1 / 33

The Impact of Information Technology on the Audit Process

The Impact of Information Technology on the Audit Process. Chapter 12. Learning Objective 1. Describe how IT improves internal control. How Information Technologies Enhance Internal Control. Computer controls replace manual controls. Higher-quality information is available.

stuartt
Télécharger la présentation

The Impact of Information Technology on the Audit Process

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Impact of InformationTechnology on theAudit Process Chapter 12

  2. Learning Objective 1 • Describe how IT improves • internal control.

  3. How Information Technologies Enhance Internal Control Computer controls replace manual controls. Higher-quality information is available.

  4. Learning Objective 2 • Identify risks that arise from using • an IT-based accounting system.

  5. Assessing Risks ofInformation Technologies Reliance on the capabilities of hardware and software Visibility of audit trail Reduced human involvement Systematic versus random errors

  6. Assessing Risks ofInformation Technologies Unauthorized access Loss of data Reduced segregation of duties Lack of traditional authorization Need for IT experience

  7. Learning Objective 3 • Explain how general controls • and application controls • reduce IT risks.

  8. Internal Controls Specific to Information Technology General controls Application controls

  9. Risk of unauthorized change to application software Risk of system crash Cash receipts application controls Sales applications controls Payroll application controls Other cycle application controls Risk of unauthorized master file update Risk of unauthorized processing GENERAL CONTROLS Relationship Between Generaland Administrative Controls

  10. General Controls Administration of the IT function Segregation of IT duties Systems development Physical and online security Backup and contingency planning Hardware controls

  11. Administration of the IT Function The perceived importance of IT within an organization is often dictated by the attitude of the board of directors and senior management.

  12. Chief Information Officer or IT Manager Security Administrator Systems Development Operations Data Control Segregation of IT Duties

  13. Typical test strategies Pilot testing Parallel testing Systems Development

  14. Physical and Online Security • Physical Controls: • Keypad entrances • Badge-entry systems • Security cameras • Security personnel • Online Controls: • User ID control • Password control • Separate add-on security software

  15. Backup and Contingency Planning One key to a backup and contingency plan is to make sure that all critical copies of software and data files are backed up and stored off the premises.

  16. Hardware Controls These controls are built into computer equipment by the manufacturer to detect and report equipment failures.

  17. Processing controls Output controls Application Controls Input controls

  18. Input Controls These controls are designed by an organization to ensure that the information being processed is authorized, accurate, and complete.

  19. Batch Input Controls Financial total Hash total Record count

  20. Processing Controls Validation test Sequence test Arithmetic accuracy test Data reasonableness test Completeness test

  21. Output Controls These controls focus on detecting errors after processing is completed rather than on preventing errors.

  22. Learning Objective 4 • Describe how general controls • affect the auditor’s testing • of application controls.

  23. Impact of Information Technology on the Audit Process Effects of general controls on control risk Effects of IT controls on control risk and substantive tests Auditing in less complex IT environments Auditing in more complex IT environments

  24. Learning Objective 5 • Use test data, parallel simulation, • and embedded audit module • approaches when auditing • through the computer.

  25. Test data should include all relevant conditions that the auditor wants tested. 1 Application programs tested by the auditor’s test data must be the same as those the client used throughout the year. 2 Test data must be eliminated from the client’s records. 3 Test Data Approach

  26. Input test Transactions to test Key control Procedures Master files Application Programs (Assume Batch System) Transaction files (contaminated?) Contaminated master files Control test results Test Data Approach

  27. Test Data Approach Control test results Auditor makes comparisons Auditor-predicted results of key control procedures based on an understanding of internal control Differences between actual outcome and predicted result

  28. Parallel Simulation The auditor uses auditor-controlled software to perform parallel operations to the client’s software by using the same data files.

  29. Production transactions Master file Auditor-prepared program Client application system programs Auditor results Client results Auditor makes comparisons between client’s application system output and the auditor-prepared program output Exception report noting differences Parallel Simulation

  30. Embedded Audit Module Approach Auditor inserts an audit module in the client’s application system to capture transactions with characteristics that are of specific interest to the auditor.

  31. Learning Objective 6 • Identify issues for e-commerce • systems and other specialized • IT environments.

  32. Issues for Different IT Environments Issues for microcomputer environments Issues for network environments Issues for database management systems Issues for e-commerce systems Issues when clients outsource IT

  33. End of Chapter 12

More Related