Statement of Auditing Standard No.94.ppt
jidekuku
25 views
18 slides
Aug 19, 2024
Slide 1 of 18
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
About This Presentation
Statement of Auditing Standard No.94.pptStatement of Auditing Standard No.94.pptStatement of Auditing Standard No.94.pptStatement of Auditing Standard No.94.pptStatement of Auditing Standard No.94.pptStatement of Auditing Standard No.94.pptStatement of Auditing Standard No.94.ppt
Slide Content
Statement of Auditing
Standard No. 94
The Effect of Information Technology on the
Auditor’s Consideration of Internal Control in
a Financial Statement Audit
Karl E. Dahlberg, New Jersey, ISACA
Click for Paper
Standard No. 94
The Effect of Information Technology on the
Auditor’s Consideration of Internal Control in
a Financial Statement Audit
Karl E. Dahlberg, New Jersey, ISACA
Click for Paper
IT and Internal Control
•SAS 94 says an organization’s IT use may
affect any of the five internal control
components as well as how businesses
initiate, record, process and report
transactions. The SAS offers auditors
some direction by pointing out these key
aspects of the systems and controls on
which organizations today rely.
•SAS 94 says an organization’s IT use may
affect any of the five internal control
components as well as how businesses
initiate, record, process and report
transactions. The SAS offers auditors
some direction by pointing out these key
aspects of the systems and controls on
which organizations today rely.
Summary of the Audit Process
•Phase I Plan and design the audit
approach
•Phase II Perform tests of controls and
substantive tests of transactions
•Phase III Perform analytical procedures
and tests of details of balances
•Phase IV Complete the audit and issue
the audit report
•Phase I Plan and design the audit
approach
•Phase II Perform tests of controls and
substantive tests of transactions
•Phase III Perform analytical procedures
and tests of details of balances
•Phase IV Complete the audit and issue
the audit report
Phase I: Plan and design an audit
approach
•Preplan
•Obtain background information
•Obtain information about contractor’s legal
obligations
•Perform preliminary analytical procedures
•Set materiality, and assess acceptable risk
and inherent risk
approach
•Preplan
•Obtain background information
•Obtain information about contractor’s legal
obligations
•Perform preliminary analytical procedures
•Set materiality, and assess acceptable risk
and inherent risk
Phase I: Plan and design an audit
approach (con’t)
•Understand internal control and assess
control risk
•Develop overall audit plan and audit
program
approach (con’t)
•Understand internal control and assess
control risk
•Develop overall audit plan and audit
program
Phase II: Perform tests of controls
and substantive tests of trans.
•Plan to reduce assessed level of control
risk? (Yes/No)
•Perform tests of controls
•Perform substantive tests of transactions
•Assess likelihood of misstatements in
financial statements
and substantive tests of trans.
•Plan to reduce assessed level of control
risk? (Yes/No)
•Perform tests of controls
•Perform substantive tests of transactions
•Assess likelihood of misstatements in
financial statements
Phase III: Perform analytical proc.
and tests of details of balances
•Perform analytical procedures
•Perform tests of key items
•Perform additional tests of details of
balances
and tests of details of balances
•Perform analytical procedures
•Perform tests of key items
•Perform additional tests of details of
balances
Phase IV: Complete the audit and
issue an audit report
•Review for contingent liabilities
•Review for subsequent events
•Accumulate final evidence
•Evaluate results
•Issue audit report
•Communicate with appropriate parties
issue an audit report
•Review for contingent liabilities
•Review for subsequent events
•Accumulate final evidence
•Evaluate results
•Issue audit report
•Communicate with appropriate parties
SAS 94 Guidance
•Obtaining an understanding of internal
control
•Definition of “Information Technology”
•Five interrelated components
•Potential benefits
•Specific risks
•Obtaining an understanding of internal
control
•Definition of “Information Technology”
•Five interrelated components
•Potential benefits
•Specific risks
Obtaining an understanding of
internal control
•A sufficient understanding is obtained by
performing procedures to understand the
design of controls relevant to an audit of
financial statements and determining
whether they have been placed in
operation.
internal control
•A sufficient understanding is obtained by
performing procedures to understand the
design of controls relevant to an audit of
financial statements and determining
whether they have been placed in
operation.
In planning the audit, such
knowledge should be used to:
•Identify types of potential misstatement
•Consider factors that affect the risk of
material misstatement
•Design tests of controls, when applicable
•Design substantive tests
knowledge should be used to:
•Identify types of potential misstatement
•Consider factors that affect the risk of
material misstatement
•Design tests of controls, when applicable
•Design substantive tests
Definition of “Information
Technology”
•Information technology (IT) encompasses
automated means of originating,
processing, storing, and communicating
information, and includes recording
devices, communication systems,
computer systems (including hardware
and software components and data), and
other electronic devices.
Technology”
•Information technology (IT) encompasses
automated means of originating,
processing, storing, and communicating
information, and includes recording
devices, communication systems,
computer systems (including hardware
and software components and data), and
other electronic devices.
Five interrelated components
•Control environment
•Risk assessment
•Control activities
•Information and communications systems
support
•Monitoring
•Control environment
•Risk assessment
•Control activities
•Information and communications systems
support
•Monitoring
Potential benefits
•Consistently apply predefined business
rules and perform complex calculations in
processing large volumes of transactions
and data
•Enhance the timeliness, availability, and
accuracy of information
•Facilitate the additional analysis of
information
•Consistently apply predefined business
rules and perform complex calculations in
processing large volumes of transactions
and data
•Enhance the timeliness, availability, and
accuracy of information
•Facilitate the additional analysis of
information
Potential benefits (con’t)
•Enhance the ability to monitor the
performance of the entity’s activities and
its policies and procedures
•Reduce the risk that controls will be
circumvented
•Enhance the ability to monitor the
performance of the entity’s activities and
its policies and procedures
•Reduce the risk that controls will be
circumvented
Specific risks
•Reliance on systems or programs that are
inaccurately processing data, processing
inaccurate data, or both
•Unauthorized access to data that may
result in destruction of data or improper
changes to data, including the recording of
unauthorized or nonexistent transactions
or inaccurate recording of transactions
•Reliance on systems or programs that are
inaccurately processing data, processing
inaccurate data, or both
•Unauthorized access to data that may
result in destruction of data or improper
changes to data, including the recording of
unauthorized or nonexistent transactions
or inaccurate recording of transactions
Specific risks (con’t)
•Unauthorized changes to data in master
files
•Unauthorized changes to systems or
programs
•Failure to make necessary changes to
systems or programs
•Inappropriate manual intervention
•Potential loss of data
•Unauthorized changes to data in master
files
•Unauthorized changes to systems or
programs
•Failure to make necessary changes to
systems or programs
•Inappropriate manual intervention
•Potential loss of data
SAS 82 Exposure Draft
•Assessing the identified risks after taking
into account an evaluation of the entity’s
programs and controls. This section
requires the auditor to evaluate the entity’s
programs and controls that address the
identified risks of material misstatement
due to fraud, and to assess the risks
taking into account this evaluation.
•Assessing the identified risks after taking
into account an evaluation of the entity’s
programs and controls. This section
requires the auditor to evaluate the entity’s
programs and controls that address the
identified risks of material misstatement
due to fraud, and to assess the risks
taking into account this evaluation.
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 25
- Slides 18
- Age 473 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
33 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
36 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
33 views
14
Fertility awareness methods for women in the society
Isaiah47
30 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
29 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
30 views