Today’s Lecture application controls audit methodology.

Slides:



Advertisements
Similar presentations
Application Security By Prashant Mali.
Advertisements

Presented to the Tallahassee ISACA Chapter
Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
Auditing Concepts.
Information Technology Control Day IV Afternoon Sessions.
Auditing Computer-Based Information Systems
Group 3 John Gregory John Marsh Gerri Houston Samantha McNeily.
Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.
Chapter 10: Auditing the Expenditure Cycle
©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder The Impact of Information Technology on the Audit Process Chapter 12.
Internal Control Concepts Knowledge. Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance.
CHAPTER 9 UNDERSTANDING INTERNAL CONTROLS Winter 2004
1 Output Controls Ensure that system output is not lost, misdirected, or corrupted and that privacy is not violated. Exposures of this sort can cause serious.
Computers: Tools for an Information Age
Processing Integrity and Availability Controls
Auditing Auditing & Automated Systems Chapter 22 Auditing & Automated Systems Chapter 22.
PowerPoint Presentation by Charlie Cook Copyright © 2004 South-Western. All rights reserved. Chapter 9 Controlling Information Systems: Process Controls.
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley The Impact of Information Technology on the Audit.
Chapter Lead Black Slide © 2001 Business & Information Systems 2/e.
Copyright © 2015 Pearson Education, Inc. Processing Integrity and Availability Controls Chapter
Processing Integrity and Availability Controls
Chapter 10 Information Systems Controls for System Reliability—Part 3: Processing Integrity and Availability Copyright © 2012 Pearson Education, Inc.
CHAPTER 6 ELECTRONIC DATA PROCESSING SYSTEMS
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Copyright © 2003 by Prentice Hall Computers: Tools for an Information Age Chapter 14 Systems Analysis and Design: The Big Picture.
Chapter 10: Computer Controls for Organizations and Accounting Information Systems
Topics Covered: Data preparation Data preparation Data capturing Data capturing Data verification and validation Data verification and validation Data.
Chapter 17: Computer Audits ACCT620 Internal Accounting Otto Chang Professor of Accounting.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Computer Based Information Systems Control UAA – ACCT 316 – Fall 2003 Accounting Information Systems Dr. Fred Barbee.
Chapter 13 Sequential File Processing. Master Files Set of files used to store companies data in areas like payroll, inventory Usually processed by batch.
Chapter 16: Audit of Cash Balances
Auditing Complex EDP Systems
Implications of Information Technology for the Audit Process
1 12 Systems Analysis and Design in a Changing World, 2 nd Edition, Satzinger, Jackson, & Burd Chapter 12 Designing Systems Interfaces, Controls, and Security.
Copyright © 2007 Pearson Education Canada 1 Chapter 13: Audit of the Sales and Collection Cycle: Tests of Controls.
Information Systems Security Operational Control for Information Security.
Understanding the IT environment of the entity. Session objectives Defining contours of financial accounting in an IT environment and its characteristics.
I.Information Building & Retrieval Learning Objectives: the process of Information building the responsibilities and interaction of each data managing.
S4: Understanding the IT environment of the entity.
Copyright © 2007 Pearson Education Canada 1 Chapter 14: Completing the Tests in the Sales and Collection Cycle: Accounts Receivable.
THE STUDY & EVALUATION OF INTERNAL CONTROL. Definition Professional Standards Data-Oriented  Small, simple systems  Weaker controls System-Oriented.
Test and Review chapter State the differences between archive and back-up data. Answer: Archive data is a copy of data which is no longer in regular.
Auditing the Revenue Cycle. Learning Objectives After studying this chapter, you should: Understand the operational tasks associated with the revenue.
Chapter 9 Controlling Information Systems: Application Controls.
Today’s Lecture Covers
AUDIT IN COMPUTERIZED ENVIRONMENT
Hall, Accounting Information Systems, 7e ©2011 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly.
Copyright © 2007 Pearson Education Canada 23-1 Chapter 23: Using Advanced Skills.
Copyright © 2007 Pearson Education Canada 1 Chapter 15: Audit of Cash Balances.
Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly.
Copyright © 2007 Pearson Education Canada 9-1 Chapter 9: Internal Controls and Control Risk.
McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Internal Control in a Financial Statement Audit Chapter Six.
Auditing Concepts.
Chapter 11 Designing Inputs, Outputs, and Controls.
Auditing Information Technology
Processing Integrity and Availability Controls
Modern Auditing: Assurance Services and the Integrity of Financial Reporting, 8th Edition William C. Boynton California Polytechnic State University at.
Managing the IT Function
The Impact of Information Technology on the Audit Process
Defining Internal Control
The Impact of Information Technology on the Audit Process
Effects of IT on Consideration of Internal Control in a Financial Statement Audit Dr. Donald McConnell Jr. 12/1/2018.
Types of CAATs Session 3.
CHAPTER 15 AUDITING EDP SYSTEMS.
Internal controls 01-Nov-2017.
CHAPTER 6 ELECTRONIC DATA PROCESSING SYSTEMS
Presentation transcript:

Today’s Lecture application controls audit methodology

General vs Application Controls general implemented consist. across all appl. application are built into specific programs distinction often arbitrary - general are usually reviewed once for audit as a whole application must be considered for each significant application if general are uniformly strong and operate effectively obtain such assur. wrt each app. if not, does not mean each appl. affected... need to consider app by app.

Application Controls hardware - –parity checks, character checks input and output controls – at source dep’t and data control programmed controls (software)

Effective Design designed with regard to business requirements designed with regard to business risk analysis only rely upon after taking general controls into consideration use structured programming techniques use training

Types of Transactions each have different sensitivity and risk of errors master file changes - updated only periodically normal business applications error correction transactions

Master File Changes completeness, accuracy, currency and data authorization error would occur every time make sure using current masters important to guard against fraud

Normal Transactions second largest concern necessary to control effectively need to include controls over regular transactions and reports

Error Correction Transactions watch bypass potential errors often put aside and ignored all should be logged with clear responsibility for correction ideally put back through regular processing

Preventive Controls over Processing data entry as close to source of transact as possible to ensure familiarity structure operating procedures so that business activity not complete until transaction processing eliminate human component as much as possible authorize transactions before data entry use access control software

Preventive Controls over Processing (cont’d) use 3 levels of access physical access to terminal, access control over use of terminal and authorization in software scrutinize manually prepared input use computer to edit transactions use edit progs to check for missing data, format, self checking digit, limits & logical relation checks use key verification & interactive systems use formatted input screens

Preventive Controls over Processing (cont’d) use appropriately designed input forms single source transaction data - input once document application control procedures - manuals, etc. training and supervision adequate working conditions

Detective Controls use suspense records for impending transactions monitor & investigate lack of regular activity (see if transactions omitted) verify records by examining assets etc. prepare budgets/investigate variances number transactions - check sequence group and count source documents and count # transactions processed

Detective Controls (cont’d) use control totals to check completeness reconcile changes in recorded assets and liabilities to transactions processed If practical, establish procedures for verification by users design programmed reasonableness tests match processing results to source documents in detail check computations

Detective Controls (cont’d) use summary and exception reports use double entry recording to balance transactions agree summary records to detailed records require user approval of results require error tracking and analysis - develop stats

Master File Controls authorize all changes before input record changes to semi-permanent listings, reconcile changes print out for review by knowledgeable users for errors use control totals application progs should internally label master files

Errors and Exception Controls use error and exception reports - ensure follow- up user error logs and define correction procedures and responsibilities resubmit errors into NORMAL processing cycle - do not bypass

Management & Audit Trails file each record in planned sequence to facilitate retrieval provide unique id for each record retain source copy for transactions provide methods of tracing data backwards and forwards through IS document retention procedures

Management & Audit Trails (cont’d) use logs periodically copy and save permanent records that are overwritten by changes provide software capability to scrutinize & analyse data

Advanced System Characteristics absence independent evidence no visible audit trails lack of auth evidence heavy I/C reliance need to understand transaction flow test controls to be relied upon audit hardware/software

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.