Addthis Arens Chapter12

(1)

The Impact of Information

Technology on the Audit

Process

(2)

Learning Objective 1

Describe how IT improves

internal control.

(3)

How Information Technologies

Enhance Internal Control

_{Computer controls replace manual controls}

(4)

Learning Objective 2

Identify risks that arise from using

an IT-based accounting system.

(5)

Assessing Risks of

Information Technologies

_{Risks to hardware and data}

_{Reduced audit trail}

_{Need for IT experience and}

(6)

Risks to Hardware and Data

_{Reliance on the functioning capabilities}

of hardware and software

_{Reliance on the functioning capabilities}

of hardware and software

_{Systematic versus random errors}

_{Unauthorized access} _{Unauthorized access}

(7)

Reduced Audit Trail

_{Visibility of audit trail}

_{Reduced human involvement}

(8)

Need for IT Experience and

Separation of Duties

_{Reduced separation of duties}

(9)

Learning Objective 3

Explain how general controls

and application controls

reduce IT risks.

(10)

Internal Controls Specific to

Information Technology

_{General controls}

(11)

Relationship Between General

and Application Controls

Cash receipts Risk of unauthorized change

to application software Risk of system crash

Risk of unauthorized

(12)

General Controls

_{Administration of the IT function}

_{Separation of IT duties}

_{Systems development}

_{Physical and online security}

_{Backup and contingency planning}

(13)

Administration of the IT Function

The perceived importance of IT within an

(14)

Segregation of IT Duties

Chief Information Officer or IT Manager

Systems

Development Operations ControlData

(15)

Systems Development

Typical test strategies

(16)

Physical and Online Security

Physical Controls:

 Keypad entrancesKeypad entrances

 Badge-entry systemsBadge-entry systems  Security camerasSecurity cameras

 Security personnelSecurity personnel

Online Controls:

 User ID controlUser ID control  Password controlPassword control  Separate add-onSeparate add-on

security software

(17)

Backup and Contingency

Planning

One key to a backup and contingency plan is to make sure that all critical copies of

(18)

Hardware Controls

These controls are built into computer equipment by the manufacturer to

(19)

Application Controls

_{Input controls}

_{Processing controls}

(20)

Input Controls

These controls are designed by an organization to ensure that the

information being processed is

(21)

Batch Input Controls

_{Financial total}

_{Hash total}

(22)

Processing Controls

_{Validation test}

_{Sequence test}

_{Arithmetic accuracy test}

_{Data reasonableness test}

(23)

Output Controls

These controls focus on detecting errors after processing is completed rather

(24)

Learning Objective 4

Describe how general controls

affect the auditor’s testing

of application controls.

(25)

Impact of Information Technology on

the Audit Process

_{Effects of general controls on control risk}

_{Effects of IT controls on control risk and}

substantive tests

_{Auditing in less complex IT environments}

(26)

Learning Objective 5

Use test data, parallel simulation,

and embedded audit module

approaches when auditing

through the computer.

(27)

Test Data Approach

1. Test data should include all relevant

conditions that the auditor wants tested.

2. Application programs tested by the

auditors’ test data must be the same as those the client used throughout the year.

(28)

Test Data Approach

Application programs Application programs (assume batch system) (assume batch system)

Control test

transactions to test transactions to test

(29)

Test Data Approach

Auditor-predicted results Auditor-predicted results

of key control procedures of key control procedures

based on an understanding based on an understanding

of internal control of internal control Control test actual outcome and actual outcome and

(30)

Parallel Simulation

(31)

Parallel Simulation

Auditor makes comparisons between Auditor makes comparisons between client’s application system output and client’s application system output and the auditor-prepared program output the auditor-prepared program output