• No results found

The Impact of Information Technology on the Audit Process

N/A
N/A
Protected

Academic year: 2021

Share "The Impact of Information Technology on the Audit Process"

Copied!
35
0
0

Loading.... (view fulltext now)

Full text

(1)

The Impact of Information

Technology on the Audit

Process

(2)

©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 12 - 2

Learning Objective 1

Describe how IT improves

internal control.

(3)

How Information Technologies

Enhance Internal Control

Computer controls replace manual controls

(4)

©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 12 - 4

Learning Objective 2

Identify risks that arise from using

an IT-based accounting system.

(5)

Assessing Risks of

Information Technologies

Risks to hardware and data

Reduced audit trail

Need for IT experience and

separation of IT duties

(6)

©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 12 - 6

Risks to Hardware and Data

Reliance on the functioning capabilities

of hardware and software

Systematic versus random errors

Unauthorized access

(7)

Reduced Audit Trail

Visibility of audit trail

Reduced human involvement

(8)

©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 12 - 8

Need for IT Experience and

Separation of Duties

Reduced separation of duties

(9)

Learning Objective 3

Explain how general controls

and application controls

(10)

©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 12 - 10

Internal Controls Specific to

Information Technology

General controls

(11)

Relationship Between General

and Application Controls

Cash receipts

application

controls

Sales

application

controls

Payroll

application

controls

Other cycle

application

controls

GENERAL CONTROLS

Risk of unauthorized change

to application software

Risk of system crash

Risk of unauthorized

master file update

Risk of unauthorized

processing

(12)

©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 12 - 12

General Controls

Administration of the IT function

Separation of IT duties

Systems development

Physical and online security

Backup and contingency planning

(13)

Administration of the IT

Function

The perceived importance of IT within an

organization is often dictated by the attitude of

the board of directors and senior management

.

(14)

©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 12 - 14

Segregation of IT Duties

Chief Information Officer or IT Manager

Systems

Development

Operations

Data

Control

(15)

Systems Development

Typical test

strategies

(16)

©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 12 - 16

Physical and Online Security

Physical Controls:

Keypad entrances

Badge-entry systems

Security cameras

Security personnel

Online Controls:

User ID control

Password control

Separate add-on

security software

(17)

Backup and Contingency

Planning

One key to a backup and contingency plan

is to make sure that all critical copies of

software and data files are backed up

and stored off the premises.

(18)

©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 12 - 18

Hardware Controls

These controls are built into computer

equipment by the manufacturer to

(19)

Application Controls

 Input controls

 Processing controls

 Output controls

(20)

©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 12 - 20

Input Controls

These controls are designed by an

organization to ensure that the

information being processed is

(21)

Batch Input Controls

 Financial total

 Hash total

(22)

©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 12 - 22

Processing Controls

 Validation test

 Sequence test

 Arithmetic accuracy test

 Data reasonableness test

 Completeness test

(23)

Output Controls

These controls focus on detecting errors

after processing is completed rather

(24)

©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 12 - 24

Learning Objective 4

Describe how general controls

affect the auditor’s testing

(25)

Impact of Information Technology

on the Audit Process

 Effects of general controls on control risk

 Effects of IT controls on control risk and

substantive tests

 Auditing in less complex IT environments

 Auditing in more complex IT environments

(26)

©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 12 - 26

Learning Objective 5

Use test data, parallel simulation,

and embedded audit module

approaches when auditing

through the computer.

(27)

Test Data Approach

1. Test data should include all relevant

conditions that the auditor wants tested.

2. Application programs tested by the

auditors’ test data must be the same as

those the client used throughout the year.

3. Test data must be eliminated from the

client’s records.

(28)

©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 12 - 28

Test Data Approach

Application programs

(assume batch system)

Control test

results

Master files

Contaminated

master files

Transaction files

(contaminated?)

Input test

transactions to test

key control

procedures

(29)

Test Data Approach

Auditor-predicted results

of key control procedures

based on an understanding

of internal control

Control test

results

Auditor makes

comparisons

Differences between

actual outcome and

(30)

©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 12 - 30

Parallel Simulation

The auditor uses auditor-controlled software

to perform parallel operations to the client’s

software by using the same data files.

(31)

Parallel Simulation

Auditor makes comparisons between

client’s application system output and

the auditor-prepared program output

Exception report

noting differences

Production

transactions

Auditor-prepared

program

Auditor

results

Master

file

Client application

system programs

Client

results

(32)

©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 12 - 32

Embedded Audit Module

Approach

Auditor inserts an audit module in the

client’s application system to identify

specific types of transactions.

(33)

Learning Objective 6

Identify issues for e-commerce

systems and other specialized

IT environments.

(34)

©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 12 - 34

Issues for Different IT

Environments

 Issues for network environments

 Issues for database management systems

 Issues for e-commerce systems

(35)

References

Related documents

Peloton provides all aspects of the program your hospital needs: equipment, supplies, screening personnel, case management, and state data management.... Peloton provides all

Concerns about social class and socio-economic disadvantage have tended to dominate discussions of WP, but the concept has also encompassed other under-represented groups: those

We conclude that APOOL is a cardiolipin-binding component of the Mitofilin/MINOS protein complex determining cristae morphology in mammalian mitochondria.. Our findings further

This research follows the evolution of firm competitiveness management strategies and their relationship to technological characteristics, and examines their effects on

Indira Jaising: And we have what is known as Article 32 in the Indian constitution, which says that if there is a case of violation of fundamental rights, you can actually bring

The optimal size for the shared mem- ory block when using 55-point stencils is hard to formulate, but with a numerical test we found that when τx = τy = τz = 8 and R = 3 we

However distance is important to make sure you show them who the boss is, and the draw the line at the right time and that is what Potter did even though he delegated

This was shown when Richard told his family and Mrs Hansen that he wrote poetry.. Before telling his secret to his family and