Presentation is loading. Please wait.

Presentation is loading. Please wait.

Auditing 81.3550 Auditing & Automated Systems Chapter 22 Auditing & Automated Systems Chapter 22.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Auditing 81.3550 Auditing & Automated Systems Chapter 22 Auditing & Automated Systems Chapter 22."— Presentation transcript:

1 Auditing 81.3550 Auditing & Automated Systems Chapter 22 Auditing & Automated Systems Chapter 22

2 Highlights

3 Auditing and Computer Systems As client computing facilities become more sophisticated, “paperless” accounting systems evolve wherein little “hard copy” documentation is produced Evidence forms may differ slightly but the basic procedures and objects are often similar. As client computing facilities become more sophisticated, “paperless” accounting systems evolve wherein little “hard copy” documentation is produced Evidence forms may differ slightly but the basic procedures and objects are often similar.

4 Challenges of Sophisticated Computer Systems - audit trails, documentation may only exist on disk (no printed copies) - program errors may exist that cause uniform transaction errors - in some circumstances, controls may have to make up for a lack of adequate segregation of duties - detecting unauthorized access may be difficult - audit trails, documentation may only exist on disk (no printed copies) - program errors may exist that cause uniform transaction errors - in some circumstances, controls may have to make up for a lack of adequate segregation of duties - detecting unauthorized access may be difficult

5 electronic method of sending documents between companies no “paper trail” for the auditor to follow increased emphasis on front-end controls security becomes key element in controlling system electronic method of sending documents between companies no “paper trail” for the auditor to follow increased emphasis on front-end controls security becomes key element in controlling system Challenges of Sophisticated Computer Systems

6 Electronic Fund Transfers (EFT) also referred to as electronic commerce, or e-commerce greatly increased through “internet shopping” direct payment systems, e.g. payroll, remove the paper trail once relied upon by auditors also referred to as electronic commerce, or e-commerce greatly increased through “internet shopping” direct payment systems, e.g. payroll, remove the paper trail once relied upon by auditors

7 Data Communications Risks and Control Procedures As part of the audit equation need to assess computer control systems in place Starting point obtaining clients computer system documentation, diagrams, policies and procedures

8 loss of confidential information, through corporate espionage or “hackers” -create multiple levels of passwords; change regularly data intercepted during data communication -encrypt (scramble) information during transmission loss of confidential information, through corporate espionage or “hackers” -create multiple levels of passwords; change regularly data intercepted during data communication -encrypt (scramble) information during transmission Data Communications Risks and Control Procedures

9 inappropriate access to information via the Internet - use of firewalls - physically separate homepage equipment and software from other systems viruses invading systems - same as above - use current anti-virus software inappropriate access to information via the Internet - use of firewalls - physically separate homepage equipment and software from other systems viruses invading systems - same as above - use current anti-virus software Data Communications Risks and Control Procedures

10 Organization should have a well planned disaster recovery plan Should include regular offsite storage of prior data Organization should have a well planned disaster recovery plan Should include regular offsite storage of prior data Data Communications Risks and Control Procedures

11 Disaster Recovery Process Basics 1.Management commitment to disaster recovery planning. 2.Ranking of business processes: What will happen if process x fails? 3.Identifying minimum resources required to restore vital operations. 1.Management commitment to disaster recovery planning. 2.Ranking of business processes: What will happen if process x fails? 3.Identifying minimum resources required to restore vital operations.

12 Disaster Recovery Process Basics 4.Prepare a data centre plan and a user plan. 5.Test the plan, to discover any shortcomings in the plan before disaster strikes. 4.Prepare a data centre plan and a user plan. 5.Test the plan, to discover any shortcomings in the plan before disaster strikes.

13 Categories of Controls in an EDP Environment GENERAL CONTROLS relate to all parts of the EDP system. APPLICATION CONTROLS relate to one specific use of the system payroll system expenditure system revenue system revenue system

14 Categories of General Controls 1. plan of organization Separate duties in EDP systems as discussed in chapter 9.

15 2. systems development and documentation controls each system should have documented, authorized specifications any system changes should be author- ized and documented 2. systems development and documentation controls each system should have documented, authorized specifications any system changes should be author- ized and documented Categories of General Controls

16 3. hardware controls Categories of General Controls -diagnostic routines - hardware or software that checks the system’s internal operations and devices -boundary protection - ensures that simultaneous jobs do not interfere with one another -periodic maintenance - hardware should be examined periodically by qualified technicians

17 4. controls over access to equipment, programs, and data files – limited on need basis Categories of General Controls ACCESS TO: program documentation data files & programs computer hardware

18 1. Responsibility for control 2. Information system meets needs of entity 3. Efficient implementation of information systems 4.Efficient and effective maintenance of information systems 5.Effective and efficient development and acquisition of information systems 6.Present and future requirements of users can be met 7.Efficient and effective use of resources within information systems processing 1. Responsibility for control 2. Information system meets needs of entity 3. Efficient implementation of information systems 4.Efficient and effective maintenance of information systems 5.Effective and efficient development and acquisition of information systems 6.Present and future requirements of users can be met 7.Efficient and effective use of resources within information systems processing Objectives of General Controls

19 8.Complete, accurate and timely processing of authorized information systems 9.Appropriate segregation of incompatible functions 10.All access to information and information systems is authorized 11.Hardware facilities are physically protected from unauthorized access, loss or damage 12. Recovery and resumption of information systems processing 13.Maintenance and recovery of critical user activities 8.Complete, accurate and timely processing of authorized information systems 9.Appropriate segregation of incompatible functions 10.All access to information and information systems is authorized 11.Hardware facilities are physically protected from unauthorized access, loss or damage 12. Recovery and resumption of information systems processing 13.Maintenance and recovery of critical user activities Objectives of General Controls

20 Physical Access Controls Visitor identification Security guards Security systems Locked areas

21 3 Basic categories: Application Controls input processing output

22 Input Controls input data should be authorized & approved the system should edit the input data & prevent errors Examples include: validity checks, field checks, reasonableness check, record counts etc. input data should be authorized & approved the system should edit the input data & prevent errors Examples include: validity checks, field checks, reasonableness check, record counts etc.

23 Processing Controls assure that data entered into the system are processed, processed only once, and processed accurately

24 Examples control, batch, or proof total - a total of a numerical field for all the records of a batch that normally would be added (example: wages expense) logic test - ensures against illogical combina tions of information (example: a salaried em- ployee does not report hours worked) Examples control, batch, or proof total - a total of a numerical field for all the records of a batch that normally would be added (example: wages expense) logic test - ensures against illogical combina tions of information (example: a salaried em- ployee does not report hours worked) Processing Controls

25 Output Controls assure that data generated by the system are valid, accurate, complete, and distributed to authorized persons in appropriate quantities

26 1. Design application controls with regard to: - segregation of incompatible functions - security - development - processing of information systems 2. Information provided by the systems is: - complete - accurate - authorized 3. Existence of adequate management trails 1. Design application controls with regard to: - segregation of incompatible functions - security - development - processing of information systems 2. Information provided by the systems is: - complete - accurate - authorized 3. Existence of adequate management trails Objectives of Application Controls

27 general approaches There are two general approaches to auditing EDP systems: 1. Auditing “around” the computer involves extensive testing of the inputs and outputs of the EDP system and little or no testing of processing or computer hardware. This approach involves no tests of the computer programs and no auditor use of the computer.

28 1. Auditing “around” the computer depends on a visible, traceable, hard copy audit trail made of manually prepared and computer- prepared documents. 1. Auditing “around” the computer depends on a visible, traceable, hard copy audit trail made of manually prepared and computer- prepared documents. general approaches There are two general approaches to auditing EDP systems:

29 2. Auditing with use of the computer involves extensive testing of computer hardware and software. general approaches There are two general approaches to auditing EDP systems:

30 1. Test data involves auditor preparation of a series of fictitious transactions; many of those transactions will contain intentional errors. The auditor examines the results and determines whether the errors were detected by the client’s system. 1. Test data involves auditor preparation of a series of fictitious transactions; many of those transactions will contain intentional errors. The auditor examines the results and determines whether the errors were detected by the client’s system. Techniques for auditing with use of the computer

31 What are the shortcomings of the use of test data? - possibility of accidental integration of fictitious and actual data - preparation of test data that examines all aspects of the application is difficult - the auditor must make sure that the program being tested is the one actually used in routine processing - possibility of accidental integration of fictitious and actual data - preparation of test data that examines all aspects of the application is difficult - the auditor must make sure that the program being tested is the one actually used in routine processing

32 2. Parallel simulation techniques for auditing with use of the computer -the auditor writes a computer program that replicates part of the client’s system -the auditor’s program is used to process actual client data - the results from the auditor’s program and that of the client’s routine processing are compared

33 Auditing Software Generalized audit software involves the use of auditor programs, client data, and auditor hardware. The primary advantage of GAS is that the client data can be down-loaded into the auditor’s system and manipulated in a variety of ways. Generalized audit software involves the use of auditor programs, client data, and auditor hardware. The primary advantage of GAS is that the client data can be down-loaded into the auditor’s system and manipulated in a variety of ways.

34 Common Audit Software Functions - verifying extensions and footings - examining records - comparing data on separate files - summarizing or re-sequencing data and performing analyses - comparing data obtained through other audit procedures with company records - selecting audit samples - printing confirmation requests - verifying extensions and footings - examining records - comparing data on separate files - summarizing or re-sequencing data and performing analyses - comparing data obtained through other audit procedures with company records - selecting audit samples - printing confirmation requests

Download ppt "Auditing 81.3550 Auditing & Automated Systems Chapter 22 Auditing & Automated Systems Chapter 22."

Similar presentations

©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 12 - 1 The Impact of Information Technology on the Audit Process Chapter 12.

©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder The Impact of Information Technology on the Audit Process Chapter 12.
Computer Fraud Chapter 5.

Computer Fraud Chapter 5.
ITAuditing Using GAS & CAATs

ITAuditing Using GAS & CAATs
Overview of IS Controls, Auditing, and Security Fall 2005.

Overview of IS Controls, Auditing, and Security Fall 2005.
©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart 10-1 Accounting Information Systems 9 th Edition Marshall.

©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart 10-1 Accounting Information Systems 9 th Edition Marshall.
Database Management System MIS 520 – Database Theory Fall 2001 (Day) Lecture 13.

Database Management System MIS 520 – Database Theory Fall 2001 (Day) Lecture 13.
Information Technology Control Day IV Afternoon Sessions.

Information Technology Control Day IV Afternoon Sessions.
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
Chapter 3 with added info

Chapter 3 with added info
Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.

Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.
Auditing Computer Systems

Auditing Computer Systems
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
9 - 1 Computer-Based Information Systems Control.

9 - 1 Computer-Based Information Systems Control.
The Islamic University of Gaza

The Islamic University of Gaza
Chapter 10: Auditing the Expenditure Cycle

Chapter 10: Auditing the Expenditure Cycle
4/15: Security & Controls in IS Systems Vulnerabilities Controls: what to use to guard against vulnerabilities –General controls –Application controls.

4/15: Security & Controls in IS Systems Vulnerabilities Controls: what to use to guard against vulnerabilities –General controls –Application controls.
12 - 1 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder The Impact of Information Technology on the Audit Process Chapter 12.

©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder The Impact of Information Technology on the Audit Process Chapter 12.
1 Pertemuan 7 Internal Control System Matakuliah:A0274/Pengelolaan Fungsi Audit Sistem Informasi Tahun: 2005 Versi: 1/1.

1 Pertemuan 7 Internal Control System Matakuliah:A0274/Pengelolaan Fungsi Audit Sistem Informasi Tahun: 2005 Versi: 1/1.
Chapter 14 System Controls. A Quote “The factory of the future will have only two employees, a man and a dog. The man will be there to feed the dog. The.

Chapter 14 System Controls. A Quote “The factory of the future will have only two employees, a man and a dog. The man will be there to feed the dog. The.
THE AUDITING OF INFORMATION SYSTEMS

THE AUDITING OF INFORMATION SYSTEMS

Similar presentations

Ads by Google