Accounting information systems controls and process 2nd tunnwe weickgenannt chapter 07

Management assertions used in the auditing process and the related audit objectives 6.. Chapter Types of Audits and Auditors Types of Audits and Auditors Main purpose of the audit is to

Trang 1

Chapter

7-1

Prepared by Coby Harmon University of California, Santa Barbara

Westmont College

Trang 2

Auditing Information Technology-Based Processes

Trang 3

Chapter

7-3

1 An introduction to auditing IT processes

2 The various types of audits and auditors

3 Information risk and IT-enhanced internal control

4 Authoritative literature used in auditing

5 Management assertions used in the auditing process and the related audit

objectives

6 The phases of an IT audit

7 The use of computers in audits

8 Tests of controls

9 Tests of transactions and tests of balances

10 Audit completion/reporting

11 Other audit considerations

12 Ethical issues related to auditing

Study Objectives

Trang 4

Introduction to Auditing IT Processes

Accounting services that improve the quality of information

are called assurance services

An audit is the most common type of assurance service.

Trang 5

Chapter

Types of Audits and Auditors

Main purpose of the audit is to assure users of financial

information about the accuracy and completeness of the

information

Three primary types of audits include

 compliance audits,

 operational audits, and

 financial statement audits

Trang 6

Audits are typically conducted by accountants.

 Certified public accountants (CPAs)

 Internal auditor

 IT auditors

 Government auditors

Trang 7

Chapter

7-7

Real World

SO 2 The various types of audits and auditors

Top management at Ford Motor Co is proud of the fact that Ford was the only U.S

auto manufacturer to make it through the darkest days of the economic recession

(between 2008–2010) without government assistance This is due, in part, to Ford’s

long history of focusing on financial processes and controls, and its ability to alter its

processes under pressures of elevated risks or new compliance requirements A key

element in this process is a rotational succession and development plan in use for

staffing Ford’s internal audit team Under this model, the internal audit department is

comprised of experienced professionals on rotation from the company’s finance and IT functions, who serve the internal audit department for two to three years before

returning to a previous or different functional area This allows Ford’s personnel to gain broad corporate exposure and to develop strong risk, control, and compliance skills to

take with them to the various areas where they will work after their internal audit stint

This also helps to promote the importance of the internal audit function throughout the

organization By carefully planning the succession so that no new auditors will audit

their prior functions for at least 12 months, Ford’s plan ensures that its internal auditors maintain a high level of objectivity.

Trang 8

IT environment plays a key role in how auditors conduct their

work in the following areas:

 Consideration of risk

 Audit procedures used to obtain knowledge of accounting

and internal control systems

 Design and performance of audit tests

Trang 9

Chapter

7-9

Concept Check

SO 2 The various types of audits and auditors

Which of the following types of audits is most likely to be

conducted for the purpose of identifying areas for cost

Trang 10

Financial statement audits are required to be performed by

Trang 11

Chapter

Risk and IT-Enhanced Internal Control

Information risk is the chance that information used by

decision makers may be inaccurate

Following are some causes of information risk:

 Remoteness of information

 Volume and complexity of underlying data

 Motive of the preparer

Trang 12

Authoritative Literature Used in Auditing

Sources of authoritative literature

 Generally accepted auditing standards (GAAS)

 Public Company Accounting Oversight Board (PCAOB)

 Auditing Standards Board (ASB)

 International Audit and Assurance Standards Board

(IAASB)

 Internal Auditing Standards Board (IASB)

 Information Systems Audit and Control Association

(ISACA)

Trang 13

Chapter

Exhibit 7-1

Generally Accepted Auditing Standards

Trang 14

Which of the following is not a part of generally accepted

Concept Check

Trang 15

Chapter

7-15

Which of the following best describes what is meant by the term

“generally accepted auditing standards”?

a Procedures used to gather evidence to support the accuracy

of a client’s financial statements

b Measures of the quality of an auditor’s conduct

c Professional pronouncements issued by the Auditing

Standards Board

d Rules acknowledged by the accounting profession because

of their widespread application

SO 4

Concept Check

Trang 16

In an audit of financial statements in accordance with generally

accepted auditing standards, an auditor is required to

or detect material misstatements

Concept Check

Trang 17

Chapter

process and the related audit objectives

Management Assertions and Audit

Objectives

Responsibility for operations, compliance, and financial

reporting lies with management of the company.

Management assertions are claims regarding the condition

of the business in terms of its operations, financial results, and compliance with laws and regulations

Audit tests developed for an audit client are documented in an

audit program.

Trang 18

Exhibit 7-2

Management Assertions and

Related Audit Objectives

Trang 19

Chapter

Trang 20

Auditors should design a written audit program so that

a all material transactions will be included in substantive testing

minimized

c the procedures will achieve specific audit objectives related to

specific management assertions

substantive test or a test of controls

Trang 21

Chapter

7-21

Which of the following audit objectives relates to the

management assertion of existence?

a A transaction is recorded in the proper period

b A transaction actually occurred (i.e., it is real)

c A transaction is properly presented in the financial

statements

d A transaction is supported by detailed evidence

SO 5 Management assertions used in the auditing

Objectives

Concept Check

Trang 23

Chapter

7-23 SO 6 The phases of an IT audit

Exhibit 7-4

Process Map of Phases of an Audit

Phases of an IT Audit

Trang 24

Audit evidence is proof of the fairness of financial

information Techniques for gathering evidence:

 physically examining or inspecting assets or supporting

documentation

 obtaining written confirmations from an independent source

 Reperforming tasks or recalculating information

 observing the underlying activities

 making inquiries of company personnel

 analyzing financial relationships and making comparisons

Trang 25

Auditors review and assess the risks and controls,

establish materiality guidelines, and develop relevant tests addressing the objectives.

In determining materiality, auditors estimate the monetary

amounts that are large enough to make a difference in

decision making.

Trang 27

Chapter

7-27

Risk assessment is a process designed to

a.identify possible circumstances and events that may effect the business

b.establish policies and procedures to carry out internal

controls

c.identify and capture information in a timely manner

d.test the internal controls throughout the year

SO 6 The phases of an IT audit

Concept Check

Trang 28

Which of the following audit procedures is most likely to be

performed during the planning phase of the audit?

a.Obtain an understanding of the client’s risk assessment

Trang 29

Chapter

Use of Computers in Audits

 Auditing around the computer

 Auditing through the computer

 Auditing with the computer

► Computer-assisted audit techniques (CAATs)

Trang 30

Which of the following is the most significant disadvantage of

auditing around the computer rather than through the

c A portion of the audit trail is not tested

d The technical expertise required to test processing controls

is extensive

Use of Computers in Audits

Concept Check

Trang 31

Chapter

Tests of Controls

Tests of controls involve audit

procedures designed to evaluate

both general controls and

application controls

Exhibit 7-6

Control Testing Phase Process Map

Trang 32

 IT administration and related operating systems

development and maintenance processes

 Security controls and related access issues

Trang 33

Audit tests include review for the existence and

communication of company policies regarding:

 personal accountability and segregation of incompatible

responsibilities

 job descriptions and clear lines of authority

 computer security and virus protection

 IT systems documentation

General Controls

Trang 35

Computerized controls over application programs.

Auditors should test

Trang 37

Processing Controls, techniques for testing

1 Test data method

Trang 38

Real World

Ernst & Young LLP employs thousands of auditors in its IT Risk and

Assurance Advisory Services group This specialized group assists with

financial statement audits and provides other services concerning its clients’

information systems Information systems assurance services focus on audits

of business information systems, assessment of the underlying control

environment, and the use of CAATs to verify accounting and financial data As one of the Big Four CPA firms, Ernst & Young is responsible for auditing the

financial statements of many public companies It serves clients in hundreds

of locations in approximately 140 countries These client companies are quite diverse in terms of the type of business they perform, their size, and their

complexity, but tend to be alike in their need for timely information The use of CAATs helps Ernst & Young provide timely service to its clients, while

accumulating audit evidence necessary for doing its job as auditor.

Trang 39

2 Audit trail tests

3 Rounding errors tests

Trang 40

The primary objective of compliance testing in a financial

statement audit is to determine whether

a procedures have been updated regularly

b financial statement amounts are accurately stated

c internal controls are functioning as designed

d collusion is taking place

Tests of Controls

Concept Check

Trang 41

Chapter

7-41

Which of the following computer assisted auditing techniques

processes actual client input data (or a copy of the real data) on

a controlled program under the auditor’s control to periodically

test controls in the client’s computer system?

a Test data method

b Embedded audit module

c Integrated test facility

Trang 42

Which of the following is a general control to test for external

access to a client’s computerized systems?

Trang 43

Chapter

Tests of Transactions and Balances

Substantive Testing - tests of accuracy of monetary amounts of

transactions and account balances.

Computerized auditing tools make it possible for more efficient

audit tests such as:

 selection of items of interest from the data files

decision making

Trang 44

Exhibit 7-9

Substantive Testing Phase Process Map

Trang 45

Chapter

7-45

Generalized audit software can be used to

a examine the consistency of data maintained on computer

files

b perform audit tests of multiple computer files concurrently

c verify the processing logic of operating system software

d process test data against master files that contain both real and fictitious data

SO 9 Test of transactions and tests of balances

Concept Check

Trang 46

The most important task is obtaining a letter of

representations from client management.

Trang 48

Other Audit Considerations

Different IT Environments

Some audit techniques used to test controls specifically in the use of PCs:

place to ensure physical security

systems operations

Trang 49

Chapter

scans

Trang 50

 cloud computing, and/or

 other forms of IT outsourcing.

Trang 51

Chapter

Changes in a Client’s IT Environment

Auditors must consider whether additional audit testing is

needed Specific audit tests include verification of:

Trang 52

 Test a limited number of items or transactions and then

draw conclusions about the balance as a whole on the basis of the results

 Auditors try to use sampling so that a fair

representation of the population is evaluated

 The choice of an appropriate sampling technique is

very subjective

Trang 53

Chapter

7-53

Independent auditors are generally actively involved in each of the

following tasks except:

a preparation of a client’s financial statements and

accompanying notes

accounting standard

financial statements

SO 11 Other audit considerations

Concept Check

Trang 54

Which of the following is most likely to be an attribute unique to

the audit work of CPAs, compared with work performed by

attorneys or practitioners of other business professions?

a Due professional care

b Competence

c Independence

d A complex underlying body of professional knowledge

Concept Check

Trang 55

Chapter

7-55

Which of the following terms is not associated with the auditor’s

requirement to maintain independence?

a Objectivity

b Neutrality

c Professional skepticism

d Competence

SO 11 Other audit considerations

Concept Check

Trang 56

PCAOB/AICPA Code of Professional Conduct

Six principles of the code:

6 Scope and Nature of Services

Ethical Issues Related to Auditing

Auditors must practice

professional skepticism

Trang 57

Chapter

7-57

Real World

In the case of the Phar-Mor pharmaceutical company fraud,

the auditors became too close to the management of Phar-Mor and shared audit information that they should not have For

example, the auditors told management which stores they

would select for inventory testing Phar-Mor managers were

then able to move inventory between stores to conceal

inventory shortages in the stores that were to be audited by the CPA firm.

SO 12 Ethical issues related to auditing

Trang 58

The Sarbanes–Oxley Act placed restrictions on auditors by

prohibiting certain types of services.

implementation services for companies which are also audit clients

a subcommittee of the board of directors

financial statements are fairly stated and that the company has adequate internal controls over financial reporting

Ethical Issues Related to Auditing

Định dạng
Số trang	62
Dung lượng	2,11 MB