Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 10: Auditing of Information Systems

Published byHomer Page Modified over 5 years ago

Similar presentations

Presentation on theme: "Chapter 10: Auditing of Information Systems"— Presentation transcript:

1 Chapter 10: Auditing of Information Systems
Accounting Information Systems: Essential Concepts and Applications Fourth Edition by Wilkinson, Cerullo, Raval, and Wong-On-Wing Chapter 10: Auditing of Information Systems Slides Authored by Somnath Bhattacharya, Ph.D. Florida Atlantic University

2 Nature of Audits Audits are examinations performed to assess and evaluate an activity or object, such as whether the internal controls implemented into the AIS are working as prescribed by management

3 Types of Audits Operational Audits Compliance Audits
Project Management and Change Control Audits Internal Control Audits Financial Audits Fraud Audits Figure 10-1

4 Types of Auditors Internal Auditors External Auditors
Government Auditors Fraud Auditors

5 Basic Auditing Considerations
Ethics and Auditing Standards Need for Ethics Content of Standards Effect of Automation on Standards Impact of Computerization on Audit Procedures Transaction Cycle Approach to Auditing

6 The Auditing Process The 5 phases of a financial audit are:
Planning the Audit Analytical Procedures Preliminary Review & Assessment of the Internal Control Structure Completion of the Review Detailed Evaluation and Testing of Controls Analytical and Substantive Review Audit Reporting

7 Preliminary Assessment of the Internal Control Structure
Review, Document, and Assess the ICS Assess and Set the level of Control Risk Control Risk is the risk that material misstatements in assertions, leading to significant errors in the financial statements, will fail to be prevented or detected by the internal control structure The level of Control Risk may be expressed numerically or subjectively An Assertion is an expressed account balance, transaction classification, or disclosure in the financial statements being examined Cost Effectiveness of Testing Controls

8 Testing of Controls Perform Tests of Controls
Evaluate the Findings of the Tests of Controls Final Assessment of Control Risk for each transaction cycle Determine level of Planned Detection Risk The Planned Detection Risk is the risk that a material misstatement in the financial statements or in individual account balances will fail to be uncovered by substantive testing procedures Determine the nature, timing, and extent of substantive testing procedures Develop Final Audit Program

9 Substantive Testing Choose and Perform Substantive Tests
Perform Final Analytical Procedures Test Account Balances Test Details of Transaction Classes Evaluate Substantive Tests

10 Document the Conclusions
Writing the Audit Report Unqualified Opinion: Financial Statements present fairly, in all material respects, the financial status, results of operations, and cash flow of the firm being audited Qualified Opinion: Issued when a significant condition, such as a departure from GAAP, prevents the issuance of an unqualified opinion Adverse Opinion: Given when the auditor concludes that the overall financial statements are so materially misleading that they cannot be relied upon A Disclaimer of Opinion: The Auditor refuses to express an opinion on the overall financial statements due to major restrictions placed on the scope of the audit or the failure to collect sufficient evidence Letter of Reportable Conditions

11 Auditing Around the Computer - I
Computer is a “black-box.” Assumption: If the auditor can show that the actual outputs are the correct results to be expected from a set of inputs to the processing system, then the computer processing must be functioning in a reliable manner Involves tracing selected transactions from source documents to summary accounts and records, and vice-versa A “Non-Processing of Data” Method

12 Auditing Around the Computer - II
Suitable only under the following 3 conditions: The audit trail is complete and visible The processing operations are relatively straightforward, uncomplicated, and low volume Complete documentation, such as DFDs and Systems Flowcharts, are available to the auditor Best suited for independent periodic processing applications: cash disbursements payroll processing

13 Auditing Around the Computer - III
Limitations is that it does not allow the auditor to determine exactly how the computer processing programs handle edit checks and programmed checks

14 Auditing Around the Computer: An Illustration
Normal Processing Audit Test Master File Regular Transactions Selected Transactions Predetermined Results Regular Processing Run Exception Report Documents, Listings, Registers, Reports Auditor Comparison Figure 10-4a

15 Auditing Through the Computer
Should be applied to all complex automated processing systems Periodic direct and real-time processing applications where the audit trail is impaired Methods include: Test Data Integrated Test Facility Embedded Audit Module Techniques Program Code Checking Parallel Processing Parallel Simulation Controlled Processing All auditing-through-the-computer techniques provide evidence concerning the level of control risk.

16 Auditing Through the Computer: An Illustration
Master File Regular Transactions Regular Processing Run Exception Report Documents, Listings, Registers, Reports Normal Processing Audit Test Transactions Regular Processing Run Exception Report Summary Results from Tests Predetermined Results Audit Comparison Audit Test Master File Figure 10-4 b

17 Auditing with the Computer - I
Microcomputer Audit Assist Software The Generalized Audit Software (GAS) Package The Template Prepare trial balances Maintain recurring journal entries Evaluate sample results Schedule and manage auditor time in field audits Perform reasonableness tests of expenses Estimate expenses

18 Auditing with the Computer - II
Audit Software: A collection of program routines, each serving a mechanistic audit function GAS (e.g., ACL) Attribute Sampling Histogram Generation Record Aging File Comparison Duplicate Checking File Printing

19 Typical Audit Functions Available in a GAS package
Extracting Data from Files Calculating with Data Summarizing Data Analyzing Data Reorganizing Data Selecting Sample Data for Testing Gathering Statistical Data Printing Confirmation Requests, Analyses, and other outputs

20 Applications of a GAS Package
Computer runs involving such audit functions as Extracting data from files Calculating with data Performing comparisons with data Summarizing data Analyzing data Reorganizing data Selecting sample data for testing Gathering statistical data Printing confirmation requests, analyses, and other outputs Master File Transaction File Control and Specification File GAS Package Requests for confirmation listings, Sample data items, Reports, Analyses, Control Totals Exception Report Figure 10-5

21 Advantages of GAS Packages
Allow auditors to access computer-readable records for a wide variety of applications and organizations Enable auditors to examine much more data than could be examined through manual means Rapidly and accurately perform a variety of routine audit functions, including the statistical selection of samples Reduce dependence on non-auditing personnel for performing routine functions like summarizing data, thereby enabling auditors to maintain better control over the audit Require only minimal computer knowledge on the part of the auditor

22 Disadvantages of GAS Packages
They do not directly examine the applications program and programmed checks. They cannot replace audit- through-the-computer techniques

23 Situations Triggering DP Operational Audits
An apparently excessive cost for computer services A major shift in corporate plans A proposal for a major hardware or software upgrade or acquisition An inability to attract and retain computer DP executives A new DP executive’s need for an intensive assessment An inordinate amount of personnel turnover within the DP department A proposal to consolidate or distribute DP resources A major system that appears unresponsive to needs or is difficult to enhance or maintain An excessive or increasing number of user complaints

24 Accounting Information Systems: Essential Concepts and Applications Fourth Edition by Wilkinson, Cerullo, Raval, and Wong-On-Wing Copyright © 2000 John Wiley & Sons, Inc. All rights reserved. Reproduction or translation of this work beyond that permitted in Section 117 of the 1976 United States Copyright Act without the express written permission of the copyright owner is unlawful. Request for further information should be addressed to the Permissions Department, John Wiley & Sons, Inc. The purchaser may make back-up copies for his/her own use only and not for distribution or resale. The publisher assumes no responsibility for errors, omissions, or damages, caused by the use of these programs or from the use of the information contained herein.

Download ppt "Chapter 10: Auditing of Information Systems"

Similar presentations

Accounting Principles, Ninth Edition

Accounting Principles, Ninth Edition
ITAuditing Using GAS & CAATs

ITAuditing Using GAS & CAATs
Chapter 11 Prepared by Richard J. Campbell Copyright 2011, Wiley and Sons Completing the Integrated Audit and Reporting.

Chapter 11 Prepared by Richard J. Campbell Copyright 2011, Wiley and Sons Completing the Integrated Audit and Reporting.
Chapter 15 Creating Database Forms and Reports Introduction Forms Reports.

Chapter 15 Creating Database Forms and Reports Introduction Forms Reports.
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
The Islamic University of Gaza

The Islamic University of Gaza
Prepared by: Angela Davis CA, CFE, MSc Booth University College

Prepared by: Angela Davis CA, CFE, MSc Booth University College
MODERN AUDITING 7th Edition

MODERN AUDITING 7th Edition
MODERN AUDITING 7th Edition

MODERN AUDITING 7th Edition
MODERN AUDITING 7th Edition

MODERN AUDITING 7th Edition
Introduction to Information Technology, 2nd Edition Turban, Rainer & Potter © 2003 John Wiley & Sons, Inc. 15-1 Introduction to Information Technology.

Introduction to Information Technology, 2nd Edition Turban, Rainer & Potter © 2003 John Wiley & Sons, Inc Introduction to Information Technology.
MODERN AUDITING 7th Edition

MODERN AUDITING 7th Edition
Dr. Raymond N. Johnson, CPA MODERN AUDITING 7th Edition Developed by: Raymond N. Johnson Portland Sate University John Wiley & Sons, Inc. William C. Boynton.

Dr. Raymond N. Johnson, CPA MODERN AUDITING 7th Edition Developed by: Raymond N. Johnson Portland Sate University John Wiley & Sons, Inc. William C. Boynton.
MODERN AUDITING 7th Edition Developed by: Dr. Raymond N. Johnson, CPA Gregory K. Lowry, MBA, CPA John Wiley & Sons, Inc. William C. Boynton California.

MODERN AUDITING 7th Edition Developed by: Dr. Raymond N. Johnson, CPA Gregory K. Lowry, MBA, CPA John Wiley & Sons, Inc. William C. Boynton California.
MODERN AUDITING 7th Edition

MODERN AUDITING 7th Edition
Accounting Information Systems, 1st Edition

Accounting Information Systems, 1st Edition
Prepared by: Angela Davis CA, CFE, MSc Booth University College

Prepared by: Angela Davis CA, CFE, MSc Booth University College
Accounting Information Systems: Essential Concepts and Applications Fourth Edition by Wilkinson, Cerullo, Raval, and Wong-On-Wing Chapter 10: Auditing.

Accounting Information Systems: Essential Concepts and Applications Fourth Edition by Wilkinson, Cerullo, Raval, and Wong-On-Wing Chapter 10: Auditing.
Module 4: The Human Resource Management Cycle

Module 4: The Human Resource Management Cycle
Chapter 13 Auditing Information Technology

Chapter 13 Auditing Information Technology

Similar presentations

Ads by Google