We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byGordon Rose
Modified about 1 year ago
Copyright © 2015 Pearson Education, Inc. Auditing Computer-Based Information Systems Chapter
Copyright © 2015 Pearson Education, Inc. Learning Objectives Describe the nature, scope, and objectives of audit work, and identify the major steps in the audit process. Identify the six objectives of an information system audit, and describe how the risk-based audit approach can be used to accomplish these objectives. Describe the different tools and techniques auditors use to test software programs and program logic. Describe computer audit software, and explain how it is used in the audit of an AIS. Describe the nature and scope of an operational audit. 11-2
Copyright © 2015 Pearson Education, Inc. Auditing The process of obtaining and evaluating evidence regarding assertions about economic actions and events in order to determine how well they correspond with established criteria 11-3
Copyright © 2015 Pearson Education, Inc. Major Steps in the Auditing Process Audit planning ▫Why, how, when, and who ▫Establish scope and objectives of the audit; identify risk Collection of audit evidence Evaluation of evidence Communication of results 11-4
Copyright © 2015 Pearson Education, Inc. Risk-Based Framework Identify fraud and errors (threats) that can occur that threaten each objective Identify control procedures (prevent, detect, correct the threats) Evaluate control procedures ▫Review to see if control exists and is in place ▫Test controls to see if they work as intended Determine effect of control weaknesses ▫Compensating controls 11-5
Copyright © 2015 Pearson Education, Inc. Information Systems Audit Using the risk-based framework for an information systems audit allows the auditor to review and evaluate internal controls that protect the system to meet each of the following objectives: ▫Protect overall system security (includes computer equipment, programs, and data) ▫Program development and acquisition occur under management authorization ▫Program modifications occur under management authorization ▫Accurate and complete processing of transactions, records, files, and reports ▫Prevent, detect, or correct inaccurate or unauthorized source data ▫Accurate, complete, and confidential data files 11-6
Copyright © 2015 Pearson Education, Inc. 1. Protect Overall System Security Controls Theft of hardware Damage of hardware (accidental and intentional) Loss, theft, unauthorized access to ▫Programs ▫Data Unauthorized modification or use of programs and data files Unauthorized disclosure of confidential data Interruption of crucial business activities Limit physical access to computer equipment Use authentication and authorization controls Data storage and transmission controls Virus protection and firewalls File backup and recovery procedures Disaster recovery plan Preventive maintenance Insurance Threats 11-7
Copyright © 2015 Pearson Education, Inc. 2. Program Development and Acquisition Occur under Management Authorization ThreatControls Inadvertent programming errors Unauthorized program code Review software license agreements Management authorization for: ▫Program development ▫Software acquisition Management and user approval of programming specifications Testing and user acceptance of new programs Systems documentation 11-8
Copyright © 2015 Pearson Education, Inc. 3. Program Development and Acquisition Occur under Management Authorization ThreatControls Inadvertent programming errors Unauthorized program code List program components to be modified Management authorization and approval for modifications User approval for modifications Test changes to program System documentation of changes Logical access controls 11-9
Copyright © 2015 Pearson Education, Inc. 4. Accurate and Complete Processing of Transactions, Records, Files, and Reports ThreatsControls Failure to detect incorrect, incomplete, or unauthorized input data Failure to correct errors identified from data editing procedures Errors in files or databases during updating Improper distribution of output Inaccuracies in reporting Data editing routines Reconciliation of batch totals Error correction procedures Understandable documentation Competent supervision 11-10
Copyright © 2015 Pearson Education, Inc. 5. Prevent, Detect, or Correct Inaccurate or Unauthorized Source Data ThreatControls Inaccurate source data Unauthorized source data User authorization of source data input Batch control totals Log receipt, movement, and disposition of source data input Turnaround documents Check digit and key verification Data editing routines 11-11
Copyright © 2015 Pearson Education, Inc. 6. Accurate, Complete, and Confidential Data Files ThreatsControls Destruction of stored data from ▫Errors ▫Hardware and software malfunctions ▫Sabotage Unauthorized modification or disclosure of stored data Secure storage of data and restrict physical access Logical access controls Write-protection and proper file labels Concurrent update controls Data encryption Virus protection Backup of data files (offsite) System recovery procedures 11-12
Copyright © 2015 Pearson Education, Inc. Audit Techniques Used to Test Programs Integrated Test Facility ▫Uses fictitious inputs Snapshot Technique ▫Master files before and after update are stored for specially marked transactions System Control Audit Review File (SCARF) ▫Continuous monitoring and storing of transactions that meet pre- specifications Audit Hooks ▫Notify auditors of questionable transactions Continuous and Intermittent Simulation ▫Similar to SCARF for DBMS 11-13
Copyright © 2015 Pearson Education, Inc. Software Tools Used to Test Program Logic Automated flowcharting program ▫Interprets source code and generates flowchart Automated decision table program ▫Interprets source code and generates a decision table Scanning routines ▫Searches program for specified items Mapping programs ▫Identifies unexecuted code Program tracing ▫Prints program steps with regular output to observe sequence of program execution events 11-14
Copyright © 2015 Pearson Education, Inc. Computer Audit Software Computer assisted audit software that can perform audit tasks on a copy of a company’s data. Can be used to: ▫Query data files and retrieve records based upon specified criteria ▫Create, update, compare, download, and merge files ▫Summarize, sort, and filter data ▫Access data in different formats and convert to common format ▫Select records using statistical sampling techniques ▫Perform analytical tests ▫Perform calculations and statistical tests 11-15
Copyright © 2015 Pearson Education, Inc. Operational Audits Purpose is to evaluate effectiveness, efficiency, and goal achievement. Although the basic audit steps are the same, the specific activities of evidence collection are focused toward operations such as: ▫Review operating policies and documentation ▫Confirm procedures with management and operating personnel ▫Observe operating functions and activities ▫Examine financial and operating plans and reports ▫Test accuracy of operating information ▫Test operational controls 11-16
Copyright © 2015 Pearson Education, Inc. Key Terms Auditing Internal auditing Financial audit Information systems audit Operational audit Compliance audit Investigative audit Inherent risk Control risk Detection risk Confirmation Reperformance Vouching Analytical review Materiality Reasonable assurance Systems review Test of controls Compensating controls Source code comparison program Reprocessing Parallel simulation Test data generator Concurrent audit techniques Embedded audit modules Integrated test facility (ITF) Snapshot technique System control audit review file (SCARF) Audit log 11-17
Copyright © 2015 Pearson Education, Inc. Key Terms (continued) Audit hooks Continuous and intermittent simulation (CIS) Automated flowcharting program Automated decision table program Scanning routines Mapping programs Program tracing Input controls matrix Computer-assisted audit techniques (CAAT) Generalized audit software (GAS) 11-18
Chapter 11 Auditing Computer-Based Information Systems Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 11-1.
IS 630 : Accounting Information Systems Auditing Computer-based Information Systems Lecture 10.
Chapter 3-Auditing Computer-based Information Systems.
Auditing Computer Systems Dr. Yan Xiong College of Business CSU Sacramento 9/11/03.
©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart 10-1 Accounting Information Systems 9 th Edition Marshall.
Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.
Lecture Outline 11 THE AUDITING OF INFORMATION SYSTEMS.
Chapter 9 AUDITING COMPUTER-BASED INFORMATION SYSTEMS FOSTER School of Business Acctg 3201.
Auditing Auditing & Automated Systems Chapter 22 Auditing & Automated Systems Chapter 22.
Auditing of CBIS Chapter Ten. IIA Vs. AICPA IIA Audit Scope –Reliability and integrity –Complies with operating parameters –Review IC to safeguard assets.
Copyright © 2015 Pearson Education, Inc. Computer Fraud Chapter
Application Controls Presented to the Tallahassee ISACA Chapter Brown Bag Luncheon.
Chapter 10 Information Systems Controls for System Reliability—Part 3: Processing Integrity and Availability Copyright © 2012 Pearson Education, Inc. publishing.
Copyright © 2015 Pearson Education, Inc. Processing Integrity and Availability Controls Chapter
© 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart1 of 151 C HAPTER 9 Auditing Computer-Based Information Systems.
2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood 13 – 1 Chapter 13 Auditing Information Technology.
Copyright © Pearson Education Limited Computer Fraud Chapter
Chapter 8-1 The Islamic University of Gaza Accounting Information Systems Information Technology Auditing Dr. Hisham madi.
Understanding the IT environment of the entity. Session objectives Defining contours of financial accounting in an IT environment and its characteristics.
S4: Understanding the IT environment of the entity.
Chapter 8-1 Chapter 8 Accounting Information Systems Information Technology Auditing Dr. Hisham madi.
Computer Based Information Systems Control UAA – ACCT 316 – Fall 2003 Accounting Information Systems Dr. Fred Barbee.
IT Audit for non-IT auditors Cornell Dover Assistant Auditor General 31 March 2013.
1 Chapter Nine Conducting the IT Audit Lecture Outline Audit Standards IT Audit Life Cycle Four Main Types of IT Audits Using COBIT to Perform an Audit.
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall. Chapter
© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart1 of 151 C HAPTER 9 Auditing Computer-Based Information Systems.
Auditing Data Management Systems Chapter 3 with added info.
Chapter 17 Information Systems Auditing and Assurance.
Copyright © 2014 Pearson Education Chapter 12 Implications of Information Technology for the Audit Process.
Copyright © 2014 Pearson Education Chapter 10 Considering Internal Control.
Chapter 7 Auditing Internal Control over Financial Reporting McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin.
Chapter 18 Concurrent Auditing Techniques. Concurrent Auditing Techniques to collect audit evidence at the same time as an application system undertakes.
Copyright © 2007 Pearson Education Canada 23-1 Chapter 23: Using Advanced Skills.
MBA 664 Database Management Dave Salisbury ( )
9 - 1 Computer-Based Information Systems Control.
Core Concepts of ACCOUNTING INFORMATION SYSTEMS Moscove, Simkin & Bagranoff John Wiley & Sons, Inc. Developed by: Marianne Bradford, Ph.D. Bryant College.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Copyright © 2007 Pearson Education Canada 1 Chapter 11: Overall Audit Plan and Audit Program.
Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.
Today’s Lecture Covers
Chapter 8 Auditing Computerized Information Systems.
Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly.
Chapter Chapter 10-2 Chapter 10: Computer Controls for Organizations and Accounting Information Systems Introduction Enterprise Level Controls General.
Copyright © 2016 Pearson Education, Inc. CHAPTER 12: DATA AND DATABASE ADMINISTRATION Modern Database Management 12 th Edition Jeff Hoffer, Ramesh Venkataraman,
Chapter 22 Systems Design, Implementation, and Operation Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 22-1.
Information Technology Control Day IV Afternoon Sessions.
McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-1 Chapter 6 CHAPTER 6 INTERNAL CONTROL IN A FINANCIAL STATEMENT AUDIT.
© 2017 SlidePlayer.com Inc. All rights reserved.