IS 630 : Accounting Information Systems - PowerPoint PPT Presentation

1 / 17
About This Presentation
Title:

IS 630 : Accounting Information Systems

Description:

... and four-step approach ... Inherent Chance of risk in the absence of controls Control Risk a misstatement will not ... Lecture 10 * Risk-Based ... – PowerPoint PPT presentation

Number of Views:118
Avg rating:3.0/5.0
Slides: 18
Provided by: dn56
Category:

less

Transcript and Presenter's Notes

Title: IS 630 : Accounting Information Systems


1
Auditing Computer-based Information Systems
  • IS 630 Accounting Information Systems
  • http//www.csun.edu/dn58412

Lecture 10
2
Learning Objectives
  • Scope and objectives of audit work, and major
    steps in the audit process.
  • Objectives of an information system audit, and
    four-step approach necessary for meeting these
    objectives.
  • Design a plan for the study and evaluation of
    internal control in an AIS.
  • Describe computer audit software, and explain how
    it is used in the audit of an AIS
  • Describe the nature and scope of an operational
    audit.

3
Auditing
  • The systematic process of obtaining and
    evaluating evidence regarding assertions about
    economic actions and events in order to determine
    how well they correspond with established criteria

4
Types of Audits
  • Financial
  • Examines the reliability and integrity of
  • Financial transactions, accounting records, and
    financial statements.
  • Information System
  • Reviews the controls of an AIS to assess
    compliance with
  • Internal control policies and procedures and
    effectiveness in safeguarding assets
  • Operational
  • Economical and efficient use of resources and the
    accomplishment of established goals and
    objectives
  • Compliance
  • Determines whether entities are complying with
  • Applicable laws, regulations, policies, and
    procedures
  • Investigative
  • Incidents of possible fraud, misappropriation of
    assets, waste and abuse, or improper governmental
    activities.

5
The Audit Process
  • Planning
  • Collecting Evidence
  • Evaluating Evidence
  • Communicating Audit Results

6
Planning the Audit
  • Why, when, how, whom
  • Work targeted to area with greatest risk
  • Inherent
  • Chance of risk in the absence of controls
  • Control
  • Risk a misstatement will not be caught by the
    internal control system
  • Detection
  • Chance a misstatement will not be caught by
    auditors or their procedures

7
Collection Of Audit Evidence
  • Not everything can be examined so samples are
    collected
  • Observation activities to be audited
  • Review of documentation
  • Gain understanding of process or control
  • Discussions
  • Questionnaires
  • Physical examination
  • Confirmations
  • Testing balances with external 3rd parties
  • Re-performance
  • Recalculations to test values
  • Vouching
  • Examination of supporting documents
  • Analytical review
  • Examining relationships and trends

8
Evaluation of Audit Evidence
  • Does evidence support favorable or unfavorable
    conclusion?
  • Materiality
  • How significant is the impact of the evidence?
  • Reasonable Assurance
  • Some risk remains that the audit conclusion is
    incorrect.

9
Communication of Audit Conclusion
  • Written report summarizing audit findings and
    recommendations
  • To management
  • The audit committee
  • The board of directors
  • Other appropriate parties

10
Risk-Based Audit
  • Determine the threats (fraud and errors) facing
    the company.
  • Accidental or intentional abuse and damage to
    which the system is exposed
  • Identify the control procedures that prevent,
    detect, or correct the threats.
  • These are all the controls that management has
    put into place and that auditors should review
    and test, to minimize the threats
  • Evaluate control procedures.
  • A systems review
  • Are control procedures in place
  • Tests of controls
  • Are existing controls working
  • Evaluate control weaknesses to determine their
    effect on the nature, timing, or extent of
    auditing procedures.

11
Information Systems Audit
  • Purpose
  • To review and evaluate the internal controls that
    protect the system
  • Objectives
  • Overall information security
  • Program development and acquisition
  • Program modification
  • Computer processing
  • Source files
  • Data files

12
1. Information System Threats
  • Accidental or intentional damage to system assets
  • Unauthorized access, disclosure, or modification
    of data and programs
  • Theft
  • Interruption of crucial business activities

13
2. Program Development and Acquisition
  • Inadvertent programming errors due to
    misunderstanding system specifications or
    careless programming
  • Unauthorized instructions deliberately inserted
    into the programs
  • Controls
  • Management and user authorization and approval,
    thorough testing, and proper documentation

14
3. Program Modification
  • Source Code Comparison
  • Compares current program against source code for
    any discrepancies
  • Reprocessing
  • Use of source code to re-run program and compare
    for discrepancies
  • Parallel Simulation
  • Auditor-created program is run and used to
    compare against source code

15
4. Computer Processing
  • System fails to detect
  • Erroneous input
  • Improper correction of input errors
  • Process erroneous input
  • Improperly distribute or disclose output
  • Concurrent audit techniques
  • Continuous system monitoring while live data are
    processed during regular operating hours
  • Using embedded audit modules
  • Program code segments that perform audit
    functions, report test results, and store the
    evidence collected for auditor review

16
Types of Concurrent Audits
  • Integrated Test Facility
  • Uses fictitious inputs
  • Snapshot Technique
  • Master files before and after update are stored
    for specially marked transactions
  • System Control Audit Review File (SCARF)
  • Continuous monitoring and storing of transactions
    that meet pre-specifications
  • Audit Hooks
  • Notify auditors of questionable transactions
  • Continuous and Intermittent Simulation
  • Similar to SCARF for DBMS

17
5. Source Data 6. Data Files
  • Accuracy
  • Integrity
  • Security of data
Write a Comment
User Comments (0)
About PowerShow.com