The Effect of Information Technology on the Audit M9 Flashcards
What are the 5 audit procedures to gather evidence for IT?
- Factors to consider
- Use of an IT Auditor
- Auditing AROUND the computer (Inputs and outputs)
- Auditing THROUGH the computer (Inputs and Processes) CAAT’s (Computer Assisted Audit Techniques) (5 components)
- Use GASP’s when all client data is digital: GASP’s (Generalized Audit Software Packages): Requires little knowledge about client systems hard and software.
What are the components of CAAT’s?
Computer Assisted Audit Techniques 4 of 5 procedures to get IT evidence
- Transaction Tagging: Tag specific transactions and follow it THROUGH the clients system
- Embedded Audit Modules
-
Parallel simulation is a technique in which the auditor
reprocesses the client’s data using the auditor’s own software. The auditor then compares his or her results to those obtained by the client. - An integrated test facility uses the auditor’s input data on the client’s system, on-line.
-
The test data approach uses the auditor’s input data on the
client’s system, off-line
When is it necessary to use CAAT’s
Computer Assisted Audit Techniques
- when it is necessary to examine all data in an accounts payable file.
- Computer programs that allow auditors to test computer files and databases during an audit.
- When there is need to examine a lot of data.
CAAT’s 4 of 5 audit procedures used to gather evidence from client IT systems (Embedded Audit Modules 2 of 5 Components of CAAT’s (Computer Assisted Audit Techniques)
What are the features of embedded audit modules?
- Used to capture data on a continuously tested basis.
- Embedded audit modules are usually built into the application program when the program is developed. This would require that the auditors be involved in the system design.
- Auditors are not required to monitor embedded audit modules continuously.
- As long as there are appropriate controls in place, embedded audit modules cannot easily be modified through management.
CAAT’s 4 of 5 audit procedures used to gather evidence from client IT systems (Test Data 3 of 5 Components of CAAT’s (Computer Assisted Audit Techniques)
What is the test data approach regarding the Accounting System?
- It is not feasible to test every possible valid and invalid condition using a test data approach.
- Test data consists of a set of fictitious entries or inputs that are processed through the client’s computer system under the Auditors control.
- The auditor need only include valid and invalid conditions that interest the auditor.
- Only one transaction of each type need be tested.
- The test data approach refers to a technique in which the results are already known by the auditor.
What type of test data should an auditor get in a Payroll System Environment?
The following are recorded in the computer and are likely candidates for “test data” tests of controls.
- Missing or invalid employee numbers
- Time tickets with invalid job numbers
- Agreement of hours per clock card with hours on time tickets.
CAAT’s 4 of 5 audit procedures used to gather evidence from client IT sy
What are the features of integrated test facilities?
An Integrated Test Facility:
- uses test data commingled with actual data to test transactions.
- An integrated test facility runs test transactions through the “live” system and posts to simulated (dummy) files to provide an auditor with information about the operating effectiveness of controls.
- Clients unaware of auditor testing data.
CAAT’s 4 of 5 audit procedures used to gather evidence from client IT sy
What are the features of parallel simulations?
Parallel Simulation:
- The client’s input data is processed through both the auditor’s version of the client’s program and the client’s program and the output is compared.
- Controlled reprocessing of transactions is a less common term used for parallel processing where the auditor writes a program to “reprocess” some or all of the client’s live data.
- The client’s computer personnel likely would be providing the actual client data, and so would have some knowledge of when the data was being tested.
- BENEFIT: typically allows a greater number of items to be tested at relatively little additional cost, clients data is controlled by the auditor’s system.
What are the components of GASP’s
Generalized Audit Software Packages 5 of 5 procedures to get IT evidence
- Generalized audit software is used to extract and analyze data.
-
GASP’s (Generalized Audit Software Packages):
BENEFIT
Requires little knowledge about client systems hard and software. Use when clients data is digital.
When to use GASP’s manual audit techniques for IT?
CAAT’s
When assessing compliance with policies and procedures related to information security.
5 of 5 Audit Procedure used to gather Evidence from client IT systems.
What audit task can be achieved using Generalized Audit Software Packages (GASP)?
- May select items meeting specified criteria, such as filtering data based on accounts receivable data recording.
- It allows an auditor to perform tests of controls and substantive tests directly on the client’s system.
- It is used to extract and analyze data.
- When companies use information technology (IT) extensively and evidence is available only in electronic form, GASP generate the programs necessary to integrate the files and extract and analyze the data.
- Continuous performance of audit tests is required when financial data is processed electronically.
Benefits
is the ability to access client data stored in computer files without having a detailed understanding of the client’s hardware and software features.
Which Characteristics distinguishes computer processing from manual processing?
- Computer processing virtually eliminates the occurrence of (random) computational errors normally associated with manual processing.
- Depending on human involvement and review, errors or irregularities in computer processing may not be detected quickly.
- The potential for systematic errors (e.g., incorrect programming, incorrect data entry) is greater in a computerized system due to reduced human involvement in processing.
- Only poorly designed computerized systems provide no audit trail capabilities.
What are the advantages and disadvantages of a client keeping microcomputer-prepared data files vs. manually prepared files?
- Microcomputer systems are sometimes characterized by weak file and data security, and are usually accessible by many office personnel. (Manual systems, in contrast, generally restrict one user from accessing other users’ files.) Thus, it is usually easier (increased risk) for unauthorized persons to access and alter computer system files, especially microcomputer system files. Disadvantage
- Transactions should always be authorized before they are executed and recorded, in both manual and computer-based systems. Advantage
- One of the benefits of an automated system over a manual system is the removal of random errors from the process. (Instead, systematic errors are more common.) Advantage
- Because computer-based processing imposes strict rules on input and processing, generally there are fewer random processing errors. Advantage
- Focus is on programming but once the programs are written, the focus will still be on the accuracy of the transactions. Advantage
What are the advantages of computerized environment?
- Provides improved processing consistency and increased availability of management reports.
- It reduces clerical errors, there is an increased potential for systemic errors, such as programming.
- Provide a greater opportunity for data analysis and review, the risk of undetected fraud is higher (not lower) due to the opportunity for remote access.
How to use computer audit software to be effective and efficient?
In computer audit applications, efficient and effective system usage requires:
1. Identification of the appropriate audit tasks
2. Appropriate software to perform the selected audit tasks.