23
1.1 Philippine Standard on Auditing(PSA) 401 1.2 Philippine Auditing Practices Statements (PAPS)- 1001,1002,1003,1008,1009,1013 Overview of IT Audit

Report in CIS(1516)

Tags:

Embed Size (px)

DESCRIPTION

Overview of IT Audit

Citation preview

Page 1: Report in CIS(1516)

1.1 Philippine Standard on Auditing(PSA) 4011.2 Philippine Auditing Practices Statements (PAPS)- 1001,1002,1003,1008,1009,1013

Overview of IT

Audit

Page 2: Report in CIS(1516)

1.1 Philippine

Standard on

Auditing(PSA)

401

Page 3: Report in CIS(1516)

PSA 401: AUDITING IN A COMPUTER INFORMATION SYSTEMS ENVIRONMENT

61. The increasing availability of computer-based accounting systems that are capable of meeting both functional and economic circumstances of even the smallest entity impacts on the audits of those entities. Small entities’ accounting systems often make use of personal computers. Philippine Auditing Practice Statement 1001, “CIS Environments—Stand-Alone Personal Computers” gives additional guidance regarding the special considerations of such an environment.

Functional- more practical useEconomical- using resources wisely

Page 4: Report in CIS(1516)

62. Small entities are likely to use less sophisticated hardware and software packages than large entities (often “packaged” rather than developed “in house”). Nevertheless, the auditor has sufficient knowledge of the computer information system to plan, direct, supervise, and review the work performed.

The auditor may consider whether specialized skills are needed in an audit.

PSA 401: AUDITING IN A COMPUTER INFORMATION SYSTEMS ENVIRONMENT

Page 5: Report in CIS(1516)

63. Because of the limited segregation of duties, the use of computer facilities by a small entity may have the effect of increasing control risk.

For example, it is common for users to be able to perform two or more of the following functions in the accounting system.• Initiating and authorizing source documents.• Entering data into the system.• Operating the computer.• Changing programs and data files.• Using or distributing output.• Modifying the operating systems

PSA 401: AUDITING IN A COMPUTER INFORMATION SYSTEMS ENVIRONMENT

Page 6: Report in CIS(1516)

64. The use of computer information systems by small entities may assist the auditor in obtaining assurance as to the accuracy and appropriateness of accounting records by reducing control risk. Computerized information systems may be better organized, less dependent upon the skills of people using them, and less susceptible to manipulation than non-computerized systems. The ability of the auditor to obtain relevant reports and other information may also be enhanced.

PSA 401: AUDITING IN A COMPUTER INFORMATION SYSTEMS ENVIRONMENT

Page 7: Report in CIS(1516)

Good computerized systems facilitate accurate double entry and the reconciliation of subsidiary ledgers with control accounts. Report generation and the production of bank reconciliations may be more disciplined and effective, and the availability of reports and other information to the auditor is often improved. The assurance provided by such features, as long as they are properly evaluated and tested, may permit the auditor to limit the volume of substantive testing of transactions and balances.

PSA 401: AUDITING IN A COMPUTER INFORMATION SYSTEMS ENVIRONMENT

Page 8: Report in CIS(1516)

65. The general principles outlined in Philippine Auditing Practice Statement 1009 “Computer-Assisted Audit Techniques” (CAATs) are also applicable in small entity computer environments and give additional guidance regarding the special considerations in such an environment. However, in many cases where smaller volumes of data are processed, manual methods may be more cost-effective.

PSA 401: AUDITING IN A COMPUTER INFORMATION SYSTEMS ENVIRONMENT

Page 9: Report in CIS(1516)

PAPS 1001

(“CIS Environments—

Stand-Alone Personal

Computers”

Page 10: Report in CIS(1516)

Personal computer systems•These are economical yet powerful self-contained general purpose computer consisting typically of a CPU, memory, monitor, disk drives, printer cables,and modems•They can be used to process accounting transactions and produce report that are essential in the preparation of financial statements

PHILIPPINE AUDITING PRACTICES STATEMENTS (PAPS) 1001

Page 11: Report in CIS(1516)

PHILIPPINE AUDITING PRACTICES STATEMENTS (PAPS) 1001Personal computer configurations

Stand-alone workstation• This can be operated by a single user or a number of users at

different times accessing the same or different programs• The programs and data are stored in the personal computers

or unclose proximity• Data are entered manually through a keyboard• Programming may include the use of a third-party software

package to develop electronic spreadsheets or database applications

Page 12: Report in CIS(1516)

PHILIPPINE AUDITING PRACTICES STATEMENTS (PAPS) 1001

•Workstation which is a part of a local area network or personal computers• A local area network is an arrangement where

two or more personal computers are linked together through the use of a special software and communications lines.

• A local area network allows the sharing of resources such as storage facilities and printers

•Workstation connected to a server

Page 13: Report in CIS(1516)

PHILIPPINE AUDITING PRACTICES STATEMENTS (PAPS) 1001Characteristics of personal computers•It provides the user with substantial computing capabilities•They are small enough to be transportable•Relatively inexpensive•Can be placed in operation quickly•Can be operated easily•Operating system software is less comprehensive than in larger environments•Software cab be purchased from third-party vendors•Users can develop other applications with the use of generic software packages•The operating system software, application programs and data can be stored and retrieved from removable storage media•Storage medias are susceptible to virus attacks

Page 14: Report in CIS(1516)

PHILIPPINE AUDITING PRACTICES STATEMENTS (PAPS) 1001

A virus is a computer program (a block of executable code) that attaches itself to a legitimate program or data file and uses it as a transport mechanism to reproduce itself without the knowledge of the user

Page 15: Report in CIS(1516)

PHILIPPINE AUDITING PRACTICES STATEMENTS (PAPS) 1001Internal control in personal computer environments•CIS environment in which personal computers are used is less structured than a centrally-controlled CIS environment•Application programs can be developed relatively quickly by users possessing basic data processing skills•Controls over the system development process and operations may not be viewed by the developer, user or management may not be viewed as important or cost-effective in a personal computer environment•Users may tend to place unwarranted reliance on the financial information stored or generated by a personal computer •The degree of accuracy and dependability of financial information produced will depend upon the internal controls prescribed by management and adopted by the user

Page 16: Report in CIS(1516)

PHILIPPINE AUDITING PRACTICES STATEMENTS (PAPS) 1001Management policy statement may include• Management responsibilities• Instructions on personal computer use• Training requirement• Authorization for access to programs and data• Policies to prevent unauthorized copying of program and data• Security, back-up and storage requirements• Applications development and documentation standards• Standards of report format and report distribution controls• Personal usage policies• Data integrity standards• Responsibility for programs, data and error corrections• Appropriate segregation of duties

Page 17: Report in CIS(1516)

PHILIPPINE AUDITING PRACTICES STATEMENTS (PAPS) 1001Physical security relating to equipment• Restrict access to personal computers by using door locks• Fastening the computer to a table using security cables• Locking personal computers in a protective cabinet or shell• Using an alarm system that is activated when a personal computer

isdisconnected or moved from its locationPhysical security relating to removable and non-removable media

• Delegation of a software custodian or data librarian• Use of program and data file check-in and check-out system• Locking of designated data locations• Storage medias should be stored in a fire-proof container either on-

site, off-site or both

Page 18: Report in CIS(1516)

PHILIPPINE AUDITING PRACTICES STATEMENTS (PAPS) 1001Program and data security• Segregate data files organized under separate file

directories – this allows the user to segregate information on removable and non-removable storage media

• Using hidden files and secret file names• Employing passwords• Using cryptography – this is the process of transforming

programs and information into an unintelligible form• Using anti-virus programs

Page 19: Report in CIS(1516)

PHILIPPINE AUDITING PRACTICES STATEMENTS (PAPS) 1001Software and data integrity• Integration of format and range checks and cross checks of results• Adequate written documentation of application that are

processed on the personal computer • Application programs developed and maintained at one place

rather than by each user dispersed throughout the entity. The effect of personal computers on the accounting system and the associated risks will generally depend on

• The extent to which the personal computer is being used to process accounting applications

• The type and significance of financial transaction being processed• The nature of files and programs utilized in the applications

Page 20: Report in CIS(1516)

PHILIPPINE AUDITING PRACTICES STATEMENTS (PAPS) 1001Functions in an accounting system• Initiating and authorizing source documents• Entering data into the system• Operating the computer • Changing programs and data files• Using or distributing output• Modifying the operating system

Lack of segregation of functions in a personal computer may• Allow errors to go undetected• Permit the perpetration and concealment of fraud

Page 21: Report in CIS(1516)

PHILIPPINE AUDITING PRACTICES STATEMENTS (PAPS) 1001

CIS application controls• A system of transaction logs and batch

balancing• Direct supervision• Reconciliation of record counts or harsh totals

Page 22: Report in CIS(1516)

PHILIPPINE AUDITING PRACTICES STATEMENTS (PAPS) 1001Functions of CIS application controls• Receive all data for processing• Ensure that all data are authorized and recorded• Follow up all errors detected during processing• Verify the proper distribution of output• Restrict physical access to application programs and data files

Effects of personal computer environment on audit procedures• The auditor often assumes that the control risk is high in such systems• The auditor may find it cost effective not to make a review of general

CIS controls or CIS application controls but to concentrate the efforts on substantive tests at or near the end of the year

Page 23: Report in CIS(1516)

NEXT TOPIC


PROGRAM SALES 1516 ANNUAL REPORT

PROGRAM SALES 1516 ANNUAL REPORT

Documents
CIS Student Success Annual Report 2014

CIS Student Success Annual Report 2014

Documents
Deloitte CIS Impact Report FY2019Deloitte CIS Impact Report FY2019 | Results that matterIt is my pleasure to present the Deloitte CIS Impact Report FY2019, which highlights the results

Deloitte CIS Impact Report FY2019Deloitte CIS Impact Report FY2019 | Results that matterIt is my pleasure to present the Deloitte CIS Impact Report FY2019, which highlights the results

Documents
Summary - Rusia and CIS report

Summary - Rusia and CIS report

Documents
CIS 2017 Audit Report Final - cisgulfsouth.org

CIS 2017 Audit Report Final - cisgulfsouth.org

Documents
Cis Report

Cis Report

Documents
Leaflet 1516

Leaflet 1516

Documents
CIS Competition District Report

CIS Competition District Report

Documents
CIS Wayne County 2010 Annual Report

CIS Wayne County 2010 Annual Report

Documents
ROSSI 1516 Snbd

ROSSI 1516 Snbd

Documents
NUREG 1516

NUREG 1516

Documents
MAKING AN IMPACT - communitiesinschools.org · 1516 1238 982 975 1278 ... 2004 CIS End-of-Year Report. Each of the 188 operational affiliates at the close of the 2003-2004. COMMUNITIES

MAKING AN IMPACT - communitiesinschools.org · 1516 1238 982 975 1278 ... 2004 CIS End-of-Year Report. Each of the 188 operational affiliates at the close of the 2003-2004. COMMUNITIES

Documents
LOBSTER 1516

LOBSTER 1516

Documents
CIS NI Report

CIS NI Report

Documents
beeF vegeborovnica 1516 ChoCo FanTasy COLD TEA MILK Choco Jagoda 1516 Choco marakuja 1516 Choco Litchi 1516 Choco Zelena Jabuka 1516 Choco mango 1516 Choco borovnica 1516 Regular 0,35

beeF vegeborovnica 1516 ChoCo FanTasy COLD TEA MILK Choco Jagoda 1516 Choco marakuja 1516 Choco Litchi 1516 Choco Zelena Jabuka 1516 Choco mango 1516 Choco borovnica 1516 Regular 0,35

Documents
Sonalika Report on Cis Countries

Sonalika Report on Cis Countries

Documents
CIS ROI Report

CIS ROI Report

Documents
1516 Ad Brochure_Digital3

1516 Ad Brochure_Digital3

Documents
CIS Report Ppt

CIS Report Ppt

Documents
Term 3 Cis Report

Term 3 Cis Report

Documents
CIS Research Report Kelly Wilken

CIS Research Report Kelly Wilken

Documents
Status Report on CIS Till 2003

Status Report on CIS Till 2003

Documents
Deloitte CIS Transparency Report 2016

Deloitte CIS Transparency Report 2016

Documents
Form Ppdb 1516

Form Ppdb 1516

Documents
Math -1516 EM

Math -1516 EM

Documents
Collegiate 1516

Collegiate 1516

Documents
Dials 1516

Dials 1516

Documents
CIS Report Ashish Kukreja 08Xpgdm11

CIS Report Ashish Kukreja 08Xpgdm11

Documents
UNIVERSITY OF CYPRUS - ucy.ac.cy · PDF filecen cen cis cis cis cis cis cis cis cis cis cis cis cis cis cis cis cis 101 102 600 600 600 600 600 600 600 600 600 600 600 600 600 600

UNIVERSITY OF CYPRUS - ucy.ac.cy · PDF filecen cen cis cis cis cis cis cis cis cis cis cis cis cis cis cis cis cis 101 102 600 600 600 600 600 600 600 600 600 600 600 600 600 600

Documents
SWITCHBACK 1516

SWITCHBACK 1516

Documents