Core concepts of accounting information systems 13 by simkin norman chapter 15
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (886.13 KB, 48 trang )
Prepared by Paula Funkhouser
University of Nevada, Reno
Core Concepts of Accounting Information Systems, 13th Edition
Mark G. Simkin ● Jacob M. Rose ● Carolyn S. Norman
Information
Technology
Auditing
Chapter 15
1
Chapter 15:
Information Technology Auditing
• Introduction
• The Audit Function
• The Information Technology Auditor’s Toolkit
• Auditing Computerized Accounting Information Systems
• Information Technology Auditing Today
2
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
Introduction
• Audits of AISs
– Ensure controls are functioning properly
– Confirm additional controls not necessary
• Nature of Auditing
– Internal and external auditing
– IT Audit and financial audit
– Tools of an IT auditor
3
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
The Audit Function
• Internal versus External Auditing
• Information Technology Auditing
• Evaluating the Effectiveness of Information Systems Controls
4
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
Internal Auditing
• Responsibility of Performance
– Company’s own employees
– External of the department being audited
• Evaluation of:
– Employee compliance with policies and procedures
– Effectiveness of operations
– Compliance with external laws and regulations
– Reliability of financial reports
– Internal controls
5
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
External Auditing
• Responsibility of Performance
– Those outside the organization
– Accountants working for independent CPA
• Audit Purpose
– Performance of the attest function
– Evaluate the accuracy and fairness of the financial statements
relative to GAAP
6
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
Information Technology Auditing
• Function
– Evaluate computer’s role in achieving audit and control
objectives
• Assurance Provided
– Data and information are reliable, confidential, secure, and
available
– Safeguarding assets, data integrity, and operational
effectiveness
7
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
The Components
of an IT Audit
8
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
The IT Audit Process
• Computer-Assisted Audit Techniques (CAAT)
– Use of computer processes to perform audit functions
– Performing substantive tests
• Approaches
– Auditing through the computer
– Auditing with the computer
9
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
The IT Audit Process
10
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
Careers in IT Auditing
• Background
– Accounting skills
– Information systems or computer science skills
• Certified Information System Auditor (CISA)
–
–
–
–
–
Successfully complete examination
Experience requirements
Comply with Code of Professional Ethics
Continuing professional education
Comply with standards
11
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
CISA Exam Components
12
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
Careers in IT Auditing
• Certified Information Security Manager (CISM)
– Business orientation
– Understand risk management and security
• CISM Knowledge
–
–
–
–
–
Information security governance
Information security program management
Risk management
Information security management
Response management
13
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
Evaluating the Effectiveness of
Information Systems Controls
• Impact on Substantive Testing
– Strong controls, less substantive testing
– Weak controls, more substantive testing
• Risk Assessment
– Evaluate the risks associated with control weaknesses
– Make recommendations to improve controls
14
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
Risk Assessment
• Risk-Based Audit Approach
– Determine the threats
– Identify the control procedures needed
– Evaluate the current control procedures
– Evaluate the weaknesses within the AIS
• Benefits
– Understanding of errors and irregularities
– Sound basis for recommendations
15
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
Information Systems
Risk Assessment
• Method of evaluating desirability of IT controls
• Types of Risks
– Errors and accidents
– Loss of company secrets
– Unauthorized manipulation of company files
– Interrupted computer access
• Penetration Testing
16
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
Study Break #1
An IT auditor:
A. Must be an external auditor
B. Must be an internal auditor
C. Can be either an internal or external auditor
D. Must be a Certified Public Accountant
17
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
Study Break #2
In determining the scope of an IT audit, the auditor should pay
most attention to:
A. Threats and risks
B. The cost of the audit
C. What the IT manager asks to be evaluated
D. Listings of standard control procedures
18
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
The IT Auditor’s Toolkit
• Utilization of CAATs
– Auditing with the computer
– Manual access to data stored on computers is impossible
• Tools
– Auditing Software
– People Skills
19
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
General-Use Software
• Productivity tools that improve the auditor’s work
• Types
– Word processing programs
– Spreadsheet software
– Database management systems (DBMS)
– Structured Query Language (SQL)
20
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
Generalized Audit Software
• Overview
– Allow for reviewing of files without rewriting processing
programs
– Basic data manipulation
– Tailored to auditor tasks
• Common Programs
– Audit Command Language (ACL)
– Interactive Data Extraction and Analysis (IDEA)
21
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
Generalized Audit
Software - Inventory
22
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
Automated Workpapers
• Overview
– Automate and standardize audit tests
– Can prepare financial statements and other financial measures
• Features
–
–
–
–
–
Generate trial balances
Make adjusting entries
Perform consolidations
Conduct analytical procedures
Document audit procedures and conclusions
23
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
People Skills
• Examples
– Working as a team
– Interact with clients and other auditors
– Interviewing clients
• Importance of Interviews
– Gain understanding of organization
– Evaluate internal controls
24
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
Auditing Computerized AISs
• Auditing Around the Computer
– Assumes accurate output verifies proper processing
– Not effective in a computerized environment
• Auditing Through the Computer
– Follows audit trail through the computer
– Verifies proper functioning of processing controls in AIS
programs
25
Copyright © 2015. John Wiley & Sons, Inc. All rights reserved.
