Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 3-Auditing Computer-based Information Systems.

Published byAnabel Hunter Modified over 8 years ago

Similar presentations

Presentation on theme: "Chapter 3-Auditing Computer-based Information Systems."— Presentation transcript:

1 Chapter 3-Auditing Computer-based Information Systems

2 Learning Objectives  Scope and objectives of audit work, and major steps in the audit process.  Objectives of an information system audit, and four-step approach necessary for meeting these objectives.  Design a plan for the study and evaluation of internal control in an AIS.  Describe computer audit software, and explain how it is used in the audit of an AIS  Describe the nature and scope of an operational audit. 2

3 Auditing The systematic process of obtaining and evaluating evidence regarding assertions about economic actions and events in order to determine how well they correspond with established criteria 3

4 Types of Audits  Financial Examines the reliability and integrity of:  Financial transactions, accounting records, and financial statements.  Information System Reviews the controls of an AIS to assess compliance with:  Internal control policies and procedures and effectiveness in safeguarding assets  Operational Economical and efficient use of resources and the accomplishment of established goals and objectives  Compliance Determines whether entities are complying with:  Applicable laws, regulations, policies, and procedures  Investigative Incidents of possible fraud, misappropriation of assets, waste and abuse, or improper governmental activities. 4

5 The Audit Process Planning Collecting Evidence Evaluating Evidence Communicating Audit Results 5

6 Planning the Audit Why, when, how, whom Work targeted to area with greatest risk: Inherent Chance of risk in the absence of controls Control Risk a misstatement will not be caught by the internal control system Detection Chance a misstatement will not be caught by auditors or their procedures 6

7 Evaluation of Audit Evidence Does evidence support favorable or unfavorable conclusion? Materiality How significant is the impact of the evidence? Reasonable Assurance Some risk remains that the audit conclusion is incorrect. 7

8 Communication of Audit Conclusion Written report summarizing audit findings and recommendations: To management The audit committee The board of directors Other appropriate parties 8

9 Risk-Based Audit Determine the threats (fraud and errors) facing the company. Accidental or intentional abuse and damage to which the system is exposed Identify the control procedures that prevent, detect, or correct the threats. These are all the controls that management has put into place and that auditors should review and test, to minimize the threats Evaluate control procedures. A systems review Are control procedures in place Tests of controls Are existing controls working Evaluate control weaknesses to determine their effect on the nature, timing, or extent of auditing procedures. 9

10 Information Systems Audit Purpose: To review and evaluate the internal controls that protect the system Objectives: 1. Overall information security 2. Program development and acquisition 3. Program modification 4. Computer processing 5. Source files 6. Data files 10

11 1. Information System Threats Accidental or intentional damage to system assets Unauthorized access, disclosure, or modification of data and programs Theft Interruption of crucial business activities 11

12 2. Program Development and Acquisition Inadvertent programming errors due to misunderstanding system specifications or careless programming Unauthorized instructions deliberately inserted into the programs Controls: Management and user authorization and approval, thorough testing, and proper documentation 12

13 3. Program Modification Source Code Comparison Compares current program against source code for any discrepancies Reprocessing Use of source code to re-run program and compare for discrepancies Parallel Simulation Auditor-created program is run and used to compare against source code 13

14 4. Computer Processing  System fails to detect: Erroneous input Improper correction of input errors Process erroneous input Improperly distribute or disclose output  Concurrent audit techniques Continuous system monitoring while live data are processed during regular operating hours Using embedded audit modules  Program code segments that perform audit functions, report test results, and store the evidence collected for auditor review 14

15 Types of Concurrent Audits Integrated Test Facility Uses fictitious inputs Snapshot Technique Master files before and after update are stored for specially marked transactions System Control Audit Review File (SCARF) Continuous monitoring and storing of transactions that meet pre-specifications Audit Hooks Notify auditors of questionable transactions Continuous and Intermittent Simulation Similar to SCARF for DBMS 15

16 5. Source Data & 6. Data Files Accuracy Integrity Security of data 16

17 End of Chapter 3 By: Munawar Hameed IS 630 : Lecture 1017

Download ppt "Chapter 3-Auditing Computer-based Information Systems."

Similar presentations

Bodnar/Hopwood AIS 7th Ed1 Chapter 5 u TRANSACTION PROCESSING AND INTERNAL CONTROL PROCESS.

Bodnar/Hopwood AIS 7th Ed1 Chapter 5 u TRANSACTION PROCESSING AND INTERNAL CONTROL PROCESS.
Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Accounting Information Systems 9th Edition

Accounting Information Systems 9th Edition
Auditing Concepts.

Auditing Concepts.
©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart 10-1 Accounting Information Systems 9 th Edition Marshall.

©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart 10-1 Accounting Information Systems 9 th Edition Marshall.
AUDITING COMPUTER-BASED INFORMATION SYSTEMS

AUDITING COMPUTER-BASED INFORMATION SYSTEMS
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
Internal Control.

Internal Control.
Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.

Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.
Auditing Computer Systems

Auditing Computer Systems
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
The Islamic University of Gaza

The Islamic University of Gaza
©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 1 - 1 The Demand for Audit and Other Assurance Services Chapter 1.

©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder The Demand for Audit and Other Assurance Services Chapter 1.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Review of Introduction to Auditing

Review of Introduction to Auditing
THE AUDITING OF INFORMATION SYSTEMS

THE AUDITING OF INFORMATION SYSTEMS
Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.

Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.
IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESS

IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESS
18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.

18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.

Similar presentations

Ads by Google