Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Islamic University of Gaza

Published byLouise Williamson Modified over 8 years ago

Similar presentations

Presentation on theme: "The Islamic University of Gaza"— Presentation transcript:

1 The Islamic University of Gaza
Accounting Information Systems Information Technology Auditing Dr. Hisham madi

2 Auditing Computerized Accounting Information Systems
Auditing around the computer following the audit trail up to the point at which accounting data entered the computer and to pick these data up again when they reappeared in processed form as computer output. It assumes that the presence of accurate output verifies proper processing operations. This type of auditing pays little or no attention to the control procedures within the IT environment Not effective in a computerized environment

3 Auditing Computerized Accounting Information Systems
Auditing Through the Computer an auditor usually follows the audit trail through the internal computer operations phase of automated data processing. It attempts to verify that the processing controls involved in the AIS programs are functioning properly. It also attempts to verify that the accounting data processed are accurate

4 Auditing Computerized AISs
Testing Computer Programs Validating Computer Programs Review of Systems Software Validating Users and Access Privileges Continuous Auditing

5 Auditing Computerized AISs
Testing Computer Programs The objective is to ensure that the programs accomplish their goals and that the data are input and processed accurately. Test Data developing a set of transactions that tests, as completely as possible, the range of exception situations that might occur under normal processing conditions Possible exception situations for a payroll application, for example, include out-of-sequence payroll checks, duplicate time cards, negative hours worked, invalid employee numbers, invalid dates, invalid pay rates, invalid deduction codes

6 Auditing Computerized AISs
Integrated Test Facility more comprehensive test technique (1) establishing a fictitious entity such as a department, branch, customer, or employee (2) entering transactions for that entity, and (3) observing how these transactions are processed For example, an auditor might create a number of fictitious credit customers and place appropriate accounts receivable master records on the company’s accounts receivable computer files

7 Auditing Computerized AISs
Parallel Simulation The auditor uses live input data, rather than test data, in a program actually written or controlled by the auditor The auditor’s program simulates all or some of the operations of the real program that is actually in use. compare the results of processing data using the test programs with those results from using the real programs it can be very time-consuming and thus cost-prohibitive for an auditor to write computer programs entirely replicating those of the client

8 Validating Computer Programs
Tests of Program Change Control It is a set of internal control procedures developed to protect against unauthorized program changes. Sound program change control requires documentation of every request for application program changes. It also requires computer programmers to develop and implement changes in a separate test environment rather than a live processing environment The organization should also have special forms that authorize a change to an existing program or development of new programs

9 Review of Systems Software
Systems software controls include: Operating system software Utility programs Access control software auditors will request management to provide certain output or runs from the software. For instance, the auditor, in reviewing how passwords within the system are set, will ask the information systems manager for a listing of all password characteristics designated in the system

10 Validating Users and Access Privileges
An IT auditor needs to make sure that all computer-system users are valid and that each has access privileges appropriate to his or her job responsibilities. Systems software generally includes access control software that determines how the system administrator sets up and controls User IDs, user profiles, and passwords. The IT auditor should verify not only that the software parameters are set appropriately, but that IT staff are using them appropriately

11 Validating Users and Access Privileges
IT Auditors should also look at user listings to see if there are any Group IDs assigned. For example, there may be an ID named AP_Clerk. Sometimes managers decide to issue these IDs to cut down on paperwork when making personnel changes. However, this type of ID prevents assigning responsibility to an individual. If one AP clerk were to make a mistake or commit fraud, the use of a Group ID would make it difficult to identify which of the accounts payable clerks was responsible.

12 Validating Users and Access Privileges
Variety of auditor software tools are available to validate users and access privileges: software might examine login times. If a user has not logged in for several months, it may be that the account should have been deleted Users logging on at odd hours may also provide information that something is not quite right

13 Continuous Auditing Some audit tools can be installed within an information system itself to achieve continuous Auditing or real-time assurance. Continuous auditing is increasingly important as we move toward real-time financial reporting. There is also increasing pressure to reduce the time span between the production of financial information and the audit of the information, known as the audit cycle

14 Continuous Auditing Stakeholders want audited information quickly as decision time frames are becoming shorter Approaches for continuous auditing are: embedded audit modules or audit hooks capture data for audit purposes an application program for payroll would include a code that causes transactions meeting pre-specified criteria to be written to a special log. Possible transactions that might be recorded in a log include those deviating from company’s policy

15 Continuous Auditing Approaches for continuous auditing are:
embedded audit modules or audit hooks For payroll applications, these transactions could reflect situations where, for instance, employees worked more than a predetermined number of hours.

16 Continuous Auditing Approaches for continuous auditing are:
exception reporting information system includes mechanisms to reject certain transactions that fall outside predefined specifications (such as an unusually large vendor check), then the ongoing reporting of exception transactions allows the system to continually monitor itself

17 Continuous Auditing Approaches for continuous auditing are:
transaction tagging, auditors can tag certain transactions with a special identifier so that they can be recorded as they pass through the information system. For example, a specific number of employees can have tags attached to their transaction records so that an auditor can verify the processing logic in the payroll system Tagging in this instance could also check to see that controls within the system are operating.

Download ppt "The Islamic University of Gaza"

Similar presentations

Chapter 6 Computer Assisted Audit Tools and Techniques

Chapter 6 Computer Assisted Audit Tools and Techniques
Presented to the Tallahassee ISACA Chapter

Presented to the Tallahassee ISACA Chapter
ACCOUNTING INFORMATION SYSTEMS

ACCOUNTING INFORMATION SYSTEMS
ITAuditing Using GAS & CAATs

ITAuditing Using GAS & CAATs
Overview of Transaction Processing and Enterprise Resource Planning Systems Chapter 2.

Overview of Transaction Processing and Enterprise Resource Planning Systems Chapter 2.
Auditing Concepts.

Auditing Concepts.
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
Auditing Computer Systems

Auditing Computer Systems
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
The Islamic University of Gaza

The Islamic University of Gaza
The Islamic University of Gaza

The Islamic University of Gaza
12 - 1 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder The Impact of Information Technology on the Audit Process Chapter 12.

©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder The Impact of Information Technology on the Audit Process Chapter 12.
© 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart1 of 85 C HAPTER 1 Accounting Information Systems: An Overview.

© 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart1 of 85 C HAPTER 1 Accounting Information Systems: An Overview.
1 Output Controls Ensure that system output is not lost, misdirected, or corrupted and that privacy is not violated. Exposures of this sort can cause serious.

1 Output Controls Ensure that system output is not lost, misdirected, or corrupted and that privacy is not violated. Exposures of this sort can cause serious.
Computer Assisted Audit Techniques

Computer Assisted Audit Techniques
©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart 18-1 Accounting Information Systems 9 th Edition Marshall.

©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart 18-1 Accounting Information Systems 9 th Edition Marshall.
Concurrent Auditing Techniques

Concurrent Auditing Techniques
COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.

COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.
Advanced Accounting Information Systems

Advanced Accounting Information Systems
Chapter 7 Database Auditing Models

Chapter 7 Database Auditing Models

Similar presentations

Ads by Google