arens12e ab.az 12

5/21/2018 Arens12e Ab.az 12

1/352008 Prentice Hall Business Publishing,Auditing 12/e,Arens/Beasley/Elder 12 - 1

The Impact of InformationTechnology on the Audit

Process

Chapter 12

5/21/2018 Arens12e Ab.az 12

2/352008 Prentice Hall Business Publishing,Auditing 12/e,Arens/Beasley/Elder 12 - 2

Learning Objective 1

Describe how IT improves

internal control.

5/21/2018 Arens12e Ab.az 12

3/35

2008 Prentice Hall Business Publishing,Auditing 12/e,Arens/Beasley/Elder 12 - 3

How Information Technologies

Enhance Internal Control

Computer controls replace manual controls

Higher-quality information is available

5/21/2018 Arens12e Ab.az 12

4/35



Identify risks that arise from using

an IT-based accounting system.

5/21/2018 Arens12e Ab.az 12

5/35


Assessing Risks of

Information Technologies

Risks to hardware and data

Reduced audit trail

Need for IT experience and

separation of IT duties

5/21/2018 Arens12e Ab.az 12

6/35


Risks to Hardware and Data

Reliance on the functioning capabilities

of hardware and software

Systematic versus random errors

Unauthorized access

Loss of data

5/21/2018 Arens12e Ab.az 12

7/35


Reduced Audit Trail

Visibility of audit trail

Reduced human involvement

Lack of traditional authorization

5/21/2018 Arens12e Ab.az 12

8/35


Need for IT Experience and

Separation of Duties

Reduced separation of duties

Need for IT experience

5/21/2018 Arens12e Ab.az 12

9/35



Explain how general controls

and application controls

reduce IT risks.

5/21/2018 Arens12e Ab.az 12

10/35


Internal Controls Specific to

Information Technology

General controls

Application controls

5/21/2018 Arens12e Ab.az 12

11/35


Relationship Between General

and Application Controls

Cash receipts

applicationcontrols

Salesapplication

controls

Payrollapplication

controls

Other cycleapplication

controls

GENERAL CONTROLS

Risk of unauthorized changeto application software

Risk of system crash

Risk of unauthorizedmaster file update

Risk of unauthorizedprocessing

5/21/2018 Arens12e Ab.az 12

12/35


General Controls

Administration of the IT function

Separation of IT duties

Systems development

Physical and online security

Backup and contingency planning

Hardware controls

5/21/2018 Arens12e Ab.az 12

13/35


Administration of the IT

Function

The perceived importance of IT within an

organization is often dictated by the attitude of

the board of directors and senior management.

5/21/2018 Arens12e Ab.az 12

14/35


Segregation of IT Duties

Chief Information Officer or IT Manager

SystemsDevelopment

OperationsData

Control

Security Administrator

5/21/2018 Arens12e Ab.az 12

15/35


Systems Development

Typical teststrategies

Pilot testing Parallel testing

5/21/2018 Arens12e Ab.az 12

16/35


Physical and Online Security

Physical Controls:

Keypad entrances

Badge-entry systemsSecurity cameras

Security personnel

Online Controls:

User ID control

Password controlSeparate add-on

security software

5/21/2018 Arens12e Ab.az 12

17/35


Backup and Contingency

Planning

One key to a backup and contingency plan

is to make sure that all critical copies of

software and data files are backed upand stored off the premises.

5/21/2018 Arens12e Ab.az 12

18/35


Hardware Controls

These controls are built into computer

equipment by the manufacturer to

detect and report equipment failures.

5/21/2018 Arens12e Ab.az 12

19/35


Application Controls

Input controls

Processing controls

Output controls

5/21/2018 Arens12e Ab.az 12

20/35


Input Controls

These controls are designed by an

organization to ensure that the

information being processed isauthorized, accurate, and complete.

5/21/2018 Arens12e Ab.az 12

21/35


Batch Input Controls

Financial total

Hash total

Record count

5/21/2018 Arens12e Ab.az 12

22/35


Processing Controls

Validation test

Sequence test

Arithmetic accuracy test

Data reasonableness test

Completeness test

5/21/2018 Arens12e Ab.az 12

23/35


Output Controls

These controls focus on detecting errors

after processing is completed rather

than on preventing errors.

5/21/2018 Arens12e Ab.az 12

24/35



Describe how general controls

affect the auditors testing

of application controls.

5/21/2018 Arens12e Ab.az 12

25/35


Impact of Information Technology

on the Audit Process

Effects of general controls on control risk

Effects of IT controls on control risk and

substantive tests

Auditing in less complex IT environments

Auditing in more complex IT environments

5/21/2018 Arens12e Ab.az 12

26/35



Use test data, parallel simulation,

and embedded audit module

approaches when auditing

through the computer.

5/21/2018 Arens12e Ab.az 12

27/35


Test Data Approach

1. Test data should include all relevant

conditions that the auditor wants tested.

2. Application programs tested by theauditors test data must be the same as

those the client used throughout the year.

3. Test data must be eliminated from theclients records.

5/21/2018 Arens12e Ab.az 12

28/35


Test Data Approach

Application programs(assume batch system)

Control testresults

Master files

Contaminatedmaster files

Transaction files(contaminated?)

Input testtransactions to test

key controlprocedures

5/21/2018 Arens12e Ab.az 12

29/35


Test Data Approach

Auditor-predicted results

of key control procedures

based on an understanding

of internal control

Control testresults

Auditor makescomparisons

Differences betweenactual outcome and

predicted result

5/21/2018 Arens12e Ab.az 12

30/35


Parallel Simulation

The auditor uses auditor-controlled software

to perform parallel operations to the clients

software by using the same data files.

5/21/2018 Arens12e Ab.az 12

31/35


Parallel Simulation

Auditor makes comparisons between

clients application system output and

the auditor-prepared program output

Exception report

noting differences

Productiontransactions

Auditor-preparedprogram

Auditorresults

Masterfile

Client applicationsystem programs

Clientresults

5/21/2018 Arens12e Ab.az 12

32/35


Embedded Audit Module

Approach

Auditor inserts an audit module in the

clients application system to identify

specific types of transactions.

5/21/2018 Arens12e Ab.az 12

33/35



Identify issues for e-commerce

systems and other specialized

IT environments.

5/21/2018 Arens12e Ab.az 12

34/35


Issues for Different IT

Environments

Issues for network environments

Issues for database management systems

Issues for e-commerce systems

Issues when clients outsource IT

5/21/2018 Arens12e Ab.az 12

35/35

2008 Prentice Hall Business Publishing Auditing 12/e Arens/Beasley/Elder 12 - 35

End of Chapter 12

arens12e ab.az 12

Documents