Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly.

Slides:



Advertisements
Similar presentations
Audit of Autonomous District Councils (in an IT environment using FAAM)
Advertisements

Computer Assisted and Audit Tools and Techniques Drs. Haryono, Ak. M.Com & Dimas M. Widiantoro, SE., S.Kom., M.Sc. Pics from :
Presented to the Tallahassee ISACA Chapter
Software Quality Assurance Plan
ITAuditing Using GAS & CAATs
Auditing Computer-Based Information Systems
Learning Objectives LO5 Document an accounting system to identify key controls and weaknesses in order to assess control risk. LO6 Write key control tests.
Auditing Computer Systems
Auditing Computer-Based Information Systems
Coping with Electronic Records Setting Standards for Private Sector E-records Retention.
The Islamic University of Gaza
McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 7-1 Chapter 7 CHAPTER 7 THE EFFECT OF INFORMATION TECHNOLOGY ON THE AUDIT.
CAATTs for Data Extraction and Analysis
©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder The Impact of Information Technology on the Audit Process Chapter 12.
6.1 Copyright © 2014 Pearson Education, Inc. publishing as Prentice Hall Building Information Systems Chapter 13 VIDEO CASES Video Case 1: IBM: Business.
Accounting Information Systems, 5 th edition James A. Hall COPYRIGHT © 2007 Thomson South-Western, a part of The Thomson Corporation. Thomson, the Star.
Accounting Information Systems, 5 th edition James A. Hall COPYRIGHT © 2007 Thomson South-Western, a part of The Thomson Corporation. Thomson, the Star.
1 Output Controls Ensure that system output is not lost, misdirected, or corrupted and that privacy is not violated. Exposures of this sort can cause serious.
Computer Assisted Audit Techniques
©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart 18-1 Accounting Information Systems 9 th Edition Marshall.
Concurrent Auditing Techniques
Computers: Tools for an Information Age
Accounting Information Systems, 1st Edition
Chapter 9 Database Design
Auditing Auditing & Automated Systems Chapter 22 Auditing & Automated Systems Chapter 22.
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley The Impact of Information Technology on the Audit.
Chapter 13 Auditing Information Technology
Hall, Accounting Information Systems, 7e ©2011 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly.
Chapter 12/2 Audit Software Techniques
Information Systems Auditing and Assurance
Chapter 4: Systems Development & Maintenance Activities.
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin.
Auditing Computerized Information Systems
Copyright © 2003 by Prentice Hall Computers: Tools for an Information Age Chapter 14 Systems Analysis and Design: The Big Picture.
Today’s Lecture application controls audit methodology.
Chapter 22 Systems Design, Implementation, and Operation Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 22-1.
Chapter 10.
Chapter 17: Computer Audits ACCT620 Internal Accounting Otto Chang Professor of Accounting.
INFORMATION SYSTEM APPLICATIONS System Development Life Cycle.
The Islamic University of Gaza
Update from Business Week Number of Net Fraud Complaints – 2002 – 48,252 – 2004 – 207,449.
Implications of Information Technology for the Audit Process
IT Auditing & Assurance, 2e, Hall & Singleton Chapter 4: Systems Development & Maintenance Activities.
Understanding the IT environment of the entity. Session objectives Defining contours of financial accounting in an IT environment and its characteristics.
S4: Understanding the IT environment of the entity.
© 2011 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
IT Auditing & Assurance, 2e, Hall & Singleton Chapter 8: IT Auditing & Assurance, 2e, Hall & Singleton CAATTs for Data Extraction and Analysis.
Configuration Management and Change Control Change is inevitable! So it has to be planned for and managed.
IT Auditing & Assurance, 2e, Hall & Singleton Chapter 8: CAATTs for Data Extraction and Analysis IT Auditing & Assurance, 2e, Hall & Singleton.
McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-1 Chapter 6 CHAPTER 6 INTERNAL CONTROL IN A FINANCIAL STATEMENT AUDIT.
AUDIT IN COMPUTERIZED ENVIRONMENT
 2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood 13 – 1 Chapter 13 Auditing Information Technology.
Hall, Accounting Information Systems, 7e ©2011 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly.
Auditing Data Management Systems Chapter 3 with added info.
Copyright © 2007 Pearson Education Canada 23-1 Chapter 23: Using Advanced Skills.
IS 630 : Accounting Information Systems Auditing Computer-based Information Systems Lecture 10.
Copyright © 2007 Pearson Education Canada 1 Chapter 11: Overall Audit Plan and Audit Program.
Chapter 7: Computer-Assisted Audit Techniques [CAATs]
The Impact of Information Technology on the Audit Process
Chapter 8-1 Chapter 8 Accounting Information Systems Information Technology Auditing Dr. Hisham madi.
©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley Internal Control and Control Risk Chapter 10.
Auditing Information Technology
FORMAL SYSTEM DEVELOPMENT METHODOLOGIES
The Impact of Information Technology on the Audit Process
The Impact of Information Technology on the Audit Process
Types of CAATs Session 3.
CHAPTER 15 AUDITING EDP SYSTEMS.
Internal Control Internal control is the process designed and affected by owners, management, and other personnel. It is implemented to address business.
Information Technology Auditing
What is a System? A system is a collection of interrelated components that work together to perform a specific task.
Presentation transcript:

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Accounting Information Systems, 8e James A. Hall Chapter 17 IT Controls Part III: Systems Development, Program Changes, and Application Controls

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Objectives for Chapter 17  Be familiar with the controls and audit tests relevant to the systems development process.  Understand the risks and controls associated with program change procedures and the role of the source program library.  Understand the auditing techniques (CAATTs) used to verify the effective functioning of application controls.  Understand the auditing techniques used to perform substantive tests in an IT environment. 2

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Systems Development Controls Controllable activities that distinguish an effective systems development process include:  Systems authorization  User specification  Technical design  Internal audit participation  Program testing  User test and acceptance procedures 3

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Auditor’s objectives The auditor’s objectives are to ensure that  all systems development activities are applied consistently and follow management’s policies  system as originally implemented was free from material errors and fraud  system was judged necessary and justified at checkpoints throughout the SDLC, and  system documentation is sufficiently accurate and complete to facilitate audit and maintenance activities. 4

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Tests of Systems Development Controls  New systems must be authorized.  Feasibility studies were conducted.  User needs were analyzed and addressed.  Cost-benefit analysis was done.  Proper documentation was completed.  All program modules must be thoroughly tested before they are implemented.  Checklist of problems was kept. 5

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. System Maintenance Controls  Last, longest and most costly phase of systems development  Up to 80-90% of entire cost of a system  All maintenance actions should require  Technical specifications  Testing  Documentation updates  Formal authorizations for any changes 6

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Program Change Audit objectives: detect unauthorized program maintenance and determine that...  maintenance procedures protect applications from unauthorized changes  applications are free from material errors  program libraries are protected from unauthorized access 7

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Source Program Library  Source program library (SPL)  library of applications and software  place where programs are developed and modified  once compiled into machine language, no longer vulnerable 8

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Uncontrolled Access to the SPL 9 Figure 17-2

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Controlled SPL Environments  SPL Management Systems (SPLMS) protect the SPL by controlling the following functions:  storing programs on the SPL  retrieving programs for maintenance purposes  deleting obsolete programs from the library  documenting program changes to provide an audit trail of the changes 10

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Source Program Library under the Control of SPL Management Software 11 Figure 17-3

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. SPL Control Features  Password control  Separation of test libraries  Audit trails  Reports that enhance management control and the audit function  Assigns program version numbers automatically  Controlled access to maintenance commands 12

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Program Change  Auditing procedures: verify that programs were properly maintained, including changes  Specifically, verify…  identification and correction of unauthorized program changes  identification and correction of application errors  control of access to systems libraries 13

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Testing Application Controls  Techniques for auditing applications fall into two classes: 1.testing application controls – two general approaches: –black box – around the computer –white box – through the computer 2.examining transaction details and account balances—substantive testing 14

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Auditing Around the Computer - The Black Box Approach 15 Figure 17-9

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Auditing through the Computer: The ITF Technique 16 Figure 17-14

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Testing Application Controls  Black Box Approach – focuses on input procedures and output results  To Gain need understanding…  analyze flowcharts  review documentation  conduct interviews 17

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Testing Application Controls  Auditing through-the-computer  focuses on understanding the internal logic of processes between input and output  Common tests Authenticity tests Accuracy tests Completeness tests Redundancy tests Access tests Audit trail tests Rounding error tests 18

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Audit Testing Techniques  Test data method: testing for logic or control problems - good for new systems or systems which have undergone recent maintenance  base case system evaluation (BCSE) - using a comprehensive set of test transactions  tracing - performs an electronic walkthrough of the application’s internal logic  Test data methods are not fool-proof  a snapshot - one point in time examination  high-cost of developing adequate test data 19

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Audit Testing Techniques  Integrated test facility (ITF): an automated, on-going technique that enables the auditor to test an application’s logic and controls during its normal operation  Parallel simulation: auditor writes simulation programs and runs actual transactions of the client through the system 20

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. The Parallel Simulation Technique 21 Figure 17-11

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Substantive Testing  Techniques to substantiate account balances. For example:  search for unrecorded liabilities  confirm accounts receivable to ensure they are not overstated  Requires first extracting data from the system. Two technologies commonly used to select, access, and organize data are:  embedded audit module  generalized audit software 22

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Embedded Audit Module  An ongoing module which filters out non- material transactions  The chosen, material transactions are used for sampling in substantive tests  Requires additional computing resources by the client  Hard to maintain in systems with high maintenance 23

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Embedded Audit Module Technique 24 Figure 17-12

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Generalized Audit Software  Very popular & widely used  Can access data files & perform operations on them:  screen data  statistical sampling methods  foot & balance  format reports  compare files and fields  recalculate data fields 25

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Using GAS to Access Complex File Structure 26 Figure 17-14

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.