SlideShare a Scribd company logo

Chapter 4 : Auditing and the information technology environment

Download as PPTX, PDF
K
KugendranMani

This document discusses auditing in an information technology environment. It begins by outlining how IT assists businesses through production, communication, internal controls, financial reporting, and decision making. It then describes the implications of changing IT, including a shift from manual to electronic controls. The document also discusses determining complexity levels in computerized systems, general and application controls, audit planning strategies, and risks related to IT environments like access control and data loss.

Business
1 of 20
PRINCIPLE OF AUDITING & ASSURANCE SERVICES IN MALAYSIA 2 CHAPTER 4 : AUDITING AND THE INFORMATION TECHNOLOGY ENVIRONMENT GROUP MEMBER’S NAME: 1. AZIMAH SHAZEEDA BINTI SULEIMAN (10DAT17F1056) 2. NURSHAHIRA BINTI ISMAIL ALI (10DAT17F1070) 3. NUR ASMIDA BINTI AZIZUL (10DAT17F1032) 4. KHALIDA HANIM BINTI KHAIRUDIN (10DAT17F1016) 5. KUGENDRAN A/L SUBRAMANIAM (10DAT17F1046)
INTRODUCTION Information technology(IT) has been widely and rigorously used by most companies. IT assists the business in various aspects such as in production, communication or E-commerce,internal controls,financial reporting and deccision making. The usage of IT: • People are constantly looking for online activities and expert faster delivery from business. • IT plays vital role in producing reliable and timely financial statements and reports. • Improve company internal control system.
4.1.1-Describe the changing information of technology and implication for auditing • People are constantly looking for online activities and expect faster delivery. In accounting as well as auditing, IT plays a vital role in producing reliable and timely financial statements and reports. • Most companies use IT to improve company internal control system through the addition of new control procedure through computer and replacing the manual control due to the likelihood of possible human error.
IMPLICATION From manual control to electronic environment:  Traditional paperwork in which the auditor can see and feel the printed marks evidencing transaction are carried out online and most cases in 'real time'.  Generally looks for the authorizing signatures on the papers evidencing the transactions and electronic.  It processing environment such authority is evidenced by the user of identification codes and passwords which are all physically invisible.  The level of complexity can be classified into 2 level which is low and high.
4.1.2-Determine the level of complexity in computerized information system enviroment 1. EDP systems can be defined by their techical complexity and the extent to which they are used in an organization. 2. Technical complexity : • Online-line processing - An online system allows direct access into the computer. Transaction can be put directly into the system so that master files are updated at time the entry is made.
• Communication systems - Communication channels can connect the computer directly to users anywhere in the world. • Distributed processing - When the computing function is apportioned among CPU's spread geographically and connected by a communication system. • Data Base Management - As the volume and uses of computer-processed data expand, data on different files are often redundant. - The effect is inefficient use of file space and the need to update files continually.
4.1.3- General control Computerised Information System(CIS) Control Description 1. The IT control environment  The IT government structre  How IT risk are identified, mitigated and managed  The information system, strategic plan and budget  The orrganizational structure and segregation of duties 2. Day-to-day computer operations  Acquisition,installations,configuration, integration and maintenance of the IT infrastructure.  Delivery of information service to user  Management of third-party provider 3. Access to program and data  Security of password  Internet firewalls and remote access controls  Data encryption and cryptographic keys
4. Programme development and program changes  Acquisiton and implementation of new applications  System development and quality assurance methodology 5. Monitoring of IT operations  Policies and procedures regarding the information system and reporting that ensure that user comply with IT general control.
Application Control on Computerised Information System(CIS) 1. Application control is controls within a computer application to ensure completeness, accuracy of input,processing and validty of the resulting accounting entries. 2. The main aim is to ensure validity, completeness and accuracy of accounting data. 3. Application controls classified into: a) Input controls b) Processing controls c) Output controls
a) Input Controls • The main aim of input controls is to reduce errors in the data entered in the system for processing. • Input controls include checking data and ensuring that: - Input data are authorised by the appropriate official. - Data represent valid record of actual transaction. - Correctly classified for the purpose of accounting • Example : Sequence checks : Batch control
b) Proccessing control • There are divided into mechanical and programmed controls. • Programmed control are done during the system development to ensure that only data related to a particular transaction is processed and not otherwise. c) Output control • Controls relating to input and processing itself with the final objective. • Relates pricesely to the original input. • Represents the outcome of a valid and tested program of instructions.
4.1.4-The Plan An Audit Strategic in CIS approach • Ensure that these is adequate compliance and substantive procedures and transmitted date are correct and completed • Apply professional scepticism by cross verification of record, reconciliation between primary and subsidiary ledger, questioning and critical assessment of audit evidence. • The audit which may be affected by the client CIS enviroment.
Basic steps • Planning • Studying and evaluating control • Testing and evaluating control • Reporting • Follow up
Effect to auditor • There is invisiability of data and processing • There is also radical change in the control structure electronic control replacing manual control. • There is of the speedof processing • IT dynamic always challenges the auditor’s comperence in the workplace. - Occur very frequently. - Auditor left behind trying to catch up with the trend.
ACCESS CONTROL RISK IT ENVIRONMENT RISKS 1. Hardware and software  Virus/damage (water/overheating)  Hacked/sabotage 2. Audit trail  Cannot trace the source of accounting information because no pyhsical document were used. 3. Loss of data  Loss because of virus/fire - The company may not produce reliable financial information. - It is important to have backup system. 4. Unauthorised acess  Proper online – user ID and password  More to security  Avoid theft
CAAT’S TECHNIQUE a) Test data method -for which the auditor will create a set of stimulated transaction data - Use the client’s application programme to provide evidence b) Custom audit software -Written by auditors for a specific task if the client’s IT system is not compatible with the GAS or when the auditor ants to conduct some testing that may nott be possible with GAS. c) Concurrent auditing technique -Refers to the collection of audit evidence via technology while the client’s systems continue to run.
d) Parallel simulation - To construct a simulation program that looks like the company’s application programme. - Help the auditor to process the actual data. e) Integrated test facility - It will give an accurate data to the auditor because it testing the programmes actually used by the clients.
Nature of risk and internal control a) Lack of transaction trails. Some CIS are designed so that a complete transaction trail is that useful for audit purposes might exist for only a short period of time or only in computer readable form. b) Uniform processing of transactions. Computer processing uniformly processes like transactions with the same processing instructions. Thus, the clerical errors ordinarily associated with manual processing are virtually eliminated. Conversely, programming errors (or other systematic errors in hardware or software) will ordinarily result in all transactions being processed incorrectly
c) Lack of segregation of functions. Many control procedures that would ordinarily be performed by seperate individuals in manual systems may be concentrated in CIS. Thus, an individual who has access to computer programs, processing or data may be in a position to perform incompatible functions. d) Potential for errors and irregularities. The potential for human error in the development, maintenance and execution of CIS may be greater than in manual systems, partially because of the level of detail inherent in these activities. Also, the potential for individuals to gain unauthorized access to data or to alter data without visible evidence may be greater in CIS than in manual systems.
e) Initiation or execution of transactions. CIS may include the capability to initiate or cause the execution of certain types of trasactions, automatically. The authorisation of these transactions or procedures may not be documented in the same way as those in manual system, and management's authorisation of these transactions or procedures may be documented in the same way as those in a manual system, and management's authorisation of these transactions may be implicit in its systems.

Recommended

Computer Assisted Audit Tools and Techniques - the Force multiplier in the ba...
Computer Assisted Audit Tools and Techniques - the Force multiplier in the ba...Computer Assisted Audit Tools and Techniques - the Force multiplier in the ba...
Computer Assisted Audit Tools and Techniques - the Force multiplier in the ba...
Ee Chuan Yoong
 
Transaction processing systems
Transaction processing systemsTransaction processing systems
Transaction processing systems
Vidhu Arora
 
Auditing by CIS . Chapter 6
Auditing by CIS . Chapter 6Auditing by CIS . Chapter 6
Auditing by CIS . Chapter 6
Sharah Ayumi
 
Lecture 20 computer based accounting system -revenue cycle - accounting info...
Lecture 20 computer based accounting system -revenue cycle - accounting info...Lecture 20 computer based accounting system -revenue cycle - accounting info...
Lecture 20 computer based accounting system -revenue cycle - accounting info...
Habib Ullah Qamar
 
Computer-Assisted Audit Tools and Techniques
Computer-Assisted Audit Tools and TechniquesComputer-Assisted Audit Tools and Techniques
Computer-Assisted Audit Tools and Techniques
_supriadi
 
Information System audit
Information System auditInformation System audit
Information System audit
Pratapchandra
 
Auditing In Computer Environment Presentation
Auditing In Computer Environment PresentationAuditing In Computer Environment Presentation
Auditing In Computer Environment Presentation
EMAC Consulting Group
 
Accounting information system presentation
Accounting information system presentationAccounting information system presentation
Accounting information system presentation
S M Maruf Siddiqe
 

Recommended

Computer Assisted Audit Tools and Techniques - the Force multiplier in the ba...
Computer Assisted Audit Tools and Techniques - the Force multiplier in the ba...Computer Assisted Audit Tools and Techniques - the Force multiplier in the ba...
Computer Assisted Audit Tools and Techniques - the Force multiplier in the ba...
Ee Chuan Yoong
 
Transaction processing systems
Transaction processing systemsTransaction processing systems
Transaction processing systems
Vidhu Arora
 
Auditing by CIS . Chapter 6
Auditing by CIS . Chapter 6Auditing by CIS . Chapter 6
Auditing by CIS . Chapter 6
Sharah Ayumi
 
Lecture 20 computer based accounting system -revenue cycle - accounting info...
Lecture 20 computer based accounting system -revenue cycle - accounting info...Lecture 20 computer based accounting system -revenue cycle - accounting info...
Lecture 20 computer based accounting system -revenue cycle - accounting info...
Habib Ullah Qamar
 
Computer-Assisted Audit Tools and Techniques
Computer-Assisted Audit Tools and TechniquesComputer-Assisted Audit Tools and Techniques
Computer-Assisted Audit Tools and Techniques
_supriadi
 
Information System audit
Information System auditInformation System audit
Information System audit
Pratapchandra
 
Auditing In Computer Environment Presentation
Auditing In Computer Environment PresentationAuditing In Computer Environment Presentation
Auditing In Computer Environment Presentation
EMAC Consulting Group
 
Accounting information system presentation
Accounting information system presentationAccounting information system presentation
Accounting information system presentation
S M Maruf Siddiqe
 
James hall ch 5
James hall ch 5James hall ch 5
James hall ch 5
David Julian
 
Pp 11-new
Pp 11-newPp 11-new
Pp 11-new
Sri Apriyanti Husain
 
Lecture 1 accounting information system, an overview
Lecture 1 accounting information system, an overviewLecture 1 accounting information system, an overview
Lecture 1 accounting information system, an overview
Habib Ullah Qamar
 
Introduction to caat
Introduction to caatIntroduction to caat
Introduction to caat
Arti Parab Academics
 
Chapter 3 security part i auditing operating systems and networks
Chapter 3 security part i auditing operating systems and networksChapter 3 security part i auditing operating systems and networks
Chapter 3 security part i auditing operating systems and networks
Tommy Zul Hidayat
 
Chapter 1 auditing and internal control
Chapter 1 auditing and internal controlChapter 1 auditing and internal control
Chapter 1 auditing and internal control
Tommy Zul Hidayat
 
Introduction to it auditing
Introduction to it auditingIntroduction to it auditing
Introduction to it auditing
Damilola Mosaku
 
03.1 general control
03.1 general control03.1 general control
03.1 general control
Mulyadi Yusuf
 
James hall ch 6
James hall ch 6James hall ch 6
James hall ch 6
David Julian
 
Auditing in Computerized Environment
Auditing in Computerized EnvironmentAuditing in Computerized Environment
Auditing in Computerized Environment
Dr. Sushil Bansode
 
Audit Risk Assessment Chapter 9
Audit Risk Assessment Chapter 9Audit Risk Assessment Chapter 9
Audit Risk Assessment Chapter 9
Sazzad Hossain, ITP, MBA, CSCA™
 
03.2 application control
03.2 application control03.2 application control
03.2 application control
Mulyadi Yusuf
 
Chapter 2 internal control
Chapter 2 internal controlChapter 2 internal control
Chapter 2 internal control
Dr Manu H Natesh
 
James hall ch 3
James hall ch 3James hall ch 3
James hall ch 3
David Julian
 
James hall ch 2
James hall ch 2James hall ch 2
James hall ch 2
David Julian
 
MANAGEMENT INFORMATION SYSTEM ppt
MANAGEMENT INFORMATION SYSTEM pptMANAGEMENT INFORMATION SYSTEM ppt
MANAGEMENT INFORMATION SYSTEM ppt
Suyash Sinha
 
Auditing in a computer environment copy
Auditing in a computer environment copyAuditing in a computer environment copy
Auditing in a computer environment copy
Saleh Rashid
 
Internal controls in auditing
Internal controls in auditingInternal controls in auditing
Internal controls in auditing
Hardik Shah
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit Club
Kaushal Trivedi
 
Financial Statements Audit
Financial Statements AuditFinancial Statements Audit
Financial Statements Audit
Salih Islam
 
Chapter 6
Chapter 6Chapter 6
Chapter 6
Nur Dalila Zamri
 
Audit and Assurance
Audit and AssuranceAudit and Assurance
Audit and Assurance
MuhamadSyawal7
 

More Related Content

What's hot

James hall ch 5
James hall ch 5James hall ch 5
James hall ch 5
David Julian
 
Pp 11-new
Pp 11-newPp 11-new
Pp 11-new
Sri Apriyanti Husain
 
Lecture 1 accounting information system, an overview
Lecture 1 accounting information system, an overviewLecture 1 accounting information system, an overview
Lecture 1 accounting information system, an overview
Habib Ullah Qamar
 
Introduction to caat
Introduction to caatIntroduction to caat
Introduction to caat
Arti Parab Academics
 
Chapter 3 security part i auditing operating systems and networks
Chapter 3 security part i auditing operating systems and networksChapter 3 security part i auditing operating systems and networks
Chapter 3 security part i auditing operating systems and networks
Tommy Zul Hidayat
 
Chapter 1 auditing and internal control
Chapter 1 auditing and internal controlChapter 1 auditing and internal control
Chapter 1 auditing and internal control
Tommy Zul Hidayat
 
Introduction to it auditing
Introduction to it auditingIntroduction to it auditing
Introduction to it auditing
Damilola Mosaku
 
03.1 general control
03.1 general control03.1 general control
03.1 general control
Mulyadi Yusuf
 
James hall ch 6
James hall ch 6James hall ch 6
James hall ch 6
David Julian
 
Auditing in Computerized Environment
Auditing in Computerized EnvironmentAuditing in Computerized Environment
Auditing in Computerized Environment
Dr. Sushil Bansode
 
Audit Risk Assessment Chapter 9
Audit Risk Assessment Chapter 9Audit Risk Assessment Chapter 9
Audit Risk Assessment Chapter 9
Sazzad Hossain, ITP, MBA, CSCA™
 
03.2 application control
03.2 application control03.2 application control
03.2 application control
Mulyadi Yusuf
 
Chapter 2 internal control
Chapter 2 internal controlChapter 2 internal control
Chapter 2 internal control
Dr Manu H Natesh
 
James hall ch 3
James hall ch 3James hall ch 3
James hall ch 3
David Julian
 
James hall ch 2
James hall ch 2James hall ch 2
James hall ch 2
David Julian
 
MANAGEMENT INFORMATION SYSTEM ppt
MANAGEMENT INFORMATION SYSTEM pptMANAGEMENT INFORMATION SYSTEM ppt
MANAGEMENT INFORMATION SYSTEM ppt
Suyash Sinha
 
Auditing in a computer environment copy
Auditing in a computer environment copyAuditing in a computer environment copy
Auditing in a computer environment copy
Saleh Rashid
 
Internal controls in auditing
Internal controls in auditingInternal controls in auditing
Internal controls in auditing
Hardik Shah
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit Club
Kaushal Trivedi
 
Financial Statements Audit
Financial Statements AuditFinancial Statements Audit
Financial Statements Audit
Salih Islam
 

What's hot (20)

James hall ch 5
James hall ch 5James hall ch 5
James hall ch 5
 
Pp 11-new
Pp 11-newPp 11-new
Pp 11-new
 
Lecture 1 accounting information system, an overview
Lecture 1 accounting information system, an overviewLecture 1 accounting information system, an overview
Lecture 1 accounting information system, an overview
 
Introduction to caat
Introduction to caatIntroduction to caat
Introduction to caat
 
Chapter 3 security part i auditing operating systems and networks
Chapter 3 security part i auditing operating systems and networksChapter 3 security part i auditing operating systems and networks
Chapter 3 security part i auditing operating systems and networks
 
Chapter 1 auditing and internal control
Chapter 1 auditing and internal controlChapter 1 auditing and internal control
Chapter 1 auditing and internal control
 
Introduction to it auditing
Introduction to it auditingIntroduction to it auditing
Introduction to it auditing
 
03.1 general control
03.1 general control03.1 general control
03.1 general control
 
James hall ch 6
James hall ch 6James hall ch 6
James hall ch 6
 
Auditing in Computerized Environment
Auditing in Computerized EnvironmentAuditing in Computerized Environment
Auditing in Computerized Environment
 
Audit Risk Assessment Chapter 9
Audit Risk Assessment Chapter 9Audit Risk Assessment Chapter 9
Audit Risk Assessment Chapter 9
 
03.2 application control
03.2 application control03.2 application control
03.2 application control
 
Chapter 2 internal control
Chapter 2 internal controlChapter 2 internal control
Chapter 2 internal control
 
James hall ch 3
James hall ch 3James hall ch 3
James hall ch 3
 
James hall ch 2
James hall ch 2James hall ch 2
James hall ch 2
 
MANAGEMENT INFORMATION SYSTEM ppt
MANAGEMENT INFORMATION SYSTEM pptMANAGEMENT INFORMATION SYSTEM ppt
MANAGEMENT INFORMATION SYSTEM ppt
 
Auditing in a computer environment copy
Auditing in a computer environment copyAuditing in a computer environment copy
Auditing in a computer environment copy
 
Internal controls in auditing
Internal controls in auditingInternal controls in auditing
Internal controls in auditing
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit Club
 
Financial Statements Audit
Financial Statements AuditFinancial Statements Audit
Financial Statements Audit
 

Similar to Chapter 4 : Auditing and the information technology environment

Chapter 6
Chapter 6Chapter 6
Chapter 6
Nur Dalila Zamri
 
Audit and Assurance
Audit and AssuranceAudit and Assurance
Audit and Assurance
MuhamadSyawal7
 
Bankauditin it env
Bankauditin it envBankauditin it env
Bankauditin it env
Dr Vijay Pithadia Director
 
bankauditinITEnv
bankauditinITEnvbankauditinITEnv
bankauditinITEnv
Dr Vijay Pithadia Director
 
bankauditinITEnv
bankauditinITEnvbankauditinITEnv
bankauditinITEnv
Dr Vijay Pithadia Director
 
Information 2nd lesson
Information 2nd lessonInformation 2nd lesson
Information 2nd lesson
Anne ndolo
 
Internal-control-in-the-computer-information-system-chap-27-aud-5-FINAL.pptx
Internal-control-in-the-computer-information-system-chap-27-aud-5-FINAL.pptxInternal-control-in-the-computer-information-system-chap-27-aud-5-FINAL.pptx
Internal-control-in-the-computer-information-system-chap-27-aud-5-FINAL.pptx
JayLloyd8
 
Bankauditin it env
Bankauditin it envBankauditin it env
Bankauditin it env
Dr Vijay Pithadia Director
 
Text-DISA_Review_Questions.docx
Text-DISA_Review_Questions.docxText-DISA_Review_Questions.docx
Text-DISA_Review_Questions.docx
CAVEDPRAKASHPALIWAL
 
Text-DISA_Review_Questions.docx
Text-DISA_Review_Questions.docxText-DISA_Review_Questions.docx
Text-DISA_Review_Questions.docx
CAVEDPRAKASHPALIWAL
 
3.42211- CIS Audit.pdf
3.42211- CIS Audit.pdf3.42211- CIS Audit.pdf
3.42211- CIS Audit.pdf
Nehemiah27
 
Core Areas of a CA- Interlinked with computers
Core Areas of a CA- Interlinked with computersCore Areas of a CA- Interlinked with computers
Core Areas of a CA- Interlinked with computers
Shikha Gupta
 
Privacy Preserving Public Auditing for Data Storage Security in Cloud
Privacy Preserving Public Auditing for Data Storage Security in Cloud Privacy Preserving Public Auditing for Data Storage Security in Cloud
Privacy Preserving Public Auditing for Data Storage Security in Cloud
Girish Chandra
 
auditing-190520092523.pdf
auditing-190520092523.pdfauditing-190520092523.pdf
auditing-190520092523.pdf
chetanvchaudhari
 
Information Systems Audit - Ron Weber chapter 1
Information Systems Audit - Ron Weber chapter 1Information Systems Audit - Ron Weber chapter 1
Information Systems Audit - Ron Weber chapter 1
Sreekanth Narendran
 
Post office management system project ..pdf
Post office management system project ..pdfPost office management system project ..pdf
Post office management system project ..pdf
Kamal Acharya
 
Computerized Environment
Computerized EnvironmentComputerized Environment
Computerized Environment
VadivelM9
 
Effects of IT on internal controls
Effects of IT on internal controlsEffects of IT on internal controls
Effects of IT on internal controls
Lou Foja
 
Bcbsc136
Bcbsc136Bcbsc136
Bcbsc136
saidawangui
 
Novatek- Regulatory Compliant User Requirement 21CFR Part 11 & Annex 11.pdf
Novatek- Regulatory Compliant User Requirement 21CFR Part 11 & Annex 11.pdfNovatek- Regulatory Compliant User Requirement 21CFR Part 11 & Annex 11.pdf
Novatek- Regulatory Compliant User Requirement 21CFR Part 11 & Annex 11.pdf
patemalabanan
 

Similar to Chapter 4 : Auditing and the information technology environment (20)

Chapter 6
Chapter 6Chapter 6
Chapter 6
 
Audit and Assurance
Audit and AssuranceAudit and Assurance
Audit and Assurance
 
Bankauditin it env
Bankauditin it envBankauditin it env
Bankauditin it env
 
bankauditinITEnv
bankauditinITEnvbankauditinITEnv
bankauditinITEnv
 
bankauditinITEnv
bankauditinITEnvbankauditinITEnv
bankauditinITEnv
 
Information 2nd lesson
Information 2nd lessonInformation 2nd lesson
Information 2nd lesson
 
Internal-control-in-the-computer-information-system-chap-27-aud-5-FINAL.pptx
Internal-control-in-the-computer-information-system-chap-27-aud-5-FINAL.pptxInternal-control-in-the-computer-information-system-chap-27-aud-5-FINAL.pptx
Internal-control-in-the-computer-information-system-chap-27-aud-5-FINAL.pptx
 
Bankauditin it env
Bankauditin it envBankauditin it env
Bankauditin it env
 
Text-DISA_Review_Questions.docx
Text-DISA_Review_Questions.docxText-DISA_Review_Questions.docx
Text-DISA_Review_Questions.docx
 
Text-DISA_Review_Questions.docx
Text-DISA_Review_Questions.docxText-DISA_Review_Questions.docx
Text-DISA_Review_Questions.docx
 
3.42211- CIS Audit.pdf
3.42211- CIS Audit.pdf3.42211- CIS Audit.pdf
3.42211- CIS Audit.pdf
 
Core Areas of a CA- Interlinked with computers
Core Areas of a CA- Interlinked with computersCore Areas of a CA- Interlinked with computers
Core Areas of a CA- Interlinked with computers
 
Privacy Preserving Public Auditing for Data Storage Security in Cloud
Privacy Preserving Public Auditing for Data Storage Security in Cloud Privacy Preserving Public Auditing for Data Storage Security in Cloud
Privacy Preserving Public Auditing for Data Storage Security in Cloud
 
auditing-190520092523.pdf
auditing-190520092523.pdfauditing-190520092523.pdf
auditing-190520092523.pdf
 
Information Systems Audit - Ron Weber chapter 1
Information Systems Audit - Ron Weber chapter 1Information Systems Audit - Ron Weber chapter 1
Information Systems Audit - Ron Weber chapter 1
 
Post office management system project ..pdf
Post office management system project ..pdfPost office management system project ..pdf
Post office management system project ..pdf
 
Computerized Environment
Computerized EnvironmentComputerized Environment
Computerized Environment
 
Effects of IT on internal controls
Effects of IT on internal controlsEffects of IT on internal controls
Effects of IT on internal controls
 
Bcbsc136
Bcbsc136Bcbsc136
Bcbsc136
 
Novatek- Regulatory Compliant User Requirement 21CFR Part 11 & Annex 11.pdf
Novatek- Regulatory Compliant User Requirement 21CFR Part 11 & Annex 11.pdfNovatek- Regulatory Compliant User Requirement 21CFR Part 11 & Annex 11.pdf
Novatek- Regulatory Compliant User Requirement 21CFR Part 11 & Annex 11.pdf
 

Recently uploaded

Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.
AnnySerafinaLove
 
The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...
Adam Smith
 
Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta Matka
Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta MatkaDpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta Matka
Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta Matka
➒➌➎➏➑➐➋➑➐➐Dpboss Matka Guessing Satta Matka Kalyan Chart Indian Matka
 
Creative Web Design Company in Singapore
Creative Web Design Company in SingaporeCreative Web Design Company in Singapore
Creative Web Design Company in Singapore
techboxsqauremedia
 
Top mailing list providers in the USA.pptx
Top mailing list providers in the USA.pptxTop mailing list providers in the USA.pptx
Top mailing list providers in the USA.pptx
JeremyPeirce1
 
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
SOFTTECHHUB
 
-- June 2024 is National Volunteer Month --
-- June 2024 is National Volunteer Month ---- June 2024 is National Volunteer Month --
-- June 2024 is National Volunteer Month --
NZSG
 
Company Valuation webinar series - Tuesday, 4 June 2024
Company Valuation webinar series - Tuesday, 4 June 2024Company Valuation webinar series - Tuesday, 4 June 2024
Company Valuation webinar series - Tuesday, 4 June 2024
FelixPerez547899
 
Structural Design Process: Step-by-Step Guide for Buildings
Structural Design Process: Step-by-Step Guide for BuildingsStructural Design Process: Step-by-Step Guide for Buildings
Structural Design Process: Step-by-Step Guide for Buildings
Chandresh Chudasama
 
Building Your Employer Brand with Social Media
Building Your Employer Brand with Social MediaBuilding Your Employer Brand with Social Media
Building Your Employer Brand with Social Media
LuanWise
 
Observation Lab PowerPoint Assignment for TEM 431
Observation Lab PowerPoint Assignment for TEM 431Observation Lab PowerPoint Assignment for TEM 431
Observation Lab PowerPoint Assignment for TEM 431
ecamare2
 
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
my Pandit
 
LA HUG - Video Testimonials with Chynna Morgan - June 2024
LA HUG - Video Testimonials with Chynna Morgan - June 2024LA HUG - Video Testimonials with Chynna Morgan - June 2024
LA HUG - Video Testimonials with Chynna Morgan - June 2024
Lital Barkan
 
amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05
marketing317746
 
BeMetals Investor Presentation_June 1, 2024.pdf
BeMetals Investor Presentation_June 1, 2024.pdfBeMetals Investor Presentation_June 1, 2024.pdf
BeMetals Investor Presentation_June 1, 2024.pdf
DerekIwanaka1
 
Taurus Zodiac Sign: Unveiling the Traits, Dates, and Horoscope Insights of th...
Taurus Zodiac Sign: Unveiling the Traits, Dates, and Horoscope Insights of th...Taurus Zodiac Sign: Unveiling the Traits, Dates, and Horoscope Insights of th...
Taurus Zodiac Sign: Unveiling the Traits, Dates, and Horoscope Insights of th...
my Pandit
 
Income Tax exemption for Start up : Section 80 IAC
Income Tax exemption for Start up : Section 80 IACIncome Tax exemption for Start up : Section 80 IAC
Income Tax exemption for Start up : Section 80 IAC
CA Dr. Prithvi Ranjan Parhi
 
Part 2 Deep Dive: Navigating the 2024 Slowdown
Part 2 Deep Dive: Navigating the 2024 SlowdownPart 2 Deep Dive: Navigating the 2024 Slowdown
Part 2 Deep Dive: Navigating the 2024 Slowdown
jeffkluth1
 
2024-6-01-IMPACTSilver-Corp-Presentation.pdf
2024-6-01-IMPACTSilver-Corp-Presentation.pdf2024-6-01-IMPACTSilver-Corp-Presentation.pdf
2024-6-01-IMPACTSilver-Corp-Presentation.pdf
hartfordclub1
 
Lundin Gold Corporate Presentation - June 2024
Lundin Gold Corporate Presentation - June 2024Lundin Gold Corporate Presentation - June 2024
Lundin Gold Corporate Presentation - June 2024
Adnet Communications
 

Recently uploaded (20)

Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.
 
The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...
 
Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta Matka
Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta MatkaDpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta Matka
Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta Matka
 
Creative Web Design Company in Singapore
Creative Web Design Company in SingaporeCreative Web Design Company in Singapore
Creative Web Design Company in Singapore
 
Top mailing list providers in the USA.pptx
Top mailing list providers in the USA.pptxTop mailing list providers in the USA.pptx
Top mailing list providers in the USA.pptx
 
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
 
-- June 2024 is National Volunteer Month --
-- June 2024 is National Volunteer Month ---- June 2024 is National Volunteer Month --
-- June 2024 is National Volunteer Month --
 
Company Valuation webinar series - Tuesday, 4 June 2024
Company Valuation webinar series - Tuesday, 4 June 2024Company Valuation webinar series - Tuesday, 4 June 2024
Company Valuation webinar series - Tuesday, 4 June 2024
 
Structural Design Process: Step-by-Step Guide for Buildings
Structural Design Process: Step-by-Step Guide for BuildingsStructural Design Process: Step-by-Step Guide for Buildings
Structural Design Process: Step-by-Step Guide for Buildings
 
Building Your Employer Brand with Social Media
Building Your Employer Brand with Social MediaBuilding Your Employer Brand with Social Media
Building Your Employer Brand with Social Media
 
Observation Lab PowerPoint Assignment for TEM 431
Observation Lab PowerPoint Assignment for TEM 431Observation Lab PowerPoint Assignment for TEM 431
Observation Lab PowerPoint Assignment for TEM 431
 
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
 
LA HUG - Video Testimonials with Chynna Morgan - June 2024
LA HUG - Video Testimonials with Chynna Morgan - June 2024LA HUG - Video Testimonials with Chynna Morgan - June 2024
LA HUG - Video Testimonials with Chynna Morgan - June 2024
 
amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05
 
BeMetals Investor Presentation_June 1, 2024.pdf
BeMetals Investor Presentation_June 1, 2024.pdfBeMetals Investor Presentation_June 1, 2024.pdf
BeMetals Investor Presentation_June 1, 2024.pdf
 
Taurus Zodiac Sign: Unveiling the Traits, Dates, and Horoscope Insights of th...
Taurus Zodiac Sign: Unveiling the Traits, Dates, and Horoscope Insights of th...Taurus Zodiac Sign: Unveiling the Traits, Dates, and Horoscope Insights of th...
Taurus Zodiac Sign: Unveiling the Traits, Dates, and Horoscope Insights of th...
 
Income Tax exemption for Start up : Section 80 IAC
Income Tax exemption for Start up : Section 80 IACIncome Tax exemption for Start up : Section 80 IAC
Income Tax exemption for Start up : Section 80 IAC
 
Part 2 Deep Dive: Navigating the 2024 Slowdown
Part 2 Deep Dive: Navigating the 2024 SlowdownPart 2 Deep Dive: Navigating the 2024 Slowdown
Part 2 Deep Dive: Navigating the 2024 Slowdown
 
2024-6-01-IMPACTSilver-Corp-Presentation.pdf
2024-6-01-IMPACTSilver-Corp-Presentation.pdf2024-6-01-IMPACTSilver-Corp-Presentation.pdf
2024-6-01-IMPACTSilver-Corp-Presentation.pdf
 
Lundin Gold Corporate Presentation - June 2024
Lundin Gold Corporate Presentation - June 2024Lundin Gold Corporate Presentation - June 2024
Lundin Gold Corporate Presentation - June 2024
 

Chapter 4 : Auditing and the information technology environment

  • 1. PRINCIPLE OF AUDITING & ASSURANCE SERVICES IN MALAYSIA 2 CHAPTER 4 : AUDITING AND THE INFORMATION TECHNOLOGY ENVIRONMENT GROUP MEMBER’S NAME: 1. AZIMAH SHAZEEDA BINTI SULEIMAN (10DAT17F1056) 2. NURSHAHIRA BINTI ISMAIL ALI (10DAT17F1070) 3. NUR ASMIDA BINTI AZIZUL (10DAT17F1032) 4. KHALIDA HANIM BINTI KHAIRUDIN (10DAT17F1016) 5. KUGENDRAN A/L SUBRAMANIAM (10DAT17F1046)
  • 2. INTRODUCTION Information technology(IT) has been widely and rigorously used by most companies. IT assists the business in various aspects such as in production, communication or E-commerce,internal controls,financial reporting and deccision making. The usage of IT: • People are constantly looking for online activities and expert faster delivery from business. • IT plays vital role in producing reliable and timely financial statements and reports. • Improve company internal control system.
  • 3. 4.1.1-Describe the changing information of technology and implication for auditing • People are constantly looking for online activities and expect faster delivery. In accounting as well as auditing, IT plays a vital role in producing reliable and timely financial statements and reports. • Most companies use IT to improve company internal control system through the addition of new control procedure through computer and replacing the manual control due to the likelihood of possible human error.
  • 4. IMPLICATION From manual control to electronic environment:  Traditional paperwork in which the auditor can see and feel the printed marks evidencing transaction are carried out online and most cases in 'real time'.  Generally looks for the authorizing signatures on the papers evidencing the transactions and electronic.  It processing environment such authority is evidenced by the user of identification codes and passwords which are all physically invisible.  The level of complexity can be classified into 2 level which is low and high.
  • 5. 4.1.2-Determine the level of complexity in computerized information system enviroment 1. EDP systems can be defined by their techical complexity and the extent to which they are used in an organization. 2. Technical complexity : • Online-line processing - An online system allows direct access into the computer. Transaction can be put directly into the system so that master files are updated at time the entry is made.
  • 6. • Communication systems - Communication channels can connect the computer directly to users anywhere in the world. • Distributed processing - When the computing function is apportioned among CPU's spread geographically and connected by a communication system. • Data Base Management - As the volume and uses of computer-processed data expand, data on different files are often redundant. - The effect is inefficient use of file space and the need to update files continually.
  • 7. 4.1.3- General control Computerised Information System(CIS) Control Description 1. The IT control environment  The IT government structre  How IT risk are identified, mitigated and managed  The information system, strategic plan and budget  The orrganizational structure and segregation of duties 2. Day-to-day computer operations  Acquisition,installations,configuration, integration and maintenance of the IT infrastructure.  Delivery of information service to user  Management of third-party provider 3. Access to program and data  Security of password  Internet firewalls and remote access controls  Data encryption and cryptographic keys
  • 8. 4. Programme development and program changes  Acquisiton and implementation of new applications  System development and quality assurance methodology 5. Monitoring of IT operations  Policies and procedures regarding the information system and reporting that ensure that user comply with IT general control.
  • 9. Application Control on Computerised Information System(CIS) 1. Application control is controls within a computer application to ensure completeness, accuracy of input,processing and validty of the resulting accounting entries. 2. The main aim is to ensure validity, completeness and accuracy of accounting data. 3. Application controls classified into: a) Input controls b) Processing controls c) Output controls
  • 10. a) Input Controls • The main aim of input controls is to reduce errors in the data entered in the system for processing. • Input controls include checking data and ensuring that: - Input data are authorised by the appropriate official. - Data represent valid record of actual transaction. - Correctly classified for the purpose of accounting • Example : Sequence checks : Batch control
  • 11. b) Proccessing control • There are divided into mechanical and programmed controls. • Programmed control are done during the system development to ensure that only data related to a particular transaction is processed and not otherwise. c) Output control • Controls relating to input and processing itself with the final objective. • Relates pricesely to the original input. • Represents the outcome of a valid and tested program of instructions.
  • 12. 4.1.4-The Plan An Audit Strategic in CIS approach • Ensure that these is adequate compliance and substantive procedures and transmitted date are correct and completed • Apply professional scepticism by cross verification of record, reconciliation between primary and subsidiary ledger, questioning and critical assessment of audit evidence. • The audit which may be affected by the client CIS enviroment.
  • 13. Basic steps • Planning • Studying and evaluating control • Testing and evaluating control • Reporting • Follow up
  • 14. Effect to auditor • There is invisiability of data and processing • There is also radical change in the control structure electronic control replacing manual control. • There is of the speedof processing • IT dynamic always challenges the auditor’s comperence in the workplace. - Occur very frequently. - Auditor left behind trying to catch up with the trend.
  • 15. ACCESS CONTROL RISK IT ENVIRONMENT RISKS 1. Hardware and software  Virus/damage (water/overheating)  Hacked/sabotage 2. Audit trail  Cannot trace the source of accounting information because no pyhsical document were used. 3. Loss of data  Loss because of virus/fire - The company may not produce reliable financial information. - It is important to have backup system. 4. Unauthorised acess  Proper online – user ID and password  More to security  Avoid theft
  • 16. CAAT’S TECHNIQUE a) Test data method -for which the auditor will create a set of stimulated transaction data - Use the client’s application programme to provide evidence b) Custom audit software -Written by auditors for a specific task if the client’s IT system is not compatible with the GAS or when the auditor ants to conduct some testing that may nott be possible with GAS. c) Concurrent auditing technique -Refers to the collection of audit evidence via technology while the client’s systems continue to run.
  • 17. d) Parallel simulation - To construct a simulation program that looks like the company’s application programme. - Help the auditor to process the actual data. e) Integrated test facility - It will give an accurate data to the auditor because it testing the programmes actually used by the clients.
  • 18. Nature of risk and internal control a) Lack of transaction trails. Some CIS are designed so that a complete transaction trail is that useful for audit purposes might exist for only a short period of time or only in computer readable form. b) Uniform processing of transactions. Computer processing uniformly processes like transactions with the same processing instructions. Thus, the clerical errors ordinarily associated with manual processing are virtually eliminated. Conversely, programming errors (or other systematic errors in hardware or software) will ordinarily result in all transactions being processed incorrectly
  • 19. c) Lack of segregation of functions. Many control procedures that would ordinarily be performed by seperate individuals in manual systems may be concentrated in CIS. Thus, an individual who has access to computer programs, processing or data may be in a position to perform incompatible functions. d) Potential for errors and irregularities. The potential for human error in the development, maintenance and execution of CIS may be greater than in manual systems, partially because of the level of detail inherent in these activities. Also, the potential for individuals to gain unauthorized access to data or to alter data without visible evidence may be greater in CIS than in manual systems.
  • 20. e) Initiation or execution of transactions. CIS may include the capability to initiate or cause the execution of certain types of trasactions, automatically. The authorisation of these transactions or procedures may not be documented in the same way as those in manual system, and management's authorisation of these transactions or procedures may be documented in the same way as those in a manual system, and management's authorisation of these transactions may be implicit in its systems.