Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Published byDoris Gilmore Modified over 8 years ago

Similar presentations

Presentation on theme: "Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education."— Presentation transcript:

1 Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. Auditing & Assurance Services, 6e

2 Module H Auditing and Information Technology "To err is human, but to really foul things up you need a computer.“ --Paul Ehrlich, American biologist, author, and technology commentator “A common mistake people make with trying to design something completely foolproof is to underestimate the ingenuity of complete fools.” --Douglas Adams, author of The Hitchhiker’s Guide to the Galaxy Mod H-2

3 Module H Objectives 1.Identify how the use of a automated transaction processing system impacts the audit examination. 2.Provide examples of general controls and understand how these controls relate to transaction processing in an accounting information system. 3.Provide examples of automated application controls and understand how these controls relate to transaction processing in an accounting information system. 4.Describe how the audit team assesses control risk in a IT environment. 5.Identify how audit teams perform tests of controls in a IT environment. 6.Describe the characteristics and control issues associated with end-user and other computing environments. 7.Define and describe computer fraud and the controls that can be used to prevent it. Mod H-3

4 Major Topics I.Background II.General Controls III.Automated Application Controls IV.Tests of Computer Controls V.End-Use Computing and Other Mod H-4

5 Issues Introduced in a IT environment 1.Input errors 2.Systematic vs. random processing errors 3.Lack of an audit trail 4.Inappropriate access to computer files and programs 5.Reduced human involvement in processing transactions Mod H-5

6 Impact of Automated Transaction Processing on the Evaluation of I/C PhaseEffect(s) UnderstandingUnderstand and document controls related to automated processing of transactions AssessmentConsider controls related to automated processing of transactions in preliminary assessment of control risk TestingIdentify, test, and evaluate degree of compliance of controls related to automated processing of transactions Mod H-6

7 Types of Computer Controls General Controls – Relate to all applications of an accounting information system (pervasive) – Deficiencies will affect processing of various types of transactions Automated Application Controls – Relate to specific business activities – Directly address management assertions Mod H-7

8 Major Topics I.Background II.General Controls III.Automated Application Controls IV.Tests of Computer Controls V.End-Use Computing and Other Mod H-8

9 Categories of General Controls 1.Program development controls 2.Program change controls 3.Computer operations controls 4.Access to programs and data controls Mod H-9

10 Program Development Controls Acquisition and development of new programs is properly authorized and conducted with organization policies Appropriate users participate in process Programs and software are tested and validated prior to use Programs and software have appropriate documentation Mod H-10

11 Systems Development Life Cycle Identify Requirements Feasibility Analysis Determine System Specifications Develop Programs Design Procedures System Analysis Maintenance/ System Auditing Daily Operations Conversion/ Implementation Employee Training Mod H-11

12 Program Change Controls Modifications to existing programs are properly authorized and conducted with entity policies Appropriate users participate in process Programs are tested and validated prior to use Programs have appropriate documentation Additional controls related to “emergency” change requests and migrating new programs into operations Mod H-12

13 Computer Operations Controls Relate to processing of transactions and backup and recovery of data Processing environments –Batch processing: Similar transactions collected and processed simultaneously –Real-time processing: Transactions processed as they occur without delay Mod H-13

14 Examples of Computer Operations Controls Methods of resolving processing failures Separation of duties –Systems analysts –Programmers –Computer operators Files and data –Labels to ensure use of appropriate file –Storage in remote, protected locations (disaster recovery) –Grandfather-father-son Mod H-14

15 Access to Programs and Data Controls Relate to restricting use of programs and data to authorized users Examples –Passwords –Automatic terminal logoff –Review access rights and compare to usage (through logs) –Report and communicate security breaches Mod H-15

16 General Controls and Assertions AssertionExplanationExamples AccuracyEnsure accuracy of data and testing computer programs prior to implementation Hardware controls Program development controls Program change controls Computer operations controls OccurrenceRestricting inappropriate access reduces probability of fictitious transactions Computer operations controls Access to programs and data controls Mod H-16

17 Major Topics I.Background II.General Controls III.Automated Application Controls (I-P-O) IV.Tests of Computer Controls V.End-Use Computing and Other Mod H-17

18 Input Controls Provide reasonable assurance that input is properly authorized and accurately entered for processing –All transactions input –Transactions input once and only once –Transactions input accurately Mod H-18

19 Summary of Input Controls Mod H-19

20 Summary of Input Controls (Continued) Input accurate All transactions entered Transactions entered only once Sequence tests X Limit and reasonableness tests X Error correction and resubmission X Mod H-20

21 Processing Controls Provide reasonable assurance that –Transactions are processed accurately –All transactions are processed –Transactions are processed once and only once Examples –Test processing accuracy of programs –File and operator controls –Run-to-run totals –Control total reports –Limit and reasonableness tests –Error correction and resubmission Mod H-21

22 Output Controls Provide reasonable assurance that –Output reflects accurate processing –Only authorized persons receive output or have access to files generated from processing Examples –Review of output for reasonableness –Control total reports –Master file changes –Output distribution limited to appropriate person(s) Mod H-22

23 Major Topics I.Background II.General Controls III.Automated Application Controls IV.Tests of Computer Controls V.End-Use Computing and Other Mod H-23

24 Forming an Assessment of Control Risk 1.Identify specific types of misstatement that could occur 2.Identify points where misstatements could occur 3.Identify control procedures designed to prevent or detect misstatements –General controls and automated application controls 4.Evaluate design of control procedures –Are tests of controls cost-effective? Mod H-24

25 Testing Computer Controls Testing controls –Inquiry –Observation –Inspect documentary evidence –Reperformance (including test data) Evaluating computer processing and programs –Test processing of actual transactions –Test processing of simulated transactions Mod H-25

26 Test Data Test data: Simulated transactions containing known errors to test the client’s controls Only one type of each kind of transaction error needs to be tested. Mod H-26 Auditors’ Manual Processing Client System Processing Compare

27 Major Topics I.Background II.General Controls III.Automated Application Controls IV.Tests of Computer Controls V.End-Use Computing and Other Mod H-27

28 End-User Environments Control issues –Lack of separation of duties –Lack of physical security –Lack of documentation and testing –Limited computer knowledge of personnel Implications –Limit concentration of functions and increase supervision –Access to program and data controls are critical Mod H-28

29 Computer Abuse/Fraud Use of computer technology by perpetrator to achieve gains at the expense of a victim Controls –Preventative: Stop fraud from entering system –Detective: Identify fraud when it enters system –Damage-limiting: Reduce monetary impacts of fraud and control to specified levels Mod H-29

Download ppt "Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education."

Similar presentations

©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 12 - 1 The Impact of Information Technology on the Audit Process Chapter 12.

©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder The Impact of Information Technology on the Audit Process Chapter 12.
Auditing Concepts.

Auditing Concepts.
©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart 10-1 Accounting Information Systems 9 th Edition Marshall.

©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart 10-1 Accounting Information Systems 9 th Edition Marshall.
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.

Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.
Auditing Computer Systems

Auditing Computer Systems
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
12 - 1 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder The Impact of Information Technology on the Audit Process Chapter 12.

©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder The Impact of Information Technology on the Audit Process Chapter 12.
MODERN AUDITING 7th Edition

MODERN AUDITING 7th Edition
Internal Control Concepts Knowledge. Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance.

Internal Control Concepts Knowledge. Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance.
THE AUDITING OF INFORMATION SYSTEMS

THE AUDITING OF INFORMATION SYSTEMS
Chapter 9 The Study of Internal Control and Assessment of Control Risk

Chapter 9 The Study of Internal Control and Assessment of Control Risk
COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.

COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.
Auditing A Risk-Based Approach To Conducting A Quality Audit

Auditing A Risk-Based Approach To Conducting A Quality Audit
Internal Control in a Financial Statement Audit

Internal Control in a Financial Statement Audit
Auditing 81.3550 Auditing & Automated Systems Chapter 22 Auditing & Automated Systems Chapter 22.

Auditing Auditing & Automated Systems Chapter 22 Auditing & Automated Systems Chapter 22.
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley 11 - 1 The Impact of Information Technology on the Audit.

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley The Impact of Information Technology on the Audit.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 12-1 Chapter Twelve Auditing the Human Resource Management Process.

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 12-1 Chapter Twelve Auditing the Human Resource Management Process.
Information Systems Auditing and Assurance

Information Systems Auditing and Assurance
Chapter 7 Auditing Internal Control over Financial Reporting McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.

Chapter 7 Auditing Internal Control over Financial Reporting McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.

Similar presentations

Ads by Google