Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                

Chapter 8

Download as ppt, pdf, or txt
Download as ppt, pdf, or txt
You are on page 1of 23

Chapter 8

Accounting Information Systems

Information Technology Auditing

Chapter
8-1
Information Technology Auditing

Function
 Evaluate computer’s role in achieving audit and
control objectives

Assurance Provided
 Data and information are reliable, confidential, secure,
and available
 Safeguarding assets, data integrity, and operational
effectiveness
Chapter
8-2
Information Technology Auditing

 The IT audit function encompasses all the components of a


computer-based AIS: people, procedures, hardware, data
communications ,software, and databases.

 These components are a system of interacting elements


that auditors examine to accomplish the purposes of their
audits.

Chapter
8-3
The Information Technology
Audit Process

External auditors examine an organization’s computer-


based AIS primarily to evaluate how the organization’s
control procedures over computer processing affect the
financial statements (attest objectives).

The controls in place will directly influence the scope of


the audit. For instance

Chapter
8-4
The Information Technology Audit
Process

 if computer controls are weak or nonexistent, auditors will


need to do more substantive testing—i.e., detailed tests of
transactions and account balances.
 An example of substantive testing is the confirmation of
accounts receivable with customers.
 If the control procedures over a company’s computerized
financial accounting system are strong, the auditors may
limit the scope of their audit by examining fewer
transactions underlying accounts receivable account
balances.
Chapter
8-5
The Components of an IT Audit

Chapter
8-6
The Information Technology
Audit Process

Computer-Assisted Audit Techniques (CAAT)


 Use of computer processes to perform audit functions
 Performing substantive tests

Chapter
8-7
Evaluating the Effectiveness of
Information Systems Controls

 The more confidence auditors have (as a result of strong


controls) that data are input and processed accurately in a
computer-based system, the less substantive testing they
perform.

 On the other hand, a computer-based system with weak


controls over data input and processing will call for more
detailed testing of financial transactions.

Chapter
8-8
Evaluating the Effectiveness of
Information Systems Controls

Risk Assessment
An external auditor’s main objective in reviewing
information systems control procedures is to evaluate the
risks(associated with any control Weaknesses) to the integrity
of accounting data presented in financial reports.

A secondary objective of the external auditor’s review is to


make recommendations to managers about improving these
controls.

Chapter
8-9
Evaluating the Effectiveness of
Information Systems Controls

The following four steps provide a logical framework for


performing a risk-based audit of a company’s AIS:
1.Determine the threats (i.e., errors and irregularities) facing

the AIS
2.Identify the control procedures that should be in place to

minimize each of these threats and thereby prevent or detect


the errors and irregularities.

Chapter
8-10
Risk Assessment

3. Evaluate the control procedures within the AIS


 The process of reviewing system documentation and
interviewing appropriate personnel to determine whether
the necessary control procedures are in place is called a
systems review
 The tests include such activities as observing system
operations; inspecting documents, records, and reports;
checking samples of system inputs and outputs; and
tracing transactions through the system.

Chapter
8-11
Risk Assessment

4. Evaluate weaknesses (i.e., errors and irregularities not


covered by control procedures) within the AIS to
ascertain their effect on the nature, timing, or extent of
auditing procedures.

Chapter
8-12
The Information Technology Auditor’s
Toolkit

 Auditors can use computer-assisted audit techniques


(CAATs)to help them in various auditing tasks.
 auditing with the computer.
 Manual access to data stored on computers is impossible

Chapter
8-13
The IT Auditor’s Toolkit

Auditing Software
Auditors can use a variety of software when auditing with
the computer.

Examples
include general-use software such as word processing

programs, spreadsheet software, and database management


systems

Chapter
8-14
The IT Auditor’s Toolkit

Auditing Software
General-Use Software
Auditors employ general-use software as productivity tools

that can improve their work.


For instance,
Word processing programs improve effectiveness when

writing reports because built-in spell checks can significantly


reduce spelling errors

Chapter
8-15
The IT Auditor’s Toolkit

Auditing Software
General-Use Software
Spreadsheet software allows both accountants and auditors

to make complex calculations automatically.

It also allows the user to change one number and update all
related numbers at the click of a mouse

Chapter
8-16
The IT Auditor’s Toolkit

Auditing Software
General-Use Software
Accountants and auditors can use a database management

system (DBMS)to perform some of the same functions as


spreadsheet software.
For instance, DBMSs can sort data and make certain

mathematical computations.
However, they are distinguished from spreadsheet software

by their ability to manipulate large sets of data in fairly


simple ways
Chapter
8-17
The IT Auditor’s Toolkit

Generalized Audit Software.


Generalized audit software (GAS) packages (or programs)

enable auditors to review computer files without continually


rewriting processing programs.
GAS includes mathematical computations, cross footing,

categorizing, summarizing, merging files, sorting records,


statistical sampling, and printing reports.
The advantage GAS packages have over other software is

that these programs are specifically tailored to auditor tasks

Chapter
8-18
The IT Auditor’s Toolkit

Generalized Audit Software.


Two popular GAS packages used by auditors are
1.Audit Command Language (ACL) and

2.Interactive Data Extraction and Analysis (IDEA).

These programs allow auditors to examine a company’s data


in a variety of formats.

Chapter
8-19
The IT Auditor’s Toolkit

They include commands such as


STRATIFY, EXTRACT, and JOIN

Each of these commands provides an auditor with a different

view of the data.


For example, the stratify command lets an auditor group data
into categories
This is useful, for example, in sorting inventories into

various classes based on their cost.


Stratification lets an auditor concentrate on high-dollar-value

inventory items. Chapter


8-20
The IT Auditor’s Toolkit

Automated Work-paper Software.


Automated work-paper software is similar to general ledger

software.
The difference is that automated work-paper software

handles accounts for many organizations in a flexible manner


Features
Generate trial balances

Make adjusting entries

Perform consolidations, and

Conduct analytical procedures


Chapter
8-21
The IT Auditor’s Toolkit

Automated Work-paper Software.


The advantage of using automated work-paper software is

that Auditors can use this software to prepare consolidated


trial balances and financial statements (that combine accounts
of multiple companies)
In addition, automated work-paper software can easily

calculate financial statement ratios and measurements, such


as the current ratio, the working capital , the inventory
turnover rate ,and the price-earnings ratio

Chapter
8-22
The IT Auditor’s Toolkit

People Skills
working as a team

interact with clients and other auditors.

Interviewing clients

Importance of Interviews
 Gain understanding of organization
 Evaluate internal controls

Chapter
8-23

You might also like