chapter 8 auditing computerized information systems
TRANSCRIPT
![Page 1: Chapter 8 Auditing Computerized Information Systems](https://reader036.vdocuments.net/reader036/viewer/2022071710/56649dd85503460f94acd73e/html5/thumbnails/1.jpg)
Chapter 8Chapter 8
Auditing Auditing Computerized Computerized
Information SystemsInformation Systems
![Page 2: Chapter 8 Auditing Computerized Information Systems](https://reader036.vdocuments.net/reader036/viewer/2022071710/56649dd85503460f94acd73e/html5/thumbnails/2.jpg)
Computer Audit Tools to Test Computer ProcessingElements of a “systems” audit approach.
•Only authorized computer applications are developed.
•Programs are thoroughly tested.
•Authorization needed for changes to programs.
•Access restricted.
•Controls over users and input.
•Monitoring controls in place.
![Page 3: Chapter 8 Auditing Computerized Information Systems](https://reader036.vdocuments.net/reader036/viewer/2022071710/56649dd85503460f94acd73e/html5/thumbnails/3.jpg)
Computer Audit Tools to Test Computer Processing
(cont.)•Data transmission controls in place.
•Data integrity is periodically tested.
•A comprehensive security and backup plan is in place.
![Page 4: Chapter 8 Auditing Computerized Information Systems](https://reader036.vdocuments.net/reader036/viewer/2022071710/56649dd85503460f94acd73e/html5/thumbnails/4.jpg)
Comprehensive ApproachAuditors must always:
•Independently test the correctness of processing
•Independently test the reliability of data
![Page 5: Chapter 8 Auditing Computerized Information Systems](https://reader036.vdocuments.net/reader036/viewer/2022071710/56649dd85503460f94acd73e/html5/thumbnails/5.jpg)
Approaches to Address Correctness of Processing
Test data and integrated test facility
Concurrent processing
Embedded audit modules
![Page 6: Chapter 8 Auditing Computerized Information Systems](https://reader036.vdocuments.net/reader036/viewer/2022071710/56649dd85503460f94acd73e/html5/thumbnails/6.jpg)
Test Data: Auditing through the computer
Test data approach
•Are control procedures functioning?
•Is the computer application processing transactions correctly?
•Are all transaction and master files fully and correctly updated?
•Limitations!
•Integrated test facility (ITF)
![Page 7: Chapter 8 Auditing Computerized Information Systems](https://reader036.vdocuments.net/reader036/viewer/2022071710/56649dd85503460f94acd73e/html5/thumbnails/7.jpg)
Concurrent Processing Methodologies
•Tagging and tracing approach (a.k.a. snapshot approach)
•The systems control audit review file (SCARF) approach
•Embedded audit modules
•Advantages
![Page 8: Chapter 8 Auditing Computerized Information Systems](https://reader036.vdocuments.net/reader036/viewer/2022071710/56649dd85503460f94acd73e/html5/thumbnails/8.jpg)
Using the Computer to Help Test Accounting Records
Generalized Audit Software (GAS)
•Footing
•Selecting a sample
•Extracting, sorting, summarizing data
•Statistics
•Analytical review
•Screening
•Checking
•Calculations
•Reports
![Page 9: Chapter 8 Auditing Computerized Information Systems](https://reader036.vdocuments.net/reader036/viewer/2022071710/56649dd85503460f94acd73e/html5/thumbnails/9.jpg)
Using the Computer to Help Test Accounting Records
Custom Designed Audit Software
•Alternative to GAS
•Custom designed for specific client and specific application
![Page 10: Chapter 8 Auditing Computerized Information Systems](https://reader036.vdocuments.net/reader036/viewer/2022071710/56649dd85503460f94acd73e/html5/thumbnails/10.jpg)
Unique Audit Approaches for Electronic Commerce
•Risk Analysis
•The Process and Control Audit
•Detailed testing of account balances
•Tagging and Tracing
•Embedded Audit Module
•Audit Software
![Page 11: Chapter 8 Auditing Computerized Information Systems](https://reader036.vdocuments.net/reader036/viewer/2022071710/56649dd85503460f94acd73e/html5/thumbnails/11.jpg)
Use of Personal Computing in Conducting an Audit
Traditional UsesTraditional Uses
•Word ProcessingWord Processing
•SpreadsheetsSpreadsheets
Expanded usesExpanded uses
•Electronic working papersElectronic working papers
•GroupwareGroupware
•Intelligent agentsIntelligent agents
•Expert systemsExpert systems
![Page 12: Chapter 8 Auditing Computerized Information Systems](https://reader036.vdocuments.net/reader036/viewer/2022071710/56649dd85503460f94acd73e/html5/thumbnails/12.jpg)
Unique Problems: Auditing a Client’s Spreadsheet
•Parallel simulation
•Test data
•Manual audit