Scribd Logo
Upload

Welcome to Scribd!

  • PP 460 ch12

    Uploaded by

    api-241660930
    24 views38 pages

    Original Title

    pp 460 ch12

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    24 views38 pages

    PP 460 ch12

    Uploaded by

    api-241660930

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 38

    The Impact of Information Technology on the Audit Process

    Chapter 12

    2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley

    5-5

    Learning Objective 1
    Describe how IT improves internal control.

    2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley

    12 - 2

    How Information Technologies Enhance Internal Control


    Computer controls replace manual controls

    Higher-quality information is available


    2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 3

    Learning Objective 2
    Identify risks that arise from using an ITbased accounting system.

    2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley

    12 - 4

    Assessing Risks of Information Technologies


    Risks to hardware and data Reduced audit trail Need for IT experience and separation of IT duties

    2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley

    12 - 5

    Risks to Hardware and Data


    Reliance on hardware and software Unauthorized access

    Data loss
    2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley

    Systematic vs. random errors


    12 - 6

    Reduced Audit Trail


    Visibility of audit trail Lack of traditional authorization Detection risk

    Reduced human involvement


    2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 7

    Need for IT Experience and Separation of Duties


    Reduced separation of duties Need for IT experience

    2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley

    12 - 8

    Learning Objective 3
    Explain how general controls and application controls reduce IT risks.

    2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley

    12 - 9

    Internal Controls Specific to Information Technology


    Information technology controls

    Application controls

    General controls

    2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley

    12 - 10

    Relationship Between General and Application Controls

    2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley

    12 - 11

    Categories of General and Application Controls

    2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley

    12 - 12

    Administration of the IT Function


    The perceived importance of IT within an organization is often dictated by the attitude of the board of directors and senior management.

    2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley

    12 - 13

    Segregation of IT Duties

    2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley

    12 - 14

    Systems Development
    Typical test strategies

    Pilot testing

    Parallel testing

    2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley

    12 - 15

    Physical and Online Security


    Online Controls: User ID control Password control Separate add-on security software

    Physical Controls: Keypad entrances Badge-entry systems Security cameras Security personnel
    12 - 16

    2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley

    Backup and Contingency Planning


    Offsite storage of critical files is a key element to a backup and contingency plan

    2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley

    12 - 17

    Hardware Controls
    These controls are built into computer equipment by the manufacturer to detect and report equipment failures.

    2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley

    12 - 18

    Application Controls
    Application controls are designed for each software application

    Input controls

    Output controls

    Processing controls
    2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 19

    Input Controls
    These controls are designed by an organization to ensure that the information being processed is authorized, accurate, and complete.

    2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley

    12 - 20

    Batch Input Controls


    Financial total Total for all records in a batch

    Hash total

    Total of codes from all batch records


    Total of records in a batch
    12 - 21

    Record count

    2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley

    Processing Controls
    Validation test Sequence test Arithmetic accuracy test Data reasonableness test Completeness test
    2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley

    Correct file, database, or program? Correct processing order? Accuracy of processed data? Data exceeds preset amounts? Completeness of record fields?
    12 - 22

    Output Controls
    These controls focus on detecting errors after processing is completed rather than on preventing errors.

    2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley

    12 - 23

    Learning Objective 4
    Describe how general controls affect the auditors testing of application controls.

    2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley

    12 - 24

    Impact of Information Technology on the Audit Process


    Effects of general controls on system-wide applications Effects of general controls on software changes
    Obtaining an understanding of client general controls Relating IT controls to transaction-related audit objectives Effect of IT controls on substantive testing
    2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 25

    Auditing in IT Environments with Varied Complexity


    LESS Audit around the computer

    Smaller companies
    MORE

    IT controls < effective

    Audit though the computer Parallel simulation Test data


    12 - 26

    2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley

    Auditing Around and Through the Computer

    2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley

    12 - 27

    Learning Objective 5
    Use test data, parallel simulation, and embedded audit module approaches when auditing through the computer.

    2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley

    12 - 28

    Test Data Approach


    1. Test data should include all relevant conditions that the auditor wants tested.

    2.

    Application programs tested by the auditors test data must be the same as those the client used throughout the year. Test data must be eliminated from the clients records.

    3.

    2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley

    12 - 29

    Test Data Approach


    Input test transactions to test key control procedures Application programs (assume batch system) Transaction files (contaminated?)

    Master files

    Contaminated master files

    Control test results


    12 - 30

    2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley

    Test Data Approach


    Control test results Auditor-predicted results of key control procedures based on an understanding of internal control

    Auditor makes comparisons

    Differences between actual outcome and predicted result


    2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 31

    Parallel Simulation
    The auditor uses auditor-controlled software to perform parallel operations to the clients software by using the same data files.

    2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley

    12 - 32

    Parallel Simulation
    Production transactions Auditor-prepared program
    Auditor results Auditor makes comparisons between clients application system output and the auditor-prepared program output
    2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley

    Master file

    Client application system programs


    Client results

    Exception report noting differences


    12 - 33

    Embedded Audit Module Approach


    Auditor inserts an audit module in the clients application system to identify specific types of transactions.

    2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley

    12 - 34

    Embedded Audit Module Approach

    2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley

    12 - 35

    Learning Objective 6
    Identify issues for e-commerce systems and other specialized IT environments.

    2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley

    12 - 36

    Issues for Different IT Environments


    Network Environments
    Database Management Systems

    Outsourced IT

    e-Commerce systems

    2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley

    12 - 37

    End of Chapter 12

    2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley

    5-5

    You might also like