CH 16

Chapter
16
Auditing Information
Technology
What is auditing through the computer?

It is the process of reviewing and evaluating the
internal controls in an electronic data processing
system.
What is auditing with the computer?
It is the utilization of the computer by an auditor to
perform some audit work that otherwise would have
to be done manually.
2001 Prentice Hall Business Publishing, Accounting Information Systems, 8/E, Bodnar/Hopwood
16 - 1
Structure of Financial
Statement Audit
The primary objective and responsibility of
the external auditor is to attest to the fairness
of a firms financial reports.
The external auditor serves the firms
stockholders, the government, and the
general public.
The internal auditor serves a firms
management.
16 - 2
Statement Audit
Various types of professional certifications are
applicable to auditing.
What are these?
CPA (certified public accountant)
CISA (certified information systems auditor)
CIA (certified internal auditor)
Audits are almost universally divided into two
components.
16 - 3
Statement Audit
Transactions
Transactions
Accounting
Accounting
System
System
Compliance Testing
Interim Audit
Financial
Financial
Reports
Reports
Cash
Bank
Receivables
Customers
(Confirm balances)
Substantive Testing
Financial Statement Audit
16 - 4
Auditing Around the Computer

An accounting system is comprised of input,
processing, and output.
In the around-the-computer approach, the
processing portion is ignored.
Auditing through the computer may be defined as
the verification of controls in a computerized system.
Auditing with the computer is the process of

using information technology in auditing.
16 - 5
Control Framework
in IT Environment
Applications
Applications
Controls
Controls
Application
Application
Systems
Systems
Development
Development
Internal
Internal
Controls
Controls
General
General
Controls
Controls
Computer
Computer
Application
Application
Systems
Systemsand
and
Programs
Programs
Computer
Computer
Service
Service
Center
Center
16 - 6
Auditing with the Computer
What are some of the potential benefits

of
using information systems technology in an
audit?
Computer-generated working papers are
generally more legible and consistent.
Time may be saved by eliminating manual
footing, cross footing, and other routine
calculations.
16 - 7

3
4
Calculations, comparisons, and other

data
manipulations are more accurately performed.
Analytical review calculations may be more
efficiently performed.
Project information may be more easily
generated and analyzed.
16 - 8

6
7
8
Standardized audit correspondence may be

stored and easily modified.
Morale and productivity may be improved by
reducing the time spent on clerical tasks.
Increased cost-effectiveness is obtained by reusing
and extending existing electronic audit
applications to subsequent audits.
Increased independence from information systems
personnel is obtained.
16 - 9
Information Systems
Auditing Technology
Technique: Test data
Description: Test data are input containing both
valid and invalid data.
Example:
Payroll transactions for fictitious
employees are processed
concurrently with valid payroll
transactions.
16 - 10
Information Systems
Auditing Technology
Test
TestData
Data
Hypothetical
Hypothetical
Transactions
Transactions
Computer
ComputerProcessing
Processing
Using
UsingMaster
MasterProgram
Program
Error
ErrorListing
Listing
Compare
Auditors
Auditors
Expected
Expected
Output
Output
16 - 11
Information Systems
Auditing Technology
Technique: Integrated test facility (ITF)
Description: ITF involves both the use of test data
and the creation of fictitious records (vendors,
employees) onthe master files of a computer
system.
Example:
Payroll transactions for fictitious
employees are processed concurrently with valid
payroll transactions.
16 - 12
Information Systems
Auditing Technology
Transactions
Transactions
ITF
ITF
Transactions
Transactions
Computer
Computer
Application
Application
System
System
Reports
Reports
Without
Without
ITF
ITFData
Data
Data Files
ITF Data
Reports
Reports
Containing
Containing
ITF
ITFInformation
Information
16 - 13
Information Systems
Auditing Technology
Technique: Parallel simulation
Description: Processing real data through audit
programs. The simulated output and the
regular output are then compared.
Example:
Depreciation calculations are
verified by processing the fixedasset master
file with an audit program.
16 - 14
Information Systems
Auditing Technology
Computer
Application
System
Transactions
Transactions
Parallel
Parallel
Simulation
Simulation
Program
Program
Function to
Be Verified
Report
Report
Compare
Simulation
Simulation
Report
Report
16 - 15
Information Systems
Auditing Technology
Technique: Audit software
Description: Computer programs that permit
the computer to be used as an
auditing tool.
Example:
An auditor uses a computer
program to extract data records
from a master file.
16 - 16
Information Systems
Auditing Technology
Technique: Generalized audit software (GAS)
Description: GAS is audit software that has
been specifically designed to allow
auditors to perform audit-related
data processing functions.
Example:
An auditor uses GAS to search
computer files for unusual items.
16 - 17
Information Systems
Auditing Technology
Technique: PC software
Description: Software that allows the auditor to
use a PC to perform audit tasks.
Example:
A PC spreadsheet package is used
to maintain audit working papers
and audit schedules.
16 - 18
Information Systems
Auditing Technology
Deloitte & Touche AuditSystem/2
Work
Work
Papers
Papers
Smart
SmartAudit
Audit
Support
Support
Access
Accessto
to
Information
Information
Document
Document
Manager
Manager
Trial
Trial
Balance
Balance
MS
Word
MS
Excel
Multilocation
Multilocation
Support
Support
MS
Lotus
Access cc:mail
ACL
File
File
Interrogation
Interrogation
Folio
Other
VIEWS Applications
16 - 19
Information Systems
Auditing Technology
Technique: Embedded audit routines
Description: Special auditing routines included
in regular computer programs so that
transaction data can be subjected to audit
analysis.
Example:
Data items that are exceptions to
auditor-specified edit tests
included in a
program are written
to a special audit file.
16 - 20
Information Systems
Auditing Technology
Production
Production
Transactions
Transactions
Production
Production
Computer
Computer
Application
Application
System
System
Production
Production
Reports
Reports
Embedded
Embedded
Audit
AuditData
Data
Collection
Collection
Module
Module
Audit
Audit
Reports
Reports
16 - 21
Information Systems
Auditing Technology
Technique: Extended records
Description: Modification of programs to
collect and store data of audit
interest.
Example:
A payroll program is modified to
collect data pertaining to overtime
pay.
16 - 22
Information Systems
Auditing Technology
Technique: Snapshot
Description: Modifications of programs to
output data of audit interest.
Example:
A payroll program is modified to
output data pertaining to overtime
pay.
16 - 23
Information Systems
Auditing Technology
Technique: Tracing
Description: Tracing provides a detailed audit
trail of the instructions executed
during the programs operation.
Example:
A payroll program is traced to
determine if certain edit tests are
performed in the correct order.
16 - 24
Information Systems
Auditing Technology
Technique: Review of system documentation
Description: Existing system documentation
such as program flowcharts are
reviewed for audit purposes.
Example:
An auditor desk checks the
processing logic of a payroll
program.
16 - 25
Information Systems
Auditing Technology
Technique: Control flowcharting
Description: Analytic flowcharts or other
graphic techniques are used to
describe the controls in a system.
Example:
An auditor prepares an analytic
flowchart to review controls in
the payroll application system.
16 - 26
Information Systems
Auditing Technology
Technique: Mapping
Description: Special software is used to monitor
the execution of a program.
Example:
The execution of a program with
test data as input is mapped to indicate how
extensively the input
tested compares with
individual
program statements.
16 - 27
General Approach to an
Information Systems Audit
Most approaches to an information systems
audit follow some variation of a three-phase
structure.
The first phase consists of an initial review
and evaluation of the area to be audited and
audit plan preparation.
The second phase is a detailed review and
evaluation of controls.
16 - 28
The third phase involves compliance testing
and is followed by analysis and reporting of
results.
The initial review phase determines the course
of action the audit will take.
It includes the following:
decisions concerning specific areas to be
investigated
16 - 29
the deployment of audit labor
the audit technology to be used
the development of time and/or cost budget
for the audit
The primary control over the conduct of an
information systems audit centers on
documentation and review of performance.
16 - 30
What is an audit program?
It is a detailed list of the audit procedures
to be applied on a particular audit.
Standardized audit programs for particular
audit areas have been developed and are
common in all types of auditing.
16 - 31
In the second general phase of the audit,
effort is focused on fact-finding in the
area(s) selected for audit.
Documentation of the application area
is reviewed.
Data concerning the operation of the system
are reviewed.
16 - 32
In the third phase of the audit, compliance

tests are undertaken to provide reasonable
assurance that internal controls exist and
operate as prescribed.
16 - 33
Information Systems Application

Audits
Application controls are divided into three
general areas.
What are these areas?
1 Input
2 Processing
3 Output
16 - 34
Application Systems
Development Audits
There are three general areas of audit
concern in the systems development process.
They are:
1 Systems development standards
2 Project management
3 Program change control
What are systems development standards?
16 - 35
Application Systems
Development Audits
Systems development standards are the
documentation governing the design,
development, and implementation of
application systems.
What is project management?
It consists of project planning and project
supervision.
16 - 36
Application Systems
Development Audits
What is the objective of program change controls?

It is to prevent unauthorized and potentially
fraudulent changes from being introduced into
previously tested and accepted programs.
Normally, an audit of the computer service center
is undertaken before any application audits to
ensure the general integrity of the environment in
which the application will function.
16 - 37

CH 16

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

CH 16

Hochgeladen von

Copyright:

Verfügbare Formate

Chapter

What is auditing through the computer?

Auditing Around the Computer

the verification of controls in a computerized system.

Auditing with the computer is the process of

Auditing with the Computer

What are some of the potential benefits

Auditing with the Computer

Calculations, comparisons, and other

Auditing with the Computer

Standardized audit correspondence may be

In the third phase of the audit, compliance

Information Systems Application

What is the objective of program change controls?

Das könnte Ihnen auch gefallen