©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 5 - 5The Impact of Information Technology on the Audit Process Chapter 12 http://www.authorstream.com/shen gv
Trang 1©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 5 - 5
The Impact of Information Technology on the Audit
Process
Chapter 12
http://www.authorstream.com/shen
gvn/
Trang 2Learning Objective 1
Describe how IT improves internal control.
Trang 3©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 3
How Information Technologies
Enhance Internal Control
Computer controls
replace manual
controls
Higher-quality information is
available
Trang 4Learning Objective 2
Identify risks that arise from using an
IT-based accounting system.
Trang 5©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 5
Assessing Risks of Information Technologies
Risks to hardware and data
Reduced audit trail
Need for IT experience andseparation of IT duties
Trang 6Risks to Hardware and Data
Reliance on hardware and
Trang 7©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 7
Reduced Audit Trail
Visibility of audit trail
Reduced human involvement
Lack of traditional authorization
Detection risk
Trang 8Need for IT Experience and
Separation of Duties
Reduced separation of duties
Need for IT experience
Trang 9©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 9
Learning Objective 3
Explain how general controls and application controls reduce IT risks.
Trang 10Internal Controls Specific to
Information Technology
General controls
Application controlsInformation technology controls
Trang 11©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 11
Relationship Between General
and Application Controls
Trang 12Categories of General and
Application Controls
Trang 13©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 13
Administration of the IT
Function
The perceived importance of IT within an
organization is often dictated by the attitude of
the board of directors and senior management
Trang 14Segregation of IT Duties
Trang 15©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 15
Systems Development
Typical teststrategies
Pilot testing Parallel testing
Trang 16Physical and Online Security
Trang 17©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 17
Backup and Contingency
Planning
Offsite storage of critical files is a key element to a backup and contingency plan
Trang 19©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 19
Application Controls
Input controls
Processing controls
Output controlsApplication controls are designed for each
software application
Trang 21©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 21
Batch Input Controls
recordsTotal of records
in a batch
Trang 22Correct processing order?
Accuracy of processed data?
Data exceeds preset amounts?
Trang 23©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 23
Trang 24Learning Objective 4
Describe how general controls affect the
auditor’s testing of application controls.
Trang 25©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 25
Impact of Information Technology on
the Audit Process
Effects of general controls on system-wide applications
Effects of general controls on software changes
Obtaining an understanding of client general controls
Relating IT controls to transaction-related audit objectives
Effect of IT controls on substantive testing
Trang 26Auditing in IT Environments
with Varied Complexity
MORE
Audit around the computer
Audit though the computer
LESS
Smaller companies IT controls < effective
Trang 27©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 27
Auditing Around and Through
the Computer
Trang 28Learning Objective 5
Use test data, parallel simulation, and
embedded audit module approaches when auditing through the computer.
Trang 29©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 29
Test Data Approach
1 Test data should include all relevantconditions that the auditor wants tested
2 Application programs tested by theauditors’ test data must be the same asthose the client used throughout the year
3 Test data must be eliminated from theclient’s records
Trang 30Test Data Approach
Application programs (assume batch system)
Control test
Input test transactions to test
key control procedures
Trang 31©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 31
Test Data Approach
Auditor makes comparisons
Differences between
actual outcome and
predicted result
Trang 32Parallel Simulation
The auditor uses auditor-controlled software
to perform parallel operations to the client’ssoftware by using the same data files
Trang 33©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 33
Parallel Simulation
Auditor makes comparisons between
client’s application system output and
the auditor-prepared program output
Exception report noting differences
Production transactions
Auditor-prepared
program
Auditor results
Master file
Client application system programs
Client results
Trang 34Embedded Audit Module
Approach
Auditor inserts an audit module in theclient’s application system to identifyspecific types of transactions
Trang 35©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 35
Embedded Audit Module
Approach
Trang 36Learning Objective 6
Identify issues for e-commerce systems and other specialized IT environments.
Trang 37©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 37
Issues for Different IT
Environments
Network Environments
Database Management Systems
e-Commerce systemsOutsourced
IT
Trang 38End of Chapter 12