Académique Documents
Professionnel Documents
Culture Documents
Consideration of
Internal Control in
an Information
Technology
Environment
McGraw-Hill/Irwin
Moderate system
Basic general ledger system (e.g.., Quickbooks)
Expensive
ERP systems (e.g., SAP)
8-2
Nature of IT Systems
Usually
consists of:
Hardware
Digital computer and peripheral
equipment
Software
Various programs and routines for
operating the system
8-3
Computer Hardware
Input/Output Devices
Storage
Card Readers
Terminals
Electronic Cash
Optical Scanners
Magnetic Tape Drives
Magnetic Disk Drives
Optical Compact Disks
Auxiliary
Arithmetic Unit
Control Unit
Primary Storage
Magnetic Disks
Magnetic Drums
Magnetic Tapes
Registers
Optical Compact
Disks
8-4
Software
Two
Types:
Systems software
Programs that control and coordinate hardware
components and provide support to application
software
Operating system (Examples: Unix, Windows)
Application software
Programs designed to perform a specific data
processing task
Written in programming language (Example: Java)
8-5
System Characteristics
Regardless
Batch processing
On-line capabilities
Database storage
IT networks
End user computing
8-6
Batch Processing
Input
Online Capabilities
Database Storage
In
Database
IT Networks
Networks
Computers linked together through
telecommunication links that enable computers to
communicate information back and forth
WAN, LAN
Internet, intranet, extranet
Electronic commerce
Involves electronic processing and transmission of
data between customer and client
Electronic Data Interchange (EDI)
8-10
Internal Control in IT
Importance
Separation of duties
Clearly defined responsibilities
Augmented by controls written into computer
programs
8-12
8-14
Responsibilities (1 of 2)
Responsibilities (2 of 2)
IT Operations
Computer-Based Fraud
Internal Auditing in IT
8-18
8-19
IT Control Activities
General Control Activities
IT operations controls
8-20
Example: Sales invoices generated by ITbased system tested for clerical accuracy and
pricing by the accounting clerk
8-22
Train users
Document computer processing procedures
Backup files stored away from originals
Authorization controls
Prohibit use of unauthorized programs
Use antivirus software
8-23
Narrative
Systems flowchart
Program flowchart
Internal control questionnaires
8-24
Identify risks
Relate the identified risks to what can go wrong at
the relevant assertion level
Consider whether the risks are of a magnitude
that could result in a material misstatement
Consider the likelihood that the risks could result
in a material misstatement
Test Data
Integrated Test Facility
Controlled Programs
Program Analysis Techniques
Tagging and Tracing Transactions
Generalized audit software parallel simulation
8-26
8-28
Service Organizations
Computer
8-29
Service Organizations
Can
SAS 70 report
8-30