Core concepts of accounting information systems 13 by simkin norman chapter 15

48 566 0
Core concepts of accounting information systems 13 by simkin norman chapter 15

Đang tải... (xem toàn văn)

Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống

Thông tin tài liệu

Prepared by Paula Funkhouser University of Nevada, Reno Core Concepts of Accounting Information Systems, 13th Edition Mark G Simkin ● Jacob M Rose ● Carolyn S Norman Information Technology Auditing Chapter 15 Chapter 15: Information Technology Auditing • Introduction • The Audit Function • The Information Technology Auditor’s Toolkit • Auditing Computerized Accounting Information SystemsInformation Technology Auditing Today Copyright © 2015 John Wiley & Sons, Inc All rights reserved Introduction • Audits of AISs – Ensure controls are functioning properly – Confirm additional controls not necessary • Nature of Auditing – Internal and external auditing – IT Audit and financial audit – Tools of an IT auditor Copyright © 2015 John Wiley & Sons, Inc All rights reserved The Audit Function • Internal versus External Auditing • Information Technology Auditing • Evaluating the Effectiveness of Information Systems Controls Copyright © 2015 John Wiley & Sons, Inc All rights reserved Internal Auditing • Responsibility of Performance – Company’s own employees – External of the department being audited • Evaluation of: – Employee compliance with policies and procedures – Effectiveness of operations – Compliance with external laws and regulations – Reliability of financial reports – Internal controls Copyright © 2015 John Wiley & Sons, Inc All rights reserved External Auditing • Responsibility of Performance – Those outside the organization – Accountants working for independent CPA • Audit Purpose – Performance of the attest function – Evaluate the accuracy and fairness of the financial statements relative to GAAP Copyright © 2015 John Wiley & Sons, Inc All rights reserved Information Technology Auditing • Function – Evaluate computer’s role in achieving audit and control objectives • Assurance Provided – Data and information are reliable, confidential, secure, and available – Safeguarding assets, data integrity, and operational effectiveness Copyright © 2015 John Wiley & Sons, Inc All rights reserved The Components of an IT Audit Copyright © 2015 John Wiley & Sons, Inc All rights reserved The IT Audit Process • Computer-Assisted Audit Techniques (CAAT) – Use of computer processes to perform audit functions – Performing substantive tests • Approaches – Auditing through the computer – Auditing with the computer Copyright © 2015 John Wiley & Sons, Inc All rights reserved The IT Audit Process 10 Copyright © 2015 John Wiley & Sons, Inc All rights reserved Validating Users and Access Privileges • Purpose – Ensure all system users are valid – Appropriate access privileges • Utilize Software Tools – Examine login times – Exception conditions – Irregularities 34 Copyright © 2015 John Wiley & Sons, Inc All rights reserved Continuous Auditing • Embedded Audit Modules (Audit Hooks) – Capture data for audit purposes • Exception Reporting – Transactions falling outside given parameters are rejected • Transaction Tagging – Certain transactions tagged and progress recorded 35 Copyright © 2015 John Wiley & Sons, Inc All rights reserved Continuous Auditing • Snapshot Technique – Examines how transactions are processed • Continuous and Intermittent Simulation (CIS) – Embeds audit module in a database management system (DBMS) – Similar to parallel simulation 36 Copyright © 2015 John Wiley & Sons, Inc All rights reserved Continuous Auditing – Spreadsheet Errors 37 Copyright © 2015 John Wiley & Sons, Inc All rights reserved Study Break #3 Which of the following is NOT an audit technique for auditing computerized AIS? A Parallel simulation B Use of specialized control software C Continuous auditing D All of the above are techniques used to audit computerized AIS 38 Copyright © 2015 John Wiley & Sons, Inc All rights reserved Study Break #4 Continuous auditing: A Has been talked about for years but will never catch on B Will likely become popular if organizations adopt XBRL in their financial reporting C Does not include techniques such as embedded audit modules D Will never allow IT auditors to provide some types of assurance on a real-time basis 39 Copyright © 2015 John Wiley & Sons, Inc All rights reserved IT Governance • Overview – Process of using IT resources effectively – Efficient, responsible, strategic use of IT • Objectives – Using IT strategically to fulfill mission of organization – Ensure effective management of IT 40 Copyright © 2015 John Wiley & Sons, Inc All rights reserved IT Auditing Today • The Sarbanes-Oxley Act of 2002 • Auditing Standard No (AS5) • Third Party and Information Systems Reliability Assurances 41 Copyright © 2015 John Wiley & Sons, Inc All rights reserved The Sarbanes-Oxley Act of 2002 • Overview – Limits services that auditors can provide clients while they are conducting audits • Groups of Compliance Requirements – – – – Audit committee/corporate governance requirements Certification, disclosure, and internal control Financial statement reporting rules Executive reporting and conduct 42 Copyright © 2015 John Wiley & Sons, Inc All rights reserved The Sarbanes-Oxley Act of 2002 • Section 302 – CEOs and CFOs are required to certify the financial statements – Internal controls and disclosures are adequate • Section 404 – CEOs and CFOs assess and attest to the effectiveness of internal controls 43 Copyright © 2015 John Wiley & Sons, Inc All rights reserved Key Provisions of SOX 44 Copyright © 2015 John Wiley & Sons, Inc All rights reserved Key Provisions of SOX 45 Copyright © 2015 John Wiley & Sons, Inc All rights reserved Auditing Standard No (AS5) • Purpose – Public Company Accounting Oversight Board (PCAOB) guidance – Focus on most critical controls • Rebalancing of Auditor’s Work – Internal auditors help to advise board of directors – External auditors reduce redundant testing 46 Copyright © 2015 John Wiley & Sons, Inc All rights reserved Third Party and Information Systems Reliability Assurances • Growth of Electronic Commerce – Area of growing risk – Security and privacy concerns – Difficult to audit • AICPA Trust Services – CPA WebTrust – SysTrust 47 Copyright © 2015 John Wiley & Sons, Inc All rights reserved Third Party and Information Systems Reliability Assurances • Principles of Trust Services – Security – Availability – Processing integrity – Online privacy – Confidentiality 48 Copyright © 2015 John Wiley & Sons, Inc All rights reserved .. .Chapter 15: Information Technology Auditing • Introduction • The Audit Function • The Information Technology Auditor’s Toolkit • Auditing Computerized Accounting Information Systems • Information. .. Effectiveness of Information Systems Controls Copyright © 2 015 John Wiley & Sons, Inc All rights reserved Internal Auditing • Responsibility of Performance – Company’s own employees – External of the... Risk management Information security management Response management 13 Copyright © 2 015 John Wiley & Sons, Inc All rights reserved Evaluating the Effectiveness of Information Systems Controls

Ngày đăng: 15/05/2017, 11:44

Từ khóa liên quan

Mục lục

  • Information Technology Auditing

  • Chapter 15: Information Technology Auditing

  • Introduction

  • The Audit Function

  • Internal Auditing

  • External Auditing

  • Information Technology Auditing

  • The Components of an IT Audit

  • The IT Audit Process

  • Slide 10

  • Careers in IT Auditing

  • CISA Exam Components

  • Slide 13

  • Evaluating the Effectiveness of Information Systems Controls

  • Risk Assessment

  • Information Systems Risk Assessment

  • Study Break #1

  • Study Break #2

  • The IT Auditor’s Toolkit

  • General-Use Software

Tài liệu cùng người dùng

Tài liệu liên quan