View
222
Download
2
Category
Preview:
Citation preview
Copyright © 2014 Pearson Education
Chapter 12
Implications of Information
Technology for the Audit Process
Chapter 12
Implications of Information
Technology for the Audit Process
Copyright © 2014 Pearson Education12-2
Describe how IT improves internal control.
Identify risks to accounting systems specific to IT.
Explain how general controls and application controls reduce IT risks.
Describe how general controls affect the auditor’s testing of application controls.
Copyright © 2014 Pearson Education12-3
Use test data, parallel simulation, and embedded audit module approaches to test automated controls.
Identify issues for e-commerce systems and other specialized IT systems.
Copyright © 2014 Pearson Education
Describe how IT improves internal control.
12-4
11
Copyright © 2014 Pearson Education12-5
Computer controls replace manual
controls
Higher-quality information is
available
Copyright © 2014 Pearson Education
Identify risks to accounting systems specific to IT.
12-6
22
Copyright © 2014 Pearson Education12-7
Risks to hardware and data
Reduced audit trail
Need for IT experience andseparation of IT duties
Copyright © 2014 Pearson Education12-8
Reliance on hardware and
software
Unauthorized access
Data loss
Systematic vs.
random errors
Copyright © 2014 Pearson Education12-9
Visibility of audit trail
Lack of traditional
authorization
Reduced human
involvement
Detection risk
Copyright © 2014 Pearson Education12-10
Reduced separation of duties
Need for IT experience
Copyright © 2014 Pearson Education
Explain how general controls and application controls reduce IT risks.
12-11
33
Copyright © 2014 Pearson Education12-12
Information technology controls
Application controls
General controls
Copyright © 2014 Pearson Education12-13
Copyright © 2014 Pearson Education12-14
Copyright © 2014 Pearson Education12-15
The perceived importance of IT within anorganization is often dictated by the attitude ofthe board of directors and senior management.
Copyright © 2014 Pearson Education12-16
Copyright © 2014 Pearson Education12-17
Typical teststrategies
Pilot testing Parallel testing
Copyright © 2014 Pearson Education12-18
Online Controls: User ID control Password control Separate add-on
security softwarePhysical Controls: Keypad entrances Badge-entry systems Security cameras Security personnel
Copyright © 2014 Pearson Education12-19
Offsite storage of critical files is a key element to a backup and contingency plan
Copyright © 2014 Pearson Education12-20
These controls are built into computerequipment by the manufacturer todetect and report equipment failures.
Copyright © 2014 Pearson Education12-21
Application controls are designed for each software application
Input controls
Output controls
Processing controls
Copyright © 2014 Pearson Education12-22
These controls are designed by anorganization to ensure that theinformation being processed isauthorized, accurate, and complete.
Copyright © 2014 Pearson Education12-23
Financial total
Hash total
Record count
Total for all records in a batch
Total of codes from all batch
records
Total of records in a batch
Copyright © 2014 Pearson Education12-24
Validation test
Sequence test
Arithmetic accuracy test
Data reasonableness test
Completeness test
Correct file, database, or program?
Correct processing order?
Accuracy of processed data?
Data exceeds preset amounts?
Completeness of record fields?
Copyright © 2014 Pearson Education12-25
These controls focus on detecting errorsafter processing is completed ratherthan on preventing errors.
Copyright © 2014 Pearson Education
Describe how general controls affect the auditor’s testing of application controls.
12-26
44
Copyright © 2014 Pearson Education12-27
Effects of general controls on system-wide applications
Effects of general controls on software changes
Obtaining an understanding of client general controls
Relating IT controls to transaction-related audit objectives Effect of IT controls on substantive testing
Copyright © 2014 Pearson Education12-28
LESS
MORE
Audit around the computer
Smaller companies
IT controls < effective
Audit through the computer
Parallel simulation
Test data
Copyright © 2014 Pearson Education12-29
Copyright © 2014 Pearson Education
Use test data, parallel simulation, and embedded audit module approaches to test
automated controls.
12-30
55
Copyright © 2014 Pearson Education12-31
1. Test data should include all relevantconditions that the auditor wants tested.
2. Application programs tested by theauditors’ test data must be the same asthose the client used throughout the year.
3. Test data must be eliminated from theclient’s records.
Copyright © 2014 Pearson Education12-32
Input testtransactions to test
key controlprocedures
Application programs(assume batch system)
Control testresults
Transaction files(contaminated?)
Contaminatedmaster files
Master files
Copyright © 2014 Pearson Education12-33
Control testresults
Auditor makescomparisons
Differences betweenactual outcome and
predicted result
Auditor-predicted resultsof key control procedures
based on an understandingof internal control
Copyright © 2014 Pearson Education12-34
The auditor uses auditor-controlled softwareto perform parallel operations to the client’ssoftware by using the same data files.
Copyright © 2014 Pearson Education12-35
Productiontransactions
Auditor-preparedprogram
Auditorresults
Auditor makes comparisons betweenclient’s application system output andthe auditor-prepared program output
Masterfile
Client applicationsystem programs
Clientresults
Exception reportnoting differences
Copyright © 2014 Pearson Education12-36
Auditor inserts an audit module in theclient’s application system to identifyspecific types of transactions.
Copyright © 2014 Pearson Education12-37
Copyright © 2014 Pearson Education
Identify issues for e-commerce systems and other specialized IT systems.
12-38
66
Copyright © 2014 Pearson Education12-39
Network Environments
Outsourced IT
Database Management
Systems
e-Commerce systems
Copyright © 2014 Pearson Education12-40
Copyright © 2014 Pearson Education
Copyright
All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written permission of the publisher. Printed in the United States of America.
12-41
Recommended