©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 5 - 5 The Impact of Information Technology on the Audit Process Chapter 12
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 5 - 5
The Impact of Information Technology on the Audit
Process
Chapter 12
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 2
Learning Objective 1
Describe how IT improves internal control.
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 3
How Information Technologies Enhance Internal Control
Computer controls replace manual
controls
Higher-quality information is
available
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 4
Learning Objective 2
Identify risks that arise from using an IT-based accounting system.
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 5
Assessing Risks of Information Technologies
Risks to hardware and data
Reduced audit trail
Need for IT experience and separation of IT duties
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 6
Risks to Hardware and Data
Reliance on hardware and
software
Systematic vs.
random errors
Unauthorized access
Data loss
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 7
Reduced Audit Trail
Visibility of audit trail
Reduced human
involvement
Lack of traditional
authorization
Detection risk
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 8
Need for IT Experience and Separation of Duties
Reduced separation of duties
Need for IT experience
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 9
Learning Objective 3
Explain how general controls and application controls reduce IT risks.
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 10
Internal Controls Specific to Information Technology
General controls
Application controls
Information technology controls
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 11
Relationship Between General and Application Controls
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 12
Categories of General and Application Controls
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 13
Administration of the IT Function
The perceived importance of IT within an organization is often dictated by the attitude of the board of directors and senior management.
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 14
Segregation of IT Duties
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 15
Systems Development
Typical test strategies
Pilot testing Parallel testing
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 16
Physical and Online Security
Physical Controls: Keypad entrances Badge-entry systems Security cameras Security personnel
Online Controls: User ID control Password control Separate add-on security software
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 17
Backup and Contingency Planning
Offsite storage of critical files is a key element to a backup and contingency plan
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 18
Hardware Controls
These controls are built into computer equipment by the manufacturer to detect and report equipment failures.
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 19
Application Controls
Input controls
Processing controls
Output controls
Application controls are designed for each software application
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 20
Input Controls
These controls are designed by an organization to ensure that the information being processed is authorized, accurate, and complete.
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 21
Batch Input Controls
Financial total
Hash total
Record count
Total for all records in a batch
Total of codes from all batch
records
Total of records in a batch
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 22
Processing Controls
Validation test
Sequence test
Arithmetic accuracy test
Data reasonableness test
Completeness test
Correct file, database, or program?
Correct processing order?
Accuracy of processed data?
Data exceeds preset amounts?
Completeness of record fields?
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 23
Output Controls
These controls focus on detecting errors after processing is completed rather than on preventing errors.
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 24
Learning Objective 4
Describe how general controls affect the auditor’s testing of application controls.
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 25
Impact of Information Technology on the Audit Process
Effects of general controls on system-wide applications
Effects of general controls on software changes
Obtaining an understanding of client general controls
Relating IT controls to transaction-related audit objectives
Effect of IT controls on substantive testing
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 26
Auditing in IT Environments with Varied Complexity
MORE
Audit around the computer
Audit though the computer
Parallel simulation
Test data
LESS
Smaller companies
IT controls < effective
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 27
Auditing Around and Through the Computer
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 28
Learning Objective 5
Use test data, parallel simulation, and embedded audit module approaches when auditing through the computer.
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 29
Test Data Approach
1. Test data should include all relevant conditions that the auditor wants tested.
2. Application programs tested by the auditors’ test data must be the same as those the client used throughout the year.
3. Test data must be eliminated from the client’s records.
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 30
Test Data Approach
Application programs (assume batch system)
Control test results
Master files
Contaminated master files
Transaction files (contaminated?)
Input test transactions to test
key control procedures
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 31
Test Data Approach
Auditor-predicted results of key control procedures
based on an understanding of internal control
Control test results
Auditor makes comparisons
Differences between actual outcome and
predicted result
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 32
Parallel Simulation
The auditor uses auditor-controlled software to perform parallel operations to the client’s software by using the same data files.
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 33
Parallel Simulation
Auditor makes comparisons between client’s application system output and the auditor-prepared program output
Exception report noting differences
Production transactions
Auditor-prepared program
Auditor results
Master file
Client application system programs
Client results
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 34
Embedded Audit Module Approach
Auditor inserts an audit module in the client’s application system to identify specific types of transactions.
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 35
Embedded Audit Module Approach
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 36
Learning Objective 6
Identify issues for e-commerce systems and other specialized IT environments.
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 12 - 37
Issues for Different IT Environments
Network Environments
Database Management
Systems
e-Commerce systems
Outsourced IT
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 5 - 5
End of Chapter 12