Scribd Logo
Importer

Bienvenue sur Scribd !

  • The Impact of Information Technology On The Audit Process

    Transféré par

    Erwin Dwi Putra
    17 vues35 pages

    Titre original

    RRChapter12.ppt

    Copyright

    © © All Rights Reserved

    Formats disponibles

    PPT, PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme PPT, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    17 vues35 pages

    The Impact of Information Technology On The Audit Process

    Transféré par

    Erwin Dwi Putra

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme PPT, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 35

    The Impact of Information

    Technology on the Audit


    Process

    Chapter 12

    ©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 12 - 1


    Learning Objective 1

    Describe how IT improves


    internal control.

    ©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 12 - 2


    How Information Technologies
    Enhance Internal Control
     Computer controls replace manual controls

     Higher-quality information is available

    ©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 12 - 3


    Learning Objective 2

    Identify risks that arise from using


    an IT-based accounting system.

    ©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 12 - 4


    Assessing Risks of
    Information Technologies
     Risks to hardware and data

     Reduced audit trail

     Need for IT experience and


    separation of IT duties

    ©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 12 - 5


    Risks to Hardware and Data

     Reliance on the functioning capabilities


    of hardware and software

     Systematic versus random errors

     Unauthorized access

     Loss of data

    ©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 12 - 6


    Reduced Audit Trail

     Visibility of audit trail

     Reduced human involvement

     Lack of traditional authorization

    ©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 12 - 7


    Need for IT Experience and
    Separation of Duties
     Reduced separation of duties

     Need for IT experience

    ©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 12 - 8


    Learning Objective 3

    Explain how general controls


    and application controls
    reduce IT risks.

    ©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 12 - 9


    Internal Controls Specific to
    Information Technology
     General controls

     Application controls

    ©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 12 - 10


    Relationship Between General
    and Application Controls
    Risk of unauthorized change
    Risk of system crash
    to application software

    Cash receipts
    application
    controls
    Sales Payroll
    application application
    controls controls
    Other cycle
    application
    controls

    Risk of unauthorized GENERAL CONTROLS Risk of unauthorized


    master file update processing
    ©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 12 - 11
    General Controls

     Administration of the IT function

     Separation of IT duties

     Systems development

     Physical and online security

     Backup and contingency planning

     Hardware controls
    ©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 12 - 12
    Administration of the IT
    Function
    The perceived importance of IT within an
    organization is often dictated by the attitude of
    the board of directors and senior management.

    ©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 12 - 13


    Segregation of IT Duties

    Chief Information Officer or IT Manager

    Security Administrator

    Systems Data
    Operations
    Development Control

    ©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 12 - 14


    Systems Development

    Typical test
    strategies

    Pilot testing Parallel testing

    ©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 12 - 15


    Physical and Online Security

    Physical Controls: Online Controls:


     Keypad entrances  User ID control
     Badge-entry systems  Password control
     Security cameras  Separate add-on
     Security personnel security software

    ©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 12 - 16


    Backup and Contingency
    Planning
    One key to a backup and contingency plan
    is to make sure that all critical copies of
    software and data files are backed up
    and stored off the premises.

    ©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 12 - 17


    Hardware Controls

    These controls are built into computer


    equipment by the manufacturer to
    detect and report equipment failures.

    ©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 12 - 18


    Application Controls

     Input controls

     Processing controls

     Output controls

    ©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 12 - 19


    Input Controls

    These controls are designed by an


    organization to ensure that the
    information being processed is
    authorized, accurate, and complete.

    ©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 12 - 20


    Batch Input Controls

     Financial total

     Hash total

     Record count

    ©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 12 - 21


    Processing Controls

     Validation test

     Sequence test

     Arithmetic accuracy test

     Data reasonableness test

     Completeness test

    ©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 12 - 22


    Output Controls

    These controls focus on detecting errors


    after processing is completed rather
    than on preventing errors.

    ©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 12 - 23


    Learning Objective 4

    Describe how general controls


    affect the auditor’s testing
    of application controls.

    ©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 12 - 24


    Impact of Information Technology
    on the Audit Process
     Effects of general controls on control risk

     Effects of IT controls on control risk and


    substantive tests

     Auditing in less complex IT environments

     Auditing in more complex IT environments

    ©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 12 - 25


    Learning Objective 5

    Use test data, parallel simulation,


    and embedded audit module
    approaches when auditing
    through the computer.

    ©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 12 - 26


    Test Data Approach

    1. Test data should include all relevant


    conditions that the auditor wants tested.

    2. Application programs tested by the


    auditors’ test data must be the same as
    those the client used throughout the year.

    3. Test data must be eliminated from the


    client’s records.

    ©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 12 - 27


    Test Data Approach
    Input test
    transactions to test
    key control
    procedures

    Application programs Transaction files


    Master files (assume batch system) (contaminated?)

    Control test
    Contaminated results
    master files

    ©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 12 - 28


    Test Data Approach
    Control test
    results

    Auditor-predicted results
    Auditor makes of key control procedures
    comparisons based on an understanding
    of internal control

    Differences between
    actual outcome and
    predicted result
    ©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 12 - 29
    Parallel Simulation

    The auditor uses auditor-controlled software


    to perform parallel operations to the client’s
    software by using the same data files.

    ©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 12 - 30


    Parallel Simulation

    Production Master
    transactions file

    Auditor-prepared Client application


    program system programs

    Auditor Client
    results results

    Auditor makes comparisons between Exception report


    client’s application system output and noting differences
    the auditor-prepared program output
    ©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 12 - 31
    Embedded Audit Module
    Approach
    Auditor inserts an audit module in the
    client’s application system to identify
    specific types of transactions.

    ©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 12 - 32


    Learning Objective 6

    Identify issues for e-commerce


    systems and other specialized
    IT environments.

    ©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 12 - 33


    Issues for Different IT
    Environments
     Issues for network environments

     Issues for database management systems

     Issues for e-commerce systems

     Issues when clients outsource IT

    ©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 12 - 34


    End of Chapter 12

    ©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 12 - 35

    Vous aimerez peut-être aussi