chuck Campbell Examination phase of the internal audit Module
More informationCase Study Top-Down, Risk-Based Approach Purchase to Pay Process
Top-Down, Risk-Based Approach Purchase to Pay Process Overview This case study describes the flow of a Top-Down Risk, Based Approach for an example Purchase to Pay process. This case study is not all-inclusive
More informationJ-SOX Compliance Approach Best Practices for Foreign Subsidiaries November 8, 2007
J-SOX Compliance Approach Best Practices for Foreign Subsidiaries November 8, 2007 Protiviti Background Consulting firm dedicated to business and technology risk consulting, and internal audit services
More informationWHITE PAPER. Best Practices for the Use of Data Analysis in Audit. John Verver, CA, CISA, CMC
WHITE PAPER Best Practices for the Use of Data Analysis in Audit John Verver, CA, CISA, CMC CONTENTS Executive Summary...1 The Evolving Role of Audit Analytics...3 Applications of Audit Analytics...3 Approaches
More informationU S I N G D A T A A N A L Y S I S T O M E E T T H E R E Q U I R E M E N T S O F R I S K B A S E D A U D I T I N G S T A N D A R D S
U S I N G D A T A A N A L Y S I S T O M E E T T H E R E Q U I R E M E N T S O F R I S K B A S E D A U D I T I N G S T A N D A R D S A C a s e W a r e I D E A R e s e a r c h R e p o r t CaseWare IDEA Inc.
More informationwww.pwc.com Understanding ERP Architectures, Security and Risk Brandon Sprankle PwC Partner March 2015
www.pwc.com Understanding ERP Architectures, Security and Risk Brandon Sprankle Partner Agenda 1. Introduction 2. Overview of ERP security architecture 3. Key ERP security models 4. Building and executing
More informationHow To Audit A Company
INTERNATIONAL STANDARD ON AUDITING 315 IDENTIFYING AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENT THROUGH UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT (Effective for audits of financial statements for
More informationSTATEMENT OF AUDITING STANDARDS 300 AUDIT RISK ASSESSMENTS AND ACCOUNTING AND INTERNAL CONTROL SYSTEMS
STATEMENT OF AUDITING STANDARDS 300 AUDIT RISK ASSESSMENTS AND ACCOUNTING AND INTERNAL CONTROL SYSTEMS (Issued January 1997; revised January 2004) SAS 300 (revised January 04) Contents Paragraphs Introduction
More informationThe Impact of Information Technology on the Audit Process
The Impact of Information Technology on the Audit Process Chapter 12 2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 12-1 Learning Objective 1 Describe how IT improves internal
More informationAuditing Standard ASA 330 The Auditor's Responses to Assessed Risks
ASA 330 (October 2009) Auditing Standard ASA 330 The Auditor's Responses to Assessed Risks Issued by the Auditing and Assurance Standards Board Obtaining a Copy of this Auditing Standard This Auditing
More informationIT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results
Acquire or develop application systems software Controls provide reasonable assurance that application and system software is acquired or developed that effectively supports financial reporting requirements.
More informationImplementation Tool for Auditors
Implementation Tool for Auditors CANADIAN AUDITING STANDARDS (CAS) APRIL 2015 STANDARD DISCUSSED CAS 240, The auditor s responsibilities relating to fraud in an audit of financial statements Testing Journal
More informationCHAPTER 8 SPECIALIZED AUDIT TOOLS: SAMPLING AND GENERALIZED AUDIT SOFTWARE
A U D I T I N G A RISK-BASED APPROACH TO CONDUCTING A QUALITY AUDIT 9 th Edition Karla M. Johnstone Audrey A. Gramling Larry E. Rittenberg CHAPTER 8 SPECIALIZED AUDIT TOOLS: SAMPLING AND GENERALIZED AUDIT
More informationEffectively Assessing IT General Controls
Effectively Assessing IT General Controls Tommie Singleton UAB AGENDA Introduction Five Categories of ITGC Control Environment/ELC Change Management Logical Access Controls Backup/Recovery Third-Party
More informationIndependent Auditors Report
KPMG LLP Suite 12000 1801 K Street, NW Washington, DC 20006 Independent Auditors Report Administrator and Acting Inspector General United States General Services Administration: Report on the Financial
More informationPart II. Audit process by phase 3. Testing and evidence
Part II. Audit process by phase 3. Testing and evidence Quiz 1: The quality of audit evidence depends on whether it is relevant and reliable in supporting the conclusions of the auditor, and normally the
More informationINTERNATIONAL STANDARD ON AUDITING (UK AND IRELAND) 315
INTERNATIONAL STANDARD ON AUDITING (UK AND IRELAND) 315 IDENTIFYING AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENT THROUGH UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT (Effective for audits of financial
More informationUnderstanding the Entity and Its Environment and Assessing the Risks of Material Misstatement
Understanding the Entity and Its Environment 1667 AU Section 314 Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement (Supersedes SAS No. 55.) Source: SAS No. 109.
More informationConsultation Response
Consultation Response PROPOSED AUDITING STANDARD AN AUDIT OF INTERNAL CONTROL OVER FINANCIAL REPORTING PERFORMED IN CONJUNCTION WITH AN AUDIT OF FINANCIAL STATEMENTS PCAOB Rulemaking Docket Matter No.
More informationStages of the Audit Process
Chapter 5 Stages of the Audit Process Learning Objectives Upon completion of this chapter you should be able to explain: LO 1 Explain the audit process. LO 2 Accept a new client or confirming the continuance
More informationAUDIT OF INTERNAL CONTROL THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL STATEMENTS: GUIDANCE FOR AUDITORS OF SMALLER PUBLIC COMPANIES
Office of the Secretary, PCAOB, 1666 K Street, N.W., Washington, D.C. 20006-2803 RE: Preliminary Staff Views October 17, 2007 on AN AUDIT OF INTERNAL CONTROL THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL
More informationCommunicating Internal Control Related Matters Identified in an Audit
Communicating Internal Control 1843 AU Section 325 Communicating Internal Control Related Matters Identified in an Audit (Supersedes SAS No. 112.) Source: SAS No. 115. Effective for audits of financial
More informationSegregation of Duties
Segregation of Duties Scott Mitchell, Senior Manager (503) 478-2193 John Earl, Manager (503) 478-2188 January 5, 2010 Our Objectives Clarify the role of Segregation of Duties (SOD) Identify alternatives
More informationCase 14-08 Tiger Pride Enterprises
Case -08 Tiger Pride Enterprises You are the audit senior for Tiger Pride Enterprises (Tiger Pride). The audit partner has asked you to review the AICPA Statement on ing Standards (SAS) AU-C 600, Special
More informationLeverage T echnology: Move Your Business Forward
Give me a lever long enough and a fulcrum on which to place it, and I shall move the world - Archimedes Copyright. Fulcrum Information Technology, Inc. Is Oracle ERP in Scope for 2014 Audit Plan? Learn,
More informationUsing COBiT For Sarbanes Oxley. Japan November 18 th 2006 Gary A Bannister
Using COBiT For Sarbanes Oxley Japan November 18 th 2006 Gary A Bannister Who Am I? Who am I & What I Do? I am an accountant with 28 years experience working in various International Control & IT roles.
More informationNavy s Contract/Vendor Pay Process Was Not Auditable
Inspector General U.S. Department of Defense Report No. DODIG-2015-142 JULY 1, 2015 Navy s Contract/Vendor Pay Process Was Not Auditable INTEGRITY EFFICIENCY ACCOUNTABILITY EXCELLENCE INTEGRITY EFFICIENCY
More informationManager's Guide to TimeIPS
Manager's Guide to TimeIPS A training and reference guide for Managers using the TimeIPS time and attendance system. For more information, please contact WorkSmart Systems. To Log in, please go to your
More informationFinancial and operational complexities
So l u t i o n s Harnessing the Power of Business Intelligence By Jeff Jackson and Carol Market Harris County, Texas, used business intelligence technology to automate its financial reports and become
More informationService Organizations and the Internal Audit function. 2015 conference Institute of Internal Auditors in Israel
Service Organizations and the Internal Audit function 2015 conference Institute of Internal Auditors in Israel Proprietary This work product/document is intended solely for the information and use of the
More informationCycle Counts of Inventory, A Practical Guide
Cycle Counts of Inventory, A Practical Guide Background The most successful are continually looking for ways to improve the efficiency and effectiveness of their operations. Following the widespread adoption
More informationAUDIT EFFICIENCIES: IS YOUR RELIANCE STRATEGY WORKING FOR YOU? Kyleen Wissell, CRISC, PHR, RCC
AUDIT EFFICIENCIES: IS YOUR RELIANCE STRATEGY WORKING FOR YOU? Kyleen Wissell, CRISC, PHR, RCC Today s Agenda Background: Audit Standard #5 adopted by PCAOB and approved by the SEC in 2007 was intended
More informationInternal Controls Best Practices By Jennifer Downs, CPA Benefit Audit Group, LLC
Internal Controls Best Practices By Jennifer Downs, CPA Benefit Audit Group, LLC Internal control consists of: Entity level controls these controls relate to the overall control environment and can potentially
More informationJD Edwards EnterpriseOne Payroll for Canada Rel 9.x
Oracle University Contact Us: 0800 891 6502 JD Edwards EnterpriseOne Payroll for Canada Rel 9.x Duration: 5 Days What you will learn The JD Edwards EnterpriseOne Payroll for Canada Rel 9.x Ed 1 training
More informationInternal Controls over Financial Reporting. Integrating in Business Processes & Key Lessons learned
Internal Controls over Financial Reporting Integrating in Business Processes & Key Lessons learned Introduction Stephen McIntyre, CA, CPA (Illinois) Senior Manager at Ernst & Young in the Risk Advisory
More informationAutomated Controls Strategy, Implementation & Practical Examples. By Danny Miller, CGEIT, CISA, ITIL
Automated Controls Strategy, Implementation & Practical Examples By Danny Miller, CGEIT, CISA, ITIL Contents 1 Introduction 1 What are automated controls? 2 How do automated controls benefit IT and the
More informationComparison of ISA 330 with AS-402 Objectives and Requirements Only
Comparison of ISA 330 with AS-402 Objectives and Requirements Only International Standard on Auditing 330 (Redrafted): The Auditor s INTRODUCTION Scope of this ISA 1. This International Standard on Auditing
More informationAudit Sampling 101. BY: Christopher L. Mitchell, MBA, CIA, CISA, CCSA Cmitchell@KBAGroupLLP.com
Audit Sampling 101 BY: Christopher L. Mitchell, MBA, CIA, CISA, CCSA Cmitchell@KBAGroupLLP.com BIO Principal KBA s Risk Advisory Services Team 15 years of internal controls experience within the following
More informationSarbanes-Oxley 404. Sarbanes-Oxley Background. SOX 404 Internal Controls. Goals of Sarbanes-Oxley
Sarbanes-Oxley Background Sarbanes-Oxley 404 Internal Controls in Financial Reporting: Implications for Actuaries Legislation passed July 30, 2002 Applies to GAAP financial statements filed with SEC Effective
More informationAudit Compliance and Internal Audit Analysis for Dynamics
Fastpath Audit Compliance and Internal Audit Analysis for Dynamics: Better Audit Results with a Reliable, Repeatable Process using Fastpath Fastpath 11107 Aurora Ave. Urbandale, IA 50322 (515) 276-1779
More informationIPPF Practice Guide. Auditing Application Controls
IPPF Practice Guide Auditing Application Controls Global Technology Audit Guide (GTAG) 8: Auditing Application Controls Authors Christine Bellino, Jefferson Wells Steve Hunt, Crowe Horwath LLP Original
More informationBuilding an Audit Trail in an Oracle EBS Environment. Presented by: Jeffrey T. Hare, CPA CISA CIA
Building an Audit Trail in an Oracle EBS Environment Presented by: Jeffrey T. Hare, CPA CISA CIA Webinar Logistics Hide and unhide the Webinar control panel by clicking on the arrow icon on the top right
More informationWebinar: PCAOB Inspections of Small Firm Broker-Dealer Auditors. January 15, 2015
Webinar: PCAOB Inspections of Small Firm Broker-Dealer Auditors January 15, 2015 Introductory Remarks Mary Sjoquist, Director Office of Outreach and Small Business Liaison Caveat The views we express today
More informationOverall Audit Plan and Audit Program. I. Introduction Chapter is primarily review and integration of the audit framework.
Overall Audit Plan and Audit Program A424: Chapter 13 I. Introduction Chapter is primarily review and integration of the audit framework. II. Types of Tests used to determine fair presentation of financial
More information[300] Accounting and internal control systems and audit risk assessments
[300] Accounting and internal control systems and audit risk assessments (Issued March 1995) Contents Paragraphs Introduction 1 12 Inherent risk 13 15 Accounting system and control environment 16 23 Internal
More informationSOLUTION: AUDIT AND INTERNAL REVIEW, MAY 2014
SOLUTION 1(a) (a) The Auditing guideline points out that the amount or quantity of audit evidence required for the auditor to achieve the level of assurance is a matter of professional judgment. The factors
More informationNavigating the Standards for Information Technology Controls
Navigating the Standards for Information Technology Controls By Joseph B. O Donnell and Yigal Rechtman JULY 2005 - Pervasive use of computers, along with recent legislation such as the Sarbanes- Oxley
More informationChange Management Best Practices for ERP Applications, An Internal Auditor's Perspective. Jeffrey T. Hare, CPA CISA CIA ERP Risk Advisors
Change Management Best Practices for ERP Applications, An Internal Auditor's Perspective Jeffrey T. Hare, CPA CISA CIA ERP Risk Advisors Webinar Logistics Hide and unhide the Webinar control panel by clicking
More informationLearning Objective 1. The Impact of Information Technology on the Audit Process. Describe how IT improves internal control.
Learning Objective 1 The Impact of Information Technology on the Audit Process Describe how IT improves internal control. Chapter 12 12-1 12-2 How Information Technologies Enhance Internal Control Learning
More information