The Islamic University of Gaza

Slides:



Advertisements
Similar presentations
ACCOUNTING INFORMATION SYSTEMS
Advertisements

ITAuditing Using GAS & CAATs
ACCOUNTING INFORMATION SYSTEMS
Auditing Concepts.
©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart 10-1 Accounting Information Systems 9 th Edition Marshall.
Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.
Auditing Computer-Based Information Systems
Learning Objectives LO5 Document an accounting system to identify key controls and weaknesses in order to assess control risk. LO6 Write key control tests.
Discussion on SA-500 – AUDIT EVIDENCE
Auditing Computer Systems
Auditing Computer-Based Information Systems
The Islamic University of Gaza
Chapter 11 Information Technology Auditing
McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 7-1 Chapter 7 CHAPTER 7 THE EFFECT OF INFORMATION TECHNOLOGY ON THE AUDIT.
CHAPTER 10 UNDERSTANDING INTERNAL CONTROLS Fall 2007
Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.
4-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 4 Materiality and Risk.
AUDITING INFORMATION TECHNOLOGY USING COMPUTER ASSISTED AUDIT TOOLS AND TECHNIQUES.
The Elements of Auditing. Types of Audit Evidence Real Evidence – Physical (eg. building, inventory) – Nonphysical (eg. goodwill, rights) Documentary.
Advanced Accounting Information Systems
The Information Systems Audit Process
Lecture 8 Understanding entity and its environment
Chapter 7 Database Auditing Models
Auditing & Assurance Services, 6e
Chapter 7 Auditing Internal Control over Financial Reporting McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
Auditing Computerized Information Systems
Auditing Internal Control over Financial Reporting
Chapter 5 Internal Control over Financial Reporting
Considering Internal Control
Chapter 7 Auditing Internal Control over Financial Reporting McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved.
Evidence and Documentation
Internal Control in a Financial Statement Audit
Chapter 8: Client Risk Profile and Documentation
Auditing Information Systems (AIS)
Understanding the IT environment of the entity. Session objectives Defining contours of financial accounting in an IT environment and its characteristics.
Conducting an Information Systems Audit
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 7 Database Auditing Models.
S4: Understanding the IT environment of the entity.
Copyright © 2007 Pearson Education Canada 1 Chapter 24: Assurance Services: Internal Auditing and Government Auditing.
1 Chapter Nine Conducting the IT Audit Lecture Outline Audit Standards IT Audit Life Cycle Four Main Types of IT Audits Using COBIT to Perform an Audit.
Chapter 14: Information Technology Auditing
Nature and Type of Audit Evidence
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.1 Internal.
McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-1 Chapter 6 CHAPTER 6 INTERNAL CONTROL IN A FINANCIAL STATEMENT AUDIT.
AUDIT IN COMPUTERIZED ENVIRONMENT
1 Topic# 7 – Auditing with Technology Readings, Chapter 10 A – COMPUTERIZED AUDIT TOOLS –Electronic Spreadsheets –Automated Working Papers –Generalized.
IT Risks and Controls Revised on Content Internal Control  What is internal control?  Objectives of internal controls  Types of internal controls.
 2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood 13 – 1 Chapter 13 Auditing Information Technology.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 7-1 Chapter Seven Auditing Internal Control over Financial Reporting.
Chapter 4 Audit Evidence and Audit Documentation McGraw-Hill/Irwin Copyright © 2008 by The McGraw-Hill Companies, Inc. All rights reserved.
IS 630 : Accounting Information Systems Auditing Computer-based Information Systems Lecture 10.
Audit Evidence Process
Copyright © 2007 Pearson Education Canada 1 Chapter 11: Overall Audit Plan and Audit Program.
Accounting Information Systems An Introduction
Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly.
Copyright © 2007 Pearson Education Canada 9-1 Chapter 9: Internal Controls and Control Risk.
Chapter 8-1 Chapter 8 Accounting Information Systems Information Technology Auditing Dr. Hisham madi.
Chapter 3-Auditing Computer-based Information Systems.
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall. Chapter
McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Internal Control in a Financial Statement Audit Chapter Six.
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall. Chapter
©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley Internal Control and Control Risk Chapter 10.
Auditing Concepts.
Auditing Information Technology
SYSTEMS ANALYSIS Chapter-2.
FORMAL SYSTEM DEVELOPMENT METHODOLOGIES
Auditing & Investigations I
AUDIT TESTS.
Internal Control Internal control is the process designed and affected by owners, management, and other personnel. It is implemented to address business.
Information Technology Auditing
Presentation transcript:

The Islamic University of Gaza Accounting Information Systems Information Technology Auditing Dr. Hisham madi

Internal Auditing Responsibility of Performance Evaluation of: Company’s own employees External of the department being audited Evaluation of: Employee compliance with policies and procedures Effectiveness of operations Compliance with external laws and regulations Reliability of financial reports Internal controls

Internal versus External Auditing Internal auditors can provide assurance to a company’s top management about the efficiency and effectiveness of almost any aspect of its organization.

External Auditing Responsibility of Performance Audit Purpose Those outside the organization Accountants working for independent CPA Audit Purpose Performance of the attest function Evaluate the accuracy and fairness of the financial statements relative to GAAP

Information Technology Auditing Function Evaluate computer’s role in achieving audit and control objectives Assurance Provided Data and information are reliable, confidential, secure, and available Safeguarding assets, data integrity, and operational effectiveness

The Information Technology Audit Process The IT audit function encompasses all the components of a computer-based AIS: people, procedures, hardware, data communications ,software, and databases. These components are a system of interacting elements that auditors examine to accomplish the purposes of their audits. External auditors examine an organization’s computer-based AIS primarily to evaluate how the organization’s control procedures over computer processing affect the financial statements (attest objectives)

The Components of an IT Audit

The Information Technology Audit Process if computer controls are weak or nonexistent, auditors will need to do more substantive testing—i.e., detailed tests of transactions and account balances. An example of substantive testing is the confirmation of accounts receivable with customers. If the control procedures over a company’s computerized financial accounting system are strong, the auditors may limit the scope of their audit by examining fewer transactions underlying accounts receivable account balances.

The Information Technology Audit Process Computer-Assisted Audit Techniques (CAAT) Use of computer processes to perform audit functions Performing substantive tests

Evaluating the Effectiveness of Information Systems Controls The more confidence auditors have (as a result of strong controls) that data are input and processed accurately in a computer-based system, the less substantive testing they perform. On the other hand, a computer-based system with weak controls over data input and processing will call for more detailed testing of financial transactions.

The IT Audit Process

Risk Assessment An external auditor’s main objective in reviewing information systems control procedures is to evaluate the risks(associated with any control Weaknesses) to the integrity of accounting data presented in financial reports. A secondary objective of the external auditor’s review is to make recommendations to managers about improving these controls.

Risk Assessment Under a risk-based audit approach to evaluating a company’s internal control procedures, the following four steps provide a logical framework for performing the risk-based audit of the company’s AIS Determine the threats (i.e., errors and irregularities) facing the AIS Identify the control procedures that should be in place to minimize each of these threats and thereby prevent or detect the errors and irregularities.

Risk Assessment Evaluate the control procedures within the AIS The process of reviewing system documentation and interviewing appropriate personnel to determine whether the necessary control procedures are in place is called a systems review The tests include such activities as observing system operations; inspecting documents, records, and reports; checking samples of system inputs and outputs; and tracing transactions through the system.

Risk Assessment Evaluate weaknesses (i.e., errors and irregularities not covered by control procedures) within the AIS to ascertain their effect on the nature, timing, or extent of auditing procedures.

The Information Technology Auditor’s Toolkit Auditors can use computer-assisted audit techniques (CAATs)to help them in various auditing tasks. auditing with the computer. Manual access to data stored on computers is impossible

The IT Auditor’s Toolkit Auditing Software Auditors can use a variety of software when auditing with the computer. Examples include general-use software such as word processing programs, spreadsheet software, and database management systems

The IT Auditor’s Toolkit Auditing Software General-Use Software Auditors employ general-use software as productivity tools that can improve their work. For instance, Word processing programs improve effectiveness when writing reports because built-in spell checks can significantly reduce spelling errors

The IT Auditor’s Toolkit Auditing Software General-Use Software Spreadsheet software allows both accountants and auditors to make complex calculations automatically. It also allows the user to change one number and update all related numbers at the click of a mouse

The IT Auditor’s Toolkit Auditing Software General-Use Software Accountants and auditors can use a database management system (DBMS)to perform some of the same functions as spreadsheet software. For instance, DBMSs can sort data and make certain mathematical computations. However, they are distinguished from spreadsheet software by their ability to manipulate large sets of data in fairly simple ways

The IT Auditor’s Toolkit Generalized Audit Software. Generalized audit software (GAS) packages (or programs) enable auditors to review computer files without continually rewriting processing programs. GAS includes mathematical computations, cross footing, categorizing, summarizing, merging files, sorting records, statistical sampling, and printing reports. The advantage GAS packages have over other software is that these programs are specifically tailored to auditor tasks

The IT Auditor’s Toolkit Generalized Audit Software. Two popular GAS packages used by auditors are Audit Command Language (ACL) and Interactive Data Extraction and Analysis (IDEA). These programs allow auditors to examine a company’s data in a variety of formats.

The IT Auditor’s Toolkit They include commands such as STRATIFY, EXTRACT, and JOIN Each of these commands provides an auditor with a different view of the data. For example, the stratify command lets an auditor group data into categories This is useful, for example, in sorting inventories into various classes based on their cost. Stratification lets an auditor concentrate on high-dollar-value inventory items.

The IT Auditor’s Toolkit Automated Work-paper Software. Automated work-paper software is similar to general ledger software. The difference is that automated work-paper software handles accounts for many organizations in a flexible manner Features Generate trial balances Make adjusting entries Perform consolidations, and Conduct analytical procedures

The IT Auditor’s Toolkit Automated Work-paper Software. The advantage of using automated work-paper software is that Auditors can use this software to prepare consolidated trial balances and financial statements (that combine accounts of multiple companies) In addition, automated work-paper software can easily calculate financial statement ratios and measurements, such as the current ratio, the working capital , the inventory turnover rate ,and the price-earnings ratio

The IT Auditor’s Toolkit People Skills working as a team interact with clients and other auditors. Interviewing clients Importance of Interviews Gain understanding of organization Evaluate internal controls