Add to collection(s) Add to saved
  1. Business
  2. Accounting
  3. Managerial Accounting

Financial Accounting and Accounting Standards

Chapter
7-1
Chapter
7-2
Auditing
Information
TechnologyBased Processes
Accounting Information Systems, 1st Edition
Study Objectives
1.
An introduction to auditing IT processes
2.
The various types of audits and auditors
3.
Information risk and IT-enhanced internal control
4.
Authoritative literature used in auditing
5.
Management assertions used in the auditing process and the related audit
objectives
6.
The phases of an IT audit
7.
The use of computers in audits
8.
Tests of controls
9.
Tests of transactions and tests of balances
10.
Audit Completion/Reporting
11.
Other audit considerations
12.
Ethical issues related to auditing
Chapter
7-3
Introduction to Auditing IT Processes
Accounting services that improve the quality of
information are called assurance services.
An audit is the most common type of assurance
service.
Chapter
7-4
SO 1 An introduction to auditing IT processes
Types of Audits and Auditors
Main purpose of the audit is to assure users of
financial information about the accuracy and
completeness of the information.
Three primary types of audits include
 compliance audits,
 operational audits, and
 financial statement audits.
Chapter
7-5
SO 2 The various types of audits and auditors
Types of Audits and Auditors
Audits are typically conducted by accountants.
 Certified public accountants (CPAs)
 Internal auditor
 IT auditors
 Government auditors
Chapter
7-6
SO 2 The various types of audits and auditors
Types of Audits and Auditors
IT environment plays a key role in how auditors
conduct their work in the following areas:
 Consideration of risk
 Audit procedures used to obtain knowledge of
accounting and internal control systems
 Design and performance of audit tests
Chapter
7-7
SO 2 The various types of audits and auditors
Types of Audits and Auditors
Concept Check
Which of the following types of audits is most likely to
be conducted for the purpose of identifying areas for
cost savings?
a. Financial statement audits
b. Operational audits
c. Regulatory audits
d. Compliance audits
Chapter
7-8
SO 2 The various types of audits and auditors
Types of Audits and Auditors
Concept Check
Financial statement audits are required to be
performed by
a. government auditors.
b. CPAs.
c. internal auditors.
d. IT auditors.
Chapter
7-9
SO 2 The various types of audits and auditors
Risk and IT-Enhanced Internal Control
Information risk is the chance that information used
by decision makers may be inaccurate.
Following are some causes of information risk:
Remoteness of information
Volume and complexity of underlying data
Motive of the preparer
Chapter
7-10
SO 3 Information risk and IT-enhanced internal control
Authoritative Literature Used in Auditing
Sources of authoritative literature
Generally accepted auditing standards (GAAS)
Public Company Accounting Oversight Board
(PCAOB)
Auditing Standards Board (ASB)
International Audit Practices Committee (IAPC)
Information Systems Audit and Control Association
(ISACA).
Chapter
7-11
SO 4 Authoritative literature used in auditing
Authoritative Literature Used in Auditing
Concept Check
Which of the following is not a part of generally
accepted auditing standards?
a. general standards
b. standards of fieldwork
c. standards of information systems
d. standards of reporting
Chapter
7-12
SO 4 Authoritative literature used in auditing
Authoritative Literature Used in Auditing
Concept Check
Which of the following best describes what is meant
by the term “generally accepted auditing standards”?
a. Procedures used to gather evidence to support the
accuracy of a client’s financial statements
b. Measures of the quality of an auditor’s conduct
c. Professional pronouncements issued by the Auditing
Standards Board
d. Rules acknowledged by the accounting profession
because of their widespread application
Chapter
7-13
SO 4 Authoritative literature used in auditing
Authoritative Literature Used in Auditing
Concept Check
In an audit of financial statements in accordance with generally
accepted auditing standards, an auditor is required to
a. document the auditor’s understanding of the client
company’s internal controls.
b. search for weaknesses in the operation of the client
company’s internal controls.
c. perform tests of controls to evaluate the effectiveness of
the client company’s internal controls.
d. determine whether controls are appropriately designed to
prevent or detect material misstatements.
Chapter
7-14
SO 4 Authoritative literature used in auditing
Management Assertions and Audit Objectives
Responsibility for the preparation of financial
statements lies with management
Management assertions are claims regarding the
financial condition and results of operations.
 Existence/occurrence
 Valuation and Allocation
 Accuracy, Classification, Cutoff
 Completeness
 Rights and Obligations
Audit tests
developed for an
audit client are
documented in an
audit program.
 Presentation and Disclosure
Chapter
7-15
SO 5 Management assertions used in the auditing
process and the related audit objectives
Management Assertions and Audit Objectives
Concept Check
Auditors should design a written audit program so that
a. all material transactions will be included in substantive
testing.
b. substantive testing performed prior to year end will be
minimized.
c. the procedures will achieve specific audit objectives
related to specific management assertions.
d. each account balance will be tested under either a
substantive test or a test of controls.
Chapter
7-16
SO 5 Management assertions used in the auditing
process and the related audit objectives
Management Assertions and Audit Objectives
Concept Check
Which of the following audit objectives relates to the
management assertion of existence?
a. A transaction is recorded in the proper period.
b. A transaction actually occurred (i.e., it is real).
c. A transaction is properly presented in the financial
statements.
d. A transaction is supported by detailed evidence.
Chapter
7-17
SO 5 Management assertions used in the auditing
process and the related audit objectives
Phases of an IT Audit
There are four primary phases to an IT audit:
 planning,
 tests of controls,
 substantive tests, and
 audit completion/reporting.
Chapter
7-18
SO 6 The phases of an IT audit
Phases of an IT Audit
Chapter
7-19
SO 6 The phases of an IT audit
Exhibit 7-4
Process Map of
Phases of an Audit
Phases of an IT Audit
Audit evidence is proof of the fairness of financial
information. Techniques for gathering evidence:
 physically examining or inspecting assets or
supporting documentation
 obtaining written confirmations
 rechecking or recalculating information
 observing the underlying activities
 making inquiries of client personnel
 analyzing financial relationships and comparisons
Chapter
7-20
SO 6 The phases of an IT audit
Phases of an IT Audit
Audit Planning
Auditors review and assess the risks and controls,
establish materiality guidelines, and develop relevant
tests addressing the objectives.
Chapter
7-21
SO 6 The phases of an IT audit
Phases of an IT Audit
Audit Planning
Chapter
7-22
Exhibit 7-5
Audit Planning Phase
Process Map
SO 6 The phases of an IT audit
Phases of an IT Audit
Concept Check
Risk assessment is a process designed to
a. identify possible events that may effect the
business.
b. establish policies and procedures to carry out
internal controls.
c. identify and capture information in a timely manner.
d. test the internal controls throughout the year.
Chapter
7-23
SO 6 The phases of an IT audit
Phases of an IT Audit
Concept Check
Which of the following audit procedures is most likely to be
performed during the planning phase of the audit?
a. Obtain an understanding of the client’s risk assessment
process.
b. Identify specific internal control activities that are
designed to prevent fraud.
c. Evaluate the reasonableness of the client’s accounting
estimates.
d. Test the timely cutoff of cash payments and collections.
Chapter
7-24
SO 6 The phases of an IT audit
Use of Computers in Audits
Auditing around the computer
Auditing through the computer
Auditing with the computer

Chapter
7-25
Computer-assisted audit techniques
(CAATs)
SO 7 The use of computers in audits
Use of Computers in Audits
Concept Check
Which of the following is the most significant disadvantage
of auditing around the computer rather than through the
computer?
a. The time involved in testing processing controls is
significant.
b. The cost involved in testing processing controls is
significant.
c. A portion of the audit trail is not tested.
d. The technical expertise required to test processing
controls is extensive.
Chapter
7-26
SO 7 The use of computers in audits
Tests of Controls
Exhibit 7-6
Control Testing Phase
Process Map
Tests of controls involve
audit procedures designed to
evaluate both general controls
and application controls.
Chapter
7-27
SO 8 Test of controls
Tests of Controls
General Controls
Two broad categories of general controls that relate to
IT systems:
 IT administration and related operating systems
development and maintenance processes
 Security controls and related access issues
Chapter
7-28
SO 8 Test of controls
Tests of Controls
General Controls
IT Administration
Audit tests include review for the existence and
communication of company policies regarding:
 personal accountability and segregation of
incompatible responsibilities
 job descriptions and clear lines of authority
 computer security and virus protection
 IT systems documentation
Chapter
7-29
SO 8 Test of controls
Tests of Controls
General Controls
Security Controls
To test external access controls, auditors may
perform:
Authenticity tests.
Penetration tests
Vulnerability assessments
Review access logs to identify unauthorized users or
failed access attempts
Chapter
7-30
SO 8 Test of controls
Tests of Controls
Application Controls
Computerized controls over application programs.
Auditors should test
 Systems documentation
 Main functions of the computer applications
 input,
 processing, and
 output.
Chapter
7-31
SO 8 Test of controls
Tests of Controls
Application Controls
Input Controls
1. Financial totals
2. Hash totals
3. Completeness or redundancy tests
4. Limit tests
5. Validation checks
6. Field checks
Chapter
7-32
SO 8 Test of controls
Tests of Controls
Application Controls
Processing Controls, techniques for testing
1. Test data method
2. Program tracing
3. Integrated test facility
4. Parallel simulation
5. Embedded audit modules
Chapter
7-33
SO 8 Test of controls
Tests of Controls
Application Controls
Output Controls
1. Reasonableness tests
2. Audit trail tests
3. Rounding errors tests
Chapter
7-34
SO 8 Test of controls
Tests of Controls
Concept Check
The primary objective of compliance testing in a
financial statement audit is to determine whether
a. procedures have been updated regularly.
b. financial statement amounts are accurately stated.
c. internal controls are functioning as designed.
d. collusion is taking place.
Chapter
7-35
SO 8 Test of controls
Tests of Controls
Concept Check
Which of the following computer assisted auditing
techniques processes actual client input data (or a copy
of the real data) on a controlled program under the
auditor’s control to periodically test controls in the
client’s computer system?
a. Test data method
b. Embedded audit module
c. Integrated test facility
d. Parallel simulation
Chapter
7-36
SO 8 Test of controls
Tests of Controls
Concept Check
Which of the following is a general control to test for
external access to a client’s computerized systems?
a. Penetration tests
b. Hash totals
c. Field checks
d. Program tracing
Chapter
7-37
SO 8 Test of controls
Tests of Transactions and Balances
Substantive Testing - tests of accuracy of monetary
amounts of transactions and account balances.
Computerized auditing tools make it possible for more
efficient audit tests such as:
 mathematical and statistical calculations
 data queries
 identification of missing items in a sequence
 stratification and comparison of data items
 selection of items of interest from the data files
 summarization of testing results into a useful format
for decision making
Chapter
7-38
SO 9 Test of transactions and tests of balances
Tests of Transactions and Balances
Exhibit 7-9
Substantive Testing
Phase Process Map
Chapter
7-39
SO 9 Test of transactions and tests of balances
Tests of Transactions and Balances
Concept Check
Generalized audit software can be used to
a. examine the consistency of data maintained on
computer files.
b. perform audit tests of multiple computer files
concurrently.
c. verify the processing logic of operating system
software.
d. process test data against master files that contain
both real and fictitious data.
Chapter
7-40
SO 9 Test of transactions and tests of balances
Audit Completion/Reporting
Four basic types of reports:
1. Unqualified opinion
2. Qualified opinion
3. Adverse opinion
4. Disclaimer
The most important task is obtaining a letter of
representations from client management.
Chapter
7-41
SO 10 Audit Completion/Reporting
Audit Completion/Reporting
Exhibit 7-10
Audit Completion/Reporting
Phase Process Map
Chapter
7-42
SO 10 Audit Completion/Reporting
Other Audit Considerations
Different IT Environments
Using PCs, companies may use IT environments that
involve
 networks,
 database management systems, and/or
 e-commerce systems.
Chapter
7-43
SO 11 Other audit considerations
Other Audit Considerations
Changes in a Client’s IT Environment
Auditors must consider whether additional audit testing
is needed.
Specific audit tests include verification of:
 Assessment of user needs
 Authorization for new projects and program changes
 Adequate feasibility study and cost–benefit analysis
 Proper design documentation
 Proper user instructions
 Adequate testing before system is put into use
Chapter
7-44
SO 11 Other audit considerations
Other Audit Considerations
Sampling
Test a limited number of items or transactions and
then draw conclusions about the balance as a whole
on the basis of the results.
Chapter
7-45
SO 11 Other audit considerations
Other Audit Considerations
Concept Check
Independent auditors are generally actively involved in each
of the following tasks except:
a. Preparation of a client’s financial statements and
accompanying notes
b. Advising client management as to the applicability of a
new accounting standard
c. Proposing adjustments to a client’s financial statements
d. Advising client management about the presentation of
the financial statements
Chapter
7-46
SO 11 Other audit considerations
Other Audit Considerations
Concept Check
Which of the following is most likely to be an attribute
unique to the audit work of CPAs, compared with work
performed by attorneys or practitioners of other
business professions?
a. Due professional care
b. Competence
c. Independence
d. A complex underlying body of professional
knowledge
Chapter
7-47
SO 11 Other audit considerations
Other Audit Considerations
Concept Check
Which of the following terms is not associated with
the auditor’s requirement to maintain independence?
a. Objectivity
b. Neutrality
c. Professional skepticism
d. Competence
Chapter
7-48
SO 11 Other audit considerations
Ethical Issues Related to Auditing
AICPA Code of Professional Conduct
Six principles of the code:
Chapter
7-49
Auditors must
practice
professional
skepticism
1.
Responsibilities.
2.
The Public Interest.
3.
Integrity.
4.
Objectivity and Independence. CPAs
5.
Due Care
6.
Scope and Nature of Services
SO 12 Ethical issues related to auditing
Copyright
Copyright © 2008 John Wiley & Sons, Inc. All rights reserved.
Reproduction or translation of this work beyond that permitted
in Section 117 of the 1976 United States Copyright Act without
the express written permission of the copyright owner is
unlawful. Request for further information should be addressed
to the Permissions Department, John Wiley & Sons, Inc. The
purchaser may make back-up copies for his/her own use only
and not for distribution or resale. The Publisher assumes no
responsibility for errors, omissions, or damages, caused by the
use of these programs or from the use of the information
contained herein.
Chapter
7-50
Overview of ERP Systems
Concept Check
Manufacturing companies implement ERP systems for
the primary purpose of
a. Increasing productivity.
b. Reducing inventory quantities.
c. Sharing information.
d. Reducing investments.
Chapter
7-51
SO 1 The overview of an ERP system
Related documents
As the 2nd largest business support solutions (BSS) provider, CSG
As the 2nd largest business support solutions (BSS) provider, CSG
Evolution of an Automated Internal Audit Management System
Evolution of an Automated Internal Audit Management System
Internal Auditor Job Description
Internal Auditor Job Description
Big Data As Complementary Audit Evidence
Big Data As Complementary Audit Evidence
Job Title: IT Audit Senior
Job Title: IT Audit Senior
Marketing Plan Rubric
Marketing Plan Rubric
Green Impact Auditor
Green Impact Auditor
CIS 349 – Information Technology Audit and Control
CIS 349 – Information Technology Audit and Control
manager internal tax
manager internal tax
Download