Scribd Logo
Upload

Welcome to Scribd!

  • Auditing Computer-Based Information Systems

    Uploaded by

    Irianti Pudji Lestari
    1 views17 pages

    Original Title

    013255271X_ppt_11

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    1 views17 pages

    Auditing Computer-Based Information Systems

    Uploaded by

    Irianti Pudji Lestari

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 17

    Chapter 11

    Auditing Computer-Based Information Systems


    11-1
    Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall
    Learning Objectives

     Describe the scope and objectives of audit work, and identify the
    major steps in the audit process.

     Identify the objectives of an information system audit, and describe


    the four-step approach necessary for meeting these objectives.

     Design a plan for the study and evaluation of internal control in an


    AIS.

     Describe computer audit software, and explain how it is used in the


    audit of an AIS

     Describe the nature and scope of an operational audit.

    Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 11-2


    Auditing

     The systematic process of obtaining and evaluating evidence


    regarding assertions about economic actions and events in order to
    determine how well they correspond with established criteria

    Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 11-3


    Types of Audits
     Financial
     Examines the reliability and integrity of:
     Financial transactions, accounting records, and financial statements.

     Information System
     Reviews the controls of an AIS to assess compliance with:
     Internal control policies and procedures and effectiveness in safeguarding assets

     Operational
     Economical and efficient use of resources and the accomplishment of established goals and
    objectives

     Compliance
     Determines whether entities are complying with:
     Applicable laws, regulations, policies, and procedures

     Investigative
     Incidents of possible fraud, misappropriation of assets, waste and abuse, or improper
    governmental activities.

    Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 11-4


    The Audit Process

     Planning

     Collecting Evidence

     Evaluating Evidence

     Communicating Audit Results

    Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 11-5


    Planning the Audit

     Why, when, how, whom

     Work targeted to area with greatest risk:


     Inherent
     Chance of risk in the absence of controls
     Control
     Risk a misstatement will not be caught by the internal control system
     Detection
     Chance a misstatement will not be caught by auditors or their
    procedures

    Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 11-6


    Collection of Audit Evidence

     Not everything can be examined  Confirmations


    so samples are collected  Testing balances with
    external 3rd parties
     Observation activates to be
    audited  Re-performance
     Recalculations to test values
     Review of documentation
     Gain understanding of  Vouching
    process or control
     Examination of supporting
     Discussions documents

     Questionnaires
     Analytical review
     Examining relationships and
     Physical examination trends

    Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 11-7


    Evaluation of Audit Evidence

     Does evidence support favorable or unfavorable conclusion?

     Materiality
     How significant is the impact of the evidence?

     Reasonable Assurance
     Some risk remains that the audit conclusion is incorrect.

    Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 11-8


    Communication of Audit Conclusion

     Written report summarizing audit findings and recommendations:


     To management
     The audit committee
     The board of directors
     Other appropriate parties

    Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 11-9


    Risk-Based Audit
     Determine the threats (fraud and errors) facing the company.
     Accidental or intentional abuse and damage to which the system is exposed

     Identify the control procedures that prevent, detect, or correct the threats.
     These are all the controls that management has put into place and that auditors should
    review and test, to minimize the threats

     Evaluate control procedures.


     A systems review
     Are control procedures in place
     Tests of controls
     Are existing controls working

     Evaluate control weaknesses to determine their effect on the nature, timing, or


    extent of auditing procedures.

    Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 11-10


    Information Systems Audit

     Purpose:
     To review and evaluate the internal controls that protect the system

     Objectives:
    1. Overall information security
    2. Program development and acquisition
    3. Program modification
    4. Computer processing
    5. Source files
    6. Data files

    Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 11-11


    1. Information System Threats

     Accidental or intentional damage to system assets

     Unauthorized access, disclosure, or modification of data and


    programs

     Theft

     Interruption of crucial business activities

    Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 11-12


    2. Program Development and Acquisition

     Inadvertent programming errors due to misunderstanding system


    specifications or careless programming

     Unauthorized instructions deliberately inserted into the programs

     Controls:
     Management and user authorization and approval, thorough testing, and
    proper documentation

    Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 11-13


    3. Program Modification

     Source Code Comparison


     Compares current program against source code for any discrepancies

     Reprocessing
     Use of source code to re-run program and compare for discrepancies

     Parallel Simulation
     Auditor-created program is run and used to compare against source code

    Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 11-14


    4. Computer Processing

     System fails to detect:


     Erroneous input
     Improper correction of input errors
     Process erroneous input
     Improperly distribute or disclose output

     Concurrent audit techniques


     Continuous system monitoring while live data are processed during
    regular operating hours
     Using embedded audit modules
     Program code segments that perform audit functions, report test
    results, and store the evidence collected for auditor review

    Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 11-15


    Types of Concurrent Audits
     Integrated Test Facility
     Uses fictitious inputs

     Snapshot Technique
     Master files before and after update are stored for specially marked transactions

     System Control Audit Review File (SCARF)


     Continuous monitoring and storing of transactions that meet pre-specifications

     Audit Hooks
     Notify auditors of questionable transactions

     Continuous and Intermittent Simulation


     Similar to SCARF for DBMS

    Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 11-16


    5. Source Data and
    6. Data Files
     Accuracy

     Integrity

     Security of data

    Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 11-17

    You might also like