Professional Documents
Culture Documents
Chapter 7
7-1
LEARNING OBJECTIVES
Explain the impact of IT in enhancing internal control and related risk that arises Describe the types of control in an IT environments Discuss the impact of IT on audit process Use the test data, parallel simulation, and embedded audit module approaches when auditing through the computer Identify issues for e-commerce systems and other specialized IT environments
7-2
Learning Objective 1 Identify the impact of IT in enhancing internal control and related risk that arises
7-3
7-4
Loss of data
7-5
7-7
Learning Objective 2 Explain how general controls and application controls reduce IT risks.
7-8
7-9
General Controls
Administration of the IT function
Physical and online security Backup and contingency planning Hardware controls
7 - 10
Application Controls
Input controls
Processing controls Output controls
7 - 11
GENERAL CONTROL
Relate to all aspects of the IT function Designed to protect all application controls to ensure its effectiveness Have an overriding effect on all IT functions Auditor evaluate general control early in the audit because of its impact on application control
7 - 13
7 - 14
Segregation of IT Duties
Chief Information Officer or IT Manager
Security Administrator
Systems Development
Operations
Data Control
7 - 15
Systems Development
Pilot testing
Typical test strategies Parallel testing
7 - 16
7 - 18
Hardware Controls
These controls are built into computer equipment by the manufacturer to detect and report equipment failures.
7 - 19
APPLICATION CONTROL
Designed to satisfy transaction-related audit objectives. May be done by:
Client personnel manual controls - depends on competence of the personnel & due care exercised Computer automated controls - if properly designed, lead to consistent operation of the controls
7 - 20
Input Controls
These controls are designed by an organization to ensure that the information being processed is authorized, accurate, and complete.
7 - 21
Input Controls
Manual control:
Managements authorization of transaction Adequate preparation of input source docs Competent personnel
IT controls:
Prompts for transaction information Computer-performed validation tests Immediate error correction procedures Accumulation of errors in error file for follow-up.
7 - 22
Processing Controls
Prevent, detect and correct processing errors when transaction are processed. Often imbedded into software.
7 - 23
Processing Controls
Validation test ensures the use of correct master file, database, prog Sequence test determines data for processing are in correct order
7 - 24
Output Controls
These controls focus on detecting errors after processing is completed rather than on preventing errors. E.g.:
Reconcile computer output to manual ctrl total Compare no. of units processed to submitted Compare sample to input source docs. Verify dates and times
7 - 25
Learning Objective 3 Describe how general controls affect the auditors testing of application controls.
7 - 26
Learning Objective 4 Use the test data, parallel simulation, and embedded audit module approaches when auditing through the computer.
7 - 28
1 2 3
Master Files
Auditor Makes Comparisons Differences Between Actual Outcome and Predicted Result
7 - 31
Parallel Simulation
The auditor uses auditor-controlled software to perform parallel operations to the clients software by using the same data files.
7 - 32
Parallel Simulation
Production Transactions Auditor Makes Comparisons Between Clients Application System Output and Understanding of the Client Systems Via the Parallel Simulation Master File
AuditorPrepared Program
Auditor Results
Client Results
7 - 33
Auditor inserts an audit module in the clients application system to capture transactions with characteristics that are of specific interest to the auditor.
7 - 34
Learning Objective 5 Identify issues for e-commerce systems and other specialized IT environments.
7 - 35
7 - 36