Chapter 8

  1. Overview of IT
    • ERP- (SAP, Oracle, Dynamics), Small (quickbooks)
    • Batch, on-line batch, real-time
    • Core of all systems are data bases
    • Hardware
    • SW applications
    • Networks
    • Electronic Commerece- EDI,FEDI, EFT, web
  2. Internal Control in IT
    • Segregation of duties
    • It operations
    • User access to data/applications
    • Clearly defined responsibilities
    • Augmented by controls written into computer programs
    • Software Development Life Cycle
  3. Audit Trail Impact
    • In computerized environment, audit trail ordinarily still exists, but often not in printed form
    • Can affect audit procedures
    • Consulting auditors during design stage of IT-based system helps ultimate audibility
  4. Organization Information System Department-PIC
  5. Responsibilities In IT
    • Information systems management
    • Systems analysis
    • Application Programming
    • Database Administration
    • Data Entry
    • It Operations
    • Program and file library
    • Data Controls
    • Telecommunications Specialists
    • System Programing
  6. Information System Managment
    Supervise the operation of the department and report to the vice president of finance
  7. Systems Analysis
    Responsible for designing the system
  8. Application Programming
    Design flowcharts and write programming code
  9. Database Administration
    Responsible for planning and adminstering the company database
  10. Data Entry
    Prepare and verify input data for processing
  11. IT Operations
    Run and monitor central computers
  12. Program and file library
    Protect computer programs, master files and other records from loss, damage and unauthorized use
  13. Data Control
    Reviews and tests all input procedures, monitors processes and reviews IT logs
  14. Telecommunications Specialists
    Responsible for maintaining and enhancing IT networks
  15. System programing
    Responsible for Troubleshooting the operating system
  16. IT Control Activities -General
    • Developing new programs and systems
    • changing existing programs and systems
    • Access to programs and data
    • It operations controls
  17. Computer-Based Fraud
    • History shows that developer is mostly the culprit
    • Segregation's of duties
    • programing separate from controlling data entry
    • computer operator from custody or detailed knowledge of programs
    • If segregation not possible need:
    • Compensating controls like batch totals
    • Organizational controls not effective in mitigating collusion
  18. IT Control Activities - Pic
  19. Elements of System Reliability
    • Security:
    • Authentication-who get in
    • Authorization-what can the user do
    • Encryption
  20. Application Control Activities- Programmed Control Activities
    • Input validation checks
    • Batch controls
    • Processing Controls
  21. Step 1 of Plan Audit and Obtain an Understanding
    Consider IT system in planning
  22. Step 2- Obtain an understanding of the client and its enviornment
    • Documentations of clients's IT-based system depends on complexity of system
    • Narrative
    • Systems flowchart
    • Program flowchart
    • Internal Control questionnaires
  23. Step 3- Asses the Risks of Material Misstatement
    • ID risks
    • Relate the ID risks to what can go wrong at the relevant assertion level
    • Consider whether the risks are of a mangitude that could result in a material misstatement
    • Consider the likelihood that the risks could result in a material misstatement
  24. IT Controls Assessment
    • Hire IT control expert if auditor not experienced
    • Use COBIT or AICPA trust services
    • General Control assessment- applies to all IT operations and applications
    • Application Control- embedded in process control evaluation
    • Must test controls at both levels
    • Same assessment outcomes as manual process controls
    • Operational Effectiveness
    • Material Weakness and significant deficiencies.
  25. Techniques for Testing Application Controls- Auditing Around the Computer
    Manually processing selected transaction and comparing results to computer output
  26. Techniques for Testing Application Controls-Manual Tests of Computer Controls
    Inspection of computer control reports and evidence of manual follow-up on exceptions
  27. Techniques for Testing Application Controls-Auditing through the computer
    • Test data
    • Integrated Test Facility
    • Controlled programs
    • Program Analysis Techniques
    • Tagging and Tracing transactions
    • Generalized audit software-paralles simulation
  28. Using Generalized Audit Software to perform Substantive Procedures
    • Examine client's records for overall quality, completeness and valid conditions
    • Rearrange data and perform analyses
    • Select audit samples
    • Compare data on separate files
    • Compare results of audit procedures with client's records
  29. Inventory Audit Procedures Using Generalized Audit Software-Pic
  30. Service Organizations (SAS 70)
    • Computer service centers provide processing services (payroll, benefits, accounting)
    • Outsourcing companies (IBM, EDS) run computer centers and provide IT personnel
    • Cloud Computing
    • Internet Services (ASP-Application service providers)
  31. Audit Concern when service is are part of the clients information system: (SAS 70)
    • How clients transactions are initiated
    • The accounting records, supporting information
    • The accounting proces for initiation to inclusion in FS
    • The financial reporting process
  32. SAS 70- Gives Auditor Guidance
    If no SAS 70 report, audit must include service organization in audit scope
Card Set
Chapter 8
Midterm 1