7-1

Chapter 7

CHAPTER 7 THE EFFECT OF INFORMATION TECHNOLOGY ON THE AUDIT FUNCTION

Irwin/McGraw-Hill

2000 The McGraw-Hill Companies, Inc.,

7-2

CHANGING INFORMATION TECHNOLOGY AND ITS EFFECT ON AUDITING

Distributed data processing, networking, and electronic data interchange. (auditor concern on control of access limitation and data transmission)
Real-time systems. (no transaction file immediately up-date the master file) Intelligent systems. (auditor concern with the integrity of the knowledge captured in the system and how the system make decisions) End-user computing. (weak control at user department) Electronic (Internet) Commerce (concern on transaction integrity, protection of information & unauthorised access)
2000 The McGraw-Hill Companies, Inc.,

Irwin/McGraw-Hill

7-3

COMPLEXITY OF IT SYSTEMS

Low complexity stand-alone microcomputer Used for maintaining journals, subsidiary ledgers & G.L Purchased from vendor Medium complexity Minicomputer, server and microcomputer Purchased from vendor but more advanced than low Advanced systems Depend on IT for handling information processing needs. Mainframe, telecommunications, extensive database systems, online, real time processing, EDI etc.
2000 The McGraw-Hill Companies, Inc.,

Irwin/McGraw-Hill

7-4

TYPES OF CONTROLS IN AN IT ENVIRONMENT

General controls -relates to all parts of the CIS and must therefore be evaluated early in the audit. -to establish a framework of overall control over the CIS activities and to provide a reasonable level of assurance that the overall objectives of I.c are achieved -e.g. supervisory, management Application controls -apply to the processing of specific computer application and are part of the computer programs used in the accounting system -e.g. batch control, limit check

Irwin/McGraw-Hill

2000 The McGraw-Hill Companies, Inc.,

7-5

GENERAL CONTROLS

Organizational controls- designed to established an organisational framework over CIS activities. Systems development and modification controls systems are developed and maintained in an authorised and efficient manner Hardware and systems software controls- ensure the computer h/w and application systems operate as planned on an ongoing basis Security and access controls- CIS is used by authorised personnel for authorised purposes Operations and data controls control authorisation of transactions and access to data and program
2000 The McGraw-Hill Companies, Inc.,

Irwin/McGraw-Hill

7-6

APPLICATION CONTROLS

Data capture controls ensure all transactions are

recorded in the application system, only once. Concern with validity, completeness and valuation

Data validation controls limit test, range test, field

test

Processing controls file or volume labels, control

totals, reasonableness test

Output controls Error controls can be identified at any point in the

system (input, process and output)
2000 The McGraw-Hill Companies, Inc.,

Irwin/McGraw-Hill

7-7

THE EFFECT OF IT ON INTERNAL CONTROL

The presence of computer processing for significant accounting applications affects how an entity implements its internal controls. In particular, the control environment factors and control activities are affected by IT.

Irwin/McGraw-Hill

2000 The McGraw-Hill Companies, Inc.,

7-8

CONTROL ENVIRONMENT FACTORS AFFECTED BY IT

Assignment of authority and responsibility Clear line of a of a and r because..

Human resource policies and practices. Competent, trustworthy employees, skills and knowledge

Irwin/McGraw-Hill

2000 The McGraw-Hill Companies, Inc.,

7-9

CONTROL ACTIVITIES AFFECTED BY IT

Information processing. Authorization of transactions The keeping of adequate documents and records Proper segregation of duties. Initiation, authorisation, recording of transactions and custody of assets Physical controls. Data or records concentrated in the IT department

Irwin/McGraw-Hill

2000 The McGraw-Hill Companies, Inc.,

7-10

THE AUDIT PROCESS IN AN IT ENVIRONMENT

The auditor's knowledge of the entity's computer processing must include the following factors: The extent to which the computer is used in each significant accounting application. The complexity of the entity's computer operations. The organizational structure of the computer processing activities. The availability of data for evidential matter.

Irwin/McGraw-Hill

2000 The McGraw-Hill Companies, Inc.,

7-11

AUDIT STRATEGY DECISIONS

Substantive strategy Reliance strategy

Irwin/McGraw-Hill

2000 The McGraw-Hill Companies, Inc.,

7-12

SUBSTANTIVE STRATEGY (auditing around the computer)

Two conditions are necessary for a substantive strategy: There are adequate source documents and accounting reports in non-machine-readable form. The transactions can be traced from the source documents to the accounting reports and from the reports back to the source documents.

Irwin/McGraw-Hill

2000 The McGraw-Hill Companies, Inc.,

7-13

RELIANCE STRATEGY
When a reliance strategy is followed, general and application controls are reviewed and tested. The reliance strategy results in the auditor using computer-audit assisted techniques.

Irwin/McGraw-Hill

2000 The McGraw-Hill Companies, Inc.,

7-14

COMPUTER-ASSISTED AUDIT TECHNIQUES (CAATs)

Generalized audit software (see Table 7-9) Program that allow the auditor to perform tests on computer files and d/base Custom audit software Written by auditors for specific audit tasks Test data (see Figure 7-7) Used test data to test clients program Integrated test facility enter test data along actual Parallel simulation (see Figure 7-8)
2000 The McGraw-Hill Companies, Inc.,

Irwin/McGraw-Hill

7-15

USE OF MICROCOMPUTERS AS AN AUDIT TOOL

Trial balance and lead schedule preparation. Working paper preparation and data retrieval and analysis. Audit program preparation. Analytical procedures. Documentation of internal control . Performance of statistical sampling applications.

Irwin/McGraw-Hill

2000 The McGraw-Hill Companies, Inc.,