Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin.

Published byJanice Patterson Modified over 8 years ago

Similar presentations

Presentation on theme: "Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin."— Presentation transcript:

1 Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin

2 Module H Auditing in a Computerized Environment "To err is human, but to really foul things up you need a computer.“ Paul Ehrlich, Technology commentator Mod H-2

3 Impact of Computerized Processing Issues introduced in a computerized environment 1.Input errors 2.Systematic vs. random processing errors 3.Lack of an audit trail 4.Inappropriate access to computer files and programs 5.Reduced human involvement in processing transactions Consider controls over computerized processing in understanding, assessment, and testing phases of evaluation of internal control Mod H-3

4 Types of Computer Controls General Controls – Relate to all applications of a computerized processing system (pervasive) – Deficiencies will affect processing of various types of transactions Automated Application Controls – Relate to specific business activities – Directly address management assertions Mod H-4

5 Categories of General Controls 1.Hardware controls –Data not altered or modified as transmitted through system 2.Program development controls –Program acquisition and development properly authorized –Programs tested and validated before being placed in use Mod H-5

6 Categories of General Controls (continued) 3.Program change controls –Program changes are properly authorized and conducted consistent with entity policies –Programs have appropriate documentation 4.Computer operations controls –Relate to processing of transactions and backup and recovery of data –Includes separation of duties of analysts, programmers, and operators Mod H-6

7 Categories of General Controls (continued) 5.Access to programs and data controls –Relate to restricting use of programs and data to authorized users –Examples include passwords, automatic terminal logoff, and reviewing access rights and comparing to usage Mod H-7

8 Types of Automated Application Controls 1.Input controls 2.Processing controls 3.Output controls Mod H-8

9 Input Controls Provide reasonable assurance that –All transactions input –Transactions input once and only once –Transactions input accurately Examples –Data entry and formatting –Check digits –Record counts –Batch totals –Hash totals Mod H-9

10 Processing Controls Provide reasonable assurance that –Transactions are processed accurately –All transactions are processed –Transactions are processed once and only once Examples –Test processing accuracy of programs –File and operator controls –Run-to-run totals –Control total reports –Limit and reasonableness tests –Error correction and resubmission Mod H-10

11 Output Controls Provide reasonable assurance that –Output reflects accurate processing –Only authorized persons receive output or have access to files generated from processing Examples –Review of output for reasonableness –Control total reports –Master file changes –Output distribution limited to appropriate person(s) Mod H-11

12 Auditing in a Computerized Environment Auditing “around” the computer –Reconcile input with output produced by computer processing –Do not evaluate directly evaluate operating effectiveness of computer controls –Appropriate when computer is not used extensively and computer controls are limited Auditing “through” the computer –Evaluate operating effectiveness of computer controls and logic of computer processing –Appropriate when computer is used extensively and client has implemented significant computer controls Mod H-12

13 Testing Computer Controls Testing controls –Inquiry –Observation –Inspect documentary evidence –Reperformance Evaluating computer processing and programs –Test processing of actual transactions –Test processing of simulated transactions Mod H-13

14 Techniques Using Actual Transactions Audit teams evaluate controls by “observing” processing of actual transactions through computerized system in a typical processing run Program-embedded techniques –Special modules coded into computer programs –Examples include tagging, embedded audit modules, snapshot, monitoring systems activity, extended records, and program analysis techniques Parallel simulation Mod H-14

15 Techniques Using Simulated Transactions Test data: Tested in a separate processing run by client Integrated test facility: Simulated data processed along with actual data Auditors’ Manual Processing Client System Processing Compare Mod H-15

16 Benchmarking Audit team tests operating effectiveness of automated application controls to establish baseline Can continue to rely on automated application controls if: –Test general controls related to program changes, access to programs and data, and computer operations –General controls continue to operate effectively –Automated application controls have not changed since the baseline Mod H-16

Download ppt "Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin."

Similar presentations

©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 12 - 1 The Impact of Information Technology on the Audit Process Chapter 12.

©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder The Impact of Information Technology on the Audit Process Chapter 12.
Presented to the Tallahassee ISACA Chapter

Presented to the Tallahassee ISACA Chapter
ITAuditing Using GAS & CAATs

ITAuditing Using GAS & CAATs
Auditing Concepts.

Auditing Concepts.
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
Group 3 John Gregory John Marsh Gerri Houston Samantha McNeily.

Group 3 John Gregory John Marsh Gerri Houston Samantha McNeily.
Auditing Computer Systems

Auditing Computer Systems
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 7-1 Chapter 7 CHAPTER 7 THE EFFECT OF INFORMATION TECHNOLOGY ON THE AUDIT.

McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 7-1 Chapter 7 CHAPTER 7 THE EFFECT OF INFORMATION TECHNOLOGY ON THE AUDIT.
Consideration of Internal Control in an IT Environment.

Consideration of Internal Control in an IT Environment.
12 - 1 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder The Impact of Information Technology on the Audit Process Chapter 12.

©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder The Impact of Information Technology on the Audit Process Chapter 12.
Internal Control Concepts Knowledge. Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance.

Internal Control Concepts Knowledge. Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance.
Chapter 14 System Controls. A Quote “The factory of the future will have only two employees, a man and a dog. The man will be there to feed the dog. The.

Chapter 14 System Controls. A Quote “The factory of the future will have only two employees, a man and a dog. The man will be there to feed the dog. The.
Accounting Information Systems, 5 th edition James A. Hall COPYRIGHT © 2007 Thomson South-Western, a part of The Thomson Corporation. Thomson, the Star.

Accounting Information Systems, 5 th edition James A. Hall COPYRIGHT © 2007 Thomson South-Western, a part of The Thomson Corporation. Thomson, the Star.
Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.

Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.
Accounting Information Systems, 5 th edition James A. Hall COPYRIGHT © 2007 Thomson South-Western, a part of The Thomson Corporation. Thomson, the Star.

Accounting Information Systems, 5 th edition James A. Hall COPYRIGHT © 2007 Thomson South-Western, a part of The Thomson Corporation. Thomson, the Star.
Concurrent Auditing Techniques

Concurrent Auditing Techniques
COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.

COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.
Auditing A Risk-Based Approach To Conducting A Quality Audit

Auditing A Risk-Based Approach To Conducting A Quality Audit
Auditing 81.3550 Auditing & Automated Systems Chapter 22 Auditing & Automated Systems Chapter 22.

Auditing Auditing & Automated Systems Chapter 22 Auditing & Automated Systems Chapter 22.

Similar presentations

Ads by Google