Auditing: Information Technology System Environment
Auditing: Information Technology System Environment
Auditing: Information Technology System Environment
in an
Information Technology
System Environment
- Part II-
Expected Learning Outcomes
1. Understand the effects of computers on the audit process.
2. Know the impact of computers on accounting systems.
3. Understand the basic audit procedures applied in evaluating the
internal control and substantive testing in a CIS environment.
4. Describe the major types of computer fraud.
5. Describe the effects of computers on the audit process.
6. Know how audit planning is done in an IT environment.
7. Be familiar with the previous audit techniques using computers.
8. Familiarize yourself with specialized audit programs and
additional techniques in the audit of clients using IT Systems.
Introduction
As computer systems became more complex and
integrated, auditors found it challenging to audit
around them. Consequently, they began to audit
through the computer by investigating the data
processing system and its controls. This approach
involves feeding hypothetical transactions into the
computer to check the accuracy of the system.
IMPACT OF COMPUTERS ON ACCOUNTING SYSTEM
TROJAN HAN
TRAPDOORS
b) Auditee programs
- Coded by the company's own programmer to meet the auditor's
needs. This will require additional precautions on the part of the auditor.
c) Utility programs
- Provided by software vendors and used to obtain data.
1 2 3
Make certain the test Make certain the test Devote the necessary
data is not included data is not included time to develop
in the client's in the client's adequate data to test
accounting records. accounting records. key controls.
xxx
TO THE EXTENT THEY ARE RELEVANT TO THE FINANCIAL STATEMENT
ASSERTIONS THE AUDITOR CONSIDERS SUCH MATTERS AS:
The effective use of firewalls and virus protection software to protect its
systems from the introduction of unauthorized or harmful software, data,
or other material in electronic form,
The effective use of encryption, including both:
- Maintaining the privacy and security of transmissions and
- Preventing the misuse of encryption technology
Controls over the development and implementation of systems used to
support e-commerce activities;
Whether security controls in place continue to be effective as new
technologies that can be used to attack Internet security become
available;
Whether the control environment supports the control procedures
implemented.
Transaction Integrity
The auditor considers the completeness,
accuracy, timeliness, and authorization of
information provided for recording and
processing in the entity's financial records.
Validate input;
Prevent duplication or omission of transactions;
Ensure the terms of trade have been agreed
before an order is processed;
Distinguish between customer browsing and orders
placed;
Prevent incomplete processing by ensuring all
steps are completed and recorded;
Ensure the per distribution of transaction details
across multiple systems in a network;
Ensure records are properly retained, backed-up,
and secured.
Process Alignment
Process alignment refers to the way various IT
systems are integrated with one another and
thus operate, in effect, as one system. In the e-
commerce environment, it is important that
transactions generated from an entity's web site
are processed properly by the entity's internal
systems.
The way e-commerce transactions are captured
and transferred to the entity's accounting
system may affect such matters as: