Professional Documents
Culture Documents
IN COMPUTERIZED
ENVIRONMENT
7-1
How Information Technologies Enhance
Internal Control
7-2
Assessing Risks of
Information Technologies
RISK TO HARDWARE
AND DATA
7-3
Assessing Risks of
Information Technologies
7-4
Assessing Risks of
Information Technologies
7-5
Learning Objective 2
7-6
Internal Controls Specific to Information
Technology
General Controls
o n t r o l s
c a ti o n C
Ap p l i
7-7
General Controls
Systems Hardware
development controls
7-8
Application Controls
Input controls
Processing
controls
Output controls
7-9
Relationship Between General and
Administrative Controls
Risk of unauthorized change
Risk of system crash
to application software
Cash Receipts
Application
Controls
Sales Payroll
Applications Application
Controls Controls
Other Cycle
Application
Controls
7 - 11
Administration of the
IT Function
7 - 12
Segregation of IT Duties
Security Administrator
Systems Data
Operations
Development Control
7 - 13
Systems Development
Pilot testing
Typical test
strategies
Parallel testing
7 - 14
Physical and Online Security
7 - 15
Backup and
Contingency Planning
7 - 16
Hardware Controls
7 - 17
APPLICATION CONTROL
• Designed to satisfy transaction-related audit
objectives.
• May be done by:
– Client personnel – manual controls
- depends on competence of the personnel & due
care exercised
– Computer – automated controls
- if properly designed, lead to consistent operation
of the controls
7 - 18
Input Controls
7 - 19
Input Controls
• Manual control:
– Management’s authorization of transaction
– Adequate preparation of input source docs
– Competent personnel
• IT controls:
– Prompts for transaction information
– Computer-performed validation tests
– Immediate error correction procedures
– Accumulation of errors in error file for follow-up.
7 - 20
Processing Controls
• Prevent, detect and correct processing errors
when transaction are processed.
• Often imbedded into software.
7 - 21
Processing Controls
Validation test – ensures the use of correct master file, database, prog
7 - 22
Output Controls
7 - 23
Learning Objective 3
7 - 24
Impact of Information Technology on the
Audit Process
7 - 25
Learning Objective 4
7 - 27
Test Data Approach
Input Test
Transactions to Test
Key Control
Procedures
Application Programs
Master Files Transaction Files
(Assume Batch System)
(Contaminated?)
Control Test
Contaminated Results
Master Files
7 - 28
Test Data Approach
Control Test
Results
Auditor-predicted
Results of Key
Auditor Makes Control Procedures
Comparisons Based on an
Understanding of
Internal Control
Differences Between
Actual Outcome
and Predicted Result
7 - 29
Parallel Simulation
7 - 30
Parallel Simulation
Auditor Makes
Production Comparisons Between Master File
Transactions Client’s Application
System Output and
Understanding of the
Client Systems Via the Client
Auditor-
Parallel Simulation Application
Prepared
System
Program
Programs
Exception Report
Auditor Noting Differences Client
Results Results
7 - 31
Embedded Audit
Module Approach
7 - 32
Learning Objective 5
7 - 33
Issues for Different
IT Environments
7 - 34