Auditing in a Computer Information Systems (CIS) Environment
1.Lack of segregation of duties.2.Lack of controls on the operating system and application programs.3.Unlimited access to data files and programs.4.No record of usage.5.No backup of essential files.6.No audit trail of processing.7.No authorization or record of program changes.6.Auditing
the computer refers to making use of the computer itself to testthe operative effectiveness of application controls in the program actually usedto process accounting data. Thus the term refers only to the proper study andevaluation of internal control. Auditing
the computer refers
to thestudy of internal control (the same as “auditing through”)
to the use of thecomputer to perform audit tasks.7.Both are audit procedures that use the computer to test controls that are includedin a computer program. The basic difference is that the
procedureutilizes the client’s program with auditor-created transactions, while
utilizes an auditor-created program with actual client transactions. Inthe
procedure the results from the client program are compared to theauditor’s predetermined results to determine whether the controls work asdescribed. In the
procedures the results from the auditor program are compared to the results from the client program to determinewhether the controls work as described.8.The
technique utilizes simulated transactions created by the auditor, processed by actual programs but at a time completely separate from the processing of actual, live transactions. The
technique isan extension of the test data technique, but the simulated transactions areintermingled with the real transactions and run on the actual programs processing actual data.9.User identification numbers and passwords prevent unauthorized access toaccounting records and application programs. The transaction log does not
unauthorized access but may be reviewed to
unauthorized access.Even then, responsibility could not be traced to a particular individual withoutuser identification numbers and passwords. The transaction log is moreimportant to establish the audit trail than to detect unauthorized access.10.
Generalized audit software
is a set of preprogrammed editing, operating, andoutput routines that can be called into use with a simple, limited set of programming instructions by an auditor who has one or two weeks intensivetraining.