Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 17: Computer Audits ACCT620 Internal Accounting Otto Chang Professor of Accounting.

Published byLouisa Jackson Modified over 8 years ago

Similar presentations

Presentation on theme: "Chapter 17: Computer Audits ACCT620 Internal Accounting Otto Chang Professor of Accounting."— Presentation transcript:

1 Chapter 17: Computer Audits ACCT620 Internal Accounting Otto Chang Professor of Accounting

2 Design-Phase Audit Review documentation (system design and users’ manuals) for completeness Assess the adequacy of security Review the cost/benefit analysis prepared during planning. Is is reasonable? Appraise the appropriateness of applications Test compliance with described design procedures

3 Design-Phase Audits--continued Compare actual costs and benefits to estimates Compare operations to stated objectives by emphasizing: –Timeliness and comprehensiveness of output –Effectiveness of edit and logic checks –Demand for EDP, operating efficiency –Fulfillment of user’s need, adequate personnel

4 Planning for Computer Audits The materiality of EDP: how often and important to audit EDP operation? The hardware configuration: will determine what type of procedures and generalized audit software to be used Coordinating with computer personnel: for access and uses of computers Note: Auditor must refrain from actually participating in the design of computer system

5 The Preliminary Survey Security control: limits access to sensitive equipment and data Safeguard control: protects computers Physical document control: pre-numbered forms and protection of records and data Design specification control: are the system properly designed to meet the objectives?

6 Preliminary Survey--continued Risk exposure control: –Continuous monitoring: periodic testing and review reports on usage, turnaround, service –System risk: system failure, programming error, unauthorized alteration –Maintenance control: adequately maintained? Systems software control: are echo checks, run-to-run totals, “read-only” control enacted?

7 Preliminary Survey--continued Procedural control: do operations follow procedures manual? Application control: –Input: to ensure the database is complete, accurate, and authorized –Processing:to ensure correct processing and detection of all errors –Output: authorized access to computer report

8 Input Controls in an EDP Environment Authorization: –internal check for users and qualification –review and approval of input documents Edit checks: –alphabetic vs numeric, field size, field sign, check digit, and logic check Data conversion: –record count compared to batch totals –limit checks and exception reports

9 Processing Controls in an EDP Environment Totals: compare input total to processing total Correct processing: –Verify file ID or label before processing –Use program boundary protection to restrict file access during runs Access: review operator log, recovery journal Hardware: check parity of binary data and insert overflow checks on memory capacity Edit: match input codes to master files

10 Preliminary Survey--continued Personnel control: separation of persons handling input, processing, output, documentation. Rotation and required vacation for operators. Efficiency and effectiveness of system: –Are expectations being met? –Does scheduling follow a priority policy? –Is computer configuration adequate?

11 Preliminary Survey--continued Contingency plan: is there a formal plan for access to alternate computer facilities? Special risks in: –E-mail: data privacy, network failure, data omission and errors, other legal implications –Image processing: intentional altering, destroying, counterfeiting –Service center:control over input and output

12 –Electronic Data Interchange (EDI): linked systems of suppliers, manufacturers, creditors and other parties. Paperless and timely. Auditors must evaluate access, transaction controls, data integrity, and auditability. – Virus: Frequency of incidents: 4 per year in 1994. The cost to recover from an average incident involving 3-4 computers is $1,200. With 1000 computers, annual cost could reach $176,853.

13 The Audit Program Control review and evaluation Tests of controls. Test of data –Use of generalized audit software –Computer audit techniques: test data, parallel simulation, controlled processing, ITF, tagging, mapping and program analysis

14 Computer Audit Techniques Test data: only checks certain expected controls Parallel simulation: auditor creates own software to simulate actual processing. Processing logic may not be comparable. Controlled processing or reprocessing: less expensive, input data may still be faulty Integrated Test Facility (ITF): dummy data are processed with live data. Problem is reversing the bogus data. Tagging or tracing: test data are tagged to avoid contamination. Insufficient tagging may miss major logic points. Tagged data maybe detected by auditee. Mapping and program analysis: identify logical paths of a program or detailed analysis of process code. Slow and costly.

15 Innovative Means of Evaluating Database Systems Difficult to back up, the normal grandfather-father-son tapes do not exist Tagging and tracing is complicated by joint use of a single file among several users Requires creative attitudes of “trying to beat the system,” i.e., trying to discover if means are available to gain unauthorized access or to make inappropriate changes in data files.

Download ppt "Chapter 17: Computer Audits ACCT620 Internal Accounting Otto Chang Professor of Accounting."

Similar presentations

©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 12 - 1 The Impact of Information Technology on the Audit Process Chapter 12.

©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder The Impact of Information Technology on the Audit Process Chapter 12.
Presented to the Tallahassee ISACA Chapter

Presented to the Tallahassee ISACA Chapter
Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
Software Quality Assurance Plan

Software Quality Assurance Plan
General Ledger and Reporting System

General Ledger and Reporting System
©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart 10-1 Accounting Information Systems 9 th Edition Marshall.

©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart 10-1 Accounting Information Systems 9 th Edition Marshall.
Information Technology Control Day IV Afternoon Sessions.

Information Technology Control Day IV Afternoon Sessions.
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.

Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.
Auditing Computer Systems

Auditing Computer Systems
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
9 - 1 Computer-Based Information Systems Control.

9 - 1 Computer-Based Information Systems Control.
The Islamic University of Gaza

The Islamic University of Gaza
12 - 1 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder The Impact of Information Technology on the Audit Process Chapter 12.

©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder The Impact of Information Technology on the Audit Process Chapter 12.
Internal Control Concepts Knowledge. Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance.

Internal Control Concepts Knowledge. Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance.
Chapter 14 System Controls. A Quote “The factory of the future will have only two employees, a man and a dog. The man will be there to feed the dog. The.

Chapter 14 System Controls. A Quote “The factory of the future will have only two employees, a man and a dog. The man will be there to feed the dog. The.
IS Security Control & Management. Overview n Why worry? n Sources, frequency and severity of problems n Risks to computerized vs. manual systems n Purpose.

IS Security Control & Management. Overview n Why worry? n Sources, frequency and severity of problems n Risks to computerized vs. manual systems n Purpose.
Accounting Information Systems, 5 th edition James A. Hall COPYRIGHT © 2007 Thomson South-Western, a part of The Thomson Corporation. Thomson, the Star.

Accounting Information Systems, 5 th edition James A. Hall COPYRIGHT © 2007 Thomson South-Western, a part of The Thomson Corporation. Thomson, the Star.
THE AUDITING OF INFORMATION SYSTEMS

THE AUDITING OF INFORMATION SYSTEMS
Accounting Information Systems, 5 th edition James A. Hall COPYRIGHT © 2007 Thomson South-Western, a part of The Thomson Corporation. Thomson, the Star.

Accounting Information Systems, 5 th edition James A. Hall COPYRIGHT © 2007 Thomson South-Western, a part of The Thomson Corporation. Thomson, the Star.

Similar presentations

Ads by Google