8-1 Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

8-2 Many systems have developed away from centralized systems with one main frame computer using user developed software to a combination of smaller computers using commercially available software  Less expensive software  Electronic checkbooks (e.g., Quicken)  Moderate system  Basic general ledger system (e.g.., QuickBooks)  Expensive  ERP systems (e.g., SAP) Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

8-3  Usually consists of:  Hardware  Digital computer and peripheral equipment  Software  Various programs and routines for operating the system Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

8-4 Input/Output Devices Central Processing Unit Auxiliary Storage Card Readers Arithmetic Unit Magnetic Disks Terminals Control Unit Magnetic Drums Electronic Cash Magnetic Tapes Registers Optical Compact Disks Optical Scanners Magnetic Tape Drives Magnetic Disk Drives Optical Compact Disks Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

8-5  Two Types:  Systems software  Programs that control and coordinate hardware components and provide support to application software  Operating system (Examples: Unix, Windows)  Application software  Programs designed to perform a specific data processing task  Written in programming language (Example: Java) Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

8-6  Regardless of size, system possesses one or more of the following elements  Batch processing  On-line capabilities  Database storage  IT networks  End user computing Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

8-7  Input data gathered and processed periodically in groups  Example: Accumulate all of a day’s sales transactions and process them as a batch at end of day  Often more efficient than other types of systems but does not provide up-to-minute information Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

8-8  Online systems allow users direct access to data stored in the system  Two types (a company may use both)  Online transaction processing (OLTP)  Individual transactions entered from remote locations  Online real time (Example: Bank balance at ATM)  Online analytical processing (OLAP)  Enables user to query a system for analysis  Example: Data warehouse, decision support systems, expert systems Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

8-9  In traditional-IT systems, each computer application maintains separate master files  Redundant information stored in several files  Database system allows users to access same integrated database file  Eliminates data redundancy  Creates need for data administrator for security against improper access Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

8-10  Networks  Computers linked together through telecommunication links that enable computers to communicate information back and forth  WAN, LAN  Internet, intranet, extranet  Electronic commerce  Involves electronic processing and transmission of data between customer and client  Electronic Data Interchange (EDI) Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

8-11  User departments are responsible for the development and execution of certain IT applications  Involves a decentralized processing system  IT department generally not involved  Controls needed to prevent unauthorized access Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

8-12  Importance of internal control not diminished in computerized environment  Separation of duties  Clearly defined responsibilities  Augmented by controls written into computer programs Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

8-13  In a traditional manual system, hard-copy documentation available for accounting cycle  In computerized environment, audit trail ordinarily still exists, but often not in printed form  Can affect audit procedures  Consulting auditors during design stage of IT-based system helps ultimate auditability Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

8-14 Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

8-15  Information systems management  Supervise the operation of the department and report to vice president of finance  Systems analysis  Responsible for designing the system  Application programming  Design flowcharts and write programming code  Database administration  Responsible for planning and administering the company database  Data Entry  Prepare and verify input data for processing Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

8-16  IT Operations  Run and monitor central computers  Program and file library  Protect computer programs, master files and other records from loss, damage and unauthorized use  Data Control  Reviews and tests all input procedures, monitors processes and reviews IT logs  Telecommunications Specialists  Responsible for maintaining and enhancing IT networks  Systems Programming  Responsible for troubleshooting the operating system Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

8-17  History shows the person responsible for frauds in many situations set up the system and controlled its modifications  Segregation of duties  Programming separate from controlling data entry  Computer operator from custody or detailed knowledge of programs  If segregation not possible need:  Compensating controls like batch totals  Organizational controls not effective in mitigating collusion Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

8-18  Interested in evaluating the overall efficiency and effectiveness of information systems operations and related controls throughout the company  Should participate in design of IT-based system  Perform tests to ensure no unauthorized changes, adequate documentation, control activities functioning and data group performing duties. Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

8-19 Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

8-20 General Control Activities  Developing new programs and systems  Changing existing programs and systems  Access to programs and data  IT operations controls Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

8-21  Programmed Control Activities  Input validation checks  Limit test  Validity test  Self-checking number  Batch controls  Item count  Control total  Hash total  Processing controls  Input controls plus file labels  Manual Follow-up Activities  Exception reports follow-up Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

8-22  Designed to test the completeness and accuracy of IT-processed transactions  Designed to ensure reliability  Reconciliation of control totals generated by system to totals developed at input phase  Example: Sales invoices generated by IT-based system tested for clerical accuracy and pricing by the accounting clerk Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

8-23  Involves use of one or more user operated workstations to process data  Needed controls  Train users  Document computer processing procedures  Backup files stored away from originals  Authorization controls  Prohibit use of unauthorized programs  Use antivirus software Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

8-24  Step 1 – Consider IT system in planning  Step 2 – Obtain an understanding of the client and its environment  Documentation of client’s IT-based system depends on complexity of system  Narrative  Systems flowchart  Program flowchart  Internal control questionnaires Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

8-25  Identify risks  Relate the identified risks to what can go wrong at the relevant assertion level  Consider whether the risks are of a magnitude that could result in a material misstatement  Consider the likelihood that the risks could result in a material misstatement  Evaluate effectiveness of related controls in mitigating risks  Test of controls over IT-based systems Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

8-26  Auditing Around the Computer--Manually processing selected transactions and comparing results to computer output  Manual Tests of Computer Controls--Inspection of computer control reports and evidence of manual follow-up on exceptions  Auditing Through the Computer--Computer assisted techniques  Test Data  Integrated Test Facility  Controlled Programs  Program Analysis Techniques  Tagging and Tracing Transactions  Generalized audit software – parallel simulation Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

8-27 In general, using client data and generalized audit software  Examine client’s records for overall quality, completeness and valid conditions  Rearrange data and perform analyses  Select audit samples  Compare data on separate files  Compare results of audit procedures with client’s records Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

8-28 Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.