Professional Documents
Culture Documents
Auditing: A Risk Analysis Approach: Larry F. Konrath
Auditing: A Risk Analysis Approach: Larry F. Konrath
ANALYSIS APPROACH
5th edition
Larry F. Konrath
Electronic Presentation
by Harold O. Wilson
Chapter 8
KEY CONCEPTS OVERVIEW
• Computer Based Information Systems
(CBIS) impact on firm policies &
procedures, and on auditing (controls
& testing)
• CBIS are unique (hardware, processing,
files, storage, scope, especially in global
e-commerce)
• CBIS Controls (General controls,
Application controls, User controls)
KEY CONCEPTS OVERVIEW
• Auditors audit “around” the computer
and/or “through” the computer
• Audit risks in CBIS scenarios escalate
each year (due to direct data inputs,
minimal hard-copy, internal storage)
• Applications of computer assisted testing,
changes in evidence gathering
LEARNING
OBJECTIVES
• Differentiate auditing “around” vs.
“through” the computer
• Identify various types of CBIS
• Define major CBIS accounting controls
• Develop an approach to assessing control
risk in CBIS accounting applications
• Evaluate/manage audit risk factors in
CBIS accounting applications
COMPUTER BASED
INFORMATION SYSTEMS
• Personal Computers—commonplace
• Wide Area Networks(WAN) & Local Area
Networks (LAN)--end-user sharing
• Database Management Systems (DBMS)--
integrated collections of stored data
• Internet and Intranet applications
• Artificial Intelligence (sequenced decision rules)
programs using Knowledge Engineers and
Knowledge Bases (embedded cases)
A note on technology
Information processing systems have
encouraged “continuous auditing” throughout
a client’s fiscal year. Computer systems and
personnel (and changes) tend to obscure (or
destroy) “audit trails” traditionally “traced” by
auditors.
Optimal segregation of
functions exists when
collusion is necessary
in order to circumvent
controls.
IMPACTS ON AUDITING
• Changes in the audit trail
– Less documentation, but more consistency
– Less hard-copy available, but better data access
• Combining of functions
– Computerized “checking,” transaction logs
– Less segmentation of details, and/or people
• Auditing “around the black box”
vs. “through the white box”
FAQ?