Chapter 6
-
Upload
nur-dalila-zamri -
Category
Education
-
view
38 -
download
0
description
Transcript of Chapter 6
CHAPTER 6AUDITING IN COMPUTERISED INFORMATION SYSTEM ENVIRONMENT
NOR AMALIA BINTI AHAD
10DAT11F2027
NORMASTURA BINTI AHMAD
10DAT11F2039
SITI NABILAH BINTI ABDULLAH
10DAT11F2042
NUR SYUHADA BINTI RUSLAN
10DAT11F2048
6.1.1 Describe The Changing Information Of Technology and Implication For Auditing People are constantly looking for online activities and expect
faster delivery. In accounting as well as auditing, IT plays a
vital role in producing reliable and timely financial statements
and reports.
Most companies use IT to improve company internal control
system through the addition of new control procedure through
computer and replacing the manual control due to the
likelihood of possible human error.
Electronic Data Processing (EDP)
Planning
Recording
Managing
Reporting business transaction
Electronic Data Processing (EDP)
Source Document : Invoice Revenue Receipt Payment Voucher Cheque
Electronic Data Processing (EDP)
The basic financial reporting : Statement of financial position (balance
sheet) Profit and Loss account Statement of cash flows Statement of changes in equity
Advantages and Disadvantages of Using IT Systems
Advantages Disadvantages
• Easier to have instant data processing compared to manual data processing.
• The use of electronic data processing has resulted in decreased vacancies for job searchers like accountant
• More accurate and effective time of transactions.
• High cost for companies as effective electronic data processing software tends to be expensive.
• Increase performances especially in manufacturing industries and related industries due to improved the inventory automated systems.
• Additional cost for support and backup systems in the event of power failure.
Implication
From manual control to electronic environment : Traditional paperwork in which the auditor can see and
feel the printed marks evidencing transaction are carried
out online and most cases in ‘real time’. Generally looks for the authorizing signatures on the
papers evidencing the transactions and Electronic. It processing environment such authority is evidenced by
the user of identification codes and passwords which are
all physically invisible.
The level of complexity can be classified into 2 level that is low and high.
6.1.2 Determine the level of complexity in computerized information system environment
1. EDP systems can be defined by their technical
complexity and the extent to which they are used in an
organization.
2. Technical complexity : Online-line processing
- An online system allows direct access
into the computer. Transactions can be put directly into the
system so that master files are updated at time the entry is
made.
Communication systems
- Communication channels can connect the computer
directly to users anywhere in the world. Distributed processing
- When the computing function is apportioned among
CPUs spread geographically and connected by a
communication system. Data Base Management
- As the volume and uses of computer-processed data
expand, data on different files are often redundant.
-The effect is inefficient use of file space and the need
to update files continually.
Control DescriptionsThe it control environment
• The IT government structure• How IT risk are identified, mitigated
and managed• The information system, strategic plan
and budget• The organizational structure and
segregation of duties
Day-to-day computer operations
• Acquisition, installations, configuration, integration and maintenance of the IT infrastructure
• Delivery of information service to user• Management of third-party provider
6.1.3 General Control CIS
Access to program and data • Security of passwords• Internet firewalls and remote access
controls• Data encryption and cryptographic
keys
Program development and program changes
• Acquisition and implementation of new applications
• System development and quality assurance methodology
Monitoring of IT operations • Policies and procedures regarding the information system and reporting that ensure that user comply with IT general control.
Application Control On CIS
1. Application control is controls within a computer application to ensure- completeness, accuracy of input, processing and validity of the resulting accounting entries.
2. The main aim is to ensure Validity, completeness and accuracy of accounting data.
3. Application controls classified into:
a) Input controls
b) Processing controls
c) Output controls
a) Input controlsThe main aim of input controls is to reduce errors in the data
entered in the system for processing. Input controls include checking and ensuring that :
- Input data are authorized by the appropriate official.
- Data represent valid record of actual transaction
- Correctly classified for the purpose of accounting. Example : - Sequence checks
- Batch control
b) Processing controls There are divided into mechanical and programmed controls. Programmed control are done during the system
development to ensure that only data related to a particular
transaction is processed and not otherwise.
c) Output Controls Controls relating to input and processing itself with the final
objective. Relates precisely to the original input. Represents the outcome of a valid and tested program of
instructions.
6.1.4 The Plan An Audit Strategic
1) Ensure that these is adequate compliance and substantive procedures and transmitted date are correct and completed.
2) Apply professional scepticism by cross verification of record, reconciliation between primary and subsidiary ledger, questioning and critical assessment of audit evidence.
3) The audit which may be affected by the client CIS environment.
An application may be considered to be complex when:
a) The volume of transactions is such that users would find it difficult to identify and correct error processing.
b) The computer automatically generate material transactions or entries directly to another application.
c) The computer perform complicated computations of financial information and automatically generates material transaction.
6.2 .1 The Concept Of Computer Assisted Audit Techniques (CAAT)
CAAT’s are computer programs and data that the auditor uses as part of the audit procedures to process data of audit significance contained in a client computer information system (CIS).
Auditor's use of a computer-assisted audit technique is something special- normally the techniques used by an auditor are not computer assisted.
The term CAAT refers to the use of certain software that can be used by the auditor to perform audits and to achieve the goals of auditing.
CAATs offer much needed help a the audit technology tools facilitate more granular analysis of data and help to determine the accuracy of the information.
6.2.2 Types Of CAATsI. Generalized Audit Software (GAS)Comprises computer programs used for audit purposes to
process data audit significance from the client accounting system.
It is used by the auditor to examine the entity computer files and may be used during both test of control and substantive testing of transactions and balances.
II. Test Data Test data is data submitted by the auditor for processing
by the clients computer based accounting system. The review of an application system will provide
information about internal controls built in the system.
III. Utility Software Utility software is the subset of software, such as database
management systems report generators, that provides evidence to the auditors about system control effectiveness.
IV. The audit-expert system The audit expert system will give direction and valuable
information to all levels of auditors while carrying out the audit because the-based system knowledge-base of the senior auditors and managers.
The Advantages Of CAAT
Independently access the data stored on a computer system without dependence on the client
Test the reliability of client software, for example the IT application controls
Increase the accuracy of audit testsPerform audit tests more efficiently, which in the long-term
will result in a more cost effective audit.
6.2.3 Method Audit Computerized Information System (CIS)
1) Auditing around the computer This approach, the auditor is not using computer control to
reduce assessed control risk. Instead, the auditor uses manual controls to support reduced
control risk assessment. Often, smaller companies lack dedicated IT personnel, or they
rely on periodic involvement of IT consultants to assist in installing and maintaining hardware and software.
Auditing around the computer is effective because these system often produce sufficient audit trails to permit auditor to compare source documents.
2) Auditing through the computer
as organisations expand their use of IT, internal controls are often embedded in applications that are visible only in electronic form.
Example Of Auditing Around And Through The Computer
Internal Control Auditing Around the Computer Approach
Auditing Through the Computer Approach
1. Credit is approved for sales on account
Select a sample of sales transaction from the journal and obtain the related customer sales order
Obtain a copy of the client sales applications program and related credit limit master file
2. Payroll is processed only
Select a sample of payroll disbursements from the payroll journal
Create a test data file of valid and invalid employee ID number