Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
21 Cards in this Set
- Front
- Back
|
What is IT's effect on audit trail?
|
Reduces it!!!
*Visibility of audit trail-- reduces/eliminates source documents and records that allow the org to trace accounting info. *Reduced human involvement-- often difficult to recognize misstatements because underlying calculations are not visible and results are summarized. EXAMPLE (Sales and Collection Cycle) Customer/Sales order- NO EVIDENCE TRAIL Shipping doc- paper evidence! Sales invoice- client sends bill to cust, cust's system compares to see if right-- NO EVIDENCE Remittance advice- payment is often electronic transfer: no remittance advice. No prelisting cash receipts! |
|
|
Benefits of IT
|
*computer controls replace manual controls- (large amounts, cost effectively)
-computer controls reduce fraud -improves sep of duties *higher quality of info available -leads to better decisions made by management |
|
|
Risks of IT
|
*Risk to Hardware and Data
-reliance on functioning capabilities -systematic v. random errors -unauthorized access -loss of data REDUCED AUDIT TRAIL |
|
|
What is a general control
|
apply to ALL aspects of IT function,
|
|
|
General controls include...
|
*IT admin
chief info officer/IT mgr report to SR mgmt and board *sep of duties responsibilities for PROGRAMMING, OPERATING, and DATA CONTROL are sep *Systems Development -teams of users, systems analysts, programmers develop/test software -pilot testing: new system implemented in one part of org while other locations rely on old -parallel testing- old and new systems operate simultaneously in all locations *Hardware controls -memory failure or hard drive failures cause error message *Online and physical security -access to hardware restricted -encryption and firewalls *Backup planning -written and tested regularly MNEMONIC: ASS HOB |
|
|
If general controls are not adequate...
|
then APPLICATION controls won't be either
|
|
|
APPLICATION CONTROLS ARE...
|
controls related to a specific use of IT, such as the inputting, processing, and outputting of sales or cash receipts.
also, payroll application controls and, other cycle app controls |
|
|
What are the 3 categories of application controls?
|
Input, processing, output
|
|
|
Input controls specific to MANUAL systems
|
*managements authorization of transactions
*adequate prep of documents *competent personnel |
|
|
Input controls specific to IT systems
|
*Input screens w/ preformatted prompts
*Pull-down menu lists of software options *Computer performed validation tests of input accuracy *Online based input controls for e-commerce transactions *Immediate error correction procedures *Error file MNEMONIC: I PEIC O |
|
|
Input batch controls
|
Financial totals-summary total field amounts for all records in a btach that rep meaningful total such as dollars/amoutns
Hash total- Summary total of codes from all records in batch that do NOT rep meaningful total Record count- summary total of physical records in batch |
|
|
PROCESSING CONTROLS
|
Prevent, detect errors while transaction data is being processed
VALIDATION TEST: ensures use of correct master file, database, etc SEQUENCE TEST: data processing in correct order? ARITHMETIC ACCURACY DATA REASONABLENESS COMPLETENESS TEST MNEMONIC: SAC VD |
|
|
OUTPUT CONTROLS
|
Detects errors after processing
REVIEW of output reasonableness RECONCILIATION of output to input control totals CONTROL over distribution of output REVIEW of error listings MNEMONIC: Rock Rock Chalk Revue |
|
|
TEST OF CONTROLS, general idea...
|
Test general controls first- if unreliable- NO application controls
If effective, increases reliability on application controls Deficiencies in gen controls NOT linked to specific transaction-related audit ojectives |
|
|
TOCs for Less complex IT env.
|
"auditing around the computer"
-not using automated controls to reduce CR, instead manual controls -use of microcomputers to do accoutning system functions |
|
|
TOCS for COMPLEX IT env
|
"auditing THROUGH the computer"
--Test data approach |
|
|
Test Data Approach (TOC)
|
Auditors embed own test data in client's system and apply program to determine whether automated controls correctly process this data.
*Auditor will include data that system should ACCEPT and REJECT 3 considerations: 1. test data should contain all conditions auditor wants tests 2. application programs tested by test data must be same as those client used throughout year 3. test data must be ELIMINATED from client's system/records |
|
|
STOTS
|
After identifying IT based application controls are used to reduce CR, can reduce STOTS (reduce sample sizes)
Examples: Parallel simulation (generalized audit software) Embedded modules |
|
|
Parallel simulation is:
(used for STOTs) |
-Auditor controlled software to do some operations as clients using same data files.
-determines effectiveness of automatic controls to obtain evidence about electronic account balances -compares output from clients system to output from auditors software *REQUIRES computer audit specialist |
|
|
Generalized Audit Software
|
Can be used to test:
-automated controls -verify client's account balances 3 advantages: 1. easy to train audit staff to use 2. can be applied to wide variety of clients 3. audit procedures much faster than manually done |
|
|
Embedded modules is:
|
Inserts audit module into client's application system to identify specific types of transactions
ex: embedded module to ID all purchases exceeding $25k. continuous audit Used to ID unusual transactions for STOTS |
