Accounting Information Systems:

Essential Concepts and Applications

Fourth Edition by Wilkinson, Cerullo, Raval,

and Wong-On-Wing

Chapter 10: Auditing of

Information Systems

Slides Authored by Somnath

Florida Atlantic University

Bhattacharya, Ph.D.

Nature of Audits
Audits are examinations performed
to assess and evaluate an activity or
object, such as whether the internal
controls implemented into the AIS
are working as prescribed by
management

Types of Audits
Operational Audits
Compliance Audits
Project Management and Change
Control Audits
Internal Control Audits
Financial Audits
Fraud Audits
Figure 10-1

Types of Auditors

Internal Auditors
External Auditors
Government Auditors
Fraud Auditors

Basic Auditing
Considerations
Ethics and Auditing Standards
Need for Ethics
Content of Standards
Effect of Automation on Standards

Impact of Computerization on Audit

Procedures
Transaction Cycle Approach to
Auditing

The Auditing Process

The 5 phases of a financial audit are:
Planning the Audit
Analytical Procedures

Preliminary Review & Assessment of the

Internal Control Structure
Completion of the Review
Detailed Evaluation and Testing of Controls

Analytical and Substantive Review

Audit Reporting

Preliminary Assessment of the

Internal Control Structure
Review, Document, and Assess the ICS
Assess and Set the level of Control Risk
Control Risk is the risk that material misstatements
in assertions, leading to significant errors in the
financial statements, will fail to be prevented or
detected by the internal control structure
The level of Control Risk may be expressed
numerically or subjectively
An Assertion is an expressed account balance,
transaction classification, or disclosure in the
financial statements being examined

Cost Effectiveness of Testing Controls

Testing of Controls
Perform Tests of Controls
Evaluate the Findings of the Tests of Controls
Final Assessment of Control Risk for each
transaction cycle
Determine level of Planned Detection Risk
The Planned Detection Risk is the risk that a
material misstatement in the financial
statements or in individual account balances will
fail to be uncovered by substantive testing
procedures
Determine the nature, timing, and extent of
substantive testing procedures

Develop Final Audit Program

Substantive Testing
Choose and Perform Substantive
Tests
Perform Final Analytical Procedures
Test Account Balances
Test Details of Transaction Classes

Evaluate Substantive Tests

Document the
Conclusions
Writing the Audit Report

Unqualified Opinion: Financial Statements present

fairly, in all material respects, the financial status,
results of operations, and cash flow of the firm being
audited
Qualified Opinion: Issued when a significant condition,
such as a departure from GAAP, prevents the issuance
of an unqualified opinion
Adverse Opinion: Given when the auditor concludes
that the overall financial statements are so materially
misleading that they cannot be relied upon
A Disclaimer of Opinion: The Auditor refuses to express
an opinion on the overall financial statements due to
major restrictions placed on the scope of the audit or
the failure to collect sufficient evidence

Letter of Reportable Conditions

Auditing Around the

Computer - I
Computer is a black-box.
Assumption: If the auditor can show that the
actual outputs are the correct results to be
expected from a set of inputs to the processing
system, then the computer processing must be
functioning in a reliable manner
Involves tracing selected transactions from
source documents to summary accounts and
records, and vice-versa
A Non-Processing of Data Method

Auditing Around the

Computer - II
Suitable only under the following 3 conditions:
The audit trail is complete and visible
The processing operations are relatively
straightforward, uncomplicated, and low volume
Complete documentation, such as DFDs and
Systems Flowcharts, are available to the auditor

Best suited for independent periodic

processing applications:
cash disbursements
payroll processing

Auditing Around the

Computer - III
Limitations is that it does not allow
the auditor to determine exactly how
the computer processing programs
handle edit checks and programmed
checks

Auditing Around the

Computer: An Illustration
Exception Report

Master File
Regular Processing
Run

Normal
Processing

Documents, Listings,
Registers, Reports

Regular
Transactions
Auditor
Comparison

Audit Test

Selected
Transactions

Predetermined
Results
Figure 10-4a

Auditing Through the

Computer
Should be applied to all complex automated
processing systems
Periodic direct and real-time processing applications
where the audit trail is impaired

Methods include:

Test Data
Integrated Test Facility
Embedded Audit Module Techniques
Program Code Checking
Parallel Processing
Parallel Simulation
Controlled Processing

All auditing-through-the-computer
techniques provide evidence concerning
the level of control risk.

Auditing Through the

Computer: An Illustration
Exception
Report
Master File

Regular
Processing Run

Regular
Transactions

Documents,
Listings, Registers,
Reports

Normal Processing

Exception
Report
Master File

Regular
Processing Run

Summary Results
from Tests

Audit
Comparison

Audit Test
Transactions
Predetermined
Results

Audit Test

Figure 10-4 b

Auditing with the

Computer - I
Microcomputer Audit Assist Software
The Generalized Audit Software (GAS)
Package
The Template

Prepare trial balances

Maintain recurring journal entries
Evaluate sample results
Schedule and manage auditor time in field audits
Perform reasonableness tests of expenses
Estimate expenses

Auditing with the

Computer - II
Audit Software: A collection of program
routines, each serving a mechanistic audit
function
GAS (e.g., ACL)

Attribute Sampling
Histogram Generation
Record Aging
File Comparison
Duplicate Checking
File Printing

Typical Audit Functions

Available in a GAS package

Extracting Data from Files

Calculating with Data
Summarizing Data
Analyzing Data
Reorganizing Data
Selecting Sample Data for Testing
Gathering Statistical Data
Printing Confirmation Requests, Analyses,
and other outputs

Applications of a GAS
Package
Master File

Master File

Transaction
File

Control and
Specification
File

Computer runs involving such audit

functions as
Extracting data from files
Calculating with data
Performing comparisons with data
Summarizing data
Analyzing data
Reorganizing data
Selecting sample data for testing
Gathering statistical data

Requests for
confirmation listings,
Sample data items,
Reports, Analyses,
Control Totals

Printing confirmation requests, analyses,

and other outputs

Exception
Report
GAS Package
Figure 10-5

Advantages of GAS
Packages
Allow auditors to access computer-readable records for
a wide variety of applications and organizations
Enable auditors to examine much more data than could
be examined through manual means
Rapidly and accurately perform a variety of routine
audit functions, including the statistical selection of
samples
Reduce dependence on non-auditing personnel for
performing routine functions like summarizing data,
thereby enabling auditors to maintain better control
over the audit
Require only minimal computer knowledge on the part
of the auditor

Disadvantages of GAS
Packages
They do not directly examine the
applications program and
programmed checks.
They cannot replace auditthrough-the-computer
techniques

Situations Triggering DP
Operational Audits
An apparently excessive cost for computer services
A major shift in corporate plans
A proposal for a major hardware or software
upgrade or acquisition
An inability to attract and retain computer DP
executives
A new DP executives need for an intensive
assessment
An inordinate amount of personnel turnover within
the DP department
A proposal to consolidate or distribute DP resources
A major system that appears unresponsive to needs
or is difficult to enhance or maintain
An excessive or increasing number of user
complaints

Accounting Information Systems:

Essential Concepts and Applications
Fourth Edition by Wilkinson, Cerullo,
Raval, and Wong-On-Wing

Copyright 2000 John Wiley & Sons, Inc. All rights reserved.
Reproduction or translation of this work beyond that permitted in
Section 117 of the 1976 United States Copyright Act without the express
written permission of the copyright owner is unlawful. Request for
further information should be addressed to the Permissions Department,
John Wiley & Sons, Inc. The purchaser may make back-up copies for
his/her own use only and not for distribution or resale. The publisher
assumes no responsibility for errors, omissions, or damages, caused by
the use of these programs or from the use of the information contained
herein.