Presentation is loading. Please wait.

Presentation is loading. Please wait.

Audit Programs for Computer Systems Assurance

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Audit Programs for Computer Systems Assurance"— Presentation transcript:

1 Audit Programs for Computer Systems Assurance
12-Sep-05 Audit Programs (Chapter 3) From Transactions at Risk to Audit Programs The Challenge Presented by Computers Practicum: Job of the Staff Auditor: A Day in the Life of Brent Dorsey

2 Schedule Week Topic Readings Practicum 12-Sep-05
Identifying Computer Systems Chapter 2 Evaluating IT Benefits and Risks Jacksonville Jaguars 19-Sep-05 IS Audit Programs Chapter 3 The Job of the Staff Auditor A Day in the Life of Brent Dorsey 26-Sep-05 IS Security Chapter 4 Recognizing Fraud The Anonymous Caller 3-Oct-05 Utility Computing and IS Service Organizations Chapter 5 Evaluating a Prospective Audit Client Ocean Manufacturing 10-Oct-05 Physical Security Chapter 6 Inherent Risk and Control Risk Comptronix Corporation 17-Oct-05 Logical Security Chapter 7 & 8 Evaluating the Internal Control Environment Easy Clean 24-Oct-05 IS Operations Chapter 9 Fraud Risk and the Internal Control Environment Cendant Corporation 31-Oct-05 Controls Assessment Chapter 10 IT-based vs. Manual Accounting Systems St James Clothiers 7-Nov-05 Encryption and Cryptography Chapter 11 Materiality / Tolerable Misstatement Dell Computer 14-Nov-05 Computer Forensics Chapter 12 Analytical Procedures as Substantive Tests Burlington Bees 21-Nov-05 New Challenges from the Internet: Privacy, Piracy, Viruses and so forth Chapter 13 Information Systems and Audit Evidence Henrico Retail 28-Nov-05 Auditing and Future Technologies Chapter 16 Flowcharting Transaction Cycles Southeast Shoe Distributor

3 Audit Program Objective
Audit programs are checklists of the various tests (audit procedures) that auditors must perform within the scope of their audits to determine whether key controls intended to mitigate significant risks are functioning as designed. Objective To determine the adequacy of the controls over the particular accounting processes covered by the audit program This is fundamentally what the assurance and attestation aspects of the audit are expected to achieve during the ‘tests of transactions’ or mid-year or internal control tests

4 Where do you Start Auditing?

5 Remember The audit objective is to write an opinion:
Saying stock price is fairly stated (external) Control processes are effective (internal & external) Assets are not at risk of theft or damage (internal) We only need to identify computer systems where one of more of these objectives is affected

6 Benefits The use of audit programs is fairly standard for audit firms, and is considered good business practice. List three (3) benefits to the audit firm of using an audit program The improve resource planning (where to spend money and employ people on an audit) They promote consistency from year to year when personnel and situations of an audit change Prior years’ programs are the basis for the current year’s audit procedures Anything else that seems reasonable

7 Control assessment Information systems audit programs should assess the adequacy of controls in four (4) areas. Environmental controls Physical security controls Logical security controls IS operating controls

8 Flowcharting Systems This section describes how to use the unequivocal and efficient dataflow diagram to flowchart systems

9 Responsibility Accounting
Each bubble is associated with a person or entity that is responsible for that process The same individuals with: Managerial Control Accountability Responsibility for the process Should all be responsible for the same bubble Example (next slide) of Traditional Flowchart Often, traditional accounting flowcharts place responsibility centers across the top of the chart, and sequence of processes from top (first) to bottom (last)

10

11 Flowcharting Yourdon and Coad Process Notations Gane and Sarson Process Notation Learn how to edit text on this object. Datastore Notations Yourdon and Coad Datastore Notation Gane and Sarson Datastore Notations DataStore Datastores are repositories of data in the system. They are sometimes also referred to as files. Learn how to edit text on this object. Dataflow Notations Dataflow Dataflows are pipelines through which packets of information flow. Label the arrows with the name of the data that moves through it. Learn how to connect objects. Learn how to edit text on this object.

12 A data flow diagram Data Flow Diagram Notations

13 Process A process transforms incoming data flow into outgoing data flow.

14 DataStore Datastores are repositories of data in the system.
They are sometimes also referred to as databases or files.

15 Dataflow Dataflows are pipelines through which transactions (packets of information) flow. Label the arrows with the name of the data that moves through it.

16 External Entity External entities are entities outside the firm, with which the accounting system communicates E.g., vendors, customers, advertisers, etc. External entities are sources and destinations of the transaction input and output

17 Context Diagram The Context diagram lists all of the external relationships

18 Levels Context DFD levels
known as Level 0) data flow diagram. It only contains one process node (process 0) that generalizes the function of the entire system in relationship to external entities. DFD levels The first level DFD shows the main processes within the system. Each of these processes can be broken into further processes until you reach the level at which individual actions on transaction flows take place If you use SmartDraw Drawing Nested DFDs in SmartDrawYou can easily nest data flow diagrams in SmartDraw. Draw the high-level diagrams first, then select the process you want to expand, go to the Tools menu, and select Insert Hyperlink. Link the selected process notation to another SmartDraw diagram or a web page.

19 The Datastore The Datastore is used to represent Ledgers, Journals
Or more often in the current world Their computer implemented counterpart Since almost no one keeps physical records

20 Lower Level with Multiple Processes
Data Flow Diagram Layers Draw data flow diagrams in several nested layers. A single process node on a high level diagram can be expanded to show a more detailed data flow diagram

21 Practicum : The Job of the Staff Auditor
A Day in the Life of Brent Dorsey

22 Making an Audit Program from a Risk Matrix
Applying the flowchart and risk matrix

23 How Auditors Should Visualize Computer Systems

24 The Risk Assessment Database
Asset (Ex 2.1) Risk Assessment (Ex. 2.2 with improvements) Primary OS Owner Application Asset Value ($000,000 to Owner)* Transaction Flow Description Total Annual Transaction Value Flow managed by Asset($000,000)* Risk Description Probability of Occurrence (# per Year) Cost of single occurrence ($) Expected Loss Win XP Receiving Dock A/P 0.002 RM Received from Vendor 23 Theft 100 10000 Obsolescence and spoilage 35 350 12250 Etc *Whether you list depends on Audit Materiality

25 Context Diagram: (Sales Order Entry & Processing System)

26 Level 1 Logical Dataflow Diagram: (Sales Order Entry Sub-system)

27 Level 1 Logical Dataflow Diagram: (Sales Order Processing Sub-system)

28 Level 1 Logical Dataflow Diagram: (Sales Order Processing Sub-system)

29 Detailed Systems Documentation
Dataflow Specifications Syntax: dataflowName(attribute1, attribute2,.....) order(CustomerName, CustomerAddress, Item, Quantity) pricedOrder(CustomerName, CustomerAddress, Item, Quantity, OrderPrice) weDontSell(CustomerName, CustomerAddress, Item) sorryBadCredit(CustomerName, CustomerAddress) Datastore Specifications Syntax:relationName(attribute1, attribute2,......) priceList(Item, Price) customerMaster(CustomerName, CustomerAddress, Balance, CreditLimit) inventoryMaster(Item, QuantityOnHand) Process Specifications Syntax:prolog clause /* Orders are priced by multiplying the quantity ordered by the */ /* price for the item on the price list */ if order(CustomerName, CustomerAddress, Item, Quantity), priceList(Item, Price), orderPrice is Price * Quantity. /* We don't sell the item ordered by the customer if such item */ /* is not on the price list */

30 The Audit Program Make a Risk Assessment Matrix for the Previously DFDed (Flowcharted) System Transaction Flows Purchase Order Sales Order Don’t Sell Bad Credit Out of stock Bill of Lading Invoice

31 Let’s look at some examples of Audit Programs
Three different formats and objectives

32 The Challenge to Auditing Presented by Computers
Transaction flows are less visible Fraud is easier Computers do exactly what you tell them To err is human But, to really screw up you need a computer Audit samples require computer knowledge and access Transaction flows are much larger (good for the company, bad for the auditor) Audits grow bigger and bigger from year to year And there is more pressure to eat hours Environmental, physical and logical security problems grow exponentially Externally originated viruses and hacking are the major source of risk (10 years ago it was employees)

33 The Challenge to Auditing Presented by The Internet
Transaction flows are External External copies of transactions on many Internet nodes External Service Providers for accounting systems require giving control to outsiders with different incentives Audit samples may be impossible to obtain Because they require access to 3rd party databases Transaction flows are intermingled between companies Environmental, physical and logical security problems grow exponentially Externally originated viruses and hacking are the major source of risk (10 years ago it was employees)

34 Practicum Revisited: The Job of the Staff Auditor
Brent Dorsey’s Decisions (from A Day in the Life of Brent Dorsey)

Download ppt "Audit Programs for Computer Systems Assurance"

Similar presentations

Data Flow Diagram (DFD) Review

Data Flow Diagram (DFD) Review
Describing Process Specifications and Structured Decisions Systems Analysis and Design, 7e Kendall & Kendall 9 © 2008 Pearson Prentice Hall.

Describing Process Specifications and Structured Decisions Systems Analysis and Design, 7e Kendall & Kendall 9 © 2008 Pearson Prentice Hall.
SYSTEMS ANALYSIS AND DESIGN TOOLS

SYSTEMS ANALYSIS AND DESIGN TOOLS
Chapter 7 Structuring System Process Requirements

Chapter 7 Structuring System Process Requirements
Chapter 7 Structuring System Process Requirements

Chapter 7 Structuring System Process Requirements
Accounting Information Systems 9th Edition

Accounting Information Systems 9th Edition
Systems Documentation Techniques

Systems Documentation Techniques
Learning Objectives LO5 Document an accounting system to identify key controls and weaknesses in order to assess control risk. LO6 Write key control tests.

Learning Objectives LO5 Document an accounting system to identify key controls and weaknesses in order to assess control risk. LO6 Write key control tests.
How to : Data Flow Diagrams (DFDs)

How to : Data Flow Diagrams (DFDs)
Information Systems Auditing Instructor: Chris Westland, PhD, CPA Certified Public Accountant (Texas License 17277) ISMT300T Information Systems Auditing.

Information Systems Auditing Instructor: Chris Westland, PhD, CPA Certified Public Accountant (Texas License 17277) ISMT300T Information Systems Auditing.
The Islamic University of Gaza

The Islamic University of Gaza
Jump to first page Chapter 2 System Analysis - Process Modeling.

Jump to first page Chapter 2 System Analysis - Process Modeling.
Auditing Utility (On-Demand) and Service Organization Applications

Auditing Utility (On-Demand) and Service Organization Applications
Chapter 7 Using Data Flow Diagrams

Chapter 7 Using Data Flow Diagrams
IS Auditing Midterm Review ISMT 350 Time & Venue: 5 Oct 2006, 10:30 am to 11:50 Room 2463 Note: You will be allowed one A4 sized sheet of paper as.

IS Auditing Midterm Review ISMT 350 Time & Venue: 5 Oct 2006, 10:30 am to 11:50 Room 2463 Note: You will be allowed one A4 sized sheet of paper as.
Information Systems Operations IS Operations (Chapter 9) Practicum: Cendant Corporation.

Information Systems Operations IS Operations (Chapter 9) Practicum: Cendant Corporation.
Chapter 9 Using Data Flow Diagrams

Chapter 9 Using Data Flow Diagrams
Advanced Accounting Information Systems

Advanced Accounting Information Systems
Information Systems Auditing (ISMT 350) week #2

Information Systems Auditing (ISMT 350) week #2
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 5 - 5 Audit of the Acquisition and Payment Cycle: Tests of Controls, Substantive.

©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley Audit of the Acquisition and Payment Cycle: Tests of Controls, Substantive.

Similar presentations

Ads by Google