The Impact of Information
Technology on the Audit
Process
Chapter 12
/>gvn/
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley
5-5
Learning Objective 1
Describe how IT improves internal control.
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley
12 - 2
How Information Technologies
Enhance Internal Control
Computer controls
replace manual
controls
Higher-quality
information is
available
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley
12 - 3
Learning Objective 2
Identify risks that arise from using an ITbased accounting system.
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley
12 - 4
Assessing Risks of
Information Technologies
Risks to hardware and data
Reduced audit trail
Need for IT experience and
separation of IT duties
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley
12 - 5
Risks to Hardware and Data
Reliance on
hardware and
software
Data loss
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley
Unauthorized
access
Systematic
vs.
random errors
12 - 6
Reduced Audit Trail
Visibility of
audit trail
Lack of
traditional
authorization
Detection risk
Reduced
human
involvement
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley
12 - 7
Need for IT Experience and
Separation of Duties
Reduced separation of duties
Need for IT experience
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley
12 - 8
Learning Objective 3
Explain how general controls and application
controls reduce IT risks.
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley
12 - 9
Internal Controls Specific to
Information Technology
Information technology controls
Application
controls
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley
General
controls
12 - 10
Relationship Between General
and Application Controls
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley
12 - 11
Categories of General and
Application Controls
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley
12 - 12
Administration of the IT
Function
The perceived importance of IT within an
organization is often dictated by the attitude of
the board of directors and senior management.
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley
12 - 13
Segregation of IT Duties
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley
12 - 14
Systems Development
Typical test
strategies
Pilot testing
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley
Parallel testing
12 - 15
Physical and Online Security
Online Controls:
User ID control
Password control
Separate add-on
security software
Physical Controls:
Keypad entrances
Badge-entry systems
Security cameras
Security personnel
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley
12 - 16
Backup and Contingency
Planning
Offsite storage of critical files is a key
element to a backup and contingency plan
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley
12 - 17
Hardware Controls
These controls are built into computer
equipment by the manufacturer to
detect and report equipment failures.
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley
12 - 18
Application Controls
Application controls are designed for each
software application
Input
controls
Output
controls
Processing
controls
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley
12 - 19
Input Controls
These controls are designed by an
organization to ensure that the
information being processed is
authorized, accurate, and complete.
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley
12 - 20
Batch Input Controls
Financial total
Hash total
Record count
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley
Total for all
records in a batch
Total of codes
from all batch
records
Total of records
in a batch
12 - 21
Processing Controls
Validation test
Correct file,
database, or program?
Sequence test
Correct
processing order?
Arithmetic
accuracy test
Accuracy of
processed data?
Data reasonableness
test
Data exceeds
preset amounts?
Completeness test
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley
Completeness
of record fields?
12 - 22
Output Controls
These controls focus on detecting errors
after processing is completed rather
than on preventing errors.
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley
12 - 23
Learning Objective 4
Describe how general controls affect the
auditor’s testing of application controls.
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley
12 - 24
Impact of Information Technology on
the Audit Process
Effects of general controls on system-wide
applications
Effects of general controls on software changes
Obtaining an understanding of client
general controls
Relating IT controls to transaction-related
audit objectives
Effect of IT controls on substantive testing
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley
12 - 25