Sie sind auf Seite 1von 21

Auditing Information Technology

Presentation Outline
I.
II.

Concepts in Information Systems


Auditing
Auditing Technology for Information
Systems

I. Concepts in Information
Systems Auditing
A. The Phases to the Information Systems
Audit
B. Structure of the Financial Statement Audit
C. Auditing Around the Computer
D. Auditing With the Computer
E. Auditing Through the Computer

For banking, cant inspect documents, less audit


trail, audit the system that generate the financial
information.
Audit thru the computers
Test reliability of system, process correct data
Tools: flowcharts, narrative description
Proper planning & identify key control

A. Phases of the Information


Systems Audit
1. Initial review and
evaluation of the area to
be audited, and the audit
plan preparation
2. Detailed review and
evaluation of controls
3. Compliance testing
4. Analysis and reporting of
results

B. Structure of the Financial


Statement Audit
Transactions
Transactions

Accounting
Accounting
System
System

Interim Audit
Compliance Testing

Financial
Financial
Reports
Reports

Financial
Statement Audit
Substantive
Testing

B1. Compliance Testing


Auditors perform tests of controls to determine
that the control policies, practices, and
procedures established by management are
functioning as planned. This is known as
compliance testing.

B2. Substantive Testing


Substantive testing is the direct verification of
financial statement figures. Examples would
include reconciling a bank account and
confirming accounts receivable.
Audit Confirmation
To ABC Co. Customer:
Please confirm that the
balance of your account
on Dec. 31 is _____ .

C. Auditing Around the


Computer
The auditor ignores computer processing.
Instead, the auditor selects source documents that
have been input into the system and summarizes
them manually to see if they match the output of
computer processing.

Processing

D. Auditing With The Computer


The utilization of the computer by an auditor to
perform some audit work that would otherwise
have to be done manually.

E. Auditing Through the


Computer
The process of reviewing and evaluating the
internal controls in an electronic data
processing system.
Audit

II. Auditing Technology for


Information Systems
A. Review of Systems Documentation
B. Test Data
C. Integrated-Test-Facility (ITF) Approach
D. Parallel Simulation
E. Audit Software

A. Review of Systems
Documentation
The auditor reviews documentation such as
narrative descriptions, flowcharts, and program
listings. In desk checking the auditor processes
test or real data through the program logic.

B. Test Data
The auditor prepares input containing both valid
and invalid data. Prior to processing the test
data, the input is manually processed to
determine what the output should look like.
The auditor then compares the computerprocessed output with the manually processed
results.

Illustration of Test Data


Approach

Computer Operations

Auditors
PrepareTest
Test
Prepare
Transactions
Transactions
AndResults
Results
And

Transaction
Transaction
TestData
Data
Test
Computer
Computer
Application
Application
System
System
Computer
Computer
Output
Output

Auditor Compares

Manually
Manually
Processed
Processed
Results
Results

C. Integrated Test Facility (ITF)


Approach
A common form of an ITF is as follows:
1. A dummy ITF center is created for the auditors.
2. Auditors create transactions for controls they
want to test.
3. Working papers are created to show expected
results from manually processed information.
4. Auditor transactions are run with actual
transactions.
5. Auditors compare ITF results to working papers.

Illustration of ITF Approach


Computer Operations
Actual
Actual
Transactions
Transactions

PrepareITF
ITF
Prepare
Transactions
Transactions
AndResults
Results
And

ITF
ITF
Transactions
Transactions

Computer
Computer
Application
Application
System
System
Reports
Reports
WithOnly
Only
With
ActualData
Data
Actual

Auditors

DataFiles
Files
Data
ITF Data

Reports
Reports
WithOnly
Only
With
ITFData
Data
ITF

Auditor
Compares

Manually
Manually
Processed
Processed
Results
Results

D. Parallel Simulation
The test data and ITF methods both process test
data through real programs. With parallel
simulation, the auditor processes real client data
on an audit program similar to some aspect of the
clients program. The auditor compares the
results of this processing with the results of the
processing done by the clients program.

Illustration of Parallel Simulation


Computer Operations

Auditors

Actual
Actual
Transactions
Transactions
Computer
Computer
Application
Application
System
System

ActualClient
Client
Actual
Report
Report

Auditors
Auditors
Simulation
Simulation
Program
Program
Auditor Compares

Auditor
Auditor
Simulation
Simulation
Report
Report

E. Audit Software
Computer programs that permit computers to be
used as auditing tools include:
1. Generalized audit software
Perform tasks such as selecting sample data
from file, checking computations, and
searching files for unusual items.
2. P.C. Software
Allows auditors to analyze data from
notebook computers in the field.

Summary
Compliance and Substantive Testing
Auditing Around the Computer
Auditing with the Computer
Auditing Through the Computer
Testing Approaches Through the Computer