Auditing of CBIS
Chapter Ten
IIA Vs. AICPA
• IIA Audit Scope
–
–
–
–
–
Reliability and integrity
Complies with operating parameters
Review IC to safeguard assets
Review uses of firm’s resources
Review overall compliance with company
objectives
Internal Audits
• Financial
– reliability and integrity of accounting records
• IS
– general and applications controls of IS
• Operational
– economic and efficient use of resources
Audit Risk
• Inherent Risk
– material misstatements without controls
– perhaps specific technology or industry risk
• Control Risk
– material misstatements given the existing
control structure
• Detection Risk
– probability that auditors will not detect errors
Materiality
• Define?
• Reasonable assurance
IS Audits
•
•
•
•
Security
Program development and acquisition
Program modification
Computer processing
– the test data phase
• Source data integrity
• Safeguarding of data files
Concurrent Audit Techniques
• Integrated Test Facility (ITF)
– can the system recognize fictitious records
• Snapshot Technique
– MF - TF - MF and auditor reviews
• System Control Audit Review File (SCARF)
– Continuous and Intermittent Simulation (CIS)
– set audit parameters and collect data in a file
• Audit Hooks
– real-time notification of specific events
Key to Audit Software
• Integrate audit software and processes
during design and implementation
Become Wealthy;
Donate Audit Software to ISU
• Self-designed - comparison of reported and
expected results; e.g., bonuses,
commissions, wages, interest
• GAS, ITF, SCARF
• Automated flowcharting
• Automated decision tables
• Scanning routines (SSN example)