资源描述
,Click to edit Master title style,Click to edit Master text styles,Second level,Third level,Fourth level,Fifth level,11-,*,The Impact of InformationTechnology on theAudit Process,Chapter 11,AuditinginanElectronic Environment,GAAS areapplicable ratherornotacomputerisused,Special concerns about computer,Technicaltraining,Specialist,Planningandevidence,Effects ofComputerProcessing on theAudit,Transactiontrails-existforshorttime,Uniform processingoftransactions,Hardertosegregate dutiesbecause allwork donebycomputer,Potentialfor errorsandirregularities-fictitious entries,Potentialfor managementsupervision-exceptionreporting,Initiation of transaction processingautomaticallybycomputer,AssessingRisksofInformationTechnologies,Unauthorizedaccess,Loss of data,Reduced segregation of duties,Lack of traditional authorization,Need forITexperience,ElementsofComputerBasedSystems,Hardware,Software,SystemSoftwareandApplicationSoftware,Documentation descriptionofsystemandcontrols,Personnel,manage,designprogram operateorcontroldata.,Data,Control Activities,control overprocessingoftransactions,CharacteristicsofSystem,Batchorsequential processing,Onlinerealtime processing,Mainframevs.miniorpersonalcomputers,Networks,LANsand Modems,Complex Systems,transactiondriventoupdate files.,Simple,batchprocessing.,Planningtheauditwithcomputers,Extenttowhichcomputers areused,Complexity of computer operationscomplexintegrated or simpleapplications,Organizationalstructureofcomputerprocessing-centralvs.decentralizedorservice,Availabilityofdata,UseofCAATs,Need forspecializedskills,Planning,Understand thecomputerenvironmenttodetermine nature,timing andextentoftesting,Organizationalstructure,Client,scomputerresources,Structureofthe computingdepartment-segregationofduties,Overviewofcomputeroperatingactivities,Client,spoliciesand procedures-formalwritten,updatedcurrent,PlanningCont.,Client,smonitoring of thesystem,Existenceofdesignanddocumentationstandards,Policies and controls for programmodifications,Policies and controls foraccess todata,Availability ofperformance reportsforreview bymanagement,Existenceof internal audit and work oncomputer processingintegrity,AccountingSystem-how transactions areprocessed,How InformationTechnologies Enhance InternalControl,Computer controls replacemanual controls.,Higher-qualityinformation isavailable.,AssessingControl Risk,Identify control objectives for thetypeof errorsthatcould occur,Identify wherethe errorscould occur inprocessing,Identify control activities designed andputin operation toprevent theseerrors,Evaluate control activities for assessment ofcontrol risk,Possible Errorsin Processing,Preparingsource documents,Batchtotal preparation,Dataentry,Transfer of data,Correct input filesfor processing,Output files createdor masterfiles updated,Master file maintenance,Automatictransactions bycomputer,Errors identified byprocessing arecorrectedandreentered,CAATS,Computer Assisted Audit Techniques,Written for a specific client,Generalized softwareto be used formanyclients.,GAS GeneralizedAudit Software,Software created orpurchased,Generic and canbe used for many audits,Costadvantagebecause itis not just used ordevelopedforone client,GAS AuditProcedures,Recalculate depreciation,extension ofinventoryor sales,footing files,Confirmation Receivables select/print,Scanning Unusual occurrences,duplicates,AnalyticalProcedures,FraudInvestigation,Not used for verbalinquiry orobservation,General controls,Segregation ofduties,Physical access,Documentation and systemsdevelopment policies andprocedures,Hardware controls,Datacontrol and security,General Controls,Administrationof the,IT function,Segregation of,IT duties,Systems,development,Physical and,onlinesecurity,Backupand,contingencyplanning,Hardware,controls,Segregationof Duties,SystemAnalyst,Programmer,Computer Operator,Librarian,Control Group,Physical Access,Controls over physical accessto:,Data and program files,Computer Hardware,Separate andcontrolledaccess,Lockeddoors,passwords,security passes,check-in/outlogs,Physical andOnline Security,Physical Controls:,Keypadentrances,Badge-entrysystems,Security cameras,Security personnel,OnlineControls:,User ID control,Password control,Separate add-on,security software,Documentation,Written policies and procedures,Operation instruction,Changes to programs,Systemdevelopment,Training ofnew employees,Auditor,Evaluation controls,Overview ofhow the system works,Hardware Controls,Thesecontrols arebuiltintocomputer,equipment bythe manufacturerto,detectand reportequipment failures.,Hardware Controls,Paritycheck-maintainsintegrityof internaldatawhen moved withincomputer,Echo check,echosdata transmitted back tosender to verifyintegrity,PreventativeMaintenance,Data Controls andSecurity,External Labels,Headerand TrailerLabels,File Security physical,offsite,File retention policies,grandfather-father-son,ApplicationControls,Inputcontrols,Processing,controls,Outputcontrols,RelationshipBetween General and AdministrativeControls,Cash Receipts,Appli
展开阅读全文