The Impact of Information
The Impact of Information
Technology on the Audit
Technology on the Audit
Process
Process
©2010 Prentice Hall Business Publishing,
©2010 Prentice Hall Business Publishing, Auditing 13/e,Auditing 13/e, Arens//Elder/Beasley Arens//Elder/Beasley 12 - 12 - 22
Learning Objective 1
Learning Objective 1
Describe how IT improves
Describe how IT improves
internal control.
How Information Technologies
How Information Technologies
Enhance Internal Control
Enhance Internal Control
Computer controls replace manual controls
©2010 Prentice Hall Business Publishing,
©2010 Prentice Hall Business Publishing, Auditing 13/e,Auditing 13/e, Arens//Elder/Beasley Arens//Elder/Beasley 12 - 12 - 44
Learning Objective 2
Learning Objective 2
Identify risks that arise from using
Identify risks that arise from using
an IT-based accounting system.
Assessing Risks of
Assessing Risks of
Information Technologies
Information Technologies
Risks to hardware and data
Reduced audit trail
Need for IT experience and
©2010 Prentice Hall Business Publishing,
©2010 Prentice Hall Business Publishing, Auditing 13/e,Auditing 13/e, Arens//Elder/Beasley Arens//Elder/Beasley 12 - 12 - 66
Risks to Hardware and Data
Risks to Hardware and Data
Reliance on the functioning capabilities
of hardware and software
Reliance on the functioning capabilities
of hardware and software
Systematic versus random errors
Systematic versus random errors
Unauthorized access Unauthorized access
Reduced Audit Trail
Reduced Audit Trail
Visibility of audit trail
Reduced human involvement
©2010 Prentice Hall Business Publishing,
©2010 Prentice Hall Business Publishing, Auditing 13/e,Auditing 13/e, Arens//Elder/Beasley Arens//Elder/Beasley 12 - 12 - 88
Need for IT Experience and
Need for IT Experience and
Separation of Duties
Separation of Duties
Reduced separation of duties
Learning Objective 3
Learning Objective 3
Explain how general controls
Explain how general controls
and application controls
and application controls
reduce IT risks.
©2010 Prentice Hall Business Publishing,
©2010 Prentice Hall Business Publishing, Auditing 13/e,Auditing 13/e, Arens//Elder/Beasley Arens//Elder/Beasley 12 - 12 - 1010
Internal Controls Specific to
Internal Controls Specific to
Information Technology
Information Technology
General controls
Relationship Between General
Relationship Between General
and Application Controls
and Application Controls
Cash receipts Risk of unauthorized change
to application software Risk of system crash
Risk of unauthorized
©2010 Prentice Hall Business Publishing,
©2010 Prentice Hall Business Publishing, Auditing 13/e,Auditing 13/e, Arens//Elder/Beasley Arens//Elder/Beasley 12 - 12 - 1212
General Controls
General Controls
Administration of the IT function
Separation of IT duties
Systems development
Physical and online security
Backup and contingency planning
Administration of the IT Function
Administration of the IT Function
The perceived importance of IT within an
©2010 Prentice Hall Business Publishing,
©2010 Prentice Hall Business Publishing, Auditing 13/e,Auditing 13/e, Arens//Elder/Beasley Arens//Elder/Beasley 12 - 12 - 1414
Segregation of IT Duties
Segregation of IT Duties
Chief Information Officer or IT Manager
Systems
Development Operations ControlData
Systems Development
Systems Development
Typical test strategies
©2010 Prentice Hall Business Publishing,
©2010 Prentice Hall Business Publishing, Auditing 13/e,Auditing 13/e, Arens//Elder/Beasley Arens//Elder/Beasley 12 - 12 - 1616
Physical and Online Security
Physical and Online Security
Physical Controls:
Physical Controls:
Keypad entrancesKeypad entrances
Badge-entry systemsBadge-entry systems Security camerasSecurity cameras
Security personnelSecurity personnel
Online Controls:
Online Controls:
User ID controlUser ID control Password controlPassword control Separate add-onSeparate add-on
security software
Backup and Contingency
Backup and Contingency
Planning
Planning
One key to a backup and contingency plan is to make sure that all critical copies of
©2010 Prentice Hall Business Publishing,
©2010 Prentice Hall Business Publishing, Auditing 13/e,Auditing 13/e, Arens//Elder/Beasley Arens//Elder/Beasley 12 - 12 - 1818
Hardware Controls
Hardware Controls
These controls are built into computer equipment by the manufacturer to
Application Controls
Application Controls
Input controls
Processing controls
©2010 Prentice Hall Business Publishing,
©2010 Prentice Hall Business Publishing, Auditing 13/e,Auditing 13/e, Arens//Elder/Beasley Arens//Elder/Beasley 12 - 12 - 2020
Input Controls
Input Controls
These controls are designed by an organization to ensure that the
information being processed is
Batch Input Controls
Batch Input Controls
Financial total
Hash total
©2010 Prentice Hall Business Publishing,
©2010 Prentice Hall Business Publishing, Auditing 13/e,Auditing 13/e, Arens//Elder/Beasley Arens//Elder/Beasley 12 - 12 - 2222
Processing Controls
Processing Controls
Validation test
Sequence test
Arithmetic accuracy test
Data reasonableness test
Output Controls
Output Controls
These controls focus on detecting errors after processing is completed rather
©2010 Prentice Hall Business Publishing,
©2010 Prentice Hall Business Publishing, Auditing 13/e,Auditing 13/e, Arens//Elder/Beasley Arens//Elder/Beasley 12 - 12 - 2424
Learning Objective 4
Learning Objective 4
Describe how general controls
Describe how general controls
affect the auditor’s testing
affect the auditor’s testing
of application controls.
Impact of Information Technology on
Impact of Information Technology on
the Audit Process
the Audit Process
Effects of general controls on control risk
Effects of IT controls on control risk and
substantive tests
Auditing in less complex IT environments
©2010 Prentice Hall Business Publishing,
©2010 Prentice Hall Business Publishing, Auditing 13/e,Auditing 13/e, Arens//Elder/Beasley Arens//Elder/Beasley 12 - 12 - 2626
Learning Objective 5
Learning Objective 5
Use test data, parallel simulation,
Use test data, parallel simulation,
and embedded audit module
and embedded audit module
approaches when auditing
approaches when auditing
through the computer.
Test Data Approach
Test Data Approach
1. Test data should include all relevant
conditions that the auditor wants tested.
2. Application programs tested by the
auditors’ test data must be the same as those the client used throughout the year.
©2010 Prentice Hall Business Publishing,
©2010 Prentice Hall Business Publishing, Auditing 13/e,Auditing 13/e, Arens//Elder/Beasley Arens//Elder/Beasley 12 - 12 - 2828
Test Data Approach
Test Data Approach
Application programs Application programs (assume batch system) (assume batch system)
Control test
transactions to test transactions to test
Test Data Approach
Test Data Approach
Auditor-predicted results Auditor-predicted results
of key control procedures of key control procedures
based on an understanding based on an understanding
of internal control of internal control Control test actual outcome and actual outcome and
©2010 Prentice Hall Business Publishing,
©2010 Prentice Hall Business Publishing, Auditing 13/e,Auditing 13/e, Arens//Elder/Beasley Arens//Elder/Beasley 12 - 12 - 3030
Parallel Simulation
Parallel Simulation
Parallel Simulation
Parallel Simulation
Auditor makes comparisons between Auditor makes comparisons between client’s application system output and client’s application system output and the auditor-prepared program output the auditor-prepared program output
©2010 Prentice Hall Business Publishing,
©2010 Prentice Hall Business Publishing, Auditing 13/e,Auditing 13/e, Arens//Elder/Beasley Arens//Elder/Beasley 12 - 12 - 3232
Embedded Audit Module
Embedded Audit Module
Approach
Approach
Learning Objective 6
Learning Objective 6
Identify issues for e-commerce
Identify issues for e-commerce
systems and other specialized
systems and other specialized
IT environments.
©2010 Prentice Hall Business Publishing,
©2010 Prentice Hall Business Publishing, Auditing 13/e,Auditing 13/e, Arens//Elder/Beasley Arens//Elder/Beasley 12 - 12 - 3434
Issues for Different IT
Issues for Different IT
Environments
Environments
Issues for network environments
Issues for database management systems
Issues for e-commerce systems