Copyright © 2014 Pearson Education Chapter 12 Implications of Information Technology for the Audit...

Preview:

Citation preview

Copyright © 2014 Pearson Education

Chapter 12

Implications of Information

Technology for the Audit Process

Chapter 12

Implications of Information

Technology for the Audit Process

Copyright © 2014 Pearson Education12-2

Describe how IT improves internal control.

Identify risks to accounting systems specific to IT.

Explain how general controls and application controls reduce IT risks.

Describe how general controls affect the auditor’s testing of application controls.

Copyright © 2014 Pearson Education12-3

Use test data, parallel simulation, and embedded audit module approaches to test automated controls.

Identify issues for e-commerce systems and other specialized IT systems.

Copyright © 2014 Pearson Education

Describe how IT improves internal control.

12-4

11

Copyright © 2014 Pearson Education12-5

Computer controls replace manual

controls

Higher-quality information is

available

Copyright © 2014 Pearson Education

Identify risks to accounting systems specific to IT.

12-6

22

Copyright © 2014 Pearson Education12-7

Risks to hardware and data

Reduced audit trail

Need for IT experience andseparation of IT duties

Copyright © 2014 Pearson Education12-8

Reliance on hardware and

software

Unauthorized access

Data loss

Systematic vs.

random errors

Copyright © 2014 Pearson Education12-9

Visibility of audit trail

Lack of traditional

authorization

Reduced human

involvement

Detection risk

Copyright © 2014 Pearson Education12-10

Reduced separation of duties

Need for IT experience

Copyright © 2014 Pearson Education

Explain how general controls and application controls reduce IT risks.

12-11

33

Copyright © 2014 Pearson Education12-12

Information technology controls

Application controls

General controls

Copyright © 2014 Pearson Education12-13

Copyright © 2014 Pearson Education12-14

Copyright © 2014 Pearson Education12-15

The perceived importance of IT within anorganization is often dictated by the attitude ofthe board of directors and senior management.

Copyright © 2014 Pearson Education12-16

Copyright © 2014 Pearson Education12-17

Typical teststrategies

Pilot testing Parallel testing

Copyright © 2014 Pearson Education12-18

Online Controls: User ID control Password control Separate add-on

security softwarePhysical Controls: Keypad entrances Badge-entry systems Security cameras Security personnel

Copyright © 2014 Pearson Education12-19

Offsite storage of critical files is a key element to a backup and contingency plan

Copyright © 2014 Pearson Education12-20

These controls are built into computerequipment by the manufacturer todetect and report equipment failures.

Copyright © 2014 Pearson Education12-21

Application controls are designed for each software application

Input controls

Output controls

Processing controls

Copyright © 2014 Pearson Education12-22

These controls are designed by anorganization to ensure that theinformation being processed isauthorized, accurate, and complete.

Copyright © 2014 Pearson Education12-23

Financial total

Hash total

Record count

Total for all records in a batch

Total of codes from all batch

records

Total of records in a batch

Copyright © 2014 Pearson Education12-24

Validation test

Sequence test

Arithmetic accuracy test

Data reasonableness test

Completeness test

Correct file, database, or program?

Correct processing order?

Accuracy of processed data?

Data exceeds preset amounts?

Completeness of record fields?

Copyright © 2014 Pearson Education12-25

These controls focus on detecting errorsafter processing is completed ratherthan on preventing errors.

Copyright © 2014 Pearson Education

Describe how general controls affect the auditor’s testing of application controls.

12-26

44

Copyright © 2014 Pearson Education12-27

Effects of general controls on system-wide applications

Effects of general controls on software changes

Obtaining an understanding of client general controls

Relating IT controls to transaction-related audit objectives Effect of IT controls on substantive testing

Copyright © 2014 Pearson Education12-28

LESS

MORE

Audit around the computer

Smaller companies

IT controls < effective

Audit through the computer

Parallel simulation

Test data

Copyright © 2014 Pearson Education12-29

Copyright © 2014 Pearson Education

Use test data, parallel simulation, and embedded audit module approaches to test

automated controls.

12-30

55

Copyright © 2014 Pearson Education12-31

1. Test data should include all relevantconditions that the auditor wants tested.

2. Application programs tested by theauditors’ test data must be the same asthose the client used throughout the year.

3. Test data must be eliminated from theclient’s records.

Copyright © 2014 Pearson Education12-32

Input testtransactions to test

key controlprocedures

Application programs(assume batch system)

Control testresults

Transaction files(contaminated?)

Contaminatedmaster files

Master files

Copyright © 2014 Pearson Education12-33

Control testresults

Auditor makescomparisons

Differences betweenactual outcome and

predicted result

Auditor-predicted resultsof key control procedures

based on an understandingof internal control

Copyright © 2014 Pearson Education12-34

The auditor uses auditor-controlled softwareto perform parallel operations to the client’ssoftware by using the same data files.

Copyright © 2014 Pearson Education12-35

Productiontransactions

Auditor-preparedprogram

Auditorresults

Auditor makes comparisons betweenclient’s application system output andthe auditor-prepared program output

Masterfile

Client applicationsystem programs

Clientresults

Exception reportnoting differences

Copyright © 2014 Pearson Education12-36

Auditor inserts an audit module in theclient’s application system to identifyspecific types of transactions.

Copyright © 2014 Pearson Education12-37

Copyright © 2014 Pearson Education

Identify issues for e-commerce systems and other specialized IT systems.

12-38

66

Copyright © 2014 Pearson Education12-39

Network Environments

Outsourced IT

Database Management

Systems

e-Commerce systems

Copyright © 2014 Pearson Education12-40

Copyright © 2014 Pearson Education

Copyright

All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written permission of the publisher. Printed in the United States of America.

12-41

Recommended