Download presentation
Presentation is loading. Please wait.
Published byStewart Tyler Modified over 6 years ago
1
The Impact of Information Technology on the Audit Process
Chapter 12
2
Describe how IT improves
Learning Objective 1 Describe how IT improves internal control.
3
How Information Technologies Enhance Internal Control
Computer controls replace manual controls. Higher-quality information is available.
4
Identify risks that arise
Learning Objective 2 Identify risks that arise from using an IT-based accounting system.
5
Assessing Risks of Information Technologies
Reliance on the capabilities of hardware and software Visibility of audit trail Reduced human involvement Systematic versus random errors
6
Assessing Risks of Information Technologies
Unauthorized access Loss of data Reduced segregation of duties Lack of traditional authorization Need for IT experience
7
Explain how general controls and application controls
Learning Objective 3 Explain how general controls and application controls reduce IT risks.
8
Internal Controls Specific to Information Technology
General controls Application controls
9
General Controls Administration of the IT function Physical and
online security Segregation of IT duties Backup and contingency planning Systems development Hardware controls
10
Application Controls Input controls Processing controls
Output controls
11
Relationship Between General and Administrative Controls
Risk of unauthorized change to application software Risk of system crash Cash receipts application controls Sales applications Payroll Other cycle GENERAL CONTROLS Risk of unauthorized master file update Risk of unauthorized processing
12
Administration of the IT Function
The perceived importance of IT within an organization is often dictated by the attitude of the board of directors and senior management.
13
Segregation of IT Duties
Chief Information Officer or IT Manager Systems Development Operations Data Control Security Administrator
14
Systems Development Pilot testing Typical test strategies
Parallel testing Typical test strategies
15
Physical and Online Security
Physical Controls: Keypad entrances Badge-entry systems Security cameras Security personnel Online Controls: User ID control Password control Separate add-on security software
16
Backup and Contingency Planning
One key to a backup and contingency plan is to make sure that all critical copies of software and data files are backed up and stored off the premises.
17
Hardware Controls These controls are built into computer
equipment by the manufacturer to detect and report equipment failures.
18
Input Controls These controls are designed by an
organization to ensure that the information being processed is authorized, accurate, and complete.
19
Batch Input Controls Financial total Hash total Record count
20
Processing Controls Validation test Sequence test
Arithmetic accuracy test Data reasonableness test Completeness test
21
Output Controls These controls focus on detecting errors
after processing is completed rather than on preventing errors.
22
Describe how general controls affect the auditor’s testing
Learning Objective 4 Describe how general controls affect the auditor’s testing of application controls.
23
Impact of Information Technology on the Audit Process
Effects of general controls on control risk Effects of IT controls on control risk and substantive tests Auditing in less complex IT environments Auditing in more complex IT environments
24
Use the test data, parallel simulation, and embedded
Learning Objective 5 Use the test data, parallel simulation, and embedded audit module approaches when auditing through the computer.
25
Test Data Approach Test data should include all relevant 1
conditions that the auditor wants tested. 2 Application programs tested by the auditor’s test data must be the same as those the client used throughout the year. 3 Test data must be eliminated from the client’s records.
26
Test Data Approach Input test Transactions to test Key control
Procedures Master files Application Programs (Assume Batch System) Transaction files (contaminated?) Contaminated master files Control test results
27
Test Data Approach Control test results Auditor-predicted
results of key control procedures based on an understanding of internal control Auditor makes comparisons Differences between actual outcome and predicted result
28
Parallel Simulation The auditor uses auditor-controlled
software to perform parallel operations to the client’s software by using the same data files.
29
Parallel Simulation Production transactions Master file
Auditor-prepared program Client application system programs Auditor results Client results Auditor makes comparisons between client’s application system output and the auditor-prepared program output Exception report noting differences
30
Embedded Audit Module Approach
Auditor inserts an audit module in the client’s application system to capture transactions with characteristics that are of specific interest to the auditor.
31
Identify issues for e-commerce systems and other specialized
Learning Objective 6 Identify issues for e-commerce systems and other specialized IT environments.
32
Issues for Different IT Environments
Issues for microcomputer environments Issues for network environments Issues for database management systems Issues for e-commerce systems Issues when clients outsource IT
33
End of Chapter 12
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.