Chapter 3-Auditing Computer-based Information Systems.

Slides:



Advertisements
Similar presentations
Bodnar/Hopwood AIS 7th Ed1 Chapter 5 u TRANSACTION PROCESSING AND INTERNAL CONTROL PROCESS.
Advertisements

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Accounting Information Systems 9th Edition
Auditing Concepts.
©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart 10-1 Accounting Information Systems 9 th Edition Marshall.
AUDITING COMPUTER-BASED INFORMATION SYSTEMS
Auditing Computer-Based Information Systems
Internal Control.
Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.
Auditing Computer Systems
Auditing Computer-Based Information Systems
The Islamic University of Gaza
©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder The Demand for Audit and Other Assurance Services Chapter 1.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Review of Introduction to Auditing
THE AUDITING OF INFORMATION SYSTEMS
Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.
IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESS
18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.
Chapter 4 IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESSES.
Chapter 7 Auditing Internal Control over Financial Reporting McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
Internal Auditing and Outsourcing
Auditing Computer-Based Information Systems
Auditing Internal Control over Financial Reporting
D-1 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Module D Internal, Governmental, and Fraud Audits “I predict that audit.
Auditing Internal Control over Financial Reporting
Chapter 07 Internal Control McGraw-Hill/IrwinCopyright © 2014 by The McGraw-Hill Companies, Inc. All rights reserved.
INTERNAL CONTROL OVER FINANCIAL REPORTING
Chapter 5 Internal Control over Financial Reporting
Considering Internal Control
Internal Control in a Financial Statement Audit
Chapter 7 Auditing Internal Control over Financial Reporting McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved.
9 - 1 ©2003 Prentice Hall Business Publishing, Essentials of Auditing 1/e, Arens/Elder/Beasley Internal Control and Control Risk Chapter 9.
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Internal Control and Control Risk Chapter 10.
Learning Objectives LO5 Illustrate how business risk analysis is used to assess the risk of material misstatement at the financial statement level and.
Evaluation of Internal Control System
Understanding the IT environment of the entity. Session objectives Defining contours of financial accounting in an IT environment and its characteristics.
Richard F. Chambers, CIA, CGAP Vice President, IIA Learning Center The Institute of Internal Auditors.
S4: Understanding the IT environment of the entity.
Ensuring the Integrity of Financial Information Ensuring the Integrity of Financial Information C H A P T E R 5.
Evaluation of Internal Control System. Learning Objective 1 Contrast management’s need for internal control with the auditor’s need to consider internal.
Chapter 7 Auditing Internal Control over Financial Reporting McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
Fundamentals I: Accounting Information Systems McGraw-Hill/Irwin Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
1 Chapter Nine Conducting the IT Audit Lecture Outline Audit Standards IT Audit Life Cycle Four Main Types of IT Audits Using COBIT to Perform an Audit.
Risk Management & Corporate Governance 1. What is Risk?  Risk arises from uncertainty; but all uncertainties do not carry risk.  Possibility of an unfavorable.
College Reviews An Overview Presented by Howard Lutwak, CIA Director of Internal Audit January 2004.
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin.
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.1 Internal.
McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-1 Chapter 6 CHAPTER 6 INTERNAL CONTROL IN A FINANCIAL STATEMENT AUDIT.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 7-1 Chapter Seven Auditing Internal Control over Financial Reporting.
IS 630 : Accounting Information Systems Auditing Computer-based Information Systems Lecture 10.
McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Auditing Internal Control over Financial Reporting Chapter Seven.
Auditing of CBIS Chapter Ten. IIA Vs. AICPA IIA Audit Scope –Reliability and integrity –Complies with operating parameters –Review IC to safeguard assets.
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley Section 404 Audits of Internal Control and Control Risk Chapter.
©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder Section 404 Audits of Internal Control and Control Risk Chapter 10.
©©2012 Pearson Education, Auditing 14/e, Arens/Elder/Beasley Considering Internal Control Chapter 10.
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall. Chapter
Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.
Chapter 6 Internal Control in a Financial Statement Audit McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley Internal Control and Control Risk Chapter 10.
© 2006 Prentice Hall Business Publishing Accounting Information Systems, 10/e Romney/Steinbart1 of 151 C HAPTER 9 Auditing Computer-Based Information Systems.
Auditing Concepts.
Chapter 9 Control, security and audit
Modern Auditing: Assurance Services and the Integrity of Financial Reporting, 8th Edition William C. Boynton California Polytechnic State University at.
Other Assurance Services
Internal Control Internal control is the process designed and affected by owners, management, and other personnel. It is implemented to address business.
Information Technology Auditing
Presentation transcript:

Chapter 3-Auditing Computer-based Information Systems

Learning Objectives  Scope and objectives of audit work, and major steps in the audit process.  Objectives of an information system audit, and four-step approach necessary for meeting these objectives.  Design a plan for the study and evaluation of internal control in an AIS.  Describe computer audit software, and explain how it is used in the audit of an AIS  Describe the nature and scope of an operational audit. 2

Auditing The systematic process of obtaining and evaluating evidence regarding assertions about economic actions and events in order to determine how well they correspond with established criteria 3

Types of Audits  Financial Examines the reliability and integrity of:  Financial transactions, accounting records, and financial statements.  Information System Reviews the controls of an AIS to assess compliance with:  Internal control policies and procedures and effectiveness in safeguarding assets  Operational Economical and efficient use of resources and the accomplishment of established goals and objectives  Compliance Determines whether entities are complying with:  Applicable laws, regulations, policies, and procedures  Investigative Incidents of possible fraud, misappropriation of assets, waste and abuse, or improper governmental activities. 4

The Audit Process Planning Collecting Evidence Evaluating Evidence Communicating Audit Results 5

Planning the Audit Why, when, how, whom Work targeted to area with greatest risk: Inherent Chance of risk in the absence of controls Control Risk a misstatement will not be caught by the internal control system Detection Chance a misstatement will not be caught by auditors or their procedures 6

Evaluation of Audit Evidence Does evidence support favorable or unfavorable conclusion? Materiality How significant is the impact of the evidence? Reasonable Assurance Some risk remains that the audit conclusion is incorrect. 7

Communication of Audit Conclusion Written report summarizing audit findings and recommendations: To management The audit committee The board of directors Other appropriate parties 8

Risk-Based Audit Determine the threats (fraud and errors) facing the company. Accidental or intentional abuse and damage to which the system is exposed Identify the control procedures that prevent, detect, or correct the threats. These are all the controls that management has put into place and that auditors should review and test, to minimize the threats Evaluate control procedures. A systems review Are control procedures in place Tests of controls Are existing controls working Evaluate control weaknesses to determine their effect on the nature, timing, or extent of auditing procedures. 9

Information Systems Audit Purpose: To review and evaluate the internal controls that protect the system Objectives: 1. Overall information security 2. Program development and acquisition 3. Program modification 4. Computer processing 5. Source files 6. Data files 10

1. Information System Threats Accidental or intentional damage to system assets Unauthorized access, disclosure, or modification of data and programs Theft Interruption of crucial business activities 11

2. Program Development and Acquisition Inadvertent programming errors due to misunderstanding system specifications or careless programming Unauthorized instructions deliberately inserted into the programs Controls: Management and user authorization and approval, thorough testing, and proper documentation 12

3. Program Modification Source Code Comparison Compares current program against source code for any discrepancies Reprocessing Use of source code to re-run program and compare for discrepancies Parallel Simulation Auditor-created program is run and used to compare against source code 13

4. Computer Processing  System fails to detect: Erroneous input Improper correction of input errors Process erroneous input Improperly distribute or disclose output  Concurrent audit techniques Continuous system monitoring while live data are processed during regular operating hours Using embedded audit modules  Program code segments that perform audit functions, report test results, and store the evidence collected for auditor review 14

Types of Concurrent Audits Integrated Test Facility Uses fictitious inputs Snapshot Technique Master files before and after update are stored for specially marked transactions System Control Audit Review File (SCARF) Continuous monitoring and storing of transactions that meet pre-specifications Audit Hooks Notify auditors of questionable transactions Continuous and Intermittent Simulation Similar to SCARF for DBMS 15

5. Source Data & 6. Data Files Accuracy Integrity Security of data 16

End of Chapter 3 By: Munawar Hameed IS 630 : Lecture 1017

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.