Scribd Logo
Upload

Welcome to Scribd!

  • AUDIT Report Chap7 FINAL

    Uploaded by

    Rosemarie Embate
    20 views30 pages

    Original Title

    AUDIT Report chap7 FINAL

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    20 views30 pages

    AUDIT Report Chap7 FINAL

    Uploaded by

    Rosemarie Embate

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 30

    CHAPTER 6

    SUMMARY
    CHAPTER 7
    AUDITING IN A COMPUTERIZED Group 7

    ENVIRONMENT
    Ease of
    access to Concentration
    Data and of duties
    Computer
    Programs
    Systems
    Consistency generated
    of transactions
    performance

    Lack of Vulnerability
    Characteristics
    visible of Computer of data and
    transaction Information program
    trails System (CIS) storage
    media
    INTERNAL CONTROL IN A
    CIS ENVIRONMENT
    2 T YPES OF INTERNAL CONTROL IN A CIS
    ENVIRONMENT

    1. General controls
    2. Application controls
    GENERAL CONTROLS

    1. Organizational controls

    a) Segregation between the CIS department


    and user departments.
     CIS department must be independent of all
    departments within the entity.
    b) Segregation of duties within the CIS
    department.
     Functions within the CIS department should be
    properly segregated.
    GENERAL CONTROLS

    CIS Director

    Systems Other
    Operations
    development Functions

    Systems Computer
    Librarian
    Analyst operator

    Data Entry Control


    Programmer
    Operator Group
    POSITION PRIMARY RESPONSIBILITIES
    CIS Director Exercise control over the CIS operation.
    Systems Designs new systems, evaluates and improves existing
    Analyst systems, and prepares specifications for programmers.
    Programmer Guided by the specifications of the systems analysts, the
    programmer writes a program, tests and debugs such
    programs, and prepares the computer operating
    instructions.
    Computer Using the program and detailed operating instructions
    Operator prepared by the programmer, computer operator
    operates the computer to process transactions.
    Data Entry Prepares and verifies input data for processing.
    Operator
    Librarian Maintains custody of systems documentation, programs
    and files.
    Control Group Reviews all input procedures, monitors computer
    processing errors, reviews the reasonableness of output,
    and distributes output to authorized personnel.
    GENERAL CONTROLS

    2. Systems development and documentation


    controls
     Software development as well as changes
    thereof must be approved by the appropriate
    level of management and the user department.

    3. Access controls
     Adequate security controls to protect equipment,
    files and programs.
    GENERAL CONTROLS

    4. Data recovery controls


     Provides maintenance of back-up files and off-
    site storage procedures.

    5. Monitoring controls
     Ensure that CIS controls are working effectively
    as planned.
    APPLICATION CONTROLS

    THREE
    STAGES INPUT Capturing of a mass of data

    Converting the mass of raw


    PROCESSING data into useful information

    Preparation of information in a
    OUTPUT form useful to those who wish
    to use it
    APPLICATION CONTROLS

    Policies and procedures that relate to


    specific use of the system
    APPLICATION CONTROLS

    1. Controls over input


     Designed to provide reasonable assurance that
    data submitted for processing are complete,
    properly authorized and accurately translated into
    machine readable form.
    EXAMPLES OF INPUT CONTROLS

    Key verification
    Field check
    Validity check
    Self-checking digit
    Limit check
    Control totals
    APPLICATION CONTROLS

    2. Controls over processing


     Provide reasonable assurance that input data are
    processed accurately, and that data are not lost,
    added, excludes, duplicated or improperly
    changed.

    3. Controls over output


     Designed to provide reasonable assurance that the
    results of processing are complete, accurate and
    that these outputs are distributed only to
    authorized personnel.
    TEST OF CONTROL IN A
    CIS ENVIRONMENT
    TEST OF CONTROL IN A CIS
    ENVIRONMENT

    Test of control in a CIS environment involves


    evaluating the clients internal control policies
    and procedures to determine if they are
    functioning as intended.
    Testing the reliability of general controls may
    include:
     Observing client’s personnel in performing their
    duties.
     Inspecting program documentation
     Observing the security measures in force.
    TEST OF CONTROL IN A CIS
    ENVIRONMENT

    In testing application controls, the auditor may


    either:

    1. Auditing around the computer; or


    2. Use Computer-Assisted Audit Techniques
    AUDITING AROUND THE COMPUTER

    Includes examination of documents and


    reports to determine the reliability of the
    system.
    COMPUTER ASSISTED AUDIT TECHNIQUES
    (CAATS)

    Computer programs and data which the


    auditor, as part of the audit procedures to
    process data of audit significance contained
    in an entity's information systems
    COMPUTER ASSISTED AUDIT TECHNIQUES
    (CAATS)

    1. Test Data
     A technique designed to test the
    effectiveness of internal control procedures
    which are incorporated in the client's
    computer program.
    COMPUTER ASSISTED AUDIT TECHNIQUES
    (CAATS)

    Establish the application processing integrity


    Uses "test deck“
    Valid data
    Purposefully selected invalid data
    Possible
    *input error
    *logical processes
    *irregularity
    PROCEDURES:
    1. Predetermined results and
    expectations
    2. Run test deck
    3. Compare results
    COMPUTER ASSISTED AUDIT TECHNIQUES
    (CAATS)

    2. Integrated Test Facility


    The technique of using an appropriate unit in
    testing the computer system without depending
    on the test data made alone by the auditor
    It integrates the processing of test data with the
    actual processing of ordinary transactions
    without management being aware of the testing
    process
    PROCEDURES
    1. Set up a dummy entity within the application system
    2. System able to discriminate between ITF audit module
    transactions and routine transactions
    3. Auditor analyzes ITF results against expected results
    COMPUTER ASSISTED AUDIT TECHNIQUES
    (CAATS)

    3. Parallel Stimulation
    A technique where an auditor write a program
    that stimulates key features of the program
    under review
    Procedures
    1 . Auditor gains thorough understanding of the application
    under review
    2. Auditor identifies those processes and controls critical to the
    application
    3. Auditor creates the stimulation using the software or program
    4. Auditor runs the selected program using selected data and
    files
    COMPUTER ASSISTED AUDIT TECHNIQUES
    (CAATS)
    Generalized audit Purpose written
    software
    programs
    - designed to perform
    common audit task - designed to
    perform audit task
    Ex. Verifying in specific
    calculations, circumstances.
    summarizing and
    totaling files, This is done by
    reporting and hiring an outside
    customize formats programmer
    OTHER CAATS

    Snapshots
    involves taking pictures of the various stages
    of processing

    System control audit review files (SCARF)


    involves embedding audit software modules to
    monitor the system transactions

    You might also like