Transcription
The Impact of InformationTechnology on the AuditProcessChapter 12 2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley5-5
Learning Objective 1Describe how IT improves internal control. 2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley12 - 2
How Information TechnologiesEnhance Internal ControlComputer controlsreplace manualcontrolsHigher-qualityinformation isavailable 2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley12 - 3
Learning Objective 2Identify risks that arise from using an ITbased accounting system. 2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley12 - 4
Assessing Risks ofInformation Technologies Risks to hardware and data Reduced audit trail Need for IT experience andseparation of IT duties 2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley12 - 5
Risks to Hardware and DataReliance onhardware andsoftwareData loss 2012 Prentice Hall Business Publishing, Auditing 14/e, random errors12 - 6
Reduced Audit TrailVisibility ofaudit trailLack oftraditionalauthorizationDetection riskReducedhumaninvolvement 2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley12 - 7
Need for IT Experience andSeparation of Duties Reduced separation of duties Need for IT experience 2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley12 - 8
Learning Objective 3Explain how general controls and applicationcontrols reduce IT risks. 2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley12 - 9
Internal Controls Specific toInformation TechnologyInformation technology controlsApplicationcontrols 2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/BeasleyGeneralcontrols12 - 10
Relationship Between Generaland Application Controls 2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley12 - 11
Categories of General andApplication Controls 2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley12 - 12
Administration of the ITFunctionThe perceived importance of IT within anorganization is often dictated by the attitude ofthe board of directors and senior management. 2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley12 - 13
Segregation of IT Duties 2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley12 - 14
Systems DevelopmentTypical teststrategiesPilot testing 2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/BeasleyParallel testing12 - 15
Physical and Online SecurityOnline Controls: User ID control Password control Separate add-onsecurity softwarePhysical Controls: Keypad entrances Badge-entry systems Security cameras Security personnel 2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley12 - 16
Backup and ContingencyPlanningOffsite storage of critical files is a keyelement to a backup and contingency plan 2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley12 - 17
Hardware ControlsThese controls are built into computerequipment by the manufacturer todetect and report equipment failures. 2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley12 - 18
Application ControlsApplication controls are designed for eachsoftware ntrols 2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley12 - 19
Input ControlsThese controls are designed by anorganization to ensure that theinformation being processed isauthorized, accurate, and complete. 2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley12 - 20
Batch Input ControlsFinancial totalHash totalRecord count 2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/BeasleyTotal for allrecords in a batchTotal of codesfrom all batchrecordsTotal of recordsin a batch12 - 21
Processing ControlsValidation testCorrect file,database, or program?Sequence testCorrectprocessing order?Arithmeticaccuracy testAccuracy ofprocessed data?Data reasonablenesstestData exceedspreset amounts?Completeness test 2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/BeasleyCompletenessof record fields?12 - 22
Output ControlsThese controls focus on detecting errorsafter processing is completed ratherthan on preventing errors. 2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley12 - 23
Learning Objective 4Describe how general controls affect theauditor’s testing of application controls. 2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley12 - 24
Impact of Information Technology onthe Audit Process Effects of general controls on system-wideapplications Effects of general controls on software changes Obtaining an understanding of clientgeneral controls Relating IT controls to transaction-relatedaudit objectives Effect of IT controls on substantive testing 2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley12 - 25
Auditing in IT Environmentswith Varied ComplexityAudit aroundthe computerLESSSmallercompaniesIT controls effectiveAudit thoughthe computerMOREParallelsimulation 2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/BeasleyTest data12 - 26
Auditing Around and Throughthe Computer 2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley12 - 27
Learning Objective 5Use test data, parallel simulation, andembedded audit module approaches whenauditing through the computer. 2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley12 - 28
Test Data Approach1.Test data should include all relevantconditions that the auditor wants tested.2.Application programs tested by theauditors’ test data must be the same asthose the client used throughout the year.3.Test data must be eliminated from theclient’s records. 2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley12 - 29
Test Data ApproachInput testtransactions to testkey controlproceduresMaster filesContaminatedmaster filesApplication programs(assume batch system)Transaction files(contaminated?)Control testresults 2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley12 - 30
Test Data ApproachControl testresultsAuditor makescomparisonsAuditor-predicted resultsof key control proceduresbased on an understandingof internal controlDifferences betweenactual outcome andpredicted result 2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley12 - 31
Parallel SimulationThe auditor uses auditor-controlled softwareto perform parallel operations to the client’ssoftware by using the same data files. 2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley12 - 32
Parallel preparedprogramClient applicationsystem programsAuditorresultsClientresultsAuditor makes comparisons betweenclient’s application system output andthe auditor-prepared program output 2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/BeasleyException reportnoting differences12 - 33
Embedded Audit ModuleApproachAuditor inserts an audit module in theclient’s application system to identifyspecific types of transactions. 2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley12 - 34
Embedded Audit ModuleApproach 2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley12 - 35
Learning Objective 6Identify issues for e-commerce systems andother specialized IT environments. 2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley12 - 36
Issues for Different ITEnvironmentsNetworkEnvironmentsOutsourcedIT 2012 Prentice Hall Business Publishing, Auditing 14/e, ercesystems12 - 37
End of Chapter 12 2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley5-5
auditing through the computer. 2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 29 Test Data Approach 1. Test data should include all relevant conditions that the auditor wants tested. 2. Application programs tested by the auditors’ test data must be the same as those the client used throughout the year. 3. Test data must be eliminated from the client’s .
