Accounting Information Systems: Essential Concepts and

Accounting Information Systems:
Essential Concepts and Applications
Fourth Edition by Wilkinson, Cerullo, Raval,
and Wong-On-Wing
Chapter 10: Auditing of
Information Systems
Slides Authored by Somnath Bhattacharya, Ph.D.
Florida Atlantic University
Nature of Audits
Audits are examinations performed to
assess and evaluate an activity or object,
such as whether the internal controls
implemented into the AIS are working as
prescribed by management
Types of Audits
Operational Audits
Compliance Audits
Project Management and Change Control
Audits
Internal Control Audits
Financial Audits
Fraud Audits
Figure 10-1
Types of Auditors
Internal Auditors
External Auditors
Government Auditors
Fraud Auditors
Basic Auditing
Considerations
Ethics and Auditing Standards
Need for Ethics
Content of Standards
Effect of Automation on Standards
Impact of Computerization on Audit
Procedures
Transaction Cycle Approach to Auditing
The Auditing Process
The 5 phases of a financial audit are:
Planning the Audit
Analytical Procedures
Preliminary Review & Assessment of the
Internal Control Structure
Completion of the Review
Detailed Evaluation and Testing of Controls
Analytical and Substantive Review
Audit Reporting
Preliminary Assessment of
the Internal Control Structure
Review, Document, and Assess the ICS
Assess and Set the level of Control Risk
Control Risk is the risk that material misstatements in
assertions, leading to significant errors in the financial
statements, will fail to be prevented or detected by the
internal control structure
The level of Control Risk may be expressed numerically or
subjectively
An Assertion is an expressed account balance, transaction
classification, or disclosure in the financial statements
being examined
Cost Effectiveness of Testing Controls
Testing of Controls
Perform Tests of Controls
Evaluate the Findings of the Tests of Controls
Final Assessment of Control Risk for each
transaction cycle
Determine level of Planned Detection Risk
The Planned Detection Risk is the risk that a
material misstatement in the financial statements
or in individual account balances will fail to be
uncovered by substantive testing procedures
Determine the nature, timing, and extent of
substantive testing procedures
Develop Final Audit Program
Substantive Testing
Choose and Perform Substantive Tests
Perform Final Analytical Procedures
Test Account Balances
Test Details of Transaction Classes
Evaluate Substantive Tests
Document the
Conclusions
Writing the Audit Report
Unqualified Opinion: Financial Statements present
fairly, in all material respects, the financial status,
results of operations, and cash flow of the firm being
audited
Qualified Opinion: Issued when a significant
condition, such as a departure from GAAP, prevents
the issuance of an unqualified opinion
Adverse Opinion: Given when the auditor concludes
that the overall financial statements are so materially
misleading that they cannot be relied upon
A Disclaimer of Opinion: The Auditor refuses to
express an opinion on the overall financial statements
due to major restrictions placed on the scope of the
audit or the failure to collect sufficient evidence
Letter of Reportable Conditions
Auditing Around the
Computer - I
Computer is a “black-box.”
Assumption: If the auditor can show that the
actual outputs are the correct results to be
expected from a set of inputs to the processing
system, then the computer processing must be
functioning in a reliable manner
Involves tracing selected transactions from
source documents to summary accounts and
records, and vice-versa
A “Non-Processing of Data” Method
Auditing Around the
Computer - II
Suitable only under the following 3 conditions:
The audit trail is complete and visible
The processing operations are relatively
straightforward, uncomplicated, and low volume
Complete documentation, such as DFDs and Systems
Flowcharts, are available to the auditor
Best suited for independent periodic processing
applications:
cash disbursements
payroll processing
Auditing Around the
Computer - III
Limitations is that it does not allow the
auditor to determine exactly how the
computer processing programs handle
edit checks and programmed checks
Auditing Around the
Computer: An Illustration
Exception Report
Master File
Regular Processing
Run
Normal
Processing
Documents, Listings,
Registers, Reports
Regular
Transactions
Auditor
Comparison
Audit Test
Selected
Transactions
Predetermined
Results
Figure 10-4a
Auditing Through the
Computer
Should be applied to all complex automated
processing systems
Periodic direct and real-time processing applications where
the audit trail is impaired
Methods include:
Test Data
Integrated Test Facility
Embedded Audit Module Techniques
Program Code Checking
Parallel Processing
Parallel Simulation
Controlled Processing
All auditing-through-the-computer techniques
provide evidence concerning the level of control
risk.
Auditing Through the
Computer: An Illustration
Exception
Report
Master File
Regular
Processing Run
Regular
Transactions
Documents,
Listings, Registers,
Reports
Normal Processing
Exception
Report
Master File
Regular
Processing Run
Summary Results
from Tests
Audit
Comparison
Audit Test
Transactions
Predetermined
Results
Audit Test
Figure 10-4 b
Auditing with the
Computer - I
Microcomputer Audit Assist Software
The Generalized Audit Software (GAS)
Package
The Template
Prepare trial balances
Maintain recurring journal entries
Evaluate sample results
Schedule and manage auditor time in field audits
Perform reasonableness tests of expenses
Estimate expenses
Auditing with the
Computer - II
Audit Software: A collection of program
routines, each serving a mechanistic audit
function
GAS (e.g., ACL)
Attribute Sampling
Histogram Generation
Record Aging
File Comparison
Duplicate Checking
File Printing
Typical Audit Functions
Available in a GAS package
Extracting Data from Files
Calculating with Data
Summarizing Data
Analyzing Data
Reorganizing Data
Selecting Sample Data for Testing
Gathering Statistical Data
Printing Confirmation Requests, Analyses,
and other outputs
Applications of a GAS
Package
Master File
Master File
Transaction
File
Control and
Specification
File
Computer runs involving such audit
functions as
Extracting data from files
Calculating with data
Performing comparisons with data
Summarizing data
Analyzing data
Reorganizing data
Selecting sample data for testing
Gathering statistical data
Requests for
confirmation listings,
Sample data items,
Reports, Analyses,
Control Totals
Printing confirmation requests, analyses,
and other outputs
Exception
Report
GAS
Package
Figure 10-5
Advantages of GAS
Packages
 Allow auditors to access computer-readable records
for a wide variety of applications and organizations
 Enable auditors to examine much more data than
could be examined through manual means
 Rapidly and accurately perform a variety of routine
audit functions, including the statistical selection of
samples
 Reduce dependence on non-auditing personnel for
performing routine functions like summarizing data,
thereby enabling auditors to maintain better control
over the audit
 Require only minimal computer knowledge on the
part of the auditor
Disadvantages of GAS
Packages
They do not directly examine the
applications program and programmed
checks.
They cannot replace auditthrough-the-computer
techniques
Situations Triggering DP
Operational Audits
 An apparently excessive cost for computer services
 A major shift in corporate plans
 A proposal for a major hardware or software upgrade
or acquisition
 An inability to attract and retain computer DP
executives
 A new DP executive’s need for an intensive
assessment
 An inordinate amount of personnel turnover within
the DP department
 A proposal to consolidate or distribute DP resources
 A major system that appears unresponsive to needs
or is difficult to enhance or maintain
 An excessive or increasing number of user complaints
Accounting Information Systems:
Essential Concepts and Applications
Fourth Edition by Wilkinson, Cerullo,
Raval, and Wong-On-Wing
Copyright © 2000 John Wiley & Sons, Inc. All rights reserved.
Reproduction or translation of this work beyond that permitted in
Section 117 of the 1976 United States Copyright Act without the express
written permission of the copyright owner is unlawful. Request for
further information should be addressed to the Permissions Department,
John Wiley & Sons, Inc. The purchaser may make back-up copies for
his/her own use only and not for distribution or resale. The publisher
assumes no responsibility for errors, omissions, or damages, caused by
the use of these programs or from the use of the information contained
herein.