Scribd
Upload
123 views

The Impact of Information Technology On The Audit Process

Uploaded by

Louis Valentino
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
123 views

The Impact of Information Technology On The Audit Process

Uploaded by

Louis Valentino
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 38

The Impact of Information

Technology on the Audit


Process

Chapter 12
http://downloadslide.blogspot.com

©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 5-5


Learning Objective 1

Describe how IT improves internal control.

©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 2


How Information Technologies
Enhance Internal Control

Computer controls
replace manual
controls

Higher-quality
information is
available

©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 3


Learning Objective 2

Identify risks that arise from using an IT-


based accounting system.

©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 4


Assessing Risks of
Information Technologies
 Risks to hardware and data

 Reduced audit trail

 Need for IT experience and


separation of IT duties

©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 5


Risks to Hardware and Data

Reliance on Unauthorized
hardware and access
software

Systematic
vs.
Data loss random errors

©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 6


Reduced Audit Trail

Visibility of
audit trail

Lack of
traditional Detection risk
authorization

Reduced
human
involvement
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 7
Need for IT Experience and
Separation of Duties
 Reduced separation of duties

 Need for IT experience

©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 8


Learning Objective 3

Explain how general controls and application


controls reduce IT risks.

©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 9


Internal Controls Specific to
Information Technology
Information technology controls

Application General
controls controls

©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 10


Relationship Between General
and Application Controls

©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 11


Categories of General and
Application Controls

©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 12


Administration of the IT
Function
The perceived importance of IT within an
organization is often dictated by the attitude of
the board of directors and senior management.

©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 13


Segregation of IT Duties

©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 14


Systems Development

Typical test
strategies

Pilot testing Parallel testing

©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 15


Physical and Online Security

Online Controls:
 User ID control
 Password control
 Separate add-on
security software
Physical Controls:
 Keypad entrances
 Badge-entry systems
 Security cameras
 Security personnel
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 16
Backup and Contingency
Planning
Offsite storage of critical files is a key
element to a backup and contingency plan

©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 17


Hardware Controls

These controls are built into computer


equipment by the manufacturer to
detect and report equipment failures.

©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 18


Application Controls

Application controls are designed for each


software application

Input Output
controls controls

Processing
controls
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 19
Input Controls

These controls are designed by an


organization to ensure that the
information being processed is
authorized, accurate, and complete.

©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 20


Batch Input Controls

Financial total Total for all


records in a batch

Total of codes
Hash total from all batch
records

Total of records
Record count
in a batch

©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 21


Processing Controls
Correct file,
Validation test database, or program?
Correct
Sequence test processing order?
Arithmetic Accuracy of
accuracy test processed data?
Data reasonableness Data exceeds
test preset amounts?
Completeness
Completeness test of record fields?
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 22
Output Controls

These controls focus on detecting errors


after processing is completed rather
than on preventing errors.

©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 23


Learning Objective 4

Describe how general controls affect the


auditor’s testing of application controls.

©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 24


Impact of Information Technology on
the Audit Process
 Effects of general controls on system-wide
applications
 Effects of general controls on software changes
 Obtaining an understanding of client
general controls
 Relating IT controls to transaction-related
audit objectives
 Effect of IT controls on substantive testing

©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 25


Auditing in IT Environments
with Varied Complexity
Audit around
LESS the computer
Smaller IT controls
companies < effective

Audit though
MORE the computer
Parallel
Test data
simulation
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 26
Auditing Around and Through
the Computer

©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 27


Learning Objective 5

Use test data, parallel simulation, and


embedded audit module approaches when
auditing through the computer.

©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 28


Test Data Approach

1. Test data should include all relevant


conditions that the auditor wants tested.

2. Application programs tested by the


auditors’ test data must be the same as
those the client used throughout the year.

3. Test data must be eliminated from the


client’s records.

©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 29


Test Data Approach
Input test
transactions to test
key control
procedures

Application programs Transaction files


Master files (assume batch system) (contaminated?)

Control test
Contaminated results
master files

©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 30


Test Data Approach

Control test
results

Auditor-predicted results
Auditor makes of key control procedures
comparisons based on an understanding
of internal control

Differences between
actual outcome and
predicted result
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 31
Parallel Simulation

The auditor uses auditor-controlled software


to perform parallel operations to the client’s
software by using the same data files.

©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 32


Parallel Simulation
Production Master
transactions file

Auditor-prepared Client application


program system programs

Auditor Client
results results

Auditor makes comparisons between Exception report


client’s application system output and noting differences
the auditor-prepared program output
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 33
Embedded Audit Module
Approach
Auditor inserts an audit module in the
client’s application system to identify
specific types of transactions.

©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 34


Embedded Audit Module
Approach

©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 35


Learning Objective 6

Identify issues for e-commerce systems and


other specialized IT environments.

©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 36


Issues for Different IT
Environments
Network Database
Environments Management
Systems

Outsourced e-Commerce
IT systems

©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 37


End of Chapter 12

©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 5-5

You might also like