Chapter 7



© 2000 The McGraw-Hill Companies, Inc.,

and electronic data interchange.7-2 CHANGING INFORMATION TECHNOLOGY AND ITS EFFECT ON AUDITING  Distributed data processing. (no transaction file – immediately up-date the master file) Intelligent systems. (weak control at user department) Electronic (Internet) Commerce (concern on transaction integrity. (auditor concern on control of access limitation and data transmission) Real-time systems.. (auditor concern with the integrity of the knowledge captured in the system and how the system make decisions) End-user computing.     Irwin/McGraw-Hill . Inc. protection of information & unauthorised access) © 2000 The McGraw-Hill Companies. networking.

  Irwin/McGraw-Hill . server and microcomputer  Purchased from vendor but more advanced than low Advanced systems  Depend on IT for handling information processing needs.. extensive database systems. online. EDI etc. Inc.7-3 COMPLEXITY OF IT SYSTEMS  Low complexity  stand-alone microcomputer  Used for maintaining journals. © 2000 The McGraw-Hill Companies. real time processing.  Mainframe.L  Purchased from vendor Medium complexity  Minicomputer. telecommunications. subsidiary ledgers & G.

supervisory.g. Inc. . management Application controls -apply to the processing of specific computer application and are part of the computer programs used in the accounting system -e.7-4 TYPES OF CONTROLS IN AN IT ENVIRONMENT   General controls -relates to all parts of the CIS and must therefore be evaluated early in the audit. -to establish a framework of overall control over the CIS activities and to provide a reasonable level of assurance that the overall objectives of I.c are achieved -e. limit check Irwin/McGraw-Hill © 2000 The McGraw-Hill Companies.g. batch control..

7-5 GENERAL CONTROLS      Organizational controls.designed to established an organisational framework over CIS activities. Inc. Irwin/McGraw-Hill ..CIS is used by authorised personnel for authorised purposes Operations and data controls – control authorisation of transactions and access to data and program © 2000 The McGraw-Hill Companies.ensure the computer h/w and application systems operate as planned on an ongoing basis Security and access controls. Systems development and modification controls – systems are developed and maintained in an authorised and efficient manner Hardware and systems software controls.

process and output) © 2000 The McGraw-Hill Companies. Inc. completeness and valuation  Data validation controls – limit test. Irwin/McGraw-Hill . field test  Processing controls – file or volume labels. control totals. Concern with validity.. only once. reasonableness test   Output controls Error controls – can be identified at any point in the system (input. range test.7-6 APPLICATION CONTROLS  Data capture controls – ensure all transactions are recorded in the application system.

.7-7 THE EFFECT OF IT ON INTERNAL CONTROL The presence of computer processing for significant accounting applications affects how an entity implements its internal controls. the control environment factors and control activities are affected by IT.  In particular. Inc. .  Irwin/McGraw-Hill © 2000 The McGraw-Hill Companies.

7-8 CONTROL ENVIRONMENT FACTORS AFFECTED BY IT  Assignment of authority and responsibility  Clear line of a of a and r because………. . trustworthy employees. Inc.. skills and knowledge Irwin/McGraw-Hill © 2000 The McGraw-Hill Companies.  Human resource policies and practices..  Competent.

authorisation. recording of transactions and custody of assets Physical controls.  Authorization of transactions  The keeping of adequate documents and records Proper segregation of duties. . Inc..  Initiation.7-9 CONTROL ACTIVITIES AFFECTED BY IT    Information processing.  Data or records concentrated in the IT department Irwin/McGraw-Hill © 2000 The McGraw-Hill Companies.

.7-10 THE AUDIT PROCESS IN AN IT ENVIRONMENT  The auditor's knowledge of the entity's computer processing must include the following factors:  The extent to which the computer is used in each significant accounting application.  The organizational structure of the computer processing activities.  The complexity of the entity's computer operations. Irwin/McGraw-Hill © 2000 The McGraw-Hill Companies. .  The availability of data for evidential matter. Inc.

Inc. ..7-11 AUDIT STRATEGY DECISIONS   Substantive strategy Reliance strategy Irwin/McGraw-Hill © 2000 The McGraw-Hill Companies.

Irwin/McGraw-Hill © 2000 The McGraw-Hill Companies. Inc.  The transactions can be traced from the source documents to the accounting reports and from the reports back to the source documents.7-12 SUBSTANTIVE STRATEGY (auditing around the computer)  Two conditions are necessary for a substantive strategy:  There are adequate source documents and accounting reports in non-machine-readable form.. .

general and application controls are reviewed and tested..  Irwin/McGraw-Hill © 2000 The McGraw-Hill Companies.7-13 RELIANCE STRATEGY When a reliance strategy is followed. Inc.  The reliance strategy results in the auditor using computer-audit assisted techniques. .

Inc..7-14 COMPUTER-ASSISTED AUDIT TECHNIQUES (CAATs)      Generalized audit software (see Table 7-9)  Program that allow the auditor to perform tests on computer files and d/base Custom audit software Written by auditors for specific audit tasks Test data (see Figure 7-7)  Used test data to test client’s program Integrated test facility – enter test data along actual Parallel simulation (see Figure 7-8) © 2000 The McGraw-Hill Companies. Irwin/McGraw-Hill .

. Documentation of internal control . Irwin/McGraw-Hill © 2000 The McGraw-Hill Companies. Working paper preparation and data retrieval and analysis. Inc.7-15 USE OF MICROCOMPUTERS AS AN AUDIT TOOL       Trial balance and lead schedule preparation.. Performance of statistical sampling applications. Analytical procedures. Audit program preparation.