Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly.

Slides:



Advertisements
Similar presentations
IT Controls Part I: Sarbanes-Oxley & IT Governance
Advertisements

Hall, Accounting Information Systems, 7e ©2011 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly.
Computer Fraud Chapter 5.
Computer Fraud Chapter 5.
Chapter 10 Accounting Information Systems and Internal Controls
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Control and Accounting Information Systems
Control and Accounting Information Systems
Overview of IS Controls, Auditing, and Security Fall 2005.
Information Technology Control Day IV Afternoon Sessions.
Auditing Computer-Based Information Systems
Auditing Computer Systems
Auditing Computer-Based Information Systems
©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder The Demand for Audit and Other Assurance Services Chapter 1.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.
Chapter 9 The Study of Internal Control and Assessment of Control Risk
18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Nature of an Integrated Audit
IT Controls Part I: Sarbanes-Oxley & IT Governance 1 Accounting Information Systems, 5 th edition James A. Hall.
Information Systems Auditing and Assurance
Chapter 13 Prepared by Richard J. Campbell Copyright 2011, Wiley and Sons Auditing Human Resources Processes: Personnel and Payroll in Service Industries.
Computer Based Information Systems Control UAA – ACCT 316 – Fall 2003 Accounting Information Systems Dr. Fred Barbee.
Auditing Internal Control over Financial Reporting
Chapter 07 Internal Control McGraw-Hill/IrwinCopyright © 2014 by The McGraw-Hill Companies, Inc. All rights reserved.
INTERNAL CONTROL OVER FINANCIAL REPORTING
Chapter 3 Ethics, Fraud, and Internal Control Accounting Information Systems, 5 th edition James A. Hall COPYRIGHT © 2007 Thomson South-Western, a part.
Chapter 5 Internal Control over Financial Reporting
Considering Internal Control
Internal Control in a Financial Statement Audit
Chapter 7 Auditing Internal Control over Financial Reporting McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved.
Internal Control in a Financial Statement Audit
1 Chapter Three IT Risks and Controls. 2 The Risk Management Process Identify IT Risks Assess IT Risks Identify IT Controls Document IT Controls Monitor.
Chapter 3 Ethics, Fraud, and Internal Control
Information Systems Security Operational Control for Information Security.
Risk Management. IT Controls Risk management process Risk management process IT controls IT controls IT Governance Frameworks IT Governance Frameworks.
© 2011 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
Evaluation of Internal Control System
Understanding the IT environment of the entity. Session objectives Defining contours of financial accounting in an IT environment and its characteristics.
S4: Understanding the IT environment of the entity.
Chapter 7 Auditing Internal Control over Financial Reporting McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
1 Chapter Nine Conducting the IT Audit Lecture Outline Audit Standards IT Audit Life Cycle Four Main Types of IT Audits Using COBIT to Perform an Audit.
Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Chapter 7 Fraud, Ethics, and Controls.
Casualty Loss Reserve Seminar General Session II September 9, 2003 Section 302/404 of Sarbanes-Oxley Act What Actuaries Need to Know Jan A. Lommele, FCAS,
McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-1 Chapter 6 CHAPTER 6 INTERNAL CONTROL IN A FINANCIAL STATEMENT AUDIT.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-1 Chapter Six Internal Control in a Financial Statement Audit.
Chapter 9: Introduction to Internal Control Systems
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 7-1 Chapter Seven Auditing Internal Control over Financial Reporting.
Auditing Internal Control Studies & Risk Assessment Chapter 9 Internal Control Studies & Risk Assessment Chapter 9.
Hall, Accounting Information Systems, 7e ©2011 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly.
Copyright © 2007 Pearson Education Canada 23-1 Chapter 23: Using Advanced Skills.
McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Auditing Internal Control over Financial Reporting Chapter Seven.
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley Section 404 Audits of Internal Control and Control Risk Chapter.
Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly.
Copyright © 2007 Pearson Education Canada 9-1 Chapter 9: Internal Controls and Control Risk.
Chapter 3-Auditing Computer-based Information Systems.
©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder Section 404 Audits of Internal Control and Control Risk Chapter 10.
18-1 Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Deck 5 Accounting Information Systems Romney and Steinbart Linda Batch February 2012.
©©2012 Pearson Education, Auditing 14/e, Arens/Elder/Beasley Considering Internal Control Chapter 10.
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall. Chapter
Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.
Chapter 15A IT Controls Part I: Sarbanes-Oxley & IT Governance.
Chapter 6 Internal Control in a Financial Statement Audit McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
Controlling Computer-Based Information Systems, Part I
Defining Internal Control
Internal Control Internal control is the process designed and affected by owners, management, and other personnel. It is implemented to address business.
Presentation transcript:

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Accounting Information Systems, 8e James A. Hall Chapter 15 IT Controls Part I: Sarbanes-Oxley & IT Governance

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Objectives for Chapter 15  Understand the key features of Sections 302 and 404 of the Sarbanes-Oxley Act.  Understand management and auditor responsibilities under Sections 302 and 404.  Understand the risks of incompatible functions and how to structure the IT function.  Be familiar with the controls and precautions required to ensure the security of an organization’s computer facilities.  Understand the key elements of a disaster recovery plan.  Be familiar with the benefits, risks and audit issues related to IT Outsourcing. 2

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Sarbanes-Oxley Act  The 2002 Sarbanes-Oxley (SOX) Act established new corporate governance rules  Created company accounting oversight board  Increased accountability for company officers and board of directors  Increased white collar crime penalties  Prohibits a company’s external audit firms from designing and implementing financial information systems 3

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. SOX Section 302  Section 302—in quarterly and annual financial statements, management must:  certify the internal controls (IC) over financial reporting  state responsibility for IC design  provide reasonable assurance as to the reliability of the financial reporting process  disclose any recent material changes in IC 4

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. SOX Section 404  Section 404—in the annual report on IC effectiveness, management must:  state responsibility for establishing and maintaining adequate financial reporting IC  assess IC effectiveness  reference the external auditors’ attestation report on management’s IC assessment  provide explicit conclusions on the effectiveness of financial reporting IC  identify the framework management used to conduct their IC assessment, e.g., COBIT 5

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. IT Controls & Financial Reporting  Modern financial reporting is driven by information technology (IT)  IT initiates, authorizes, records, and reports the effects of financial transactions.  Financial reporting IC are inextricably integrated to IT. 6

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. IT Controls & Financial Reporting  COSO identifies two groups of IT controls:  application controls – apply to specific applications and programs, and ensure data validity, completeness and accuracy  general controls – apply to all systems and address IT governance and infrastructure, security of operating systems and databases, and application and program acquisition and development 7

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. SalesCGSAPCashInventory Significant Financial Accounts Order Entry Application Controls Cash Disbursements Application Controls Purchases Application Controls Related Application Controls Systems Development and Program Change Control Database Access Controls Operating System Controls Supporting General Controls Controls for Review IT Controls & Financial Reporting 8

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. SOX Audit Implications  Pre-SOX, audits did not require IC tests.  Only required to be familiar with client’s IC  Audit consisted primarily of substantive tests  SOX – radically expanded scope of audit  Issue new audit opinion on management’s IC assessment  Required to test IC affecting financial information, especially IC to prevent fraud  Collect documentation of management’s IC tests and interview management on IC changes 9

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Computer Fraud Schemes  Theft, misuse, or misappropriation of assets by altering computer-readable records and files  Theft, misuse, or misappropriation of assets by altering logic of computer software  Theft or illegal use of computer-readable information  Theft, corruption, illegal copying or intentional destruction of software  Theft, misuse, or misappropriation of computer hardware 10

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Using the general IS model, explain how fraud can occur at the different stages of information processing? 11

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Data Collection Fraud  This aspect of the system is the most vulnerable because it is relatively easy to change data as it is being entered into the system.  Also, the GIGO (garbage in, garbage out) principle reminds us that if the input data is inaccurate, processing will result in inaccurate output. 12

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Data Processing Fraud Program Frauds  altering programs to allow illegal access to and/or manipulation of data files  destroying programs with a virus Operations Frauds  misuse of company computer resources, such as using the computer for personal business 13

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Database Management Fraud  Altering, deleting, corrupting, destroying, or stealing an organization’s data  Oftentimes conducted by disgruntled or ex- employee 14

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Information Generation Fraud Stealing, misdirecting, or misusing computer output Scavenging  searching through the trash cans on the computer center for discarded output (the output should be shredded, but frequently is not) 15

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Organizational Structure IC  Audit objective – verify that individuals in incompatible areas are segregated to minimize risk while promoting operational efficiency  IC, especially segregation of duties, affected by which of two organizational structures applies:  Centralized model  Distributed model 16

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 17 Organizational Chart of a Centralized Information Technology Function Figure 15-3

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 18 Distributed Organization with Corporate Information Technology Function Figure 15-5

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Segregation of Duties  Transaction authorization is separate from transaction processing.  Asset custody is separate from record- keeping responsibilities.  The tasks needed to process the transactions are subdivided so that fraud requires collusion. 19

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Authorization Journals Processing Custody Recording Subsidiary LedgersGeneral Ledger Segregation of Duties Objectives Nested Control Objectives for Transactions Control Objective 1 Control Objective 2 Control Objective 3 20 TRANSACTION Figure 3-4

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Centralized IT Structure  Critical to segregate:  systems development from computer operations  database administrator (DBA) from other computer service functions DBA’s authorizing and systems development’s processing DBA authorizes access  maintenance from new systems development  data library from operations 21

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Distributed IT Structure  Despite its many advantages, important IC implications are present:  incompatible software among the various work centers  data redundancy may result  consolidation of incompatible tasks  difficulty hiring qualified professionals  lack of standards 22

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Organizational Structure IC  A corporate IT function alleviates potential problems associated with distributed IT organizations by providing:  central testing of commercial hardware and software  a user services staff  a standard-setting body  reviewing technical credentials of prospective systems professionals 23

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Audit Procedures  Review the corporate policy on computer security  Verify that the security policy is communicated to employees  Review documentation to determine if individuals or groups are performing incompatible functions  Review systems documentation and maintenance records  Verify that maintenance programmers are not also design programmers 24

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Audit Procedures  Observe if segregation policies are followed in practice.  E.g., check operations room access logs to determine if programmers enter for reasons other than system failures  Review user rights and privileges  Verify that programmers have access privileges consistent with their job descriptions 25

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Computer Center IC Audit objectives:  physical security IC protects the computer center from physical exposures  insurance coverage compensates the organization for damage to the computer center  operator documentation addresses routine operations as well as system failures 26

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Computer Center IC Considerations:  man-made threats and natural hazards  underground utility and communications lines  air conditioning and air filtration systems  access limited to operators and computer center workers; others required to sign in and out  fire suppression systems installed  fault tolerance  redundant disks and other system components  backup power supplies 27

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Audit Procedures  Review insurance coverage on hardware, software, and physical facility  Review operator documentation, run manuals, for completeness and accuracy  Verify that operational details of a system’s internal logic are not in the operator’s documentation 28

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Disaster Recovery Planning  Disaster recovery plans (DRP) identify:  actions before, during, and after the disaster  disaster recovery team  priorities for restoring critical applications  Audit objective – verify that DRP is adequate and feasible for dealing with disasters 29

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Disaster Recovery Planning  Major IC concerns:  second-site backups  critical applications and databases including supplies and documentation  back-up and off-site storage procedures  disaster recovery team  testing the DRP regularly 30

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Second-Site Backups  Empty shell - involves two or more user organizations that buy or lease a building and remodel it into a computer site, but without computer equipment  Recovery operations center - a completely equipped site; very costly and typically shared among many companies  Internally provided backup - companies with multiple data processing centers may create internal excess capacity 31

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. DRP Audit Procedures  Evaluate adequacy of second-site backup arrangements  Review list of critical applications for completeness and currency  Verify that procedures are in place for storing off-site copies of applications and data  Check currency back-ups and copies 32

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. DRP Audit Procedures  Verify that documentation, supplies, etc., are stored off-site  Verify that the disaster recovery team knows its responsibilities  Check frequency of testing the DRP 33

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Benefits of IT Outsourcing  Improved core business processes  Improved IT performance  Reduced IT costs 34

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Risks of IT Outsourcing  Failure to perform  Vendor exploitation  Costs exceed benefits  Reduced security  Loss of strategic advantage 35

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Audit Implications of IT Outsourcing  Management retains SOX responsibilities  SAS No. 70 report or audit of vendor will be required 36

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Accounting Information Systems, 8e James A. Hall Audit Background Material From Appendix

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. External (Financial) Audits  An independent attestation by a professional (CPA) regarding the faithful representation of the financial statements  Three phases of a financial audit:  familiarization with client firm  evaluation and testing of internal controls  assessment of reliability of financial data 38

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Attestation versus Assurance  Attestation:  practitioner is engaged to issue a written communication that expresses a conclusion about the reliability of a written assertion that is the responsibility of another party.  Assurance:  professional services that are designed to improve the quality of information, both financial and non-financial, used by decision- makers  includes, but is not limited to attestation 39

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Attest and Assurance Services 40

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. External versus Internal Auditing  External auditors – represent the interests of third party stakeholders  Internal auditors – serve an independent appraisal function within the organization  Often perform tasks which can reduce external audit fees and help to achieve audit efficiency 41

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Generally Accepted Auditing Standards (GAAS) 42

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Auditing Management’s Assertions 43

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Audit Risk is... the probability the auditor will issue an unqualified (clean) opinion when in fact the financial statements are materially misstated. 44

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Three Components of Audit Risk  Inherent risk – associated with the unique characteristics of the business or industry of the client  Control risk – the likelihood that the control structure is flawed because controls are either absent or inadequate to prevent or detect errors in the accounts  Detection risk – the risk that errors not detected or prevented by the control structure will also not be detected by the auditor 45

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Types of Audit Tests  Tests of controls – tests to determine if appropriate IC are in place and functioning effectively  Substantive testing – detailed examination of account balances and transactions 46

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. What is an IT Audit? Since most information systems employ IT, the IT audit is a critical component of all external and internal audits.  IT audits:  focus on the computer-based aspects of an organization’s information system  assess the proper implementation, operation, and control of computer resources 47

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Elements of an IT Audit  Systematic procedures are used  Evidence is obtained  tests of internal controls  substantive tests  Determination of materiality for weaknesses found  Prepare audit report & audit opinion 48

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Phases of an IT Audit 49 Figure 15-9

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.