Accounting information systems 12th SIMKIN and norman chapter 12
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (478.78 KB, 55 trang )
Chapter 12:
Information Technology Auditing
Introduction
The Audit Function
The Information Technology Auditor’s Toolkit
Auditing Computerized Accounting Information Systems
Information Technology Auditing Today
Chapter
12-1
Introduction
Audits of AISs
Ensure controls are functioning properly
Confirm additional controls not necessary
Nature of Auditing
Internal and external auditing
IT Audit and financial audit
Tools of an IT auditor
Chapter
12-2
The Audit Function
Internal versus External Auditing
Information Technology Auditing
Evaluating the Effectiveness of Information Systems Controls
Chapter
12-3
Internal Auditing
Responsibility of Performance
Company’s own employees
External of the department being audited
Evaluation of:
Employee compliance with policies and procedures
Effectiveness of operations
Compliance with external laws and regulations
Reliability of financial reports
Internal controls
Chapter
12-4
External Auditing
Responsibility of Performance
Those outside the organization
Accountants working for independent CPA
Audit Purpose
Performance of the attest function
Evaluate the accuracy and fairness of the financial statements relative to GAAP
Chapter
12-5
Information Technology
Auditing
Function
Evaluate computer’s role in achieving audit and control objectives
Assurance Provided
Data and information are reliable, confidential, secure, and available
Safeguarding assets, data integrity, and operational effectiveness
Chapter
12-6
The Components
of an IT Audit
Chapter
12-7
The IT Audit Process
Computer-Assisted Audit Techniques (CAAT)
Use of computer processes to perform audit functions
Performing substantive tests
Approaches
Auditing through the computer
Auditing with the computer
Chapter
12-8
The IT Audit Process
Chapter
12-9
Careers in IT Auditing
Background
Accounting
skills
Information systems or computer science skills
Certified Information System Auditor (CISA)
Successfully
complete examination
Experience requirements
Comply with Code of Professional Ethics
Continuing professional education
Comply with standards
Chapter
12-10
CISA Exam Components
Chapter
12-11
Careers in IT Auditing
Certified Information Security Manager (CISM)
Business
orientation
Understand risk management and security
CISM Knowledge
Information
security governance
Information security program management
Risk management
Information security management
Response management
Chapter
12-12
Evaluating the Effectiveness of
Information Systems Controls
Impact on Substantive Testing
Strong controls, less substantive testing
Weak controls, more substantive testing
Risk Assessment
Evaluate the risks associated with control weaknesses
Make recommendations to improve controls
Chapter
12-13
Risk Assessment
Risk-Based Audit Approach
Determine the threats
Identify the control procedures needed
Evaluate the current control procedures
Evaluate the weaknesses within the AIS
Benefits
Understanding of errors and irregularities
Sound basis for recommendations
Chapter
12-14
Information Systems
Risk Assessment
Method of evaluating desirability of IT controls
Types of Risks
Errors and accidents
Loss of company secrets
Unauthorized manipulation of company files
Interrupted computer access
Penetration Testing
Chapter
12-15
Study Break #1
An IT auditor:
A.Must be an external auditor
B.Must be an internal auditor
C.Can be either an internal or external auditor
D.Must be a Certified Public Accountant
Chapter
12-16
Study Break #1 - Answer
An IT auditor:
A.Must be an external auditor
B.Must be an internal auditor
C.Can be either an internal or external auditor
D.Must be a Certified Public Accountant
Chapter
12-17
Study Break #2
In determining the scope of an IT audit, the auditor should pay
most attention to:
A.Threats and risks
B.The cost of the audit
C.What the IT manager asks to be evaluated
D.Listings of standard control procedures
Chapter
12-18
Study Break #2 - Answer
In determining the scope of an IT audit, the auditor should pay
most attention to:
A.Threats and risks
B.The cost of the audit
C.What the IT manager asks to be evaluated
D.Listings of standard control procedures
Chapter
12-19
The IT Auditor’s Toolkit
Utilization of CAATs
Auditing with the computer
Manual access to data stored on computers is impossible
Tools
Auditing Software
People Skills
Chapter
12-20
General-Use Software
Productivity tools that improve the auditor’s work
Types
Word processing programs
Spreadsheet software
Database management systems (DBMS)
Structured Query Language (SQL)
Chapter
12-21
Generalized Audit Software
Overview
Allow for reviewing of files without rewriting processing programs
Basic data manipulation
Tailored to auditor tasks
Common Programs
Audit Command Language (ACL)
Interactive Data Extraction and Analysis (IDEA)
Chapter
12-22
Generalized Audit
Software - Inventory
Chapter
12-23
Automated Workpapers
Overview
Automate and standardize audit tests
Can prepare financial statements and other financial measures
Features
Generate trial balances
Make adjusting entries
Perform consolidations
Conduct analytical procedures
Document audit procedures and conclusions
Chapter
12-24
People Skills
Examples
Working as a team
Interact with clients and other auditors
Interviewing clients
Importance of Interviews
Gain understanding of organization
Evaluate internal controls
Chapter
12-25
