Chapter 8Chapter 8
Auditing Auditing Computerized Computerized
Information SystemsInformation Systems
Computer Audit Tools to Test Computer ProcessingElements of a “systems” audit approach.
•Only authorized computer applications are developed.
•Programs are thoroughly tested.
•Authorization needed for changes to programs.
•Access restricted.
•Controls over users and input.
•Monitoring controls in place.
Computer Audit Tools to Test Computer Processing
(cont.)•Data transmission controls in place.
•Data integrity is periodically tested.
•A comprehensive security and backup plan is in place.
Comprehensive ApproachAuditors must always:
•Independently test the correctness of processing
•Independently test the reliability of data
Approaches to Address Correctness of Processing
Test data and integrated test facility
Concurrent processing
Embedded audit modules
Test Data: Auditing through the computer
Test data approach
•Are control procedures functioning?
•Is the computer application processing transactions correctly?
•Are all transaction and master files fully and correctly updated?
•Limitations!
•Integrated test facility (ITF)
Concurrent Processing Methodologies
•Tagging and tracing approach (a.k.a. snapshot approach)
•The systems control audit review file (SCARF) approach
•Embedded audit modules
•Advantages
Using the Computer to Help Test Accounting Records
Generalized Audit Software (GAS)
•Footing
•Selecting a sample
•Extracting, sorting, summarizing data
•Statistics
•Analytical review
•Screening
•Checking
•Calculations
•Reports
Using the Computer to Help Test Accounting Records
Custom Designed Audit Software
•Alternative to GAS
•Custom designed for specific client and specific application
Unique Audit Approaches for Electronic Commerce
•Risk Analysis
•The Process and Control Audit
•Detailed testing of account balances
•Tagging and Tracing
•Embedded Audit Module
•Audit Software
Use of Personal Computing in Conducting an Audit
Traditional UsesTraditional Uses
•Word ProcessingWord Processing
•SpreadsheetsSpreadsheets
Expanded usesExpanded uses
•Electronic working papersElectronic working papers
•GroupwareGroupware
•Intelligent agentsIntelligent agents
•Expert systemsExpert systems
Unique Problems: Auditing a Client’s Spreadsheet
•Parallel simulation
•Test data
•Manual audit