Presentation is loading. Please wait.

Presentation is loading. Please wait.

Accounting Information Systems, 5 th edition James A. Hall COPYRIGHT © 2007 Thomson South-Western, a part of The Thomson Corporation. Thomson, the Star.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Accounting Information Systems, 5 th edition James A. Hall COPYRIGHT © 2007 Thomson South-Western, a part of The Thomson Corporation. Thomson, the Star."— Presentation transcript:

1 Accounting Information Systems, 5 th edition James A. Hall COPYRIGHT © 2007 Thomson South-Western, a part of The Thomson Corporation. Thomson, the Star logo, and South-Western are trademarks used herein under license

2  Controls and audit tests relevant to systems development  Risks and controls for program changes and the source program library  Auditing techniques (CAATTs) used to verify application controls  Auditing techniques used to perform substantive tests in an IT environment

3  Authorizing development of new systems  Addressing and documenting user needs  Technical design phases  Participation of internal auditors  Testing program modules before implementing ◦ Testing individual modules by a team of users, internal audit staff, and systems professionals

4 Auditing objectives: ensure that... ◦ SDLC activities applied consistently and in accordance with management’s policies ◦ system as originally implemented was free from material errors and fraud ◦ system was judged to be necessary and justified at various checkpoints throughout the SDLC ◦ system documentation is sufficiently accurate and complete to facilitate audit and maintenance activities

5  New systems must be authorized.  Feasibility studies conducted.  User needs analyzed and addressed.  Cost-benefit analysis completed.  Proper documentation completed.  All program modules thoroughly tested before implementation.  Checklist of problems was kept.

6  Last, longest and most costly phase of SDLC ◦ Up to 80-90% of entire cost of a system  All maintenance actions should require ◦ Technical specifications ◦ Testing ◦ Documentation updates ◦ Formal authorizations for changes

7 Auditing objectives: detect unauthorized program maintenance and determine that... ◦ maintenance procedures protect applications from unauthorized changes ◦ applications are free from material errors ◦ program libraries are protected from unauthorized access

8  Source program library (SPL) ◦ library of applications and software ◦ programs are developed and modified ◦ once compiled into machine language, no longer vulnerable

9

10  SPL Management Systems (SPLMS) protect the SPL by controlling the following functions: ◦ storing programs on the SPL ◦ retrieving programs for maintenance purposes ◦ deleting obsolete programs from the library ◦ documenting program changes to provide an audit trail of the changes

11 Source Program Library under the Control of SPL Management Software

12  Password control  Separation of test libraries  Audit trails  Reports that enhance management control and the audit function  Assigns program version numbers automatically  Controlled access to maintenance commands

13  Auditing procedures: verify that programs were properly maintained, including changes  Specifically, verify… ◦ identification and correction of unauthorized program changes ◦ identification and correction of application errors ◦ control of access to systems libraries

14  Narrowly focused exposures within a specific system, for example: ◦ accounts payable ◦ cash disbursements ◦ fixed asset accounting ◦ payroll ◦ sales order processing ◦ cash receipts ◦ general ledger

15  Risks within specific applications  Can affect manual procedures (e.g., entering data) or embedded (automated) procedures  Convenient to look at in terms of: ◦ input stage ◦ processing stage ◦ output stage PROCESSING INPUTOUTPUT

16  Goal of input controls - valid, accurate, and complete input data  Two common causes of input errors: ◦ transcription errors – wrong character or value ◦ transposition errors – ‘right’ character or value, but in wrong place

17  Check digits – data code is added to produce a control digit ◦ especially useful for transcription and transposition errors  Missing data checks – control for blanks or incorrect justifications  Numeric-alphabetic checks – verify that characters are in correct form

18  Limit checks – identify values beyond pre-set limits  Range checks – identify values outside upper and lower bounds  Reasonableness checks – compare one field to another to see if relationship is appropriate  Validity checks – compares values to known or standard values

19  Programmed procedures the processes that transform input data into information for output  Three categories: ◦ Batch controls ◦ Run-to-run controls ◦ Audit trail controls

20  Batch controls - reconcile system output with the input originally entered into the system  Based on different types of batch totals: ◦ total number of records ◦ total dollar value ◦ hash totals – sum of non-financial numbers

21  Run-to-run controls - use batch figures to monitor the batch as it moves from one programmed procedure (run) to another  Audit trail controls - numerous logs used so that every transaction can be traced through each stage of processing from its economic source to its presentation in financial statements

22

23  Goal of output controls is to ensure that system output is not lost, misdirected, or corrupted, and that privacy is not violated.  In the following flowchart, there are exposures at every stage.

24

25  Output spooling – creates a file during the printing process that may be inappropriately accessed  Printing – create two risks: ◦ production of unauthorized copies of output ◦ employee browsing of sensitive data

26  Waste – can be stolen if not properly disposed of, e.g., shredding  Report distribution – for sensitive reports, the following are available: ◦ use of secure mailboxes ◦ require the user to sign for reports in person ◦ deliver the reports to the user

27  End user controls – end users need to inspect sensitive reports for accuracy ◦ shred after used  Controlling digital output – digital output message can be intercepted, disrupted, destroyed, or corrupted as it passes along communications links

28  Techniques for auditing applications fall into two classes: 1)testing application controls – two general approaches: –black box – around the computer –white box – through the computer 2) examining transaction details and account balances—substantive testing

29 Auditing Around the Computer - The Black Box Approach

30 Auditing through the Computer: The ITF Technique

31  Black Box Approach – focuses on input procedures and output results  To Gain need understanding… ◦ analyze flowcharts ◦ review documentation ◦ conduct interviews

32  White Box Approach - focuses on understanding the internal logic of processes between input and output  Common tests ◦ Authenticity tests ◦ Accuracy tests ◦ Completeness tests ◦ Redundancy tests ◦ Access tests ◦ Audit trail tests ◦ Rounding error tests

33  Test data method: testing for logic or control problems - good for new systems or systems which have undergone recent maintenance ◦ base case system evaluation (BCSE) - using a comprehensive set of test transactions ◦ tracing - performs an electronic walkthrough of the application’s internal logic  Test data methods are not fool-proof ◦ a snapshot - one point in time examination ◦ high-cost of developing adequate test data

34  Integrated test facility (ITF): an automated, on-going technique that enables the auditor to test an application’s logic and controls during its normal operation  Parallel simulation: auditor writes simulation programs and runs actual transactions of the client through the system

35 Auditing through the Computer: The Parallel Simulation Technique

36  Techniques to substantiate account balances. For example: ◦ search for unrecorded liabilities ◦ confirm accounts receivable to ensure they are not overstated  Requires first extracting data from the system. Two technologies commonly used to select, access, and organize data are: ◦ embedded audit module ◦ generalized audit software

37  An ongoing module which filters out non- material transactions  The chosen, material transactions are used for sampling in substantive tests  Requires additional computing resources by the client  Hard to maintain in systems with high maintenance

38 Substantive Testing: Embedded Audit Module

39  Very popular & widely used  Can access data files & perform operations on them: ◦ screen data ◦ statistical sampling methods ◦ foot & balance ◦ format reports ◦ compare files and fields ◦ recalculate data fields

40 Substantive Testing: Generalized Audit Software

41 41

Download ppt "Accounting Information Systems, 5 th edition James A. Hall COPYRIGHT © 2007 Thomson South-Western, a part of The Thomson Corporation. Thomson, the Star."

Similar presentations

Chapter 6 Computer Assisted Audit Tools and Techniques

Chapter 6 Computer Assisted Audit Tools and Techniques
Audit of Autonomous District Councils (in an IT environment using FAAM)

Audit of Autonomous District Councils (in an IT environment using FAAM)
Presented to the Tallahassee ISACA Chapter

Presented to the Tallahassee ISACA Chapter
Accounting Information Systems, 5th edition James A. Hall

Accounting Information Systems, 5th edition James A. Hall
ITAuditing Using GAS & CAATs

ITAuditing Using GAS & CAATs
General Ledger and Reporting System

General Ledger and Reporting System
Overview of Transaction Processing and Enterprise Resource Planning Systems Chapter 2.

Overview of Transaction Processing and Enterprise Resource Planning Systems Chapter 2.
Auditing Concepts.

Auditing Concepts.
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
Chapter 3 Ethics, Fraud, and Internal Control Accounting Information Systems, 5 th edition James A. Hall COPYRIGHT © 2007 Thomson South-Western, a part.

Chapter 3 Ethics, Fraud, and Internal Control Accounting Information Systems, 5 th edition James A. Hall COPYRIGHT © 2007 Thomson South-Western, a part.
Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.

Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.
Auditing Computer Systems

Auditing Computer Systems
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
The Islamic University of Gaza

The Islamic University of Gaza
The Islamic University of Gaza

The Islamic University of Gaza
CAATTs for Data Extraction and Analysis

CAATTs for Data Extraction and Analysis
Internal Control Concepts Knowledge. Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance.

Internal Control Concepts Knowledge. Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance.
Chapter 14 System Controls. A Quote “The factory of the future will have only two employees, a man and a dog. The man will be there to feed the dog. The.

Chapter 14 System Controls. A Quote “The factory of the future will have only two employees, a man and a dog. The man will be there to feed the dog. The.
Accounting Information Systems, 5 th edition James A. Hall COPYRIGHT © 2007 Thomson South-Western, a part of The Thomson Corporation. Thomson, the Star.

Accounting Information Systems, 5 th edition James A. Hall COPYRIGHT © 2007 Thomson South-Western, a part of The Thomson Corporation. Thomson, the Star.
1 Output Controls Ensure that system output is not lost, misdirected, or corrupted and that privacy is not violated. Exposures of this sort can cause serious.

1 Output Controls Ensure that system output is not lost, misdirected, or corrupted and that privacy is not violated. Exposures of this sort can cause serious.

Similar presentations

Ads by Google