Scribd Logo
Fazer o upload

Bem-vindo(a) ao Scribd!

  • The Impact of Information Technology On The Audit Process

    Enviado por

    John Bryan
    28 visualizações33 páginas
    sdfsdfdsfsdfs

    Título original

    Arens11e Ab.az.Chapter12

    Direitos autorais

    © © All Rights Reserved

    Formatos disponíveis

    PPT, PDF, TXT ou leia online no Scribd

    Você considera este documento útil?

    Este conteúdo é inapropriado?

    Denunciar este documento
    sdfsdfdsfsdfs

    Direitos autorais:

    © All Rights Reserved
    Baixe no formato PPT, PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    28 visualizações33 páginas

    The Impact of Information Technology On The Audit Process

    Enviado por

    John Bryan
    sdfsdfdsfsdfs

    Direitos autorais:

    © All Rights Reserved
    Baixe no formato PPT, PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    de 33

    The Impact of

    Information
    Technology on the
    Audit Process

    Chapter 12

    2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder 12 - 1


    Learning Objective 1

    Describe how IT improves


    internal control.

    2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder 12 - 2


    How Information Technologies
    Enhance Internal Control

    Computer controls
    replace manual controls.

    Higher-quality
    information is available.

    2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder 12 - 3


    Learning Objective 2

    Identify risks that arise from using


    an IT-based accounting system.

    2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder 12 - 4


    Assessing Risks of
    Information Technologies
    Reliance on the capabilities of hardware
    and software

    Visibility of audit trail

    Reduced human involvement

    Systematic versus random errors

    2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder 12 - 5


    Assessing Risks of
    Information Technologies
    Unauthorized access

    Loss of data

    Reduced segregation of duties

    Lack of traditional authorization

    Need for IT experience


    2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder 12 - 6
    Learning Objective 3

    Explain how general controls


    and application controls
    reduce IT risks.

    2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder 12 - 7


    Internal Controls Specific to
    Information Technology

    General controls

    Application controls

    2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder 12 - 8


    Relationship Between General
    and Administrative Controls
    Risk of unauthorized change
    Risk of system crash
    to application software

    Cash receipts
    application
    controls
    Sales Payroll
    applications application
    controls controls
    Other cycle
    application
    controls

    Risk of unauthorized GENERAL CONTROLS Risk of unauthorized


    master file update processing

    2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder 12 - 9


    General Controls
    Administration of the IT function

    Segregation of IT duties

    Systems development

    Physical and online security

    Backup and contingency planning

    Hardware controls
    2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder 12 - 10
    Administration of the IT Function

    The perceived importance of IT within an


    organization is often dictated by the attitude of
    the board of directors and senior management.

    2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder 12 - 11


    Segregation of IT Duties

    Chief Information Officer or IT Manager

    Security Administrator

    Systems Data
    Operations
    Development Control

    2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder 12 - 12


    Systems Development

    Typical test
    strategies

    Pilot testing Parallel testing

    2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder 12 - 13


    Physical and Online Security

    Physical Controls: Online Controls:


    Keypad entrances User ID control
    Badge-entry systems Password control
    Security cameras Separate add-on
    Security personnel security software

    2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder 12 - 14


    Backup and Contingency Planning

    One key to a backup


    and contingency plan
    is to make sure that
    all critical copies of
    software and data files
    are backed up and
    stored off the premises.

    2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder 12 - 15


    Hardware Controls

    These controls are built into computer


    equipment by the manufacturer to
    detect and report equipment failures.

    2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder 12 - 16


    Application Controls

    Input controls

    Processing
    controls

    Output controls

    2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder 12 - 17


    Input Controls

    These controls are designed by an


    organization to ensure that the
    information being processed is
    authorized, accurate, and complete.

    2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder 12 - 18


    Batch Input Controls

    Financial total

    Hash total

    Record count

    2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder 12 - 19


    Processing Controls

    Validation test

    Sequence test

    Arithmetic accuracy test

    Data reasonableness test

    Completeness test

    2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder 12 - 20


    Output Controls

    These controls focus on detecting errors


    after processing is completed rather
    than on preventing errors.

    2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder 12 - 21


    Learning Objective 4

    Describe how general controls


    affect the auditors testing
    of application controls.

    2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder 12 - 22


    Impact of Information Technology
    on the Audit Process

    Effects of general controls on control risk

    Effects of IT controls on control


    risk and substantive tests

    Auditing in less complex IT environments

    Auditing in more complex IT environments


    2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder 12 - 23
    Learning Objective 5

    Use test data, parallel simulation,


    and embedded audit module
    approaches when auditing
    through the computer.

    2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder 12 - 24


    Test Data Approach

    Test data should include all relevant


    1
    conditions that the auditor wants tested.

    Application programs tested by the


    2 auditors test data must be the same as
    those the client used throughout the year.

    Test data must be eliminated from the


    3 clients records.

    2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder 12 - 25


    Test Data Approach

    Input test
    Transactions to test
    Key control
    Procedures

    Application Programs Transaction files


    Master files (Assume Batch System) (contaminated?)

    Control test
    Contaminated results
    master files

    2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder 12 - 26


    Test Data Approach
    Control test
    results

    Auditor-predicted results
    Auditor makes of key control procedures
    comparisons based on an understanding
    of internal control

    Differences between
    actual outcome and
    predicted result

    2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder 12 - 27


    Parallel Simulation

    The auditor uses auditor-controlled software


    to perform parallel operations to the clients
    software by using the same data files.

    2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder 12 - 28


    Parallel Simulation
    Production Master
    transactions file

    Auditor-prepared Client application


    program system programs

    Auditor Client
    results results

    Auditor makes comparisons between Exception report


    clients application system output and noting differences
    the auditor-prepared program output

    2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder 12 - 29


    Embedded Audit Module
    Approach

    Auditor inserts an audit module in the


    clients application system to capture
    transactions with characteristics that
    are of specific interest to the auditor.

    2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder 12 - 30


    Learning Objective 6

    Identify issues for e-commerce


    systems and other specialized
    IT environments.

    2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder 12 - 31


    Issues for Different IT
    Environments
    Issues for microcomputer environments

    Issues for network environments

    Issues for database management systems

    Issues for e-commerce systems

    Issues when clients outsource IT


    2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder 12 - 32
    End of Chapter 12

    2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder 12 - 33

    Você também pode gostar