The Impact of Information Technology on the Audit Process Chapter 12 http://www.authorstream.com/shen gvn/ ©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 5-5 Learning Objective Describe how IT improves internal control ©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - How Information Technologies Enhance Internal Control Computer controls replace manual controls Higher-quality information is available ©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - Learning Objective Identify risks that arise from using an ITbased accounting system ©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - Assessing Risks of Information Technologies Risks to hardware and data Reduced audit trail Need for IT experience and separation of IT duties ©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - Risks to Hardware and Data Reliance on hardware and software Data loss ©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley Unauthorized access Systematic vs random errors 12 - Reduced Audit Trail Visibility of audit trail Lack of traditional authorization Detection risk Reduced human involvement ©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - Need for IT Experience and Separation of Duties Reduced separation of duties Need for IT experience ©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - Learning Objective Explain how general controls and application controls reduce IT risks ©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - Internal Controls Specific to Information Technology Information technology controls Application controls ©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley General controls 12 - 10 Learning Objective Describe how general controls affect the auditor’s testing of application controls ©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 24 Impact of Information Technology on the Audit Process Effects of general controls on system-wide applications Effects of general controls on software changes Obtaining an understanding of client general controls Relating IT controls to transaction-related audit objectives Effect of IT controls on substantive testing ©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 25 Auditing in IT Environments with Varied Complexity Audit around the computer LESS Smaller companies IT controls < effective Audit though the computer MORE Parallel simulation ©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley Test data 12 - 26 Auditing Around and Through the Computer ©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 27 Learning Objective Use test data, parallel simulation, and embedded audit module approaches when auditing through the computer ©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 28 Test Data Approach Test data should include all relevant conditions that the auditor wants tested Application programs tested by the auditors’ test data must be the same as those the client used throughout the year Test data must be eliminated from the client’s records ©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 29 Test Data Approach Input test transactions to test key control procedures Master files Contaminated master files Application programs (assume batch system) Transaction files (contaminated?) Control test results ©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 30 Test Data Approach Control test results Auditor makes comparisons Auditor-predicted results of key control procedures based on an understanding of internal control Differences between actual outcome and predicted result ©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 31 Parallel Simulation The auditor uses auditor-controlled software to perform parallel operations to the client’s software by using the same data files ©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 32 Parallel Simulation Production transactions Master file Auditor-prepared program Client application system programs Auditor results Client results Auditor makes comparisons between client’s application system output and the auditor-prepared program output ©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley Exception report noting differences 12 - 33 Embedded Audit Module Approach Auditor inserts an audit module in the client’s application system to identify specific types of transactions ©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 34 Embedded Audit Module Approach ©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 35 Learning Objective Identify issues for e-commerce systems and other specialized IT environments ©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 36 Issues for Different IT Environments Network Environments Outsourced IT ©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley Database Management Systems e-Commerce systems 12 - 37 End of Chapter 12 ©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 5-5 ... ©2 012 Prentice Hall Business Publishing, Auditing 14/e, Arens/ Elder/Beasley Test data 12 - 26 Auditing Around and Through the Computer ©2 012 Prentice Hall Business Publishing, Auditing 14/e, Arens/ Elder/Beasley... directors and senior management ©2 012 Prentice Hall Business Publishing, Auditing 14/e, Arens/ Elder/Beasley 12 - 13 Segregation of IT Duties ©2 012 Prentice Hall Business Publishing, Auditing 14/e, Arens/ Elder/Beasley... ©2 012 Prentice Hall Business Publishing, Auditing 14/e, Arens/ Elder/Beasley 12 - Risks to Hardware and Data Reliance on hardware and software Data loss ©2 012 Prentice Hall Business Publishing, Auditing