computerised information system (cis)
Post on 13-Apr-2018
264 Views
Preview:
TRANSCRIPT
-
7/26/2019 Computerised Information System (CIS)
1/41
NAME IC MATRIC CARD
ANIS FARHANA BINTI MOHD FANSURI 940825-07-5526 A13HA0006
ROMALINA SYAFIQA BINTI ROSLI 940124-11-5302 A13HA0150
NURUL HISYAFIKA BINTI OTHMAN 940117-03-6024 A13HA0135
FELISHA ONAH A!" B# RAANDRA "RAKASH 920315-01-5824 A14HA0025
NORKHA$MA%ANI BT# MIN 910611-11-5062 A13HA0097
ADILAH BINTI BUAN& 940108-08-5908 A13HA0001
NURUL SHAHIRA BINTI BAHARUDIN 941123-01-5902 A13HA0141
COMPUTERISED
INFORMATION SYSTEM(CIS)
-
7/26/2019 Computerised Information System (CIS)
2/41
AUDIT OBJECTIVE AND SCOPE OF WORK IN
COMPUTERIZED ENVIRONMENT
Audit objective the audit objective will not change, as the auditor mustobtain sufficient appropriate audit evidence to
draw reasonable conclusions on which to base the audit opinion.
The overall objective and scope of an audit does not change in a CIS environment.
Accordingly, a CIS environment may affect
a. the procedures followed by the auditors in obtaining a sufficient understanding of the
accounting and internal control systems!
b. the consideration of inherent ris" and control ris" through which the auditors arrive atthe ris" assessment! and
c. the auditors# design and performance of tests of control and substantive procedures
appropriate to meet the audit objective.
$Auditing in a computer environment , C%A, &uly '()*+
Statement f Auditing Standards -)( Auditing in a Computer Information System nvironment $Issued &anuary )//0! revised &anuary '((1
-
7/26/2019 Computerised Information System (CIS)
3/41
INTERNAL
CONTROL REDUCEIT RISK
-
7/26/2019 Computerised Information System (CIS)
4/41
nternal
control
reduce T
risks
General
control
Application
control
Administration o
t!" IT #n$tion
S"%aration o IT
d#ti"s
S&st"m
d"'"(o%m"nt
P!&si$a( and on(in"
s"$#rit&Ba$)#% and
$ontin*"n$&
%(annin*
+ard,ar" $ontro(
O#t%#t Contro(s
Pro$"ssin*Contro(s
In%#t Contro(s
-
7/26/2019 Computerised Information System (CIS)
5/41
The boar o! irector"# an #enior$ana%e$ent attit'e abo't IT
eect the perceie i$portance o!IT *ith an or%ani+ation,
IT #teerin% co$$ittee to help
$onitor the or%ani+ation IT nee#
Se%re%ation o! 'tie# (*ellcontrolle or%ani+ation re#pon b-#eparatin% .e-# 'tie# *ith IT)i, IT $ana%e$ent ii, S-#te$eelop$ent
iii, Operation i, Data control
Separation o!IT 'tie#
A$ini#trationo! IT !'nction
-
7/26/2019 Computerised Information System (CIS)
6/41
Purchasing software or developing
in house software that meet theorganization need.Testing all software to make surethe new software is compatible with
existing hardware & software anddetermine the ability of software tohandle the transaction.i. Pilot testing : testing at one
department by one departmentii. Parallel testing : the old & new
system work simultaneously in alllocation.
System
development
-
7/26/2019 Computerised Information System (CIS)
7/41
Physical and online
security
Physical control over computer and restriction t onlinesoftware and related data le decrease the risk ofunauthorized change to program and improper use of
program and data les.i. Physical control : security camera badge!entry
system keypad entrance security personnelii. "nline access control : proper user #$s password
control access
Backup and
contingency planning
%attery backup or on!site generator"!site storage of critical software and data le or outsourcing to rm that specialized in secure data storage.
-
7/26/2019 Computerised Information System (CIS)
8/41
Hardware
control
%uild into computer e'uipment bymanufacturer to detect and report
e'uipment failure
-
7/26/2019 Computerised Information System (CIS)
9/41
APPLICATION
CONTROLS
-
7/26/2019 Computerised Information System (CIS)
10/41A
PPICA
TIONCONTR
OLS
INPUT CONTROLS
PROCESSIN- CONTROLS
OUTPUT CONTROLS
-
7/26/2019 Computerised Information System (CIS)
11/41
Application controls are those controls that pertain tothe scope of individual processes or application systems
$esign for each software application to satisfy the six
transaction!related audit ob(ectives.)existence completenessaccuracy classication timing and posting & summarization*
They include data edits separation of business functionsbalancing of processing totals transaction logging anderror reporting
APPLICATION CONTROL
-
7/26/2019 Computerised Information System (CIS)
12/41
$one by client
personnel +ectiveness
depends oncompetency of
person.
MANUALCONTROLS
$one by computers ,ead to consistent
operation controlAUTOMATED
CONTROLS
-
7/26/2019 Computerised Information System (CIS)
13/41
INPUT CONTROLSTO ENSURE T/E INFORMATION ENTERED
INTO A COMPUTER IS AUT/ORI0ED1ACCURATE AND COMP2ETE,
BATC+ INPUT CONTROLS
FINANCIAL
TOTAL+AS+
TOTAL
RECORDTOTAL
-
7/26/2019 Computerised Information System (CIS)
14/41
PROCESSIN- CONTROLS
TO PREVENT .DETECT AND CORRECT
PROCESSIN- ERRORS W+ILE
TRANSACTION DATA ARE
PROCESSED/
-
7/26/2019 Computerised Information System (CIS)
15/41
T-P+ "P/"0+11#2
30"2T/",1
DATAREASONABLENESS
TEST
ARIT+METICACCURAC0 TEST
SE1UENCE TEST
VALIDATION TESTCOMPLETENESS
TEST
-
7/26/2019 Computerised Information System (CIS)
16/41
OUTPUT CONTROLS2 ocus on detecting errors after processing is
completed2 +xample of controls :
! reconcile computer!produced output tomanual control total
! 0ompare a sample of transaction outputto input source document ! 4erify dates and time of processing to
identify any out! of ! se'uence processing
-
7/26/2019 Computerised Information System (CIS)
17/41
AUDITOR EVALUATION ON
INTERNAL CONTROL S0STEM
2 Internal control2 4ital to make our business more smoothly e5ciently and
eectively be done
2 Ai$#2 To protect business asset2 6ore to prevention rather than detection
2The well designed internal control system includes:
2 0ontrol environment ri#. a##e##$ent and test of thecontrol activities
-
7/26/2019 Computerised Information System (CIS)
18/41
ASSESSIN- RISK OF
INFORMATION S0STEM/#17 T" 89$9/+ 92$ $9T9
/+$;0+$ 9;$#T T/9#,
2++$ "/ +
-
7/26/2019 Computerised Information System (CIS)
19/41
RISK TO +ADWARE AND DATA
/eliance on the functioningcapabilities of hardware and
software
1ystematic versus random error
;nauthorized access
,oss of data
-
7/26/2019 Computerised Information System (CIS)
20/41
REDUCED AUDIT TRAIL
La$) o traditiona( a#t!ori2ation
Visi3i(it& o A#dit trai(
R"d#$"d !#man in'o('"m"nt
AUDIT TRAIL 4
1ystem that traces the detailedtransaction relating to any itemin accounting record
-
7/26/2019 Computerised Information System (CIS)
21/41
-
7/26/2019 Computerised Information System (CIS)
22/41
AUDITIN- AROUND
AND T+ROU-+T+E COMPUTER
-
7/26/2019 Computerised Information System (CIS)
23/41
-
7/26/2019 Computerised Information System (CIS)
24/41
9uditor will bypass computer system and will not check forexistence and>or operating eectiveness of controls in processingdata therefore auditor may use any one or combination of the
following methods:?. "utput oriented method@. #nput oriented method
-
7/26/2019 Computerised Information System (CIS)
25/41
INPUT ORIENTED MET+OD
2 1ample select source documents )input* that are fed in tothe computer system for processing and auditorindependently processes the inputs using his owncomputer system or software and then compare theoutputs generated by auditor=s computer system withthe output generated by the client=s computer system to
conrm accuracy completeness and other assertions.
2 9uditor=s processing may be manually done withoutgetting any assistance of the computer.
2 or example client=s system reports that cash bookbalance reconciles with bank balance as per bankstatement. 9uditor may conduct his own reconciliation toconrm whether it is true.
-
7/26/2019 Computerised Information System (CIS)
26/41
OUTPUT ORIENTED MET+OD
2 1ample select the information generated by thecomputer system )output* and compare it with auditor=s
ideal system or information gathered from other sources
or evidence collected by the auditor by the application ofother audit procedures.
2 or example comparing receivables balances with thestatement of accounts received from customers or
comparing stock records with reports of inventory counts
-
7/26/2019 Computerised Information System (CIS)
27/41
AUDITIN- T+ROU-+ T+E
COMPUTER2 4arious steps taken by auditors to evaluate client=s
software and hardware to determine the reliabilities of
operation
2 9uditor use A categories of testing approaches as follow2 Test $ata 9pproach2 Parallel 1imulation
2 +mbedded 9udit 6odule 9pproach
-
7/26/2019 Computerised Information System (CIS)
28/41
TEST DATA APPROAC+
2 9uditor process their own test data using the client=scomputer system and application program to determine
whether the automated controls correctly process the
test data.
2 0onsiderations:2 Test should include all relevant conditions that auditor
wants to test.
2 9pplication programs tested by auditor=s test data must bethe same as those the client used.
2 The test data 6;1T be eliminates from client=s records.
-
7/26/2019 Computerised Information System (CIS)
29/41
PARALLEL SIMULATION
2 9uditor are using auditor controlled software to do thesame operation that the client=s software does using the
same data les. )+xp: 3eneralized 9udit 1oftware )391**
2 391 used to test automated controls.
2 3as used to varify client account balances.
-
7/26/2019 Computerised Information System (CIS)
30/41
-
7/26/2019 Computerised Information System (CIS)
31/41
EMBEDDED AUDIT MODULE
APPROAC+2 +mbedded audit modules are sections of application
program code that collect transaction data for the
auditor.2 9uditors insert an audit module in the client=s application
system to identify specic types of transaction.
2 +xample: 9ll transactions aecting a specic account that
are in excess of /6BCC CCC are automatically selected.
-
7/26/2019 Computerised Information System (CIS)
32/41
COMPUTER SSISTED UDIT
TEC+NI1UES
7C TS8
A#dit sot,ar" T"st data
+mbedded auditfacilities )+9s*9pplicationprogramexamination
Ot!"r t"$!ni9#"s
Packaged programsPurpose writtenprograms+n'uiry programs
9udit testdata#ntegratedtest facilities
-
7/26/2019 Computerised Information System (CIS)
33/41
2 0aat=s are computer programs and data thatthe auditor uses as part of the audit proceduresto process data of audit signicance containedin a client computer information system )0#1*
CAATs
-
7/26/2019 Computerised Information System (CIS)
34/41
AUDIT SOFTWARE2 9udit software is a general term used to parsing
computer programs designed to carry out tests
of control and>or substantive procedures. 1uch
programs may be classied as:
-
7/26/2019 Computerised Information System (CIS)
35/41
23, Pac.a%e pro%ra$#2The program are not Dclient specic= because it
will apply at all client that audit engage. Theseprogram also consist of pre!prepared generalised
programs used by auditors. They may be used tocarry out numerous audit tasks for example toselect a sample in supplier lists.
-
7/26/2019 Computerised Information System (CIS)
36/41
:
, P'rpo#e *ritten pro%ra$#2These programs are function as tests of control orsubstantive procedures and usually for Dclientspecic=.
20lient can buy or developed audit software but inorder to develop or buy the software there have thethings that should considerE they need to ensure
that specied programs are appropriate for aclient=s system and the needs of the audit.
2Typically they may be used to re!performcomputerised control procedures )for example costof sales calculations* or perhaps to carry out an
aged analysis of trade receivable )debtor* balances.
-
7/26/2019 Computerised Information System (CIS)
37/41
24, En5'ir- pro%ra$#2These programs are normally focusing to the
client=s accounting systemE however this programmay be adapted for audit purpose as well.
2 or example where a system provides for theroutine reporting on a Dmonthly= basis ofproduction of output such as nish goods work inprocess and the defect item this facility may beutilised by the auditor when auditing theinventories records in the client=s nancialstatements.
-
7/26/2019 Computerised Information System (CIS)
38/41
TEST DATA3, A'it te#t ata
2 9n application program used by an audit client normally will betest by audit test data for the auditor know whether theapplication used by the client are exist and eective to beused.
2 The results of processing are then compared to the auditor=sresult. The comparison been made is to determine whethercontrols are operating e5ciently and systems= ob(ectivenessare being achieved.
2 or example when received of goods from the supplier onlytransaction=s invoice with the mark Daccepted= will be processed
by the system. 0learly if transactions processed do notproduce the expected results in output the auditor will need toconsider the need for increased substantive procedures in thearea being reviewed.
-
7/26/2019 Computerised Information System (CIS)
39/41
26, Inte%rate te#t !acilitie#2To avoid the risk of corrupting a client=s account system
by processing test data with the client=s other Dlive= datasuch as third party auditors may instigate special Dtestdata only= processing runs for audit test data.
2 Through this method the auditor does not have totalassurance that the test data is being processed in a
similar fashion to the client=s live data. The auditor needsapproval from client to establish an integrated testfacility within the accounting system.
2 This entails the establishment of a dummy unit forexample a dummy supplier account against which the
auditor=s test data is processed during normal processingruns.
-
7/26/2019 Computerised Information System (CIS)
40/41
OT+ER TEC+NI1UES3, E$bee a'it !acilitie# (EAF#)
2 #n order to auditor embedded to the client=s applicationsoftware through this techni'ue re'uires the auditor=s ownprogram code such that verication procedures can becarried out as re'uired on data being processed.
2 or example tests of control may include thereperformance of specic input validation checks F choosetransactions may be Dtagged= and followed through thesystem and check whether the transaction have been
applied the controls and processes by the computer system.
Through the +9s the results of testing should record in aspecial secure le for subse'uent review by the auditor.
-
7/26/2019 Computerised Information System (CIS)
41/41
26, Application pro%ra$ e7a$ination2 hen determining the extent to which they may rely
on application controls auditors need to consider theextent to which specied controls have beenimplemented correctly. or example where systemamendments have occurred during an accountingperiod the auditor would need assurance as to theexistence of necessary controls both before and afterthe amendment.
top related