Flashcards in Auditing with Techology Deck (26):
Auditor's consideration for IC may be affecetd in that compuster systems may:
1) result in tranaction trails that exists for short time only.
2) program errors that cause uniform mishandling of tranactiosn - clerical errors become less frequent.
3) include computer controls that need to be tested in addition to the segregation of functions.
4) Involve increased difficulty in detecting unauthorized access.
5) include less documentation of initation and execution of trancations.
Computerized Audit Tools (CAAT) for Tests of contorls
Tests of contorls may be divided into the following categories of techniques: a) program analysis, b) program testing, c) continuous testing, and d) review of operating systems and other system software.
Gain an understanding of the client's program. time consuming and require hgh level fo computer expertise, they are infrequently used in FS audits.
1) code review
2) cmparison programs - compare computerized files. can be used in program analysis to determine that the auditor has the same version.
3) flowcharting software -
4) program trracing and mapping
5) snapshot -
Techniques for program testing
program testing involves the use of auditor-controleld actual or simulated data.
1) test data - a set of dummy tranactions is developed by the adutiro and processed by the client's computer progarams.
2) integrated test facility - this method introduces dummy tranactions into a system in teh midst of live tranactions built into the sytem during the original desing.
3) Parallel simulation - processes actual client data through the adutiro's generalized audit software program. Method varifies processing of actual tranactions and allows the auditor to verify actual client results.
1) Controlled reprocessing, a variation of parelle simulation, processes actual client data through a copy of hte client's application program.
limitation of this method include
a) determining that he copy fo hte program is identical to the currently being used by the client
b) keeping current with changes in the porgram
3) the time invovled in repreocessing the large quantities of data.
Techniques for continuous (or concurrent) testing
Advanced computer systems, particularly those utilizing EDI, sometimes do not retain permanent audit trails, thus requiring capture of aduit data as tranactions are rpopcessed.
1) Embedded audit modules and audit hooks - embedded audit modules are programmed routines incorporated into an application program.
2) systems control audit review files (SCARF) - a a log usually creaed by an embeeded audit moudle, used to collect info for subsequent revie and analysis.
3) extended records - this technique attaches additional data that would not otherwise be saved to regular historic recrods.
4) Tranaction tagging - tagging a techinque in which identifer providing a tranctions with a speical designation is added to the tranaction record.
Techniques for review of operating systems and other systems software
Systems sotware may perform controls for computer systems. Related audit techniques range from user written programs to use the of purchasing operating sytems monitoring software.
1) job accounting data/opearting systems logs - created either by opearting system itself or additonal software packages that track particular functions, include reports on the resources used by the comptuer system. These logs provide a record of the activity of the computer system, the audtior may be able to use them to review the work processed.
2) Library management software - this software logs changes in programs, program moudles, job contorl language, and other processing activities.
Access control and security software
software supplments the physical and contorl measures releating to he computer nad is particularly helpful in online environments.
Information technology provides benefits of effectiveness and effiency by:
1) consistently apply predefined business rules and perform complex calculations on large volumnes of transactions
2) enhancetimeliness, availability, and accurarcy of info.
3) Facilitate the addtional anlysis of info.
4) enahcne the ability to monitor the performance of entity's activities and its policeis and procedures
5) reduce risk that controls will be circumvented
6) enhance ability to achieve effective seg. of duties.
IT poses specific risk to IC including
1) systems or programs may inaccurately process info.
2) unauthorized access to data may
3) unauthorized changes to data in master files
4) unauthorized changes to systems or programs
5) failure to make necessary changes to system or programs
6) inappropriate manual intervention
7) potential loss of data.
Use of IT specialist - In determining whether a specialist shoudl be usd, the auditor shoudl consider:
1) complexity fo entity's sytems nad IT contorls
2) Significance of changes made to existing sytems, or implemntation of new sytems
3) extent to which data is shared among systems
4) extent to entity's particaiotn in electronic commerce
5) entity's use of emerging technologies
6) significance of aduti evdiecne available only in electronic form.
Procedures an auditor may assign to a professional possessing IT skills
1) inquiry of entity's IT personnel on how data and tranactions are initiated, recorded, processed, and reqported, and how IT contorls are desinged
2) Inspecting systems documentation
3) Observing opeartion of IT controls
4) Planning and performing of tests of IT controls.
Effects of IT on restriction of detection risk
1) an auditor may assess control risk at a maximum and perform substantive tests to restrict detection risk when he or she believs that a substatnive tests by themeselves would be more eficent.
Computerized audit tools
1) generalized audit software - may use various types of software to perform tests of controls and subsatntive tests.
GAS record extraction
1) extra copies based on certain criteria:
1) Accounts receivable balances over the creidt limit
2) inventory items with negative quantitites or unreasonably large quantities
3) uncostred invetory items
4) tranctions with related parties
1) by customer acocunt number
2) inventory turnover statistics
3) duplicarte sales invoices
D) field stattistics
e) file comparison
f) gap detection/duplciate detection
Pros: 1) spreadsheets may significantly simplify the computational aspects of tasks such as incorporating adjustments and reclassificaiotns on a worksheet. easy to use, einexpesive nad can be saved and modified.
Cons: need for auditor training, and the fact taht original spreadsheet development takes a significant maoutn of time.
Automated workpaper software
Originally used to generate trial balances, lead schedules, and other workpapers, advances in computer technology make possible an electronic workpaper environemnt.
Database Management systems
use to perofrm analytical procedures, mathematical caluclations, generation of confirm. advantages incldue a great opportunity for auditor to manipulate data.
disadvatnages include autiro training and the need for more adequate client documentation of applicaiton
Test retrieval software
enables sccess to such databases as the AICPA. allows auidtor to reach tech issues quickly. disvantage incldue th training and some professional lirature is not currenlyt availble in software form.
is used to define a database, including creating, altering, and deleting tables and establishing various constraints.
An extra digit added to an identification number to detect certain types of data transmission errors. For example, a bank may add a check digit to individual's— 7-digit account numbers. The computer will calculate the correct check digit based on performing predetermined mathematical operations on the 7-digit account number and will then compare it to the check digit.
Which of the following is an advantage of using a value-added network for EDI transactions?
when computer control procedures leave no visible evidence indicating the procedures have been performed, the auditor should test these controls by reviewing transactions submitted for processing and comparing them with the related output. The objective is to determine that no transactions tested with unacceptable conditions went unreported and without appropriate resolution. This procedure can be undertaken by submitting actual client live data or dummy transactions.
examples of application controls.
Input controls, processing controls, and output controls
program change controls, controls that restrict access to programs or data, controls over the implementation of new releases of packaged software applications, and controls over system software that restrict access to or monitor the use of system utilities that could change financial data or records without leaving an audit trail.
An embedded audit module enables continuous monitoring and analysis of transaction processing, including the functioning of processing controls.
more random info.
• Mapping is a technique for determining whether a computer program contains any unexecuted code that should be examined.
• Retrieval and analysis programs such as generalized audit software offer the features and flexibility suitable for verifying the correctness of information on a computer file.
• The snapshot method is a technique utilized to capture and print all data pertinent to the analysis of a specific moment in the processing cycle.