AUDITING-CIS-ENVIRONMENT_Shanice-Basibas.pptx

audItIng IN A COMPUTERIZED ENVIRONMENT CHAPTER 7 Presented by | Shanice C. Basibas

CHARACTERISTICS OF COMPUTER INFORMATION SYSTEM (CIS)

In a CIS environment, data can be entered directly into the computer system without supporting documents. In the absence of these source documents, supporting the processing of transactions, makes the examination of evidence more difficult LACK OF VISIBLE TRANSACTION TRAILS^^ 2023 | @reallygreatsite

CIS performs functions exactly as programmed. On the other hand, an incorrect program could be very devastating because it will result to consistently erroneous data processing. CONSISTENCY OF PERFORMANCE^^

It is important, therefore, that appropriate controls are incorporated to the system to limit the access to data files and programs only to authorized personnel. Ease of access to data and computer programs ^^ 2023 | @reallygreatsite

Proper segregation of duties is an essential characteristic of a sound internal control system. However, because of the ability of the computer to process data efficiently, there are functions that are normally segregated in manual processing that are combined in a cis environment. Concentration of duties^^

Certain transactions may be initiated by the cis itself without the need for an input document. Systems generated transactions^^ 2023 | @reallygreatsite

The information on the computer can be easily changed, leaving no trace of original content. This change could happen inadvertently and huge amount of information can be quickly lost. Vulnerability of data and program storage media^^

Application controls General controls Organizational controls Systems development and documentation control Access control Data recovery control Monitoring control . Lorem ipsum dolor sit amet, consectetur adipiscing elit. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Lorem ipsum dolor sit amet, consectetur adipiscing elit. INTERNAL CONTROL IN A CIS ENVIRONMENT^^

General controls 1 2 ORGANIZATIONAL CONTROLS SYSTEMS DEVELOPMENT AND DOCUMENTATION CONTROLS To ensure that computer programs are functioning as designed, the program must be tested and modified, if needed, by the user and cis department. Moreover, adequate systems documentation must be made in order to facilitate the use of the program as well the changes that may be introduced later into the system. 3 ACCESS CONTROLS Every computer system should have adequate security controls to protect equipment, files, and programs. Access to computer should be limited only to operators and other authorized employees. Appropriate controls such as the use of the password, must be adopted in order to limit access to data files and programs only to authorized personnel. Just as in a manual system, there should be a written plan of the organization, with clear assignment of authority and responsibility. Segregation between CIS department and the user department b. Segregation of duties within the cis environment

General controls 4 5 DATA RECOVERY CONTROLS MONITORING CONTROLS Designed to ensure that cis controls are working affectively as planned. These include periodic evaluation of the adequacy and effectiveness of the overall cis operations, conducted by persons within or outside the entity. Provides for the maintenance of back-up files and off-site storage procedures.

APPLICATION CONTROLS 1 Input controls are designed to provide reasonable assurance that data submitted for processing are complete, properly authorized, and accurately translated into machine readable form. CONTROL OVER INPUT Examples of input controls: Key verification Field check Validity check Self-checking check Limit check Control totals . are those policies and procedures that relate to specific use of the system. These are designed to provide reasonable assurance that all transactions are authorized, and that they are processed completely, accurately and in a timely manner.

APPLICATION CONTROLS 2 Processing controls are designed to provide reasonable assurance that the input data are processed accurately, and that data are not lost, added, excluded, duplicated, or improperly changed. CONTROLs OVER processing 3 Output controls are designed to provide reasonable assurance that the results of processing are complete, accurate and that these outputs are distributed only to authorized employees who will be using such outputs. Controls over output

Test of data in a cis environment Test of control in a CIS environment involves evaluating the client’s policies and procedures to determine if they are functioning as intended. Testing the reliability of general controls may include observing client’s personnel in performing their duties; inspecting program documentation; and observing the security measures in force.

In testing application controls: Audit around the computer Use Computer-Assisted Audit Techniques

Auditing around the computer is similar to testing control in a manual control structure in that it involves examination of documents and reports to determine the reliability of the system. When using this approach, the auditor ignores the client’s data processing procedures, focusing solely on the input documents and the CIS output . 2023 | @reallygreatsite Auditing around the computer

Auditing around the computer can be used only if there are visible input documents and detailed output that will enable the auditor to trace induvial transactions back and forth. This is also known as “black box approach” because it does not permit direct assessment of actual processing of transactions. Auditing around the computer

CAAT’s are computer programs and data which are the auditor uses as part of the audit procedures to process data of audit significance contained in an entity’s information system. Some of the commonly used CAATs include test data, integrated test facility and parallel simulation. This is also called “white box approach”. Computer assisted audit techniques ( Caat )

1. Test data The test of data technique is primary designed to test the effectiveness of the internal control procedures which are incorporated in the client’s computer program. The objective of the test data technique is to determine whether the client’s computer programs can correctly handle valid and invalid conditions as they arise.

Test data Auditor’s Test Data Processed using client’s program Output Compare Manually Auditor’s Expected Output

2. Integrated test facility (ITF) When using ITF, the auditor creates dummy or fictitious employee or other appropriate unit for testing within the entity’s computer system. By processing test data simultaneously, ITF provides assurance that the program tested by the auditor is the same program used by the client in the processing of transactions.

Integrated test facility Auditor’s Test Data Processed using client’s program Output Compare Manually Auditor’s Expected Output Client’s Data

3. Parallel simulation Parallel simulation requires the auditor to write a program that simulates key features or processes of the program under review. The simulated program is then used to reprocess transactions that were previously processed by the client’s program. The auditor compares the results obtained from the simulation, with the client’s output, to be able to draw conclusion about the reliability of the client’s program.

Parallel simulation Client’s Data Processed using client’s program Output Compare Manually Auditor’s Expected Output Client’s Data Processed using client’s program

Parallel simulation can be accomplished by using generalized audit software or purpose written program. Generalized audit software consists of generally available computer packages which have been designed to perform common audit tasks such as performing or verifying calculations, summarizing and totaling files, and reporting in a format specified by the auditor. Purpose-written programs , on the other hand, are designed to perform audit tasks in specific circumstances . These programs may be developed by the auditor, the entity being audited, or an outside programmer by the auditor.

Other caat’s This technique involves taking a picture of a transaction as it flows through the computer systems. This involves embedding audit software modules within an application system to provide continuous monitoring of the system transactions. 1. Snapshots 2. System control audit review files (scarf)

let’s survive together, everyone! Thank You ^^

AUDITING-CIS-ENVIRONMENT_Shanice-Basibas.pptx

About This Presentation

Slide Content

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

AUDITING-CIS-ENVIRONMENT_Shanice-Basibas.pptx

About This Presentation

Slide Content

Slide 1

Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14

Slide 15

Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

DTI BPI Pivot Small Business - BUSINESS START UP PLAN

CATHOLIC EDUCATIONAL Corporate Responsibilities

Karin Schaupp – Evocation; lançamento: 2000

Pillars of Biblical Oneness in the Book of Acts

7-10. STP + Branding and Product &amp; Services Strategies.pptx

Business Legislation PPT - UNIT 1 jimllpkggg

7-10. STP + Branding and Product & Services Strategies.pptx