Chapter 16 - Auditing Information Technology

IS AUDITING CONCEPTS

Auditing through the computer is the process of reviewing and evaluating the internal controls in an electronic data processing system.

Auditing with the computer is the utilization of the computer by an auditor to perform some audit work that otherwise would have to be done manually.

Structure of Financial Statement Audit

•  The primary objective and responsibility of the external auditor is to attest to the fairness of a firm’s financial reports.

•  The external auditor serves the firm’s stockholders, the government, and the general public.

•  The internal auditor serves a firm’s management.

Audits are almost universally divided into two components:

Compliance Testing – Interim Audit (Focus on Transactions and Information System) – Controls Review

Substantive Testing – Financial Statement Audit (Focus on Financial Report accuracy)

Auditing Around the Computer

•  The around-the-computer approach is no longer widely used.

Auditing Through the Computer

•  Auditing through the computer may be defined as the verification of controls in a computerized system.

Auditing with the computer

•  Auditing with the computer is the process of using information technology in auditing.

•  Some of the potential benefits of using information systems technology in an audit.

1.  Computer-generated working papers are generally more legible and consistent.

2.  Time may be saved by eliminating manual footing, cross footing, and other routine calculations.

3.  Calculations, comparisons, and other data manipulations are more accurately performed.

4.  Analytical review calculations may be more efficiently performed.

5.  Increased cost-effectiveness is obtained by reusing and extending existing electronic audit applications to subsequent audits.

6.  Increased independence from information systems personnel is obtained.

IS AUDITING TECHNOLOGY

•  Test data are input containing both valid and invalid data.

•  Example: Payroll transactions for fictitious employees are processed concurrently with valid payroll transactions.

•  Integrated test facility (ITF) involves both the use of test data and the creation of fictitious records (vendors, employees) on the master files of a computer system.

•  Example: Payroll transactions for fictitious employees are processed concurrently with valid payroll transactions.

•  Parallel simulation is processing real data through audit programs. The simulated output and the regular output are then compared.

•  Example: Depreciation calculations are verified by processing the fixed-asset master file with an audit program.

•  Audit software is a computer programs that permit the computer to be used as an auditing tool.

•  Example: An auditor uses a computer program to extract data records from a master file.

-  Generalized Audit Software

-  PC Software

- ACL

- Deloitte & Touche AuditSystem/2

-  Artificial Intelligent Software

- Neural networks

- Expert Systems

•  Embedded audit routines is a special auditing routines included in regular computer programs so that transaction data can be subjected to audit analysis.

•  Example: Data items that are exceptions to auditor-specified edit tests included in a program are written to a special audit file.

•  Extended records is modification of programs to collect and store data of audit interest.

•  Example: A payroll program is modified to collect data pertaining to overtime pay.

•  Snapshots are Modifications of programs to output data of audit interest.

•  Example: A payroll program is modified to output data pertaining to overtime pay.

•  Tracing provides a detailed audit trail of the instructions executed during the program’s operation.

•  Example: A payroll program is traced to determine if certain edit tests are performed in the correct order.

•  Review of system documentation -Existing system documentation such as program flowcharts are reviewed for audit purposes.

•  Example: An auditor desk checks the processing logic of a payroll program.

•  Analytic flowcharts or other graphic techniques are used to describe the controls in a system.

•  Example: An auditor prepares an analytic flowchart to review controls in the payroll application system.

•  Mapping is a special software is used to monitor the execution of a program.

•  Example: The execution of a program with test data as input is mapped to indicate how extensively the input tested compares with individual program statements.

TYPES OF IS AUDITS General Approach to an Information Systems Audit

•  The first phase consists of an initial review and evaluation of the area to be audited and audit plan preparation.

•  The second phase is a detailed review and evaluation of controls.

•  The third phase involves compliance testing and is followed by analysis and reporting of results.

Application Audits

•  Application controls are divided into three general areas.

1  Input

2  Processing

3  Output

Systems Development Audits

•  Systems development audits are directed at the activities of the systems analyst and programmers.

•  There are three general areas of audit concern in the systems development process.

1  Systems development standards

2  Project management

3  Program change control

Computer Service Center Audits

•  Normally, an audit of the computer service center is undertaken before any application audits to ensure the general integrity of the environment in which the application will function.

•  Audits might be undertaken in several areas.

•  Audits of computer service center operations require a high degree of technical training and familiarity with computer operations.

Computer Service Center Audits

–  environmental controls

–  physical security of the center

–  data release, reports, and computer programs

–  management controls

Chapter 3 - Auditing Information Technology

INSERT NOTES HERE

FINAL REVIEW

•  50 Multiple Choice

•  Chapters 7, 8, 9, 14, 6, 16, 3

·  Will not include Chapter 10

·  Not cumulative (except that the material somewhat builds on itself

•  Mainly on what was presented discussed in class

What I would do to study…

•  Review the overheads from class presentations and KNOW the points we covered in class

•  Complete the Chapter Quizzes in each chapter

•  REVIEW the multiple choice and homework we reviewed in class

•  Understand the definitions in glossaries

•  Read the chapters

Ch 16 and 3 Page 7 of 8