Presentation is loading. Please wait.

Presentation is loading. Please wait.

Electronic Presentations in Microsoft® PowerPoint®

Similar presentations

Presentation on theme: "Electronic Presentations in Microsoft® PowerPoint®"— Presentation transcript:

1 Electronic Presentations in Microsoft® PowerPoint®
Prepared by Brad MacDonald SIAST © 2003 McGraw-Hill Ryerson Limited Page references in these notes are taken from the second draft of the text revision

2 Auditing in a Computer Environment
Computers are used by almost all audit clients. Thus, computer auditing is practicsd, to a greater or lesser extent, in almost all audits. Computers introduce electronic technology in four phases of the audit process: (1) planning the audit, (2) obtaining an understanding of the control structure and control risk, (3) testing controls, and (4) using the computer to obtain substantive evidence about account balances. Chapter 8 covers the basic concepts in all four phases with focus on simple systems.

3 Learning Objective 1 Explain how a computer accounting system differs from a manual accounting system.

4 Computer Environment The CICA Handbook prefers the use of EDP or Electronic Data Processing. There is no fundamental difference between computer auditing and auditing. Certain areas are not changed: the definition of auditing the purposes of auditing the generally accepted auditing standards the control objectives the requirement to gather sufficient and appropriate evidence the audit report Page 253

5 Elements of a Computer-Based System
Hardware: The physical equipment. Software: System programs: Perform generalized functions for more than one program. Application programs: Sets of computer instructions that perform data processing tasks. Page 254

6 Elements of a Computer-Based System
Documentation: A description of the system and control structures. Personnel: Persons who manage, design, program, operate,or control the system. Page 254

7 Elements of a Computer-Based System
Data: Transactions and related information entered, stored, and processed by the system. Control procedures: Activities designed to ensure proper recording of transactions and to prevent or detect errors or irregularities. Page 254

8 Elements of a Computer-Based System
Management is responsible for internal controls; the auditor is responsible to understand controls and assess control risk. Management can meet responsibilities and assist the auditor by ensuring documentation is current ensuring that systems produce an audit trail making computer resources and personnel available to the auditor as required Page 254

9 Effect of Computer Processing
Characteristics that distinguish computer processing from manual processing: Transaction trails may not exist, or may exist only in machine readable formats. Uniform processing of transactions eliminates random errors, but may cause systematic errors. Many internal controls may be concentrated in the computer systems; persons who have access to the computer may be in a position to perform incompatible functions. Page 255

10 Computer Processing Characteristics that distinguish computer processing from manual processing: The potential for errors and irregularities through inappropriate access to computer data or systems may be greater. A potential for increased management supervision with a wide variety of analytical tools is created in computerized processing. Initiation or subsequent execution of transactions by computer may not generate evidence of authorization. Page 255

11 Learning Objective 2 List and discuss additional matters of planning auditors should consider for clients who use computers.

12 Planning The extent and complexity of computer processing may affect the nature, extent, and timing of procedures. The auditor should consider: the extent to which computers are used in accounting applications Auditors will need computer-related skills to understand the flow of transactions processed by computers. Page 256

13 Planning The auditor should consider:
the complexity of computer operations: Auditors will need to assess training and experience relative to the methods of computer processing. the organizational structure of computer processing activities: Auditors must consider the degree of centralization and standardization in computer-related operations. Page

14 Planning The auditor should consider:
the availability of data from the computer system Auditors must consider when information may no longer be available for review. the use of computer-assisted audit techniques (CAATs) to increase the efficiency of audit procedures the need for audit personnel with specialized skills Page

15 Learning Objective 3 Describe how the phases of control risk assessment are affected by computer processing.

16 Phase 1 - Understanding The purpose of Phase 1 is to obtain sufficient knowledge of controls for planning the audit. This will include a general knowledge of the organizational structure methods used to communicate responsibility and authority methods used to supervise the system Computer processing may affect each of these elements. Page

17 Organizational Structure
Understanding of the organization of the client computer functions is required for assessment of risk. The auditor should obtain and evaluate a description of computer resources and computer operating activities a description of the organizational structure of computer operations and related policies This understanding helps the auditor decide on the amount of reliance to place on system controls. Page 258

18 Methods Used to Communicate Responsibility and Authority
Auditors should understand how the computer resources are managed and how priorities for use are determined. Auditors should obtain evidence and evaluate information about the existence of accounting and other policy manuals formal job descriptions for computer department personnel Page 259

19 Methods Used by Management to Supervise the System
Auditors should learn the procedures management uses to monitor the computer operations. Auditors should evaluate: a) systems design and documentation b) procedures for modification c) procedures limiting access d) financial and other reports e) internal audit function Page 259

20 Understanding the Accounting System
Auditors should gain an understanding of the flow of transactions through the accounting system for each significant accounting application. Page 259

21 Phase 2: Assessing Control Risk
To assess the control risk when a computer is used, auditors must do the following: Identify specific control objectives based on the types of misstatements that may be present. Identify the points in the flow of transactions where specific types of misstatement could occur. Identify specific control activities designed to prevent or detect misstatements. Page 260 See exhibit 8-1 for an illustration of points 1 and 2

22 Phase 2: Assessing Control Risk
To assess the control risk when a computer is used, auditors must do the following: Identify the control activities that must function to prevent or detect misstatements. Evaluate the control activities to determine whether they suggest a low control risk and whether tests of controls might be cost effective. Page 260 See exhibit 8-1 for an illustration of points 1 and 2

23 Assessing Control Risk
The information gathered should allow the auditor to decide the following: That: Control risk is assessed low, and it is cost effective to perform test of controls. Continue with testing of control. Control risk is assessed low, but it is not cost effective to perform tests of controls. Concentrate on substantive procedures. Control risk is assessed high. Page

24 Learning Objective 4 Describe and explain general control procedures and place the application control procedures covered in Chapter 6 in the context of computerized “error checking routines.”

25 Simple Computer Systems
Characteristics of a simple computer system: All processing occurs at a central processing facility. Three or four people are involved in operations of a simple system. System may use batch processing or online processing. Page 262

26 Simple Computer Systems
General control procedures: Those controls that relate to all or many computerized accounting functions. Organization and physical access Weakness or absence of access controls decreases the overall integrity of the computer system. Documentation and systems development Weakness or absence of documentation and development standards also decrease the integrity of the system. Page

27 Simple Computer Systems
General control procedures: Hardware Auditor should be familiar with hardware controls. Data file and program control and security Controls are necessary to determine that the proper files and programs are being used, and that files are appropriately backed up. Page

28 Application Control Procedures
Application controls are those used in each “application.” Application controls are grouped under three categories: input controls processing controls output controls Page

29 Application Control Procedures
Input controls: Controls at input are primarily preventative. It is generally more cost effective to prevent errors than it is to detect and correct them. Processing controls: Primarily oriented at detecting misstatements. Output controls: Primarily oriented at correcting misstatements. Page

30 Control Risk in Simple Systems
The purpose of review of controls is to understand the strengths and weakness of control systems. The general controls must be good in order for any application controls to be considered in planning the substantive procedures. The usual approach is to evaluate general controls first, then application controls. Pages

31 Learning Objective 5 Describe the characteristics and control problems of personal computer installations.

32 Personal Computer Environment
Computer activity involving PCs should be included in determination of risk. PCs may be standalone systems or part of a distributed system. The control environment, not the technology, is the important consideration for the auditor In a PC environment, lack of segregation of duties may be a significant risk. Page 271

33 Personal Computer Environment
PC Control Considerations: Most control problems can be traced to lack of segregation of duties and lack of computerized control procedures. Auditors should consider the entire control structure and look for compensating control strengths. Page 272

34 Personal Computer Environment
Organizational control procedures: Limit concentration of functions as much as possible. Establish proper supervision. Operation control procedures: Controls over online entry are important. Restrict access to input devices. Use standard screens, computer prompting, and online editing procedures. Page

35 Personal Computer Environment
Processing control procedures: Ensure processing is correct and complete. Capture entries in transaction logs. Make use of control totals. Perform periodic reconciliation of input to output. Systems development and modification: Purchased applications should be reviewed carefully. Page

36 Learning Objective 6 Explain the differences among auditing around the computer, auditing through the computer, and auditing with the computer.

37 Evaluation Approaches
Auditing around the computer: Treat the computer as a “black box” and vouch and trace source documents and output. Adequate procedure where the computer is simply used as a calculator and printer. Auditing through the computer: Evaluate hardware, software, and controls. Uses computerized controls. Page

38 Learning Objective 7 Explain how the auditor can perform the test of controls audit of computerized controls in a simple computer system.

39 Tests of Computer Controls
There are two approaches to using the computer in test of controls procedures: Test data: Test the programmed controls using simulated data. Parallel simulation: Audit the programmed controls with live data reprocessed with an independent audit program. Pages

40 Test Data A computer will process every transaction in a certain logical way exactly the same every time. Create hypothetical transactions to determine how the computer will handle errors. Test data is a sample of combinations of input data that may be processed through a system. Test data will contain planted errors in addition to good transactions. Pages

41 Parallel Simulation Auditors prepare a program to process data correctly and compare results to results of actual client processing. Generalized audit software makes the process more attractive. First audit using a parallel simulation is time consuming and expensive. Economies are realized in subsequent audits of the same client. Pages

42 Learning Objective 8 Describe the use of generalized audit software.

43 Generalized Audit Software
Generalized audit software (GAS) programs are a set of functions that may be utilized to read, compute, and operate on machine-readable records. Used on audits where records are stored in computer files or databases. Page 280

44 Generalized Audit Software
Auditing with the computer: GAS was developed to access machine-readable detail records. Original programming is no longer required. The GAS consists of a set of pre-programmed editing, operating, and output subroutines. Required programming is easy. Simple, limited set of programming instructions is used to call the subroutines. Page 280

45 Generalized Audit Software
Audit procedures performed by generalized audit software: GAS can access huge volumes of machine-readable records, organizing them into a useful format for the audit team. GAS can be used for the following: computation confirmation inspection analysis Page 281

46 Using Generalized Audit Software
Five phases in developing a GAS application: Define the audit objective. GAS is a tool, not an objective. Feasibility and planning Determine if GAS is efficient and effective for the audit at hand. Application design Coding and testing Processing and evaluation Pages

47 Learning Objective 9 Describe how the personal computer can be used as an audit tool.

48 Using the Personal Computer as an Audit Tool
The PC is being used to perform clerical steps: working trial balance posting adjustments grouping accounts computing comparative statements computing common ratios preparing supporting working papers producing draft statements PCs are also used to assess control risk perform analytical functions access databases run decision-making support software perform CAATs Page 284 – 286 See exhibit 8-6

49 Learning Objective 10 Describe the effects of e-business on auditing.

50 E-Business Electric commerce (e-commerce) is any trade that takes place by electronic means. This economic activity has been greatly facilitated by the growing use of the Internet. Segments of e-commerce include: B2B – Business to business B2C – Business to consumer C2B – Consumer to business C2C – Consumer to consumer Page

51 E-Business The audit strategy in e-business is to first evaluate general controls and then consider application controls. General control risks include confidentiality, integrity, authentication, repudiation, and unauthorized access. Controls include use of encryption, hashing, digital signatures, passwords, transaction certificates, confirmation services, firewalls, and biometric devices. Page

52 Application Controls Credit card payments:
Primary concern is the secure transmission credit card information. Protocols to ensure security include: Secure Socket Layers (SSL) Secure Electronic Transactions (SET) Auditors will need to compliance test the authentication, access, and confidentiality controls. Pages

53 Effects of E-Business on Auditors
Auditors should expect to encounter electronic records rather than paper. Auditors will need to put more reliance on controls. The quality of audit evidence will become very dependent on controls over accuracy and completeness. Pages

54 Internet-based and Continuous Auditing
A continuous audit enables the auditor to issue written assurance simultaneously, or shortly after the occurrence of the underlying events. Subject matter could be any type of information; for example, authenticity, integrity, or non-repudiation of e-commerce transactions. A CICA study has identified conditions necessary for a continuous audit. Pages See individual point under heading Internet-based and Continuous Auditing and Exhibit 8-13.

Download ppt "Electronic Presentations in Microsoft® PowerPoint®"

Similar presentations

Ads by Google