Escolar Documentos
Profissional Documentos
Cultura Documentos
Presentation Outline
Concepts in Information Systems Auditing
Financial
Interim Audit Statement Audit
Substantive
Compliance Testing
Testing
B1. Compliance Testing
Processing
D. Auditing With The Computer
The utilization of the computer by an auditor to
perform some audit work that would otherwise
have to be done manually.
E. Auditing Through the Computer
Audit
PART II
Auditing Technology
for Information
Systems
Auditing Technology for IS
A. Review of Systems Documentation
B. Test Data
C. Integrated-Test-Facility (ITF) Approach
D. Parallel Simulation
E. Audit Software
F. Embedded Audit Routines
G. Mapping
H. Extended Records and Snapshots
A. Review of Systems
Documentation
The auditor reviews documentation such as
narrative descriptions, flowcharts, and program
listings. In desk checking the auditor processes
test or real data through the program logic.
B. Test Data
The auditor prepares input containing both
valid and invalid data. Prior to processing the
test data, the input is manually processed to
determine what the output should look like.
The auditor then compares the computer-
processed output with the manually processed
results.
Illustration of Test Data Approach
Computer Operations Auditors
Prepare Test
Transaction
Transactions
Test Data
And Results
Computer
Application
System
Manually
Computer Auditor Compares Processed
Output Results
C. Integrated Test Facility (ITF)
Approach
A common form of an ITF is as follows:
1. A dummy ITF center is created for the auditors.
2. Auditors create transactions for controls they
want to test.
3. Working papers are created to show expected
results from manually processed information.
4. Auditor transactions are run with actual
transactions.
5. Auditors compare ITF results to working papers.
Illustration of ITF Approach
Computer Operations Auditors
Computer
Application Data Files
System ITF Data
Actual
Transactions
Computer Auditor’s
Application Simulation
System Program
• Access Management
• Cybersecurity
I. General Security Concepts
• Logical security can occur at various level within
the IT Infrastructure.
• Logical Security control components include:
– Authentication – Manner in which user logs into the
system.
– Authorization – Manner in which the user gets
approved to access a system
– Access Management
– Monitoring and Follow-up
II. Access Management
• Process in which the manner of
access is managed: