Accounting Information Systems:

Essential Concepts and Applications

Fourth Edition by Wilkinson, Cerullo, Raval,
and Wong-On-Wing

Chapter 10: Auditing of

Information Systems

Slides Authored by Somnath Bhattacharya, Ph.D.

Florida Atlantic University
Nature of Audits

Audits are examinations performed to

assess and evaluate an activity or object,
such as whether the internal controls
implemented into the AIS are working as
prescribed by management
 Types of Audits

Operational Audits
Compliance Audits
Project Management and Change Control
Audits
Internal Control Audits
Financial Audits
Fraud Audits

Figure 10-1
Types of Auditors

Internal Auditors
External Auditors
Government Auditors
Fraud Auditors
Basic Auditing
Considerations
Ethics and Auditing Standards
Need for Ethics
Content of Standards
Effect of Automation on Standards
Impact of Computerization on Audit
Procedures
Transaction Cycle Approach to Auditing
The Auditing Process

The 5 phases of a financial audit are:

Planning the Audit
Analytical Procedures
Preliminary Review & Assessment of the
Internal Control Structure
Completion of the Review
Detailed Evaluation and Testing of Controls
Analytical and Substantive Review
Audit Reporting
Preliminary Assessment of
the Internal Control Structure
Review, Document, and Assess the ICS
Assess and Set the level of Control Risk
Control Risk is the risk that material misstatements in
assertions, leading to significant errors in the financial
statements, will fail to be prevented or detected by the
internal control structure
The level of Control Risk may be expressed numerically or
subjectively
An Assertion is an expressed account balance, transaction
classification, or disclosure in the financial statements
being examined
Cost Effectiveness of Testing Controls
Testing of Controls
Perform Tests of Controls
Evaluate the Findings of the Tests of Controls
Final Assessment of Control Risk for each
transaction cycle
Determine level of Planned Detection Risk
The Planned Detection Risk is the risk that a
material misstatement in the financial statements
or in individual account balances will fail to be
uncovered by substantive testing procedures
Determine the nature, timing, and extent of
substantive testing procedures
Develop Final Audit Program
Substantive Testing

Choose and Perform Substantive Tests

Perform Final Analytical Procedures
Test Account Balances
Test Details of Transaction Classes
Evaluate Substantive Tests
Document the
Conclusions
Writing the Audit Report
Unqualified Opinion: Financial Statements present
fairly, in all material respects, the financial status,
results of operations, and cash flow of the firm being
audited
Qualified Opinion: Issued when a significant
condition, such as a departure from GAAP, prevents
the issuance of an unqualified opinion
Adverse Opinion: Given when the auditor concludes
that the overall financial statements are so materially
misleading that they cannot be relied upon
A Disclaimer of Opinion: The Auditor refuses to
express an opinion on the overall financial statements
due to major restrictions placed on the scope of the
audit or the failure to collect sufficient evidence
Letter of Reportable Conditions
Auditing Around the
Computer - I

Computer is a black-box.
Assumption: If the auditor can show that the
actual outputs are the correct results to be
expected from a set of inputs to the processing
system, then the computer processing must be
functioning in a reliable manner
Involves tracing selected transactions from
source documents to summary accounts and
records, and vice-versa
A Non-Processing of Data Method
Auditing Around the
Computer - II

Suitable only under the following 3 conditions:

The audit trail is complete and visible
The processing operations are relatively
straightforward, uncomplicated, and low volume
Complete documentation, such as DFDs and Systems
Flowcharts, are available to the auditor
Best suited for independent periodic processing
applications:
cash disbursements
payroll processing
Auditing Around the
Computer - III

Limitations is that it does not allow the

auditor to determine exactly how the
computer processing programs handle
edit checks and programmed checks
 Auditing Around the
Computer: An Illustration
Exception Report

Master File
Regular Processing
Normal Run Documents, Listings,
Processing Registers, Reports

Regular
Transactions

Auditor
Comparison

Selected
Transactions Predetermined
Audit Test Results

Figure 10-4a
Auditing Through the
Computer
Should be applied to all complex automated
processing systems
Periodic direct and real-time processing applications where
the audit trail is impaired
Methods include:
Test Data
Integrated Test Facility
Embedded Audit Module Techniques
Program Code Checking
Parallel Processing
Parallel Simulation
Controlled Processing
All auditing-through-the-computer techniques
provide evidence concerning the level of control
risk.
Auditing Through the
Computer: An Illustration
Exception
Report
Master File Regular Documents,
Processing Run Listings, Registers,
Normal Processing
Regular Reports
Transactions

Exception
Report
Master File
Regular Audit
Processing Run Summary Results
from Tests Comparison
Audit Test
Transactions
Predetermined
Audit Test
Results

Figure 10-4 b
Auditing with the
Computer - I

Microcomputer Audit Assist Software

The Generalized Audit Software (GAS)
Package
The Template
Prepare trial balances
Maintain recurring journal entries
Evaluate sample results
Schedule and manage auditor time in field audits
Perform reasonableness tests of expenses
Estimate expenses
Auditing with the
Computer - II

Audit Software: A collection of program

routines, each serving a mechanistic audit
function
GAS (e.g., ACL)
Attribute Sampling
Histogram Generation
Record Aging
File Comparison
Duplicate Checking
File Printing
Typical Audit Functions
Available in a GAS package

Extracting Data from Files

Calculating with Data
Summarizing Data
Analyzing Data
Reorganizing Data
Selecting Sample Data for Testing
Gathering Statistical Data
Printing Confirmation Requests, Analyses,
and other outputs
 Applications of a GAS
Package
Master File Computer runs involving such audit Requests for
functions as confirmation listings,
Extracting data from files Sample data items,
Calculating with data Reports, Analyses,
Performing comparisons with data Control Totals
Summarizing data
Master File
Analyzing data
Reorganizing data
Selecting sample data for testing
Gathering statistical data
Transaction Printing confirmation requests, analyses,
and other outputs
File

Exception
Report
Control and
Specification GAS
File Package
Figure 10-5
Advantages of GAS
Packages
Allow auditors to access computer-readable records
for a wide variety of applications and organizations
Enable auditors to examine much more data than
could be examined through manual means
Rapidly and accurately perform a variety of routine
audit functions, including the statistical selection of
samples
Reduce dependence on non-auditing personnel for
performing routine functions like summarizing data,
thereby enabling auditors to maintain better control
over the audit
Require only minimal computer knowledge on the
part of the auditor
Disadvantages of GAS
Packages
They do not directly examine the
applications program and programmed
checks.
They cannot replace audit-
through-the-computer
techniques
 Situations Triggering DP
Operational Audits
An apparently excessive cost for computer services
A major shift in corporate plans
A proposal for a major hardware or software upgrade
or acquisition
An inability to attract and retain computer DP
executives
A new DP executives need for an intensive
assessment
An inordinate amount of personnel turnover within
the DP department
A proposal to consolidate or distribute DP resources
A major system that appears unresponsive to needs
or is difficult to enhance or maintain
An excessive or increasing number of user complaints
 Accounting Information Systems:
Essential Concepts and Applications
Fourth Edition by Wilkinson, Cerullo,
Raval, and Wong-On-Wing

Copyright 2000 John Wiley & Sons, Inc. All rights reserved.
Reproduction or translation of this work beyond that permitted in
Section 117 of the 1976 United States Copyright Act without the express
written permission of the copyright owner is unlawful. Request for
further information should be addressed to the Permissions Department,
John Wiley & Sons, Inc. The purchaser may make back-up copies for
his/her own use only and not for distribution or resale. The publisher
assumes no responsibility for errors, omissions, or damages, caused by
the use of these programs or from the use of the information contained
herein.