Welcome to Scribd. Sign in or start your free trial to enjoy unlimited e-books, audiobooks & documents.Find out more
Download
Standard view
Full view
of .
Look up keyword
Like this
16Activity
0 of .
Results for:
No results containing your search query
P. 1
Chapter 22 Ans

Chapter 22 Ans

Ratings: (0)|Views: 1,881|Likes:
Published by Dave Manalo
Auditing, Theory, Cabrera, Solution, Manual
Auditing, Theory, Cabrera, Solution, Manual

More info:

Published by: Dave Manalo on Aug 04, 2010
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as DOC, PDF, TXT or read online from Scribd
See more
See less

05/15/2013

pdf

text

original

 
CHAPTER 22AUDITING IN A COMPUTER INFORMATION SYSTEMS(CIS) ENVIRONMENT
I.
 Review Questions
1.Additional planning items that should be considered when computer processingis involved are:
The extent to which the computer is used in each significant accountingapplication.
The complexity of the computer operations used by the entity,including the use of an outside service center.
The organizational structure of the computer processing activities.
The availability of data.
The computer-assisted audit techniques to increase the efficiency of audit procedures.
The need for specialized skills.2.Understanding the control environment is a part of the preliminary phase of control risk assessment. Computer use in data processing affects thisunderstanding in each of the parts of the control environment as follows:
The organizational structure
should include an understanding of theorganization of the computer function. Auditors should obtain and evaluate: (a)a description of the computer resources and (b) a description of theorganizational structure of computer operations.
Methods used to communicate responsibility and authority
– should include themethods related to computer processing. Auditors should obtain informationabout the existence of: (a) accounting and other policy manuals includingcomputer operations and user manual and (b) formal job descriptions for computer department personnel. Further, auditors should gain an understandingof: (a) how the client’s computer resources are managed, (b) how priorities for resources are determined and (c) if user departments have a clear understandingof how they are to comply with computer related standards and procedures.
Methods used by management to supervise the system
should include procedures management uses to supervise the computer operations. Items thatare of interest to the auditors include: (a) the existence of systems design and
 
22-2
Solutions Manual - Principles of Auditing and Other Assurance Services
documentation standards and the extent to which they are used, (b) the existenceand quality of procedures for systems and program modification, systemsacceptance approval and output modification, (c) the procedures limiting accessto authorized information, (d) the availability of financial and other reports and(e) the existence of an internal audit function.3.The “audit trail” is the source documents, journal postings and ledger account postings maintained by a client in order to keep books. These are a “trail” of the bookkeeping (transaction data processing) that the auditor can follow forwardwith a tracing procedure or back ward with a vouching procedure.In a manual system this “trailis usually visible to the eye with postingreferences in the journal and ledger and hard-copy documents in files. But in acomputer system, the posting references may not exist, and the “records must beread using the computer rather than the naked eye.” Most systems still havehard-copy papers for basic documentation, but in some advanced systems eventhese might be absent.4.The audit trail (sometimes called “management trail” as it is used more in dailyoperations than by auditors) is composed of all manual and computer recordsthat allow one to follow the sequence of processing on (or because of) atransaction.The audit trail in advanced systems may not be in a human-readable form andmay exist for only a fraction of a second.The first control implication is that concern for an audit trail needs to berecognized at the time a system is designed. Techniques such as i
ntegrated test  facility
,
audit files
and
extended records
must be specified to the systemsdesigner. The second control implication is that if the audit trail exists onlymomentarily in the form of transaction logs or master records before destructiveupdate, the external auditor must review and evaluate the transaction flow atvarious times throughout the processing period. Alternatively, the externalauditor can rely more extensively on the internal auditor to monitor the audittrail.5.Major characteristics:1.
Staff and location of the computer 
– operated by small staff located withinthe user department and without physical security.2.
 Programs
– supplied by computer manufacturers or software houses.3.
 Processing mode
– interactive data entry by users with most of the master file accessible for inquiry and direct update.Control Problems:
 
 Auditing in a Computer Information Systems (CIS) Environment 
 
22-3
1.Lack of segregation of duties.2.Lack of controls on the operating system and application programs.3.Unlimited access to data files and programs.4.No record of usage.5.No backup of essential files.6.No audit trail of processing.7.No authorization or record of program changes.6.Auditing
through
the computer refers to making use of the computer itself to testthe operative effectiveness of application controls in the program actually usedto process accounting data. Thus the term refers only to the proper study andevaluation of internal control. Auditing
with
the computer refers
both
to thestudy of internal control (the same as “auditing through”)
and 
to the use of thecomputer to perform audit tasks.7.Both are audit procedures that use the computer to test controls that are includedin a computer program. The basic difference is that the
test data
procedureutilizes the client’s program with auditor-created transactions, while
 parallel  simulation
utilizes an auditor-created program with actual client transactions. Inthe
test data
procedure the results from the client program are compared to theauditor’s predetermined results to determine whether the controls work asdescribed. In the
 parallel simulation
procedures the results from the auditor  program are compared to the results from the client program to determinewhether the controls work as described.8.The
test data
technique utilizes simulated transactions created by the auditor, processed by actual programs but at a time completely separate from the processing of actual, live transactions. The
integrated test 
 
 facility
technique isan extension of the test data technique, but the simulated transactions areintermingled with the real transactions and run on the actual programs processing actual data.9.User identification numbers and passwords prevent unauthorized access toaccounting records and application programs. The transaction log does not
 prevent 
unauthorized access but may be reviewed to
detect 
unauthorized access.Even then, responsibility could not be traced to a particular individual withoutuser identification numbers and passwords. The transaction log is moreimportant to establish the audit trail than to detect unauthorized access.10.
Generalized audit software
is a set of preprogrammed editing, operating, andoutput routines that can be called into use with a simple, limited set of  programming instructions by an auditor who has one or two weeks intensivetraining.

Activity (16)

You've already reviewed this. Edit your review.
1 thousand reads
1 hundred reads
Rosa Hernandez liked this
Elaine Walters liked this
Divine Cinco liked this
Johaira Faisal liked this

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->