Chapter

Chapter

Auditing & Assurance Services, 6e Copyright 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. Module H Auditing and Information Technology "To err is human, but to really foul things up you need a computer. --Paul Ehrlich, American biologist, author, and technology commentator A common mistake people make with trying to design something completely foolproof is to underestimate the ingenuity of complete fools. --Douglas Adams , author of The Hitchhikers Guide to the Galaxy

Mod H-2 Module H Objectives 1. 2. 3. 4. 5. 6. 7. Identify how the use of a automated transaction processing system impacts the audit examination. Provide examples of general controls and understand how these controls relate to transaction processing in an accounting information system. Provide examples of automated application controls and understand how these controls relate to transaction processing in an accounting information system.

Describe how the audit team assesses control risk in a IT environment. Identify how audit teams perform tests of controls in a IT environment. Describe the characteristics and control issues associated with end-user and other computing environments. Define and describe computer fraud and the controls that can be used to prevent it. Mod H-3 Major Topics I. II. III. IV. V. Background

General Controls Automated Application Controls Tests of Computer Controls End-Use Computing and Other Mod H-4 Issues Introduced in a IT environment 1. 2. 3. 4. Input errors Systematic vs. random processing errors Lack of an audit trail Inappropriate access to computer files and programs

5. Reduced human involvement in processing transactions Mod H-5 Impact of Automated Transaction Processing on the Evaluation of I/C Phase Effect(s) Understanding Understand and document controls related to automated processing of transactions Assessment Consider controls related to automated processing of transactions in preliminary

assessment of control risk Testing Identify , test, and evaluate degree of compliance of controls related to automated processing of transactions Mod H-6 Types of Computer Controls General Controls Relate to all applications of an accounting

information system (pervasive) Deficiencies will affect processing of various types of transactions Automated Application Controls Relate to specific business activities Directly address management assertions Mod H-7 Major Topics I. II. III. IV. V. Background

General Controls Automated Application Controls Tests of Computer Controls End-Use Computing and Other Mod H-8 Categories of General Controls 1. 2. 3. 4. Program development controls Program change controls Computer operations controls Access to programs and data controls Mod H-9

Program Development Controls Acquisition and development of new programs is properly authorized and conducted with organization policies Appropriate users participate in process Programs and software are tested and validated prior to use Programs and software have appropriate documentation Mod H-10 Systems Development Life Cycle Identify Requirements Conversion/ Implementation

Feasibility Analysis Employee Training Determine System Specifications Daily Operations Develop Programs Maintenance/ System Auditing Design Procedures

System Analysis Mod H-11 Program Change Controls Modifications to existing programs are properly authorized and conducted with entity policies Appropriate users participate in process Programs are tested and validated prior to use Programs have appropriate documentation Additional controls related to emergency change requests and migrating new programs into operations Mod H-12 Computer Operations Controls Relate to processing of transactions and backup and recovery of data

Processing environments Batch processing: Similar transactions collected and processed simultaneously Real-time processing: Transactions processed as they occur without delay Mod H-13 Examples of Computer Operations Controls Methods of resolving processing failures Separation of duties Systems analysts Programmers Computer operators Files and data Labels to ensure use of appropriate file Storage in remote, protected locations (disaster recovery)

Grandfather-father-son Mod H-14 Access to Programs and Data Controls Relate to restricting use of programs and data to authorized users Examples Passwords Automatic terminal logoff Review access rights and compare to usage (through logs) Report and communicate security breaches Mod H-15 General Controls and Assertions Assertion

Explanation Examples Accuracy Ensure accuracy of data and testing computer programs prior to implementation Hardware controls Program development controls Program change controls Computer operations controls Occurrence

Restricting inappropriate access reduces probability of fictitious transactions Computer operations controls Access to programs and data controls Mod H-16 Major Topics I. II. III. IV. V.

Background General Controls Automated Application Controls (I-P-O) Tests of Computer Controls End-Use Computing and Other Mod H-17 Input Controls Provide reasonable assurance that input is properly authorized and accurately entered for processing All transactions input Transactions input once and only once Transactions input accurately Mod H-18

Summary of Input Controls Input accurate Data entry and formatting X Check digits X Record counts All transactions entered Transactions entered only

once X X Batch totals X X X Hash totals X X

X Valid character test X Valid sign tests X Missing data tests X Mod H-19 Summary of Input Controls (Continued)

Input accurate Sequence tests All transactions entered Transactions entered only once X Limit and reasonableness tests X

Error correction and resubmission X Mod H-20 Processing Controls Provide reasonable assurance that Transactions are processed accurately All transactions are processed Transactions are processed once and only once Examples

Test processing accuracy of programs File and operator controls Run-to-run totals Control total reports Limit and reasonableness tests Error correction and resubmission Mod H-21 Output Controls Provide reasonable assurance that Output reflects accurate processing Only authorized persons receive output or have access to files generated from processing Examples Review of output for reasonableness Control total reports

Master file changes Output distribution limited to appropriate person(s) Mod H-22 Major Topics I. II. III. IV. V. Background General Controls Automated Application Controls Tests of Computer Controls End-Use Computing and Other Mod H-23

Forming an Assessment of Control Risk 1. Identify specific types of misstatement that could occur 2. Identify points where misstatements could occur 3. Identify control procedures designed to prevent or detect misstatements General controls and automated application controls 4. Evaluate design of control procedures Are tests of controls cost-effective? Mod H-24 Testing Computer Controls Testing controls Inquiry Observation Inspect documentary evidence

Reperformance (including test data) Evaluating computer processing and programs Test processing of actual transactions Test processing of simulated transactions Mod H-25 Test Data Test data: Simulated transactions containing known errors to test the clients controls Auditors Manual Processing Compare Client System Processing

Only one type of each kind of transaction error needs to be tested. Mod H-26 Major Topics I. II. III. IV. V. Background General Controls Automated Application Controls Tests of Computer Controls End-Use Computing and Other

Mod H-27 End-User Environments Control issues Lack of separation of duties Lack of physical security Lack of documentation and testing Limited computer knowledge of personnel Implications Limit concentration of functions and increase supervision Access to program and data controls are critical

Mod H-28 Computer Abuse/Fraud Use of computer technology by perpetrator to achieve gains at the expense of a victim Controls Preventative: Stop fraud from entering system Detective: Identify fraud when it enters system Damage-limiting: Reduce monetary impacts of fraud and control to specified levels Mod H-29

Recently Viewed Presentations

  • Four Elements of Style - Alsobrook's AP English Info

    Four Elements of Style - Alsobrook's AP English Info

    Four Elements of Style:DictionSyntaxTonePoint of View. Developed by Mrs. Stacey Reaves. Sumter, SC. Adapted by Adrien Alsobrook. Memphis, TN. Diction: Word Choice "The difference between the right word and almost the right word is like the difference between lightning and...
  • Solving Systems Algebraically - Mathematics

    Solving Systems Algebraically - Mathematics

    Cramer's Rule. So far, you have studied three methods for solving a system of linear equations: substitution, elimination with equations, and elimination with matrices.You will now study one more method, Cramer's Rule, named after Gabriel Cramer (1704-1752). This rule uses...
  • Pixels and Bitmaps

    Pixels and Bitmaps

    However, it doesn't take into account the curvature of the surface. Equal-sized texture patches must be stretched to fit over the surface patch. Linear Texture Mapping Two-Part Mapping 1. Map the texture to a simple three-dimensional intermediate surface sphere, cylindar,...
  • The Man Who Named the Clouds

    The Man Who Named the Clouds

    But the baby's strangest feature was his big curly black beard. ... Therefore, this made it easier to scoop. Vocabulary Words. Review what you've learned! Teachers: Try the following slides as a vocabulary review. The buttons are linked to the...
  • Katy Bos, APRN, CNS Pediatric Clinical Nurse Specialist

    Katy Bos, APRN, CNS Pediatric Clinical Nurse Specialist

    Penetrates to muscle. OTC. ... Correct size needle to deliver vaccine to appropriate location for the specific poke. No antipyretics before or at time of vaccine . Sequential vs. simultaneous injections. No proof they are less painful and simultaneous injections...
  • The consultation - Yola

    The consultation - Yola

    There have been a number of helpful consultation models. Models give a framework for learning & teaching the consultation. For beginner amodelto be kept in mind. The idea is not to produce clones who consult in the same way.
  • Chapter 2 The Early History of Correctional Thought

    Chapter 2 The Early History of Correctional Thought

    (con'd) "hedonic calculus" = pleasure/pain principle key concept in utilitarianism rational persons behave in ways to maximize pleasure, minimize pain law should assure that offender will derive more pain from punishment than pleasure from crime advocated reforms: goal of law:...
  • Chemical Symbols, Formulas & Equations - PBworks

    Chemical Symbols, Formulas & Equations - PBworks

    Polyatomic Ions (parts in parentheses) Some combinations of elements bond together and act like an element - they usually stay together. Examples: Phosphate PO. 4. Hydroxide OH. Ammonium NH. 4. Acetate C. 2 H 3 O. 2. Nitrate NO. 3....