Beruflich Dokumente
Kultur Dokumente
16
Auditing Information
Technology
2001 Prentice Hall Business Publishing, Accounting Information Systems, 8/E, Bodnar/Hopwood
16 - 1
Structure of Financial
Statement Audit
The primary objective and responsibility of
the external auditor is to attest to the fairness
of a firms financial reports.
The external auditor serves the firms
stockholders, the government, and the
general public.
The internal auditor serves a firms
management.
2001 Prentice Hall Business Publishing, Accounting Information Systems, 8/E, Bodnar/Hopwood
16 - 2
Structure of Financial
Statement Audit
Various types of professional certifications are
applicable to auditing.
What are these?
CPA (certified public accountant)
CISA (certified information systems auditor)
CIA (certified internal auditor)
Audits are almost universally divided into two
components.
2001 Prentice Hall Business Publishing, Accounting Information Systems, 8/E, Bodnar/Hopwood
16 - 3
Structure of Financial
Statement Audit
Transactions
Transactions
Accounting
Accounting
System
System
Compliance Testing
Interim Audit
Financial
Financial
Reports
Reports
Cash
Bank
Receivables
Customers
(Confirm balances)
Substantive Testing
Financial Statement Audit
2001 Prentice Hall Business Publishing, Accounting Information Systems, 8/E, Bodnar/Hopwood
16 - 4
2001 Prentice Hall Business Publishing, Accounting Information Systems, 8/E, Bodnar/Hopwood
16 - 5
Control Framework
in IT Environment
Applications
Applications
Controls
Controls
Application
Application
Systems
Systems
Development
Development
Internal
Internal
Controls
Controls
General
General
Controls
Controls
Computer
Computer
Application
Application
Systems
Systemsand
and
Programs
Programs
2001 Prentice Hall Business Publishing, Accounting Information Systems, 8/E, Bodnar/Hopwood
Computer
Computer
Service
Service
Center
Center
16 - 6
2001 Prentice Hall Business Publishing, Accounting Information Systems, 8/E, Bodnar/Hopwood
16 - 7
2001 Prentice Hall Business Publishing, Accounting Information Systems, 8/E, Bodnar/Hopwood
16 - 8
2001 Prentice Hall Business Publishing, Accounting Information Systems, 8/E, Bodnar/Hopwood
16 - 9
Information Systems
Auditing Technology
Technique: Test data
Description: Test data are input containing both
valid and invalid data.
Example:
Payroll transactions for fictitious
employees are processed
concurrently with valid payroll
transactions.
2001 Prentice Hall Business Publishing, Accounting Information Systems, 8/E, Bodnar/Hopwood
16 - 10
Information Systems
Auditing Technology
Test
TestData
Data
Hypothetical
Hypothetical
Transactions
Transactions
Computer
ComputerProcessing
Processing
Using
UsingMaster
MasterProgram
Program
Error
ErrorListing
Listing
Compare
2001 Prentice Hall Business Publishing, Accounting Information Systems, 8/E, Bodnar/Hopwood
Auditors
Auditors
Expected
Expected
Output
Output
16 - 11
Information Systems
Auditing Technology
Technique: Integrated test facility (ITF)
Description: ITF involves both the use of test data
and the creation of fictitious records (vendors,
employees) onthe master files of a computer
system.
Example:
Payroll transactions for fictitious
employees are processed concurrently with valid
payroll transactions.
2001 Prentice Hall Business Publishing, Accounting Information Systems, 8/E, Bodnar/Hopwood
16 - 12
Information Systems
Auditing Technology
Transactions
Transactions
ITF
ITF
Transactions
Transactions
Computer
Computer
Application
Application
System
System
Reports
Reports
Without
Without
ITF
ITFData
Data
Data Files
ITF Data
Reports
Reports
Containing
Containing
ITF
ITFInformation
Information
2001 Prentice Hall Business Publishing, Accounting Information Systems, 8/E, Bodnar/Hopwood
16 - 13
Information Systems
Auditing Technology
Technique: Parallel simulation
Description: Processing real data through audit
programs. The simulated output and the
regular output are then compared.
Example:
Depreciation calculations are
verified by processing the fixedasset master
file with an audit program.
2001 Prentice Hall Business Publishing, Accounting Information Systems, 8/E, Bodnar/Hopwood
16 - 14
Information Systems
Auditing Technology
Computer
Application
System
Transactions
Transactions
Parallel
Parallel
Simulation
Simulation
Program
Program
Function to
Be Verified
Report
Report
Compare
2001 Prentice Hall Business Publishing, Accounting Information Systems, 8/E, Bodnar/Hopwood
Simulation
Simulation
Report
Report
16 - 15
Information Systems
Auditing Technology
Technique: Audit software
Description: Computer programs that permit
the computer to be used as an
auditing tool.
Example:
An auditor uses a computer
program to extract data records
from a master file.
2001 Prentice Hall Business Publishing, Accounting Information Systems, 8/E, Bodnar/Hopwood
16 - 16
Information Systems
Auditing Technology
Technique: Generalized audit software (GAS)
Description: GAS is audit software that has
been specifically designed to allow
auditors to perform audit-related
data processing functions.
Example:
An auditor uses GAS to search
computer files for unusual items.
2001 Prentice Hall Business Publishing, Accounting Information Systems, 8/E, Bodnar/Hopwood
16 - 17
Information Systems
Auditing Technology
Technique: PC software
Description: Software that allows the auditor to
use a PC to perform audit tasks.
Example:
A PC spreadsheet package is used
to maintain audit working papers
and audit schedules.
2001 Prentice Hall Business Publishing, Accounting Information Systems, 8/E, Bodnar/Hopwood
16 - 18
Information Systems
Auditing Technology
Deloitte & Touche AuditSystem/2
Work
Work
Papers
Papers
Smart
SmartAudit
Audit
Support
Support
Access
Accessto
to
Information
Information
Document
Document
Manager
Manager
Trial
Trial
Balance
Balance
MS
Word
MS
Excel
Multilocation
Multilocation
Support
Support
MS
Lotus
Access cc:mail
ACL
2001 Prentice Hall Business Publishing, Accounting Information Systems, 8/E, Bodnar/Hopwood
File
File
Interrogation
Interrogation
Folio
Other
VIEWS Applications
16 - 19
Information Systems
Auditing Technology
Technique: Embedded audit routines
Description: Special auditing routines included
in regular computer programs so that
transaction data can be subjected to audit
analysis.
Example:
Data items that are exceptions to
auditor-specified edit tests
included in a
program are written
to a special audit file.
2001 Prentice Hall Business Publishing, Accounting Information Systems, 8/E, Bodnar/Hopwood
16 - 20
Information Systems
Auditing Technology
Production
Production
Transactions
Transactions
Production
Production
Computer
Computer
Application
Application
System
System
Production
Production
Reports
Reports
Embedded
Embedded
Audit
AuditData
Data
Collection
Collection
Module
Module
2001 Prentice Hall Business Publishing, Accounting Information Systems, 8/E, Bodnar/Hopwood
Audit
Audit
Reports
Reports
16 - 21
Information Systems
Auditing Technology
Technique: Extended records
Description: Modification of programs to
collect and store data of audit
interest.
Example:
A payroll program is modified to
collect data pertaining to overtime
pay.
2001 Prentice Hall Business Publishing, Accounting Information Systems, 8/E, Bodnar/Hopwood
16 - 22
Information Systems
Auditing Technology
Technique: Snapshot
Description: Modifications of programs to
output data of audit interest.
Example:
A payroll program is modified to
output data pertaining to overtime
pay.
2001 Prentice Hall Business Publishing, Accounting Information Systems, 8/E, Bodnar/Hopwood
16 - 23
Information Systems
Auditing Technology
Technique: Tracing
Description: Tracing provides a detailed audit
trail of the instructions executed
during the programs operation.
Example:
A payroll program is traced to
determine if certain edit tests are
performed in the correct order.
2001 Prentice Hall Business Publishing, Accounting Information Systems, 8/E, Bodnar/Hopwood
16 - 24
Information Systems
Auditing Technology
Technique: Review of system documentation
Description: Existing system documentation
such as program flowcharts are
reviewed for audit purposes.
Example:
An auditor desk checks the
processing logic of a payroll
program.
2001 Prentice Hall Business Publishing, Accounting Information Systems, 8/E, Bodnar/Hopwood
16 - 25
Information Systems
Auditing Technology
Technique: Control flowcharting
Description: Analytic flowcharts or other
graphic techniques are used to
describe the controls in a system.
Example:
An auditor prepares an analytic
flowchart to review controls in
the payroll application system.
2001 Prentice Hall Business Publishing, Accounting Information Systems, 8/E, Bodnar/Hopwood
16 - 26
Information Systems
Auditing Technology
Technique: Mapping
Description: Special software is used to monitor
the execution of a program.
Example:
The execution of a program with
test data as input is mapped to indicate how
extensively the input
tested compares with
individual
program statements.
2001 Prentice Hall Business Publishing, Accounting Information Systems, 8/E, Bodnar/Hopwood
16 - 27
General Approach to an
Information Systems Audit
Most approaches to an information systems
audit follow some variation of a three-phase
structure.
The first phase consists of an initial review
and evaluation of the area to be audited and
audit plan preparation.
The second phase is a detailed review and
evaluation of controls.
2001 Prentice Hall Business Publishing, Accounting Information Systems, 8/E, Bodnar/Hopwood
16 - 28
General Approach to an
Information Systems Audit
The third phase involves compliance testing
and is followed by analysis and reporting of
results.
The initial review phase determines the course
of action the audit will take.
It includes the following:
decisions concerning specific areas to be
investigated
2001 Prentice Hall Business Publishing, Accounting Information Systems, 8/E, Bodnar/Hopwood
16 - 29
General Approach to an
Information Systems Audit
the deployment of audit labor
the audit technology to be used
the development of time and/or cost budget
for the audit
The primary control over the conduct of an
information systems audit centers on
documentation and review of performance.
2001 Prentice Hall Business Publishing, Accounting Information Systems, 8/E, Bodnar/Hopwood
16 - 30
General Approach to an
Information Systems Audit
What is an audit program?
It is a detailed list of the audit procedures
to be applied on a particular audit.
Standardized audit programs for particular
audit areas have been developed and are
common in all types of auditing.
2001 Prentice Hall Business Publishing, Accounting Information Systems, 8/E, Bodnar/Hopwood
16 - 31
General Approach to an
Information Systems Audit
In the second general phase of the audit,
effort is focused on fact-finding in the
area(s) selected for audit.
Documentation of the application area
is reviewed.
Data concerning the operation of the system
are reviewed.
2001 Prentice Hall Business Publishing, Accounting Information Systems, 8/E, Bodnar/Hopwood
16 - 32
General Approach to an
Information Systems Audit
2001 Prentice Hall Business Publishing, Accounting Information Systems, 8/E, Bodnar/Hopwood
16 - 33
2001 Prentice Hall Business Publishing, Accounting Information Systems, 8/E, Bodnar/Hopwood
16 - 34
Application Systems
Development Audits
There are three general areas of audit
concern in the systems development process.
They are:
1 Systems development standards
2 Project management
3 Program change control
What are systems development standards?
2001 Prentice Hall Business Publishing, Accounting Information Systems, 8/E, Bodnar/Hopwood
16 - 35
Application Systems
Development Audits
Systems development standards are the
documentation governing the design,
development, and implementation of
application systems.
What is project management?
It consists of project planning and project
supervision.
2001 Prentice Hall Business Publishing, Accounting Information Systems, 8/E, Bodnar/Hopwood
16 - 36
Application Systems
Development Audits
2001 Prentice Hall Business Publishing, Accounting Information Systems, 8/E, Bodnar/Hopwood
16 - 37