Beruflich Dokumente
Kultur Dokumente
Planning:
In accordance with ISA 400 Risk Assessments and
Internal Control, the auditor should obtain an
understanding of the accounting and internal control
systems sufficient to plan the audit and develop an
effective audit approach.
Planning:
In planning the portions of the audit which may be
affected by the clients CIS environment, the auditor
should obtain an understanding of the significance
and complexity of the CIS activities and the
availability of data for use in the audit.
This understanding would include such matters as:
The significance and complexity of computer processing in
each significant accounting application.
The organizational structure of the clients CIS activities and
the extent of concentration or distribution of computer
processing throughout the entity.
The availability of data.
Planning:
An application may be considered to be complex when:
The volume of transactions is such that users would find it
difficult to identify and correct errors in processing.
The computer automatically generates material transactions
or entries directly to another application.
The computer performs complicated computations of financial
information and/or automatically generates material
transactions or entries that cannot be (or are not) validated
independently.
Transactions are exchanged electronically with other
organizations (as in electronic data interchange (EDI)
systems) without manual review for propriety or
reasonableness.
Planning:
When the CIS are significant, the auditor should
also
obtain
an
understanding
of
the
CIS
environment and whether it may influence the
assessment of inherent and control risks.
The nature of the risks and the internal control
characteristics in CIS environments include the following:
Lack of transaction trails
Uniform processing of transactions
Lack of segregation of functions
Potential for errors and irregularities
Initiation or execution of transactions
Dependence of other controls over computer processing
Potential for increased management supervision
Potential for the use of computer-assisted audit techniques.
Assessment of Risk:
In accordance with ISA 400, Risk Assessments and
Internal Control, the auditor should make an
assessment of inherent and control risks for material
financial statement assertions.
The inherent risks and control risks in a CIS environment
may have both a pervasive effect and an account-specific
effect on the likelihood of material misstatements, as
follows:
The risks may result from deficiencies in pervasive CIS
activities
The risks may increase the potential for errors or fraudulent
activities in specific applications, in specific databases or
master files, or in specific processing activities.
Audit Procedures:
In accordance with ISA 400, Risk Assessments and
Internal Control, the auditor should consider the CIS
environment in designing audit procedures to reduce
audit risk to an acceptably low level.
To obtain sufficient evidential matter, the
auditor can use either:
manual audit procedures,
computer-assisted audit techniques, or
a combination of both
Philippine Auditing
Practice Statement (PAPS)
1013
ELECTRONIC COMMERCE
EFFECT ON
THE AUDIT OF FINANCIAL
STATEMENTS
By: Abad, Jose Reynaldo A.
PAPS 1013
Applicable to entities using public (i.e. Internet) & private networks (i.e.
Intranet)
PAPS 1013
SKILLS AND KNOWLEDGE
The auditor considers:
PAPS 1013
SKILLS AND KNOWLEDGE
Understand:
o Entitys e-commerce strategy and activities
o Technology used to facilitate e-com activities and the IT skills and knowledge
of entity personnel
o Risks involved and management of risks (internal control)
PAPS 1013
SKILLS AND KNOWLEDGE
PAPS 1013
SKILLS AND KNOWLEDGE
In some circumstance, auditor may decide to use the work of an expert.
The auditor:
Obtains sufficient appropriate audit evidence in accordance with PSA 620
Using the Work of an Expert;
Considers how the work is integrated with work of others on the audit, & what
procedures are undertaken regarding risks identified through the experts
work.
PAPS 1013
KNOWLEDGE OF THE BUSINESS
PSA 310, Knowledge of the Business requires that the auditor obtain
a knowledge of the business sufficient to enable the auditor to
identify and understand the events, transactions and practices
that may have a significant effect on the financial statements or on the
audit report.
PAPS 1013
KNOWLEDGE OF THE BUSINESS
PAPS 1013
KNOWLEDGE OF THE BUSINESS
Matters that may be relevant to the auditor when considering the entitys ecommerce strategy in the context of the auditors understanding of the control
environment, include:
involvement of those charged with governance in considering the alignment
of e-commerce activities with the entitys overall business strategy,
whether e-commerce supports a new activity for the entity, or whether it is
intended to make existing activities more efficient or reach new markets for
existing activities,
sources of revenue for the entity and how these are changing (for example,
whether the entity will be acting as a principal or agent for goods or services
sold),
PAPS 1013
KNOWLEDGE OF THE BUSINESS
managements attitude to risk and how this may affect the risk profile of
the entity,
PAPS 1013
KNOWLEDGE OF BUSINESS
PAPS 1013
KNOWLEDGE OF THE BUSINESS
PAPS 1013
RISK IDENTIFICATION
Business risks to e-com activities:
1.
2.
PAPS 1013
RISK IDENTIFICATION
4.
5.
6.
PAPS 1013
RISK IDENTIFICATION
7.
8.
PAPS 1013
RISK IDENTIFICATION
Appropriate security infrastructure and related controls, which generally
include measures to:
1.
2.
3.
PAPS 1013
RISK IDENTIFICATION
4.
5.
6.
PAPS 1013
RISK IDENTIFICATION
Legal or regulatory issues that may be particularly relevant in an ecommerce environment include:
1.
2.
3.
PAPS 1013
RISK IDENTIFICATION
4.
5.
6.
PAPS 1013
RISK IDENTIFICATION
PAPS 1013
INTERNAL CONTROL CONSIDERATIONS
PAPS 1013
INTERNAL CONTROL CONSIDERATIONS
The auditor considers such matters as:
1.
2.
3.
PAPS 1013
INTERNAL CONTROL CONSIDERATIONS
4.
5.
PAPS 1013
INTERNAL CONTROL CONSIDERATIONS
PAPS 1013
INTERNAL CONTROL CONSIDERATIONS
In an e-commerce environment, controls relating to transaction integrity
are often designed to, for example:
validate input,
PAPS 1013
INTERNAL CONTROL CONSIDERATIONS
PAPS 1013
INTERNAL CONTROL CONSIDERATION
1.
2.
3.
PAPS 1013
EFFECT OF ELECTRONIC RECORDS ON AUDIT EVIDENCE
PAPS 1013