1 / 49

Chapter 13

Auditing Information Technology. Chapter 13. Distinguish between “auditing through the computer” and “auditing with the computer.”. Learning Objective 1. Information Systems Auditing Concepts. Auditing Through the Computer. Auditing With the Computer.

iyanez
Télécharger la présentation

Chapter 13

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Auditing Information Technology Chapter 13

  2. Distinguish between “auditing through the computer” and “auditing with the computer.” Learning Objective 1

  3. Information SystemsAuditing Concepts Auditing Through the Computer Auditing With the Computer

  4. Structure of a FinancialStatement Audit The primary objective and responsibility of the external auditor is to attest to the fairness of a firm’s financial reports. The external auditor serves outsiders. The internal auditor serves a firm’s management.

  5. Accounting system Financial reports  Cash Bank Receivables Customers  Confirm balances  Compliance testing Interim audit Substantive testing Financial statement audit Structure of a Financial Statement Audit Transactions

  6. Input Processing Output Auditing Around the Computer Accounting system In the around-the-computerapproach, the processing portion is ignored.

  7. Auditing Around the Computer Totals are accumulated for accepted and rejected records. Auditors emphasize control over rejected transactions, their correction, and then resubmission. The around-the-computer approach is no longer widely used.

  8. Auditing Through the Computer Auditing through the computer may be defined as the verification of controls in a computerized system. General controls Application controls

  9. Computer application systems and programs Applications controls Application systems development General controls Computer service center Control Frameworkin IT Environment Internal controls

  10. Auditing With the Computer Auditing with the computer is the process of using information technology in auditing. The use of information technology is no longer optional. It is essential!

  11. Auditing With the Computer What are some of the potential benefits of using information systems technology in an audit? 1. Computer-generated working papers are generally more legible and consistent. 2. Time may be saved by eliminating manual footing, cross footing, and other routine calculations.

  12. Auditing With the Computer 3. Calculations, comparisons, and other data manipulations are more accurately performed. 4. Analytical review calculations may be more efficiently performed. 5. Project information may be more easily generated and analyzed.

  13. Auditing With the Computer 6. Standardized audit correspondence may be stored and easily modified. 7. Morale and productivity may be improved by reducing the time spent on clerical tasks.

  14. Auditing With the Computer 8. Increased cost-effectiveness is obtained by reusing and extending existing electronic audit applications to subsequent audits. 9. Increased independence from information systems personnel is obtained.

  15. Describe and evaluate alternative information systems audit technologies. Learning Objective 2

  16. Information SystemsAuditing Technology Information system audit technology has evolved along with computer system development. There is no one overall auditing technology. Rather, there is a variety of tools and techniques that may be used to accomplish an audit’s objective.

  17. Test Data Technique Description Test data are input containing both valid and invalid data. Example Payroll transactions for fictitious employees are processed concurrently with valid payroll transactions.

  18. Computer processing using master program Error listing Auditor’s expected output Compare Test Data Approach Test data hypothetical transactions

  19. Integrated-Test-Facility Technique Description ITF involves both the use of test data and the creation of fictitious records (vendors, employees) on the master files of a computer system. Example Payroll transactions for fictitious employees are processed concurrently with valid payroll transactions.

  20. Computer application system Data files ITF data Reports without ITF data Reports containing ITF information Integrated-Test-Facility Approach Transactions ITF transactions

  21. Parallel Simulation Technique Description Processing real data through audit programs. The simulated output and the regular output are then compared. Example Depreciation calculations are verified by processing the fixed-asset master file with an audit program.

  22. Computer application system Function to be verified Parallel simulation program Report Compare Simulation report Parallel Simulation Transactions

  23. Audit Software Technique Description Computer programs that permit the computer to be used as an auditing tool. Example An auditor uses a computer program to extract data records from a master file.

  24. Generalized Audit Software(GAS) Technique Description GAS is audit software that has been specifically designed to allow auditors to perform audit-related data processing functions. Example An auditor uses GAS to search computer files for unusual items.

  25. PC Software Technique Description Software that allows the auditor to use a PC to perform audit tasks. Example A PC spreadsheet package is used to maintain audit working papers and audit schedules.

  26. Embedded Audit Routines Technique Description Special auditing routines included in regular computer programs so that transaction data can be subjected to audit analysis. Example Data items that are exceptions to auditor- specified edit tests included in a program are written to a special audit file.

  27. Production computer application system Embedded audit data collection module Production reports Audit reports Embedded Audit Data Collection Production transactions

  28. Extended Records Technique Description Modification of programs to collect and store data of audit interest. Example A payroll program is modified to collect data pertaining to overtime pay.

  29. Snapshot Technique Description Modifications of programs to output data of audit interest. Example A payroll program is modified to output data pertaining to overtime pay.

  30. Tracing Technique Description Tracing provides a detailed audit trail of the instructions executed during the program’s operation. Example A payroll program is traced to determine if certain edit tests are performed in the correct order.

  31. Review of SystemDocumentation Technique Description Existing system documentation as program flowcharts are reviewed for audit purposes. Example An auditor desk checks the processing logic of a payroll program.

  32. Control Flowcharting Technique Description Analytic flowcharts or other graphic techniques are used to describe the controls in a system. Example An auditor prepares an analytic flowchart to review controls in the payroll application system.

  33. Mapping Technique Description Special software is used to monitor the execution of a program. Example The execution of a program with test data as input is mapped to indicate how extensively the input tested compares with individual program statements.

  34. Characterize various types of information systems audits. Learning Objective 3

  35. Initial review and evaluation of the area to be audited and audit plan preparation. 1 Detailed review and evaluation of controls. 2 Compliance testing which is followed by analysis and reporting of results. 3 General Approach to an Information Systems Audit Three-phase structure:

  36. General Approach to an Information Systems Audit The initial review phase determines the course of action the audit will take. Decisions concerning specific areas to be investigated Deployment of audit labor Audit technology to be used Development of a time and/or cost budget for the audit

  37. General Approach to an Information Systems Audit What is an audit program? It is a detailed list of the audit procedures to be applied on a particular audit. Standardized audit programs for particular audit areas have been developed and are common in all types of auditing.

  38. General Approach to an Information Systems Audit In the second general phase of the audit, is detailed review and evaluation. Documentation of the application area is reviewed. Data concerning the operation of the system are reviewed.

  39. General Approach to an Information Systems Audit The third phase of the audit is testing. This phase produces evidence of compliance with procedures.

  40. Processing Information SystemsApplication Audits Application controls are divided into three general areas. Input Output

  41. Application SystemsDevelopment Audits Systems development audits are directed at the activities of systems analysts and programmers. Controls governing the systems development process directly affect the reliability of the application programs that are developed.

  42. 1 Systems development standards 2 Project management 3 Program change control Application SystemsDevelopment Audits There are three general areas of audit concern in the systems development process.

  43. Systems Development Standards Systems development standards are the documentation governing the design, development, and implementation of application systems.

  44. Project Management What is project management? It consists of project planning and project supervision.

  45. Program Change Controls What is the objective of program changecontrols? It is to prevent unauthorized and potentially fraudulent changes from being introduced into previously tested and accepted programs.

  46. Computer Service Center Audits Normally, an audit of the computer service center is undertaken before any application audits to ensure the general integrity of the environment in which the application will function. Audits might be undertaken in several areas. What are some examples?

  47. Computer Service Center Audits Environmental controls Physical security of the center Data release, reports, and computer programs Management controls

  48. Computer Service Center Audits Audits of computer service center operations require a high degree of technical training and familiarity with systems operations.

  49. End of Chapter 13

More Related