Statement of Auditing Standard No. 94 - Rutgers University

Statement of Auditing Standard No. 94 - Rutgers University

Statement of Auditing Standard No. 94 The Effect of Information Technology on the Auditors Consideration of Internal Control in a Financial Statement Audit Karl E. Dahlberg, New Jersey, ISACA Click for Paper IT and Internal Control SAS 94 says an organizations IT use may

affect any of the five internal control components as well as how businesses initiate, record, process and report transactions. The SAS offers auditors some direction by pointing out these key aspects of the systems and controls on which organizations today rely. Summary of the Audit Process Phase I Plan and design the audit

approach Phase II Perform tests of controls and substantive tests of transactions Phase III Perform analytical procedures and tests of details of balances Phase IV Complete the audit and issue the audit report Phase I: Plan and design an audit approach

Preplan Obtain background information Obtain information about contractors legal obligations Perform preliminary analytical procedures Set materiality, and assess acceptable risk and inherent risk Phase I: Plan and design an audit approach (cont)

Understand internal control and assess control risk Develop overall audit plan and audit program Phase II: Perform tests of controls and substantive tests of trans. Plan to reduce assessed level of control risk? (Yes/No) Perform tests of controls

Perform substantive tests of transactions Assess likelihood of misstatements in financial statements Phase III: Perform analytical proc. and tests of details of balances Perform analytical procedures Perform tests of key items Perform additional tests of details of balances

Phase IV: Complete the audit and issue an audit report

Review for contingent liabilities Review for subsequent events Accumulate final evidence Evaluate results Issue audit report Communicate with appropriate parties SAS 94 Guidance Obtaining an understanding of internal control

Definition of Information Technology Five interrelated components Potential benefits Specific risks Obtaining an understanding of internal control A sufficient understanding is obtained by performing procedures to understand the design of controls relevant to an audit of

financial statements and determining whether they have been placed in operation. In planning the audit, such knowledge should be used to: Identify types of potential misstatement Consider factors that affect the risk of material misstatement Design tests of controls, when applicable

Design substantive tests Definition of Information Technology Information technology (IT) encompasses automated means of originating, processing, storing, and communicating information, and includes recording devices, communication systems, computer systems (including hardware

and software components and data), and other electronic devices. Five interrelated components Control environment

Risk assessment Control activities Information and communications systems support Monitoring Potential benefits Consistently apply predefined business rules and perform complex calculations in processing large volumes of transactions

and data Enhance the timeliness, availability, and accuracy of information Facilitate the additional analysis of information Potential benefits (cont) Enhance the ability to monitor the performance of the entitys activities and its policies and procedures

Reduce the risk that controls will be circumvented Specific risks Reliance on systems or programs that are inaccurately processing data, processing inaccurate data, or both Unauthorized access to data that may result in destruction of data or improper changes to data, including the recording of

unauthorized or nonexistent transactions or inaccurate recording of transactions Specific risks (cont) Unauthorized changes to data in master files Unauthorized changes to systems or programs Failure to make necessary changes to systems or programs

Inappropriate manual intervention Potential loss of data SAS 82 Exposure Draft Assessing the identified risks after taking into account an evaluation of the entitys programs and controls. This section requires the auditor to evaluate the entitys programs and controls that address the identified risks of material misstatement

due to fraud, and to assess the risks taking into account this evaluation.

Recently Viewed Presentations

  • AG Projects Multimedia Service Platform Multimedia Service Platform

    AG Projects Multimedia Service Platform Multimedia Service Platform

    Times News Gothic MT News Gothic Std AGProjects Multimedia Service Platform Current telecommunications landscape SIP - the Session Initiation Protocol Convergence and NGN PowerPoint Presentation PowerPoint Presentation PowerPoint Presentation PowerPoint Presentation PowerPoint Presentation PowerPoint Presentation PowerPoint Presentation ...
  • Chapitre III Devenir des toxiques dans un organisme

    Chapitre III Devenir des toxiques dans un organisme

    Organisation de la métabolisation Deux catégories de réactions biochimiques sur les médicaments : Les réactions de phase I Réactions de « fonctionnalisation » telles que: les oxydations, les hydrolyses, les réductions Modification de la molécule par adjonction ou libération de...
  • The ethics of public speaking and persuasion

    The ethics of public speaking and persuasion

    Fact Claims. Claims about the truth or falsity of an assertion. Involve existence, scope or causality. Questions about past / present. Predictions of the future. Require empirical proof: real examples, statistics, and expert testimony . Example: To persuade my audience...
  • Learning II - Operant Learning

    Learning II - Operant Learning

    End of Ch. 5 in the book Operant learning helps us to understand how most voluntary behaviors are learned. Skinner (1938) chose the term operant (instead of instrumental) because it connotes a key feature of this type of behavior: It...
  • AASLD The Liver Meeting 2016 HBV Abstracts

    AASLD The Liver Meeting 2016 HBV Abstracts

    - No clinically significant interactions expected with inhibitors of P-gp, BCRP, and/or CYPs SOF/VEL/VOX DDI profile was evaluated in Phase 1 clinicalstudies in healthy subjects - Evaluated mechanism and extent of potential interactions usingprobe drugs
  • Algebra I - Biloxi Public School District

    Algebra I - Biloxi Public School District

    Algebraic Expressions Definitions Variable - A variable is a letter or symbol that represents a number (unknown quantity). 8 + n = 12 Definitions A variable can use any letter of the alphabet.
  • Chapter 3

    Chapter 3

    Introduction to Risk Management * * * * * * Transparency Master 1.2 * * * * * * * * * * * * * * * * * * * * * * * Agenda Meaning of Risk...
  • Chapter 1

    Chapter 1

    IV. Regulation of the ANSEnteric NS involved w/Autonomic & local reflexes that regulate activity of the GI-tract. Autonomic Reflexes. Help to control the GI-tract b/c sensory neruons of the enteric plexus supply CNS w/info about intestinal contents & ANS neurons...