Learning Objective 1. The Impact of Information Technology on the Audit Process. Describe how IT improves internal control.



Similar documents
The Impact of Information Technology on the Audit Process

PART 10 COMPUTER SYSTEMS

CHAPTER 11 COMPUTER SYSTEMS INFORMATION TECHNOLOGY SERVICES CONTROLS

SESSION 8 COMPUTER ASSISTED AUDIT TECHNIQUE

Control Matters. Computer Auditing. (Relevant to ATE Paper 8 Auditing) David Chow, FCCA, FCPA, CPA (Practising)

Module 7: Computer auditing

INFORMATION TECHNOLOGY CONTROLS

INTERNATIONAL STANDARD ON AUDITING 401 AUDITING IN A COMPUTER INFORMATION SYSTEMS ENVIRONMENT CONTENTS

SECTION 15 INFORMATION TECHNOLOGY

Solutions to Student Self Assessment Questions

auditing in a computer-based

Accounts Payable Outsourcing Audit April 2014

INFORMATION SYSTEM AUDITING AND ASSURANCE

How to set up a people based. accounting system that makes your. small business work for you. Thomas G. Post. Certified Public Accountant

Main Reference : Hall, James A Information Technology Auditing and Assurance, 3 rd Edition, Florida, USA : Auerbach Publications

IT - General Controls Questionnaire

CONTROLLING COMPUTER-BASED INFORMATION SYSTEMS, PART I

IT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results

Internal Controls. A short presentation from Your Internal Audit Department

5:31-7 Appendix B LOCAL AUTHORITIES - ACCOUNTING AND AUDITING IF ANY ARE NOT APPLICABLE, INSERT N/A AS YOUR ANSWER. FIRE DISTRICT YEAR UNDER AUDIT

4 Testing General and Automated Controls

IT Enabled System : Opportunities & Challenges for Assurance Professionals

AUDITING IN COMPUTER ENVIRONMENT. What is audit in a computer environme nt?

Electronic Audit Evidence (EAE) and Application Controls. Tulsa ISACA Chapter December 11, 2014

The Information Systems Audit

Basic Concepts of Accounting Subsidiary Subsidiary Special Special Inform Infor a m tion Ledgers Ledger Journals Jour Systems

FINANCIAL ADMINISTRATION MANUAL

KANSAS CITY, MISSOURI RESPONSES TO THE FISCAL YEAR 2013 AUDIT MANAGEMENT LETTER

ACCOUNTING INFORMATION SYSTEMS

Guideline on risk management and other aspects of internal control in central securities depository

Internal Control Guide & Resources

DeltaV Capabilities for Electronic Records Management

AV Parking System Review

SRI LANKA AUDITING PRACTICE STATEMENT 1013 ELECTRONIC COMMERCE EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS

Guideline on risk management and other aspects of internal control in stock exchange

Silent Safety: Best Practices for Protecting the Affluent

INTERNATIONAL AUDITING PRACTICE STATEMENT 1013 ELECTRONIC COMMERCE EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS

Operational Risk Publication Date: May Operational Risk... 3

APLUS R-SERIES SOFTWARE PRODUCT INFORMATION

STATEMENT OF JOHN E. MCCOY II DEPUTY ASSISTANT INSPECTOR GENERAL FOR AUDITS U.S. DEPARTMENT OF HOMELAND SECURITY BEFORE THE

General Computer Controls

SOLUTION: AUDIT AND INTERNAL REVIEW, MAY 2014

Cash Receipts Internal Controls

Information Technology General Controls Review (ITGC) Audit Program Prepared by:

PRACTICE NOTE 1013 ELECTRONIC COMMERCE - EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS

Interim Audit Report. Borough of Broxbourne Audit 2010/11

Audit Report. Effectiveness of IT Controls at the Global Fund Follow-up report. GF-OIG-15-20b 26 November 2015 Geneva, Switzerland

Certified Information Systems Auditor (CISA)

Information Technology General Controls (ITGCs) 101

Chapter 1 Getting Started

Master Document Audit Program

Information Technology Auditing for Non-IT Specialist

DETAIL AUDIT PROGRAM Information Systems General Controls Review

Build (develop) and document Acceptance Transition to production (installation) Operations and maintenance support (postinstallation)

DeltaV Capabilities for Electronic Records Management

FMCF certification checklist (incorporating the detailed procedures) certification period. Updated May 2015

PDS (The Planetary Data System) Information Technology Security Plan for The Planetary Data System: [Node Name]

GAO. Standards for Internal Control in the Federal Government. Internal Control. United States General Accounting Office.

The Practice of Internal Controls. Cornell Municipal Clerks School July 16, 2014

International Banking. Security in MultiCash

Recruitment Tracking System (R-TRAK) Privacy Impact Assessment

IT Application Controls Questionnaire

Supplier Security Assessment Questionnaire

Application controls testing in an integrated audit

Ayla Networks, Inc. SOC 3 SysTrust 2015

1. Storeroom supplies -- For items stocked in the Palmer storeroom, use the Requisition for Supplies Form.

ACCOUNTING AND FINANCIAL REPORTING REGULATION MANUAL

System Security Plan Template

GUIDELINES FOR THE MANAGEMENT OF OPERATIONAL RISK FOR CREDIT UNIONS

Internal Control Systems and Maintenance of Accounting and Other Records for Interactive Gaming & Interactive Wagering Corporations (IGIWC)

Continuous auditing: the audit of the future

GUIDELINES ON MINIMUM REQUIREMENTS FOR MANAGEMENT OFFICE OF LABUAN INSURANCE AND INSURANCE-RELATED COMPANIES

SRA International Managed Information Systems Internal Audit Report

ACCT341, Chapter 15 Accounting Software

security policy Purpose The purpose of this paper is to outline the steps required for developing and maintaining a corporate security policy.

GENERALIZED AUDIT SOFTWARE

Internal Control Systems

FORM 20A.9 SAMPLE AUDIT PROGRAM FOR TESTING IT CONTROLS. Date(s) Completed. Workpaper Reference

Developing Effective Internal Controls Using the COSO Model

Internal Controls Best Practices

IT OUTSOURCING SECURITY

Payment Procedures. Corruption Prevention Department

Quick Guide Bank Charges & Handling NSF Checks

Receivables Management Year End Closing Checklists Dynamics GP2015

Privacy Impact Assessment for TRUFONE Inmate Telephone System

Tom J. Hull & Company Type 1 SSAE

Good Internal Controls for Small Businesses

Payroll Direct Deposit


Transcription:

Learning Objective 1 The Impact of Information Technology on the Audit Process Describe how IT improves internal control. Chapter 12 12-1 12-2 How Information Technologies Enhance Internal Control Learning Objective 2 Computer replace manual. Higher-quality information is available. Identify risks that arise from using an IT-based accounting system. 12-3 12-4 Assessing Risks of Information Technologies Learning Objective 3 Risks to hardware and data Reduced audit trail Need for IT experience and separation of IT duties Explain how general and application reduce IT risks. 12-5 12-6 12-1

Internal Controls Specific to Information Technology Relationship Between General and Administrative Controls Risk of unauthorized change to application software Risk of system crash General Cash receipts application Sales applications Payroll application Application Other cycle application Risk of unauthorized master file update GENERAL CONTROLS Risk of unauthorized processing 12-7 12-8 General Controls Administration of the IT function Segregation of IT duties Systems development Administration of the IT Function The perceived importance of IT within an organization is often dictated by the attitude of the board of directors and senior management. Physical and online security Backup and contingency planning Hardware 12-9 12-10 Segregation of IT Duties Systems Development Chief Information Officer or IT Manager Security Administrator Typical test strategies Systems Development Operations Data Control Pilot testing Parallel testing 12-11 12-12 12-2

Physical and Online Security Backup and Contingency Planning Physical Controls: Keypad entrances Badge-entry entry systems Security cameras Security personnel Online Controls: User ID control Password control Separate add-on security software One key to a backup and contingency plan is to make sure that all critical copies of software and data files are backed up and stored off the premises. 12-13 12-14 Hardware Controls Application Controls These are built into computer equipment by the manufacturer to detect and report equipment failures. Input Processing Output 12-15 12-16 Input Controls Batch Input Controls These are designed by an organization to ensure that the information being processed is authorized, accurate, and complete. Financial total Hash total Record count 12-17 12-18 12-3

Processing Controls Output Controls Validation test Sequence test These focus on detecting errors after processing is completed rather than on preventing errors. Arithmetic accuracy test Data reasonableness test Completeness test 12-19 12-20 Learning Objective 4 Describe how general affect the auditor s s testing of application. Impact of Information Technology on the Audit Process Effects of general on control risk Effects of IT on control risk and substantive tests Auditing in less complex IT environments Auditing in more complex IT environments 12-21 12-22 Learning Objective 5 Test Data Approach Use test data, parallel simulation, and embedded audit module approaches when auditing through the computer. 1 2 3 Test data should include all relevant conditions that the auditor wants tested. Application programs tested by the auditor s s test data must be the same as those the client used throughout the year. Test data must be eliminated from the client s s records. 12-23 12-24 12-4

Test Data Approach Test Data Approach Master files Input test Transactions to test Key control Procedures Application Programs (Assume Batch System) Transaction files (contaminated?) Control test test Auditor makes comparisons Auditor-predicted of of key key control procedures based on on an an understanding of of internal control Contaminated master files Control test Differences between actual outcome and and predicted result 12-25 12-26 Parallel Simulation Parallel Simulation The auditor uses auditor-controlled software to perform parallel operations to the client s software by using the same data files. Production transactions Auditor-prepared program Master file Client application system programs Auditor Client Auditor makes comparisons between client s s application system output and the auditor-prepared program output Exception report noting differences 12-27 12-28 Embedded Audit Module Approach Learning Objective 6 Auditor inserts an audit module in the client s s application system to capture transactions with characteristics that are of specific interest to the auditor. Identify issues for e-commercee systems and other specialized IT environments. 12-29 12-30 12-5

Issues for Different IT Environments Issues for microcomputer environments Issues for network environments End of Chapter 12 Issues for database management systems Issues for e-commerce e systems Issues when clients outsource IT 12-31 12-32 12-6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information