TOPIC 7: COMPUTER INFORMATION SYSTEM

PRESENTED BY: SITI NUR DINI FAUZI NURUL NADIAH MOHD NAWI NOR SHAKILAH ABD RAHMAN

Audit Process in CIS Environment

auditor need to consider how CIS environment affects the audit the overall audit objective and scope does not change application of CIS changed the processing, storage and communication of financial information may affect internal control

Skill & competence should have sufficient knowledge in CIS to plan, direct, supervise & review

Planning - should obtain an understanding the significance and complexity of CIS activities and the availability of data for use in the audit

Planning - should obtain an understanding the significance and complexity of CIS activities and the availability of data for use in the audit

Planning - should obtain an understanding the significance and complexity of CIS activities and the availability of data for use in the audit

Risk Assessment
Risk in CIS environment includes ; Lack of transaction trail, audit trail may not available in computer readable form. If the transaction is too complex and high volume, errors may embedded in application program and difficult to detect. Lack of segregation of duties compared in manual system Potential for errors and irregularities
Human errors Potential on unauthorized access to data without visible evidence Unable to detect errors Reduce check and balance activities that cause errors that are unable to detect.

Risk Assessment
Initiation or execution of transaction. In CIS some transaction can be execute automatically such as calculation of depreciation. Lack of visible output. Certain transaction or outputs are not printed thus result in the need to access data retained on files readable only by computer. Ease of access to data and computer programs
Data and computer programs can be access and altered at the computer or from a remote location Auditor should review the appropriate control measure to prevent unauthorized access and alteration of data

Risk Assessment
Absence of input document, data entered into computer without supporting document Risk may result from CIS activities such as assessment of deficiencies in program development, maintenance, operation, etc Risk due to complex application in CIS such as integrated data between one organization and another that may increase risk and required consideration.

Audit Procedures
Auditors specific objective do not change -process data manually - process data by computer Method of applying audit procedures to gather evidence may different Will perform audit procedures -manually -CAAT -both

Audit Procedures
Ensure the effectiveness of input & output controls Ensuring the Completeness, accuracy & validity by comparing output reports with input documents AUDITING AROUND COMPUTER Does not examine computer processing but perform procedures to obtain understanding accounting & internal control

Ensure the adequacy of segregation of duties

Audit Procedures

Performing test of control & substantive test

Auditor may used CAAT

AUDITING THROUGH COMPUTER

Eg: Test Data Enable auditor to examine the computer processing, internal control of client CIS CAAT Helps auditor to organize, analyzing & extracting computerized data & reperforming computation & other processing

THE END .

GROUP MEMBERS:
SITI NUR DINI FAUZI NURUL NADIAH MOHD NAWI NOR SHAKILAH ABD RAHMAN NADHIRAH SAZALI MEGAT FAIZ NAIM ZAINUDDIN