-
Statistical Sampling over Nonstatistical in test of controls
- Provide an objective basis for quantitatively evaluating sample risk.
- Measure the sufficiency of the audit evidence obtained.
- Measuring mathematically the degree of
- uncertainty that results from examining only a part of the data.
-
Analytical Procedures in Sampling
- Comparisons of recorded amounts
- Ratios developed from recorded amounts
- to Expectations developed by the auditor.
-
Statistical sampling in tests of controls
- Deviations from specific internal control procedures at a
- given rate ordinarily result in misstatements at a lower rate.
-
Attribute Sampling
- Test of Controls
- Rate & Occurence
- Sample size Known
- Frequency in Sample
- Estimated Error indicates control is effective
-
Embeded Audit Modules
Coded into a client's application to collect data for the auditor
-
Parallel Simulation
- Computed-assisted auditing techniques (CAAT) Processes client input data
- On a controlled program under the auditor's control
-
Integregated Test Facility
Test Data
Run fictitious data through the client's programs
Test data are processed by the client's computer programs under the auditor's control.
-
System Analyst
- Designs and evaluates systems
- Prepares program specifications for programmers
- No review of Output or Data distribution
-
System Program
Designs the operating and control functions of programs Participates in testing operating systems
-
Ratio Estimation
- Measure the total estimated error amount in a population.
- Most appropriate when the size of the errors are
- proportionate to the recorded amounts
- Estimating the total dollar error
-
Test of Controls in Sampling
- Takes a sample
- Determines the sample deviation rate
- compares this rate to the maximum rate he can tolerate and still rely on
- the control
- Decides whether to rely on the control as planned or
- not.
-
Reduce the planned reliance on a prescribed control when:
Sample rate of deviation plus the allowance for sampling risk exceeds the tolerable rate.
-
Factors to determined Audit Sample
- Tolerable exception rate
- Sampling risk, defined as the acceptable risk of assessing control risk too low (ARACR)
- Estimated population exception rate
- Population size (not significant)
-
Variable Sampling
- Substantive Testing
- Dollar Value or Quantity of Units
- Estmate difference between actual & reported amounts
-
Risk of Incorrect acceptance and the likelihood of assessing control risk too low
Effectiveness of Audit
-
Stratified Sampling
- Allow the auditor to emphasize larger items from the population
- The population has highly variable recorded amounts
-
PPS ( monetary sampling)
- Statistical solution rather than a nonstatistical one.
- Reduces the cost of doing the audit testing because several sample items are test at onc
- High dollar items selected from the population
- Zero or Negative items not included
- Auditor controls the risk of incorrect acceptance by specifying a risk level when planning the sample.
-
Calculating Projected Error (PPS)
- Tainting Factor= Recorded $ - Audit $ / Recorded $
- Projected Error = Tainting Factor * Sampling Interval
When an account recorded amount Exceeds the sampling error :Projected Error = actual misstatement
-
Segregate Duties
- Systems development : SSAD
- Systems analysis, Systems programming, Applications programming, Database administration
- Data processing: DODD
- Data preparation, Operations, Data library, Data control.
-
Control Limitations
- Applications to be adequately tested before use
- Backup of files
- Control access to appropriate users
- Adequate documentation
- Application controls
-
Processing Integrity principle (CATA)
- Complete
- Accurate
- Timely
- Authorized.
-
Information Systems Department - 2 functions
- Systems development
- Data processing
-
System Programmer
- Implementing
- Modifying
- Debugging
-
Operator
- Daily computer operations of hardware and software
- Mounts tapes
- Supervises operations on a console
- Accepts inputs and distributes outputs
-
Applications Progammer
- Writing applications software
- Testing
- Debugging
-
DataBase Administrator DBA
- Maintaining the database
- Restricting access to the database to authorized users
-
At a minimum Segregate POL
- Programming
- Operations
- Library.
-
System Control Activities (GAS)
-
System documentation used by Auditors & Analyst (DES)
- Data Flow Diagrams
- Entity Relationship Diagrams
- System Flowcharts
-
Systems key entities and the relationships among those entities
Entity Relationship Diagram (EDP)
-
Examples of input validation or edit controls
- Preprinted forms, check digits, control., batch and proof totals, hash totals, record counts and limit or reasonable tests
- Menu driven input, field and validity checks, missing data and field size checks and logic checks
- Redundant data checks and closed loop verification
-
USER Control Activities
- Checks of computer output aginst source documents, control totals or other input
- Reviewing computer logs
- Policies and procedures that document authorized users and receipients of data
-
Mathematical summation of a piece of information that would not otherwise be computed except for control purposes
Ex: Final digit of all employee identification numbers
Hash Total
|
|