Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 9.4 & 11.4 Paper F8 Audit and Assurance (International) ations/student_accountant/archive/sa_aug09_byrn.

Published byDwain French Modified over 8 years ago

Similar presentations

Presentation on theme: "Chapter 9.4 & 11.4 Paper F8 Audit and Assurance (International) ations/student_accountant/archive/sa_aug09_byrn."— Presentation transcript:

1 Chapter 9.4 & 11.4 Paper F8 Audit and Assurance (International) http://www.accaglobal.com/pubs/students/public ations/student_accountant/archive/sa_aug09_byrn e.pdf December 14, 10 IK University of Greenwich 1

2  Understand controls in a computer-based environment and the impact on the audit. December 14, 10 IK University of Greenwich 2

3  Identify weaknesses and associated risks within a computerised environment.  Suggest internal control improvements to a computerised environment, make this applicable to particular control objectives and assertions.  Discuss the impact a computerised environment has on audit risk and audit procedures. December 14, 10 IK University of Greenwich 3

4  Discuss the application and general controls within a computerised environment.  Discuss the use of CAATs and practically incorporate CAATs in audit procedures; discuss benefits and disadvantages associated with CAATs. December 14, 10 IK University of Greenwich 4

5 December 14, 10 IK University of Greenwich 5

6 2 Types of IT controls: 1. General 2. Application Controls in a computerised environment comprise of: 1. Manual procedures & 2. Procedures designed into the computer program December 14, 10 IK University of Greenwich 6

7  Remember: 1. ISA 300 – Planning an audit of f/s 2. ISA 315 – Identify and assess the risk of material misstatement through understanding the entity and its environment 3. ISA 330 – The auditor’s responses to assessed risks December 14, 10 IK University of Greenwich 7

8 December 14, 10 IK University of Greenwich 8

9 December 14, 10 IK University of Greenwich 9

10 December 14, 10 IK University of Greenwich 10

11 DEFINITION “(1)application controls relate to procedures(manual/operated) used to initiate, record, process and report (2)transactions or other financial data. These controls help(3) ensure that transactions occurred, are authorised and are completely and accurately recorded and processed (ISA 315 (Redrafted)).” (ensure integrity of accounting records) December 14, 10 IK University of Greenwich 11

12 DEFINITION continued… (4)Application controls normally function at business process level for instance sales, purchases and wages procedures. (5)These controls can be both preventative or detective. December 14, 10 IK University of Greenwich 12

13 December 14, 10 IK University of Greenwich 13

14 December 14, 10 IK University of Greenwich 14

15 December 14, 10 IK University of Greenwich 15

16  DEFINITION  Policies and procedures that relate to many applications and support the effective functioning of application controls by ensuring continued proper operation of information systems.  General IT controls that maintain the integrity of information and security of data. December 14, 10 IK University of Greenwich 16

17  DEFINITION continued  Commonly include controls over data centre and network operations, system software acquisition, change and maintenance, access security, application system acquisition, development and maintenance.  Effectiveness usually essential to effectiveness of application controls. First assess general controls before assessing application controls. December 14, 10 IK University of Greenwich 17

18 December 14, 10 IK University of Greenwich 18

19 December 14, 10 IK University of Greenwich 19

20 December 14, 10 IK University of Greenwich 20

21 December 14, 10 IK University of Greenwich 21

22  The auditors will have to consider how general controls affect the computer applications that are significant to the audit.  Based on this they will test some or all general controls.  First review general controls as these play a big role in application controls. December 14, 10 IK University of Greenwich 22

23  Give two examples of each type of General control: December 14, 10 IK University of Greenwich 23

24  Should manual controls provide reasonable assurance that system output is: 1. Complete 2. Accurate 3. Authorised  Auditor may decide to focus on manual controls instead of computerised controls. December 14, 10 IK University of Greenwich 24

25  If the auditor needs to test information produced by the computer or contained within the computer->test controls by examining output (manually or computerised).  Output can be printouts, microfilm or magnetic media.  The auditor can also choose to test the control via computer. December 14, 10 IK University of Greenwich 25

26  If IMPRACTICLE OR IMPOSSIBLE to test controls by examining user controls or system output, test controls by: 1. Using computer 2. Reprocessing data OR 3. Examining coding of application program. December 14, 10 IK University of Greenwich 26

27  Generalised audit software Packaged computer programs used on a variety of computers during audit field work to read computer files, select information, perform calculations, create data files, and print reports in a format specified by the auditor. December 14, 10 IK University of Greenwich 27

28  Application of auditing procedures using the computer as audit tool. 3 Main categories of CAATs: 1. Audit software 2. Test data 3. Other December 14, 10 IK University of Greenwich 28

29 Definition: Computer software used to interrogate a client’s computer files; mainly used for SUBSTANTIVE testing. Types of programs: 1. Package (Generalised, pre-prepared for use on different types of systems. Not adapted for a specific system.) 2. Purpose-written (Perform specific functions. Can be adapted to client’s system. Costly) December 14, 10 IK University of Greenwich 29

30 3. Enquiry programs (These are part of the client’s system. Used to do things like:  Sort and print data  Accounting software with search facilities within modules could be used for things like finding customers with credit balances or inventory items in excess of a certain amount. December 14, 10 IK University of Greenwich 30

31  The auditor uses this to scrutinise LARGE volumes of data. The review of the data by the software produces results that should be investigated further. The software has program logic to perform functions like: 1. Select a sample 2. Report exceptional items 3. Compare files December 14, 10 IK University of Greenwich 31

32 4. Analyse, summarise and stratify (group based on certain criteria). See further examples p 206 of BPP set text December 14, 10 IK University of Greenwich 32

33  Definition: Data submitted by the auditor to be processed by the client’s computer system. The results are compared with pre- determined results  Can be used to test controls such as access controls. Can also be used to test processing characteristics (eg input invalid data).  Dummy data will be processed that include errors & data that are correct December 14, 10 IK University of Greenwich 33

34 Examples of errors. Input:  supplier account codes that do not exist  employees earning in excess of a certain limit  sales invoices that contain addition errors  data with incorrect batch control totals. Two test environments: Live (within client’s production run; could corrupt client’s master files) December 14, 10 IK University of Greenwich 34

35  Dead – Outside normal processing, use copies of master files. Less assurance that client’s normal/actual production programs were used. December 14, 10 IK University of Greenwich 35

36  Live test data can corrupt files – removal of data may be difficult.  Dead test data does not necessarily use the same programme as the actual client system used within the accounting process.  Test data only tests the operation of the system at a single point in time. December 14, 10 IK University of Greenwich 36

37  Integrated test facility – run test data live, but use dummy records, such as dummy departments or dummy customers to which dummy data can be processed. These dummy items can then be ignored when records are printed out and can easily be reversed. Note that this can also be grouped under Test data.  Embedded audit facilities-the auditor’s own program code is resident in the client’s application software.(use at selected times or every time the application program is used) December 14, 10 IK University of Greenwich 37

38  1)Create a SCARF (system control and review file. Gather and review live info for subsequent audit review.)  2)Spot and record/tagging. (Gather transactions that meet the auditors’ definition of exceptional as per the code in the auditor software). Disadvantages of embedded audit software: Costly & might require auditor input at development stage of client software. December 14, 10 IK University of Greenwich 38

39  It does not alter the key stages in the process.  Impact on planning (ISA 300): The overall audit strategy must incorporate the availability of data and the expected use of CAATS.  Impact on risk assessment (ISA 315) Auditor needs to understand information systems as part of understanding internal control relevant to the client. December 14, 10 IK University of Greenwich 39

40  If the auditor places reliance on internal controls on an assertion level he needs to understand and test both manual and automated controls.  Impact on testing (ISA 330) Auditor needs to design and perform audit procedures whose nature, timing and extent are based on the assessed risk of material misstatement at the assertion level. December 14, 10 IK University of Greenwich 40

41  Def: The auditor reconciles input to output and does not test the processing of transactions.  Why? In the past this was done because of limited audit software. Cost is still an issue.  What is the antonym of around the machine? Through the machine, this is the approach where we use CAATs to test satisfactory operation of computer-based application controls. December 14, 10 IK University of Greenwich 41

42  In small computer-based systems IF the auditor can gain sufficient evidence by testing input and output. December 14, 10 IK University of Greenwich 42

43  Auditors can test programme controls and general internal controls associated with computers.  Increases the speed at which items can be tested & testing is more accurate.  Actual transactions instead of paper records are tested, paper records might not reflect actual transactions. December 14, 10 IK University of Greenwich 43

44  Cost-effective in the long term IF the client does not change his/her system.  Results from CAATs can be compared with results from non-CAATs. Correlation increases confidence.  See steps in applying CAATs – p205. December 14, 10 IK University of Greenwich 44

45 December 14, 10 IK University of Greenwich 45 http://www.ais-cpa.com/glosa.html

46 1. Read chapter 9, section 4 of the textbook.(p152) 2. Read chapter 11, section 4 of the textbook(p205) 3.Read http://www.accaglobal.com/pubs/students/publications/student_acc ountant/archive/sa_aug09_byrne.pdf 3. BPP ACCA F8 Textbook Q9.3 (p156) +11(p341) 4. BPP ACCA F8 Textbook Q11.5 (p213) 5. Give examples of how you’d use CAATS to test wages. December 14, 10 IK University of Greenwich 46

47 1. You are the audit manager for a new client PPP Ltd – a client with a highly computerised accounting environment. Discuss your considerations in planning the financial statement audit. 2.Upon receiving a management report with numerous control weaknesses, the audit committee of AAA Plc mandated a review of the total internal control structure of the company. December 14, 10 IK University of Greenwich 47

48 As manager of the accounting department, a department that relies heavily on computers, they’ve asked you to draft a proposal of general and application controls that can be implemented in your department. December 14, 10 IK University of Greenwich 48

Download ppt "Chapter 9.4 & 11.4 Paper F8 Audit and Assurance (International) ations/student_accountant/archive/sa_aug09_byrn."

Similar presentations

Internal Control in a Financial Statement Audit

Internal Control in a Financial Statement Audit
Audit of Autonomous District Councils (in an IT environment using FAAM)

Audit of Autonomous District Councils (in an IT environment using FAAM)
Overview of Transaction Processing and Enterprise Resource Planning Systems Chapter 2.

Overview of Transaction Processing and Enterprise Resource Planning Systems Chapter 2.
Auditing Concepts.

Auditing Concepts.
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
Learning Objectives LO5 Document an accounting system to identify key controls and weaknesses in order to assess control risk. LO6 Write key control tests.

Learning Objectives LO5 Document an accounting system to identify key controls and weaknesses in order to assess control risk. LO6 Write key control tests.
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
The Islamic University of Gaza

The Islamic University of Gaza
McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 7-1 Chapter 7 CHAPTER 7 THE EFFECT OF INFORMATION TECHNOLOGY ON THE AUDIT.

McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 7-1 Chapter 7 CHAPTER 7 THE EFFECT OF INFORMATION TECHNOLOGY ON THE AUDIT.
MODERN AUDITING 7th Edition

MODERN AUDITING 7th Edition
Computer Assisted Audit Techniques

Computer Assisted Audit Techniques
4-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 4 Materiality and Risk.

4-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 4 Materiality and Risk.
Concurrent Auditing Techniques

Concurrent Auditing Techniques
18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.

18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.
Auditing 81.3550 Auditing & Automated Systems Chapter 22 Auditing & Automated Systems Chapter 22.

Auditing Auditing & Automated Systems Chapter 22 Auditing & Automated Systems Chapter 22.
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley 11 - 1 The Impact of Information Technology on the Audit.

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley The Impact of Information Technology on the Audit.
Overview of Transaction Processing and Enterprise Resource Planning Systems Chapter 2.

Overview of Transaction Processing and Enterprise Resource Planning Systems Chapter 2.
Chapter 13 Auditing Information Technology

Chapter 13 Auditing Information Technology
INTERNAL CONTROL OVER FINANCIAL REPORTING

INTERNAL CONTROL OVER FINANCIAL REPORTING
Chapter 12/2 Audit Software Techniques

Chapter 12/2 Audit Software Techniques

Similar presentations

Ads by Google