THE IMPACT OFINFORMATION TECHNOLOGY ON THE AUDIT PROCESS JUST BECAUSE THE COMPUTER DID THE WORK DOESN’ T MEAN I? S RIGHT Arens, Loebbecke; Auditing, @2000 Prentice Hall. Inc
Arens, Loebbecke; Auditing, 8/E ©2000 Prentice Hall, Inc. THE IMPACT OF INFORMATION TECHNOLOGY ON THE AUDIT PROCESS JUST BECAUSE THE COMPUTER DID THE WORK DOESN’T MEAN IT’S RIGHT 11
How Information Technologies Enhance Internal control Computer controls replace manual controls Higher-quality information is available nS, Loebbecke; Auditing, @2000 Prentice Hall. Inc
Arens, Loebbecke; Auditing, 8/E ©2000 Prentice Hall, Inc. How Information Technologies Enhance Internal Control Computer controls replace manual controls Higher-quality information is available
Assessing Risks of 加m?n7 ethnology Visibility of audit trail Reduced human involvement nS, Loebbecke; Auditing, @2000 Prentice Hall. Inc
Arens, Loebbecke; Auditing, 8/E ©2000 Prentice Hall, Inc. • Visibility of audit trail • Reduced human involvement
Systematic versus random errors Reduced segregation of duties Lack of traditional authorization · Unauthorized access Need for IT experience · Loss of data Arens, Loebbecke; Auditing, @2000 Prentice Hall. Inc
Arens, Loebbecke; Auditing, 8/E ©2000 Prentice Hall, Inc. • Systematic versus random errors • Unauthorized access • Loss of data • Reduced segregation of duties • Lack of traditional authorization • Need for IT experience
General controls Application Controls nS, Loebbecke; Auditing, @2000 Prentice Hall. Inc
Arens, Loebbecke; Auditing, 8/E ©2000 Prentice Hall, Inc. General Controls Application Controls
General controls Administration of the it function Segregation of Duties Systems Development Physical and on-Line security Back-Up and Contingency Planning Hardware controls Arens, Loebbecke; Auditing, @2000 Prentice Hall. Inc
Arens, Loebbecke; Auditing, 8/E ©2000 Prentice Hall, Inc. General Controls Administration of the IT Function Segregation of Duties Systems Development Physical and On-Line Security Back-Up and Contingency Planning Hardware Controls
Application Controls Input Controls Processing Controls Output Controls nS, Loebbecke; Auditing, @2000 Prentice Hall. Inc
Arens, Loebbecke; Auditing, 8/E ©2000 Prentice Hall, Inc. Input Controls Processing Controls Output Controls Application Controls
FIGURE 11-1 Risk of unauthorized change Relationship between General and Application Controls Risk of system crash to application software Cash receipts Application Controls Payroll Sales applications Controls plication Controls Other Cvcle Application Controls Risk of unauthorized GENERAL CONTROLS master file update Risk of unauthorized processing nS, Loebbecke; Auditing, @2000 Prentice Hall. Inc
Arens, Loebbecke; Auditing, 8/E ©2000 Prentice Hall, Inc. Cash Receipts Application Controls Sales Applications Controls Payroll Application Controls Other Cycle Application Controls Risk of unauthorized change to application software Risk of system crash Risk of unauthorized master file update Risk of unauthorized processing GENERAL CONTROLS FIGURE 11 - 1 Relationship between General and Application Controls
TABLE LI Categories of General and application Controls Control Type Category of Control Example of Control Ge neral ControIs Administra tion of the IT function Chief information officer or IT manager re ports to senior manageme nt and board. Segregation of It duties Responsibility for programming, operations, and data control are separated. Systems development Teams of users, systems analysts, and programme rs develop and thoroughly test softy Physical and on-line security Access to hardware is restricted, and passwords and user Ids limit access to software and data files Back-up and contingency planning back-up plans are pre pared and tested regularly throughout the Hardware controls failure or hard drive failure causes error messages on the monitor. Application Controls nput controls Pre formatted screens prompt data input personnel for information to be e nte red. Processing controls Reasonableness tests review unit-selling prices used to ess a sale Output controls The sales de partment performs post-processing review of sales transaction @2000 Prentice Hall. Inc
Arens, Loebbecke; Auditing, 8/E ©2000 Prentice Hall, Inc. Control Type Category of Control Example of Control General ControlS Administration of the IT function Chief information officer or IT manager reports to senior management and board. Segregation of It duties Responsibility for programming, operations, and data control are separated. Systems development Teams of users, systems analysts, and programmers develop and thoroughly test software. Physical and on-line security Access to hardware is restricted, and passwords and user Ids limit access to software and data files. Back-up and contingency planning back-up plans are prepared and tested regularly throughout the year. Hardware controls failure or hard drive failure causes error messages on the monitor. Application Controls Input controls Preformatted screens prompt data input personnel for information to be entered. Processing controls Reasonableness tests review unit-selling prices used to process a sale. Output controls The sales department performs post-processing review of sales transactions. TABLE 11 - 1 Categories of General and Application Controls
FIGURE 11-2 Segregation of IT Duties Chief Information Officer or IT Manager Security Administrator Systems Operations Data control Development Network Databa Librarian Ir Output Systems Programmers Operator Adminis trator Administrator Control nS, Loebbecke; Auditing, @2000 Prentice Hall. Inc
Arens, Loebbecke; Auditing, 8/E ©2000 Prentice Hall, Inc. Chief Information Officer or IT Manager Security Administrator Operations Librarian Systems Development Systems Analyst Programmers Computer Operators Network Administrator Data Control Data Input/Output Control Database Administrator FIGURE 11 - 2 Segregation of IT Duties