Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Systems Auditing (ISMT 350) week #2

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Information Systems Auditing (ISMT 350) week #2"— Presentation transcript:

1 Information Systems Auditing (ISMT 350) week #2
Instructor: Professor J. Christopher Westland, PhD, CPA Time: Tue & Thur 10:30am-11:50amVenue: Rm. 2463Duration: 5 Sep – 7 Dec Text. Champlain, Auditing Information Systems (2nd ed.), Wiley, 2003 Contact: Office: Fax: URL:

2 Course Topics Topic Readings Practicum Competency Case Study
Competency Case Study What is Information Systems (IS) Auditing? Industry Profile: The Job of the IS Auditor Identifying Computer Systems Chapter 1 Evaluating IT Benefits and Risks Jacksonville Jaguars IS Audit Programs Chapter 2 The Job of the Staff Auditor A Day in the Life of Brent Dorsey IS Security Chapter 3 Recognizing Fraud The Anonymous Caller Utility Computing and IS Service Organizations Chapter 4 Evaluating a Prospective Audit Client Ocean Manufacturing Physical Security Chapters7 Inherent Risk and Control Risk Comptronix Corporation Logical Security Chapter 8 Evaluating the Internal Control Environment Easy Clean IS Operations Chapter 9 Fraud Risk and the Internal Control Environment Cendant Corporation Controls Assessment Chapter 10 IT-based vs. Manual Accounting Systems St James Clothiers Encryption and Cryptography Chapter 11 Materiality / Tolerable Misstatement Dell Computer New Challenges from the Internet: Privacy, Piracy, Viruses and so forth Course Wrap-up Information Systems and Audit Evidence Henrico Retail

3 Logical Structure of the Course With Readings from the Text

4 IS Audit Programs The first step in Audits

5 Auditing

6 How Auditors Should Visualize Computer Systems

7 The IS Auditor’s Challenge
Corporate Accounting is in a constant state of flux Because of advances in Information Technology applied to Accounting Information that is needed for an Audit is often hidden from easy access by auditors Making computer knowledge an important prerequisite for auditing IS (and also just Information) assets are increasingly the main proportion of wealth held by corporations

8 The Challenge to Auditing Presented by Computers
Transaction flows are less visible Fraud is easier Computers do exactly what you tell them To err is human But, to really screw up you need a computer Audit samples require computer knowledge and access Transaction flows are much larger (good for the company, bad for the auditor) Audits grow bigger and bigger from year to year And there is more pressure to eat hours Environmental, physical and logical security problems grow exponentially Externally originated viruses and hacking are the major source of risk (10 years ago it was employees)

9 The Challenge to Auditing Presented by The Internet
Transaction flows are External External copies of transactions on many Internet nodes External Service Providers for accounting systems require giving control to outsiders with different incentives Audit samples may be impossible to obtain Because they require access to 3rd party databases Transaction flows are intermingled between companies Environmental, physical and logical security problems grow exponentially Externally originated viruses and hacking are the major source of risk (10 years ago it was employees)

10 How Accounting has had to Change Because of Business Automation

11 Ideas, not Things, have Value … and these ideas are tracked in the computer

12 What is Auditing?

13 What is Auditing? Nature of Procedures / Work
Accountants prepare, analyze, and verify financial reports and taxes, and furnish this information to individuals and managers in business, industry, and government The three major fields in accounting are: Auditing Public Consulting Corporate / Internal

14 Public Accounting Auditor: An auditor examines an organization's financial statements, verifies the accuracy of the financial records, examines management procedures and internal controls to ensure accuracy, and checks for mismanagement, waste, or fraud. The auditor may review company operations compliance with corporate policies, laws, and government regulations. The auditor, or reports to investors and authorities such as the federal government that financial statements have been prepared and reported correctly. Other Public: Public accountants perform accounting, auditing, tax, and consulting activities for public accounting firms, their own businesses, governments, nonprofit organizations, or individuals. Typically, accountants specialize in one aspect of accounting, concentrating on taxes or bankruptcies, for example. Some become consultants who offer advice on compensation, employee benefits, the design of accounting processing systems, or how to safeguard assets.

15 Corporate / Internal Often called management, industrial, or corporate accountants, private accountants record and analyze financial information for the employer and prepare financial reports for stockholders, creditors, regulatory agencies, and tax authorities. Duties may include budgeting, performance evaluation, cost management, and asset management. An accountant also may work as part of an executive team in strategic planning or new product development. Entry-level private accountants often start as cost accountants, junior internal auditors, or as trainees for other accounting positions.

16 Qualifications Auditors must have: ability to analyze, compare, and interpret facts and figures quickly; and be able sound judgments based on this information. should have good oral and written communication skills, well-developed interpersonal skills, and ability to work in cross-functional teams. Business systems and computer skills are required. Some employers prefer hiring individuals with a master's degree in accounting or a master's degree in business administration. Most want to hire someone who is familiar with computers and accounting and internal auditing software applications. Changing legislation regarding taxes, financial reporting standards, international competition, business investments, mergers, and other financial matters require accountants and auditors to continuously update their knowledge.

17 CPAs Most accounting positions require at least a bachelor's degree in accounting or a related field. Based on recommendations made by the American Institute of Certified Public Accountants (AICPA), certified public accountant (CPA) candidates must complete 150 semester hours of college coursework – an additional 30 hours beyond the usual four-year bachelor's degree to become licensed. CPA certificate applicants to have some accounting experience. Almost all states require a CPA and other public accountants to complete a minimum number of hours of continuing education before a license can be renewed.

18 Employment Outlook Job opportunities for accountants are expected to grow 10 to 40 percent per year through 2006 due to the increasing number of new businesses spurred by China’s growing economy. Jobs with major accounting and business firms remain the most sought after by new graduates. More jobs will be available replacing thousands of accountants and auditors who retire or transfer to other occupations each year. Accountants and auditors who have earned certification or licensure or who have advanced degrees will have the best job prospects.

19 Audit Procedures Analytical Review
Tests for internal consistency of accounts, cross-sectional and over time Internal Control Tests (Tests of Transactions; Mid-Year Tests) Tests that Actual Accounting System is doing what it should be Substantive Tests Tests that Financial Statements accurately reflect reality (within material error)

20 Auditing = Statistics All three classes of procedures share a goal with Statistics Objective: use ‘data’ to guess what is ‘true’ Problems: Type I error: Auditor says F/S are Wrong when they are Fairly Stated Type II error: Auditor says F/S are Fairly Stated when they are Wrong Consequence of either: LAWSUITS

21 Auditing Procedures These are formally laid out in the Audit Program
The Planning and Risk Assessment phase of the Audit Writes the Audit Program Which is a sequence of Statistical Tests (Auditors call the sloppier of these ‘Judgment Tests’)

22 (Where Do Information Systems Fit in
(Where Do Information Systems Fit in?) Compare an Accounting Department in the early 1900s

23 Computers Interface of the Future c. 1950 SAGE Computer

24 (Where Do Information Systems Fit in
(Where Do Information Systems Fit in?) With an Accounting Department in the 1970s

25 (Where Do Information Systems Fit in
(Where Do Information Systems Fit in?) With an Accounting Department Today (well … not everywhere, but you see the potential….)

26 (Where Do Information Systems Fit in
(Where Do Information Systems Fit in?) With an Accounting Department of 2020 (… at least my prediction….)

27 Industry Structure, c. 2006 Operations & Accounting 500 2000 US, India
Information Technology Market Annual Expenditures ($US billion) Employees (thousand) Major Suppliers Operations & Accounting 500 2000 US, India Search & Storage 1000. 5000 US Tools 300 US, Germany Embedded 1500 700 US, Japan, Korea, Greater China Communications US, Germany, Japan, Greater China Total 4,000 10,000 GWP ~$45 trillion (Pop: 6 billion) US GDP ~$10 trillion (Pop: 300 million)

28 Tools & Toolsmiths

29 Hardware Taxonomy Fast Slow

30 Software Taxonomy

31 Major Players Hardware, Software, Communication Leaders

32 IS Audit Programs Chapter 2 What is IS Auditing? Why is it Important?
What is the Industry Structure? Attestation and Assurance

33 The Auditing World

34 Auditors and Information Systems

35 The IS Auditor’s Challenge
Corporate Accounting is in a constant state of flux Because of advances in Information Technology applied to Accounting Information that is needed for an Audit is often hidden from easy access by auditors Making computer knowledge an important prerequisite for auditing IS (and also just Information) assets are increasingly the main proportion of wealth held by corporations

36 The Challenge to Auditing Presented by Computers
Transaction flows are less visible Fraud is easier Computers do exactly what you tell them To err is human But, to really screw up you need a computer Audit samples require computer knowledge and access Transaction flows are much larger (good for the company, bad for the auditor) Audits grow bigger and bigger from year to year And there is more pressure to eat hours Environmental, physical and logical security problems grow exponentially Externally originated viruses and hacking are the major source of risk (10 years ago it was employees)

37 The Challenge to Auditing Presented by The Internet
Transaction flows are External External copies of transactions on many Internet nodes External Service Providers for accounting systems require giving control to outsiders with different incentives Audit samples may be impossible to obtain Because they require access to 3rd party databases Transaction flows are intermingled between companies Environmental, physical and logical security problems grow exponentially Externally originated viruses and hacking are the major source of risk (10 years ago it was employees)

38 Flowcharting Accounting Systems the first step in audit planning
A picture is worth 1000 words Flowcharts are the accountants’ pictures / shorthand They are the first step in an audit

39 Flowcharting Accounting Systems
A data flow diagram Data Flow Diagram Notations

40 Flowcharting Accounting Systems
A process transforms incoming data flow into outgoing data flow.

41 Flowcharting Accounting Systems
Datastores are repositories of data in the system. They are sometimes also referred to as databases or files.

42 Flowcharting Accounting Systems
Dataflows are pipelines through which transactions (packets of information) flow. Label the arrows with the name of the data that moves through it.

43 Flowcharting Accounting Systems
External entities are entities outside the firm, with which the accounting system communicates E.g., vendors, customers, advertisers, etc. External entities are sources and destinations of the transaction input and output

44 Flowcharting Accounting Systems
The Context diagram lists all of the external relationships

45 Flowcharting Accounting Systems …Levels
Context known as Level 0) data flow diagram. It only contains one process node (process 0) that generalizes the function of the entire system in relationship to external entities. DFD levels The first level DFD shows the main processes within the system. Each of these processes can be broken into further processes until you reach the level at which individual actions on transaction flows take place If you use SmartDraw Drawing Nested DFDs in SmartDrawYou can easily nest data flow diagrams in SmartDraw. Draw the high-level diagrams first, then select the process you want to expand, go to the Tools menu, and select Insert Hyperlink. Link the selected process notation to another SmartDraw diagram or a web page.

46 The Datastore The Datastore is used to represent Ledgers, Journals
Or more often in the current world Their computer implemented counterpart Since almost no one keeps physical records

47 Flowcharting Accounting Systems …Lower Level with Multiple Processes
Data Flow Diagram Layers Draw data flow diagrams in several nested layers. A single process node on a high level diagram can be expanded to show a more detailed data flow diagram

48 Control Concepts Each bubble is associated with a person or entity that is responsible for that process The same individuals with: Managerial Control Accountability Responsibility for the process Should all be responsible for the same bubble Internal Controls Are processes that insure procedures (bubbles) operate as they should And produce accurate account values

49 Prac·ti·cum (prăk-tĭ-kəm) noun Lessons in a specialized field of study designed to give students supervised practical application of previously studied theory Student Competence Case Study 1 Evaluating IT Benefits and Risks Jacksonville Jaguars 2 The Job of the Staff Auditor A Day in the Life of Brent Dorsey 3 Recognizing Fraud The Anonymous Caller 4 Evaluating a Prospective Audit Client Ocean Manufacturing 5 Inherent Risk and Control Risk Comptronix Corporation 6 Evaluating the Internal Control Environment Easy Clean 7 Fraud Risk and the Internal Control Environment Cendant Corporation 8 IT-based vs. Manual Accounting Systems St James Clothiers 9 Materiality / Tolerable Misstatement Dell Computer 10 Analytical Procedures as Substantive Tests Burlington Bees 11 Information Systems and Audit Evidence Henrico Retail

50 Practicum: Jacksonville Jaguars
Assurance Services for the Electronic Payments System of a privately held company Try making a simple flowchart of the system Identify benefits, costs and risks to businesses from implementing information technologies Determine how CPAs can provide assurance about processes designed to reduce risks created when new IT systems are introduced Understand ways CPAs can identify new assurance services opportunities (i.e., new areas for revenue generation)

Download ppt "Information Systems Auditing (ISMT 350) week #2"

Similar presentations

Chapter 1 Business Driven Technology

Chapter 1 Business Driven Technology
ENGAGE IN A CAREER IN BUSINESS 8/2/2011. ENGAGE IN A CAREER IN BUSINESS Some Job Descriptions Include: Operations Technology Finance Investment Management.

ENGAGE IN A CAREER IN BUSINESS 8/2/2011. ENGAGE IN A CAREER IN BUSINESS Some Job Descriptions Include: Operations Technology Finance Investment Management.
Auditing Concepts.

Auditing Concepts.
Connecticut Society of Certified Public Accountants Student Outreach Become a CPA – and discover a lifetime of opportunity!

Connecticut Society of Certified Public Accountants Student Outreach Become a CPA – and discover a lifetime of opportunity!
1-1 Skyline College Chapter 1. 1-2 The Need for Financial Information In running a business, you need answers to questions. $ How much cash does the business.

1-1 Skyline College Chapter The Need for Financial Information In running a business, you need answers to questions. $ How much cash does the business.
Information Systems Auditing Instructor: Chris Westland, PhD, CPA Certified Public Accountant (Texas License 17277) ISMT300T Information Systems Auditing.

Information Systems Auditing Instructor: Chris Westland, PhD, CPA Certified Public Accountant (Texas License 17277) ISMT300T Information Systems Auditing.
BA 427 – Assurance and Attestation Services Lecture 18 The Types of Services Offered by Public Accounting Firms.

BA 427 – Assurance and Attestation Services Lecture 18 The Types of Services Offered by Public Accounting Firms.
The Islamic University of Gaza

The Islamic University of Gaza
©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 1 - 1 The Demand for Audit and Other Assurance Services Chapter 1.

©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder The Demand for Audit and Other Assurance Services Chapter 1.
The Demand for Audit and Other Assurance Services Chapter 1.

The Demand for Audit and Other Assurance Services Chapter 1.
Planning the Audit; Linking Audit Procedures to Risk

Planning the Audit; Linking Audit Procedures to Risk
Information Systems Auditing (ISMT 350) Instructor: Professor J. Christopher Westland, PhD, CPA Time: Tue & Thur 10:30am-11:50amVenue: Rm. 2463Duration:

Information Systems Auditing (ISMT 350) Instructor: Professor J. Christopher Westland, PhD, CPA Time: Tue & Thur 10:30am-11:50amVenue: Rm. 2463Duration:
Chapter 7 Using Data Flow Diagrams

Chapter 7 Using Data Flow Diagrams
© 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart1 of 85 C HAPTER 1 Accounting Information Systems: An Overview.

© 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart1 of 85 C HAPTER 1 Accounting Information Systems: An Overview.
IS Auditing Midterm Review ISMT 350 Time & Venue: 5 Oct 2006, 10:30 am to 11:50 Room 2463 Note: You will be allowed one A4 sized sheet of paper as.

IS Auditing Midterm Review ISMT 350 Time & Venue: 5 Oct 2006, 10:30 am to 11:50 Room 2463 Note: You will be allowed one A4 sized sheet of paper as.
Chapter 12 Auditing the Human Resource Management Process McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved.

Chapter 12 Auditing the Human Resource Management Process McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved.
Advanced Accounting Information Systems

Advanced Accounting Information Systems
Chapter 7 Using Data Flow Diagrams

Chapter 7 Using Data Flow Diagrams
Business Careers & Practices Week 1 Careers and Jobs in Accounting and Management Work Functions of Accounting and Management Technicians Business Functions.

Business Careers & Practices Week 1 Careers and Jobs in Accounting and Management Work Functions of Accounting and Management Technicians Business Functions.
Audit Programs for Computer Systems Assurance

Audit Programs for Computer Systems Assurance

Similar presentations

Ads by Google