View
220
Download
0
Category
Tags:
Preview:
Citation preview
13 – 1 2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
Chapter Chapter 1313
Auditing InformationAuditing Information
TechnologyTechnology
13 – 2 2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
Learning Objective 1Learning Objective 1
Distinguish between “auditingDistinguish between “auditing
through the computer” andthrough the computer” and
““auditing with the computer.”auditing with the computer.”
13 – 3 2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
Information SystemsInformation SystemsAuditing ConceptsAuditing Concepts
13 – 4 2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
Structure of a FinancialStructure of a FinancialStatement AuditStatement Audit
The primary objective and responsibilityThe primary objective and responsibilityof the of the external auditorexternal auditor is to attest to the is to attest to the
fairness of a firm’s financial reports.fairness of a firm’s financial reports.
The The internal auditorinternal auditor serves servesa firm’s management.a firm’s management.
The The external auditorexternal auditor serves outsiders. serves outsiders.
13 – 5 2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
Structure of a Financial Structure of a Financial Statement AuditStatement Audit
TransactionsTransactions
Compliance testingCompliance testingInterim auditInterim audit
AccountingAccountingsystemsystem
FinancialFinancialreportsreports
Substantive testingSubstantive testingFinancial statement auditFinancial statement audit
CashCash BankBankReceivablesReceivables CustomersCustomers Confirm balancesConfirm balances
13 – 6 2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
Auditing Around the ComputerAuditing Around the Computer
Accounting systemAccounting system
InputInput OutputOutput
In the In the around-the-computeraround-the-computer approach,approach,the processing portion is ignored.the processing portion is ignored.
ProcessingProcessing
13 – 7 2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
Auditing Around the ComputerAuditing Around the Computer
Totals are accumulated forTotals are accumulated foraccepted and rejected records.accepted and rejected records.
The The around-the-computeraround-the-computer approach approachis no longer widely used.is no longer widely used.
Auditors emphasize control overAuditors emphasize control overrejected transactions, their correction,rejected transactions, their correction,
and then resubmission.and then resubmission.
13 – 8 2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
Auditing Through the Auditing Through the ComputerComputer
Auditing Auditing through the computerthrough the computer may maybe defined as the verification ofbe defined as the verification of
controls in a computerized system.controls in a computerized system.
13 – 9 2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
Control FrameworkControl Frameworkin IT Environmentin IT Environment
InternalInternalcontrolscontrols
ApplicationsApplicationscontrolscontrols
GeneralGeneralcontrolscontrols
ComputerComputerapplicationapplicationsystems andsystems andprogramsprograms
ApplicationApplicationsystemssystems
developmentdevelopment
ComputerComputerserviceservicecentercenter
13 – 10 2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
Auditing With the ComputerAuditing With the Computer
Auditing Auditing with the computerwith the computer is the process is the processof using information technology in auditing.of using information technology in auditing.
The use of information technologyThe use of information technologyis no longer optional.is no longer optional.
13 – 11 2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
Auditing With the ComputerAuditing With the Computer
What are some of the potential benefitsWhat are some of the potential benefitsof using information systemsof using information systems
technology in an audit?technology in an audit?
2. Time may be saved by eliminating2. Time may be saved by eliminatingmanual footing, cross footing,manual footing, cross footing,and other routine calculations.and other routine calculations.
1. Computer-generated working papers are1. Computer-generated working papers aregenerally more legible and consistent.generally more legible and consistent.
13 – 12 2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
Auditing With the ComputerAuditing With the Computer
3. Calculations, comparisons, and other3. Calculations, comparisons, and otherdata manipulations are moredata manipulations are more
accurately performed.accurately performed.
5. Project information may be more5. Project information may be moreeasily generated and analyzed.easily generated and analyzed.
4. Analytical review calculations may4. Analytical review calculations maybe more efficiently performed.be more efficiently performed.
13 – 13 2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
Auditing With the ComputerAuditing With the Computer
6. Standardized audit correspondence6. Standardized audit correspondencemay be stored and easily modified.may be stored and easily modified.
7. Morale and productivity may7. Morale and productivity maybe improved by reducing thebe improved by reducing thetime spent on clerical tasks.time spent on clerical tasks.
13 – 14 2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
Auditing With the ComputerAuditing With the Computer
8. Increased cost-effectiveness is obtained8. Increased cost-effectiveness is obtainedby reusing and extending existing electronicby reusing and extending existing electronic
audit applications to subsequent audits.audit applications to subsequent audits.
9. Increased independence from information9. Increased independence from informationsystems personnel is obtained.systems personnel is obtained.
13 – 15 2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
Learning Objective 2Learning Objective 2
Describe and evaluateDescribe and evaluate
alternative informationalternative information
systems audit technologies.systems audit technologies.
13 – 16 2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
Information SystemsInformation SystemsAuditing TechnologyAuditing Technology
Information system audit technologyInformation system audit technologyhas evolved along with computerhas evolved along with computer
system development.system development.
Rather, there is a variety of toolsRather, there is a variety of toolsand techniques that may be usedand techniques that may be used
to accomplish an audit’s objective.to accomplish an audit’s objective.
There is no one overall auditing technology.There is no one overall auditing technology.
13 – 17 2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
Test Data TechniqueTest Data Technique
Test data are input containingTest data are input containingboth valid and invalid data.both valid and invalid data.
Payroll transactions for fictitious employeesPayroll transactions for fictitious employeesare processed concurrently with validare processed concurrently with valid
payroll transactions.payroll transactions.
13 – 18 2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
Test Data ApproachTest Data Approach
Test dataTest datahypotheticalhypotheticaltransactionstransactions
Computer processingComputer processingusing master programusing master program
Error listingError listingAuditor’sAuditor’sexpectedexpectedoutputoutput
CompareCompare
13 – 19 2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
Integrated-Test-Facility Integrated-Test-Facility TechniqueTechnique
ITF involves both the use of test data and theITF involves both the use of test data and thecreation of fictitious records (vendors, employees)creation of fictitious records (vendors, employees)
on the master files of a computer system.on the master files of a computer system.
Payroll transactions for fictitious employeesPayroll transactions for fictitious employeesare processed concurrently withare processed concurrently with
valid payroll transactions.valid payroll transactions.
13 – 20 2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
Integrated-Test-Facility Integrated-Test-Facility ApproachApproach
TransactionsTransactions ITFITFtransactionstransactions
ComputerComputerapplicationapplication
systemsystem
ReportsReportscontainingcontaining
ITF informationITF information
ReportsReportswithoutwithout
ITF dataITF data
Data filesData files
ITF dataITF data
13 – 21 2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
Parallel Simulation TechniqueParallel Simulation Technique
Processing real data through audit programs.Processing real data through audit programs.The simulated output and the regularThe simulated output and the regular
output are then compared.output are then compared.
Depreciation calculations are verifiedDepreciation calculations are verifiedby processing the fixed-asset masterby processing the fixed-asset master
file with an audit program.file with an audit program.
13 – 22 2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
Parallel SimulationParallel Simulation
TransactionsTransactions
CompareCompare
ParallelParallelsimulationsimulationprogramprogram
ReportReport SimulationSimulationreportreport
ComputerComputerapplicationapplication
systemsystem
Function toFunction tobe verifiedbe verified
13 – 23 2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
Audit Software TechniqueAudit Software Technique
Computer programs that permit theComputer programs that permit thecomputer to be used as an auditing tool.computer to be used as an auditing tool.
An auditor uses a computer program toAn auditor uses a computer program toextract data records from a master file.extract data records from a master file.
13 – 24 2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
Generalized Audit SoftwareGeneralized Audit Software(GAS) Technique(GAS) Technique
GAS is audit software that has been specificallyGAS is audit software that has been specificallydesigned to allow auditors to performdesigned to allow auditors to perform
audit-related data processing functions.audit-related data processing functions.
An auditor uses GAS to searchAn auditor uses GAS to searchcomputer files for unusual items.computer files for unusual items.
13 – 25 2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
PC Software TechniquePC Software Technique
Software that allows the auditorSoftware that allows the auditorto use a PC to perform audit tasks.to use a PC to perform audit tasks.
A PC spreadsheet package is used to maintainA PC spreadsheet package is used to maintainaudit working papers and audit schedules.audit working papers and audit schedules.
13 – 26 2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
Embedded Audit Routines Embedded Audit Routines TechniqueTechnique
Special auditing routines included in regularSpecial auditing routines included in regularcomputer programs so that transactioncomputer programs so that transactiondata can be subjected to audit analysis.data can be subjected to audit analysis.
Data items that are exceptions to auditor-Data items that are exceptions to auditor-specified edit tests included in a programspecified edit tests included in a program
are written to a special audit file.are written to a special audit file.
13 – 27 2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
Embedded Audit Data Embedded Audit Data CollectionCollection
ProductionProductiontransactionstransactions
ProductionProductioncomputercomputer
applicationapplicationsystemsystem
EmbeddedEmbeddedaudit dataaudit datacollectioncollectionmodulemodule
ProductionProductionreportsreports
AuditAuditreportsreports
13 – 28 2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
Extended Records TechniqueExtended Records Technique
Modification of programs to collectModification of programs to collectand store data of audit interest.and store data of audit interest.
A payroll program is modified to collectA payroll program is modified to collectdata pertaining to overtime pay.data pertaining to overtime pay.
13 – 29 2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
Snapshot TechniqueSnapshot Technique
Modifications of programs toModifications of programs tooutput data of audit interest.output data of audit interest.
A payroll program is modified toA payroll program is modified tooutput data pertaining to overtime pay.output data pertaining to overtime pay.
13 – 30 2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
Tracing TechniqueTracing Technique
Tracing provides a detailed audit Tracing provides a detailed audit trail of thetrail of theinstructions executed during the program’s operation.instructions executed during the program’s operation.
A payroll program is traced to determine ifA payroll program is traced to determine ifcertain edit tests are performed in the correct order.certain edit tests are performed in the correct order.
13 – 31 2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
Review of SystemReview of SystemDocumentation TechniqueDocumentation Technique
Existing system documentation as programExisting system documentation as programflowcharts are reviewed for audit purposes.flowcharts are reviewed for audit purposes.
An auditor desk checks the An auditor desk checks the processingprocessinglogic of a payroll program.logic of a payroll program.
13 – 32 2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
Control Flowcharting Control Flowcharting TechniqueTechnique
Analytic flowcharts or other graphic techniquesAnalytic flowcharts or other graphic techniquesare used to describe the controls in a system.are used to describe the controls in a system.
An auditor prepares an analytic flowchart toAn auditor prepares an analytic flowchart toreview controls in the payroll application system.review controls in the payroll application system.
13 – 33 2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
Mapping TechniqueMapping Technique
Special software is used to monitorSpecial software is used to monitorthe execution of a program.the execution of a program.
The execution of a program with The execution of a program with test data astest data asinput is mapped to indicate how extensivelyinput is mapped to indicate how extensively
the input tested compares with individualthe input tested compares with individualprogram statements.program statements.
13 – 34 2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
Learning Objective 3Learning Objective 3
Characterize various types ofCharacterize various types of
information systems audits.information systems audits.
13 – 35 2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
General Approach to an General Approach to an Information Systems AuditInformation Systems Audit
Initial review and evaluation of the areaInitial review and evaluation of the areato be audited and audit plan preparation.to be audited and audit plan preparation.
Detailed review andDetailed review andevaluation of controls.evaluation of controls.
Compliance testing which is followedCompliance testing which is followedby analysis and reporting of results.by analysis and reporting of results.
13 – 36 2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
General Approach to an General Approach to an Information Systems AuditInformation Systems Audit
The The initial reviewinitial review phase determines phase determinesthe course of action the audit will take.the course of action the audit will take.
Decisions concerning specificDecisions concerning specificareas to be investigatedareas to be investigated
Deployment of audit laborDeployment of audit labor
Audit technology to be usedAudit technology to be used
Development of a time and/orDevelopment of a time and/orcost budget for the auditcost budget for the audit
13 – 37 2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
General Approach to an General Approach to an Information Systems AuditInformation Systems Audit
What is an What is an audit programaudit program??
Standardized audit programs for particularStandardized audit programs for particularaudit areas have been developed andaudit areas have been developed andare common in all types of auditing.are common in all types of auditing.
It is a detailed list of the audit proceduresIt is a detailed list of the audit proceduresto be applied on a particular audit.to be applied on a particular audit.
13 – 38 2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
General Approach to an General Approach to an Information Systems AuditInformation Systems Audit
In the In the second general phasesecond general phase of the audit, of the audit,is detailed review and evaluation.is detailed review and evaluation.
Data concerning the operationData concerning the operationof the system are reviewed.of the system are reviewed.
Documentation of the applicationDocumentation of the applicationarea is reviewed.area is reviewed.
13 – 39 2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
General Approach to an General Approach to an Information Systems AuditInformation Systems Audit
The The third phasethird phase of the audit is testing. of the audit is testing.
This phase produces evidenceThis phase produces evidenceof compliance with procedures.of compliance with procedures.
13 – 40 2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
Information SystemsInformation SystemsApplication AuditsApplication Audits
Application controls are dividedApplication controls are dividedinto three general areas.into three general areas.
InputInput OutputOutput
ProcessingProcessing
13 – 41 2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
Application SystemsApplication SystemsDevelopment AuditsDevelopment Audits
Systems development audits areSystems development audits aredirected at the activities of systemsdirected at the activities of systems
analysts and programmers.analysts and programmers.
Controls governing the systemsControls governing the systemsdevelopment process directlydevelopment process directly
affect the reliability of theaffect the reliability of theapplication programsapplication programsthat are developed.that are developed.
13 – 42 2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
Application SystemsApplication SystemsDevelopment AuditsDevelopment Audits
There are three general areas of audit concernThere are three general areas of audit concernin the systems development process.in the systems development process.
Systems development standardsSystems development standards
Project managementProject management
Program change controlProgram change control
13 – 43 2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
Systems Development Systems Development StandardsStandards
Systems development standards Systems development standards are theare thedocumentation governing the design,documentation governing the design,
development, and implementationdevelopment, and implementationof application systems.of application systems.
13 – 44 2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
Project ManagementProject Management
It consists of project planningIt consists of project planningand project supervision.and project supervision.
What is What is project managementproject management??
13 – 45 2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
Program Change ControlsProgram Change Controls
It is to prevent unauthorized and potentiallyIt is to prevent unauthorized and potentiallyfraudulent changes from being introducedfraudulent changes from being introduced
into previously tested and accepted programs.into previously tested and accepted programs.
What is the objective ofWhat is the objective ofprogram changeprogram change controlscontrols??
13 – 46 2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
Computer Service Center Computer Service Center AuditsAudits
Normally, an audit of the Normally, an audit of the computer servicecomputer servicecentercenter is undertaken before any application is undertaken before any applicationaudits to ensure the general integrity of theaudits to ensure the general integrity of the
environment in which the application will function.environment in which the application will function.
What are some examples?What are some examples?
Audits might be undertaken in several areas.Audits might be undertaken in several areas.
13 – 47 2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
Computer Service Center Computer Service Center AuditsAudits
Environmental controlsEnvironmental controls
Data release, reports, and computer programsData release, reports, and computer programs
Physical security of the centerPhysical security of the center
Management controlsManagement controls
13 – 48 2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood
Computer Service Center Computer Service Center AuditsAudits
Audits of computer service center operationsAudits of computer service center operationsrequire a high degree of technical trainingrequire a high degree of technical trainingand familiarity with systems operations.and familiarity with systems operations.
Recommended