Presentation is loading. Please wait.

Presentation is loading. Please wait.

Auditing Computer-Based Information Systems

Similar presentations


Presentation on theme: "Auditing Computer-Based Information Systems"— Presentation transcript:

1 Auditing Computer-Based Information Systems
Chapter 11 Auditing Computer-Based Information Systems Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall

2 Learning Objectives Describe the scope and objectives of audit work, and identify the major steps in the audit process. Identify the objectives of an information system audit, and describe the four-step approach necessary for meeting these objectives. Design a plan for the study and evaluation of internal control in an AIS. Describe computer audit software, and explain how it is used in the audit of an AIS Describe the nature and scope of an operational audit. Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall

3 Auditing The systematic process of obtaining and evaluating evidence regarding assertions about economic actions and events in order to determine how well they correspond with established criteria Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall

4 Types of Audits Financial Examines the reliability and integrity of:
Financial transactions, accounting records, and financial statements. Information System Reviews the controls of an AIS to assess compliance with: Internal control policies and procedures and effectiveness in safeguarding assets Operational Economical and efficient use of resources and the accomplishment of established goals and objectives Compliance Determines whether entities are complying with: Applicable laws, regulations, policies, and procedures Investigative Incidents of possible fraud, misappropriation of assets, waste and abuse, or improper governmental activities. Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall

5 The Audit Process Planning Collecting Evidence Evaluating Evidence
Communicating Audit Results Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall

6 Planning the Audit Why, when, how, whom
Work targeted to area with greatest risk: Inherent Chance of risk in the absence of controls Control Risk a misstatement will not be caught by the internal control system Detection Chance a misstatement will not be caught by auditors or their procedures Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall

7 Collection of Audit Evidence
Not everything can be examined so samples are collected Observation activates to be audited Review of documentation Gain understanding of process or control Discussions Questionnaires Physical examination Confirmations Testing balances with external 3rd parties Re-performance Recalculations to test values Vouching Examination of supporting documents Analytical review Examining relationships and trends Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall

8 Evaluation of Audit Evidence
Does evidence support favorable or unfavorable conclusion? Materiality How significant is the impact of the evidence? Reasonable Assurance Some risk remains that the audit conclusion is incorrect. Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall

9 Communication of Audit Conclusion
Written report summarizing audit findings and recommendations: To management The audit committee The board of directors Other appropriate parties Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall

10 Risk-Based Audit Determine the threats (fraud and errors) facing the company. Accidental or intentional abuse and damage to which the system is exposed Identify the control procedures that prevent, detect, or correct the threats. These are all the controls that management has put into place and that auditors should review and test, to minimize the threats Evaluate control procedures. A systems review Are control procedures in place Tests of controls Are existing controls working Evaluate control weaknesses to determine their effect on the nature, timing, or extent of auditing procedures. Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall

11 Information Systems Audit
Purpose: To review and evaluate the internal controls that protect the system Objectives: Overall information security Program development and acquisition Program modification Computer processing Source files Data files Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall

12 1. Information System Threats
Accidental or intentional damage to system assets Unauthorized access, disclosure, or modification of data and programs Theft Interruption of crucial business activities Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall

13 2. Program Development and Acquisition
Inadvertent programming errors due to misunderstanding system specifications or careless programming Unauthorized instructions deliberately inserted into the programs Controls: Management and user authorization and approval, thorough testing, and proper documentation Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall

14 3. Program Modification Source Code Comparison Reprocessing
Compares current program against source code for any discrepancies Reprocessing Use of source code to re-run program and compare for discrepancies Parallel Simulation Auditor-created program is run and used to compare against source code Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall

15 4. Computer Processing System fails to detect:
Erroneous input Improper correction of input errors Process erroneous input Improperly distribute or disclose output Concurrent audit techniques Continuous system monitoring while live data are processed during regular operating hours Using embedded audit modules Program code segments that perform audit functions, report test results, and store the evidence collected for auditor review Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall

16 Types of Concurrent Audits
Integrated Test Facility Uses fictitious inputs Snapshot Technique Master files before and after update are stored for specially marked transactions System Control Audit Review File (SCARF) Continuous monitoring and storing of transactions that meet pre-specifications Audit Hooks Notify auditors of questionable transactions Continuous and Intermittent Simulation Similar to SCARF for DBMS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall

17 5. Source Data and 6. Data Files
Accuracy Integrity Security of data Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall


Download ppt "Auditing Computer-Based Information Systems"

Similar presentations


Ads by Google