Professional Documents
Culture Documents
Based Information
Systems
Learning Objectives
Describe the nature, scope, and objectives of audit
work, and identify the major steps in the audit process.
Identify the six objectives of an information system
audit, and describe how the risk-based audit approach
can be used to accomplish these objectives.
Describe the different tools and techniques auditors
use to test software programs and program logic.
Describe computer audit software, and explain how it is
used in the audit of an AIS.
Describe the nature and scope of an operational audit.
Introduction
Seattle Paper Products (SPP) is modifying its
sales department payroll system to change the
way it calculates sales commissions.
Jason Scott was assigned to use the audit
software to write a parallel simulation test
program to calculate sales commissions.
Jasons calculations were $5,000 less than
those produced by SPPs new program.
Introduction
He selected a salesperson for whom there
was a discrepancy and recalculated the
commission by hand.
The result agreed with his program.
Jason is now convinced that his program is
correct and that the error lies with the new
program.
Auditing
Threat Controls
User authorization of source
data input
Batch control totals
Log receipt, movement, and
Inaccurate source data
disposition of source data
Unauthorized source input
data
Turnaround documents
Check digit and key
verification
Data editing routines
6. Accurate, Complete, and Confidential Data Files
Threats Secure
Controlsstorage of data and
restrict physical access
Destruction of stored
data from Logical access controls
Errors Write-protection and proper file
Hardware and software labels
malfunctions Concurrent update controls
Sabotage Data encryption
Unauthorized Virus protection
modification or
Backup of data files (offsite)
disclosure of stored data
System recovery procedures
Audit Techniques Used to Test
Programs
Integrated Test Facility
Uses fictitious inputs
Snapshot Technique
Master files before and after update are stored for specially
marked transactions
System Control Audit Review File (SCARF)
Continuous monitoring and storing of transactions that meet
pre-specifications
Audit Hooks
Notify auditors of questionable transactions
Continuous and Intermittent Simulation
Similar to SCARF for DBMS
Software Tools Used to Test Program
Logic
Automated flowcharting program
Interprets source code and generates flowchart
Automated decision table program
Interprets source code and generates a decision table
Scanning routines
Searches program for specified items
Mapping programs
Identifies unexecuted code
Program tracing
Prints program steps with regular output to observe
sequence of program execution events
Computer Audit Software
Computer assisted audit software that can perform audit
tasks on a copy of a companys data. Can be used to:
Query data files and retrieve records based upon
specified criteria
Create, update, compare, download, and merge files
Summarize, sort, and filter data
Access data in different formats and convert to common
format
Select records using statistical sampling techniques
Perform analytical tests
Perform calculations and statistical tests
Operational Audits
Purpose is to evaluate effectiveness, efficiency, and goal
achievement. Although the basic audit steps are the
same, the specific activities of evidence collection are
focused toward operations such as:
Review operating policies and documentation
Confirm procedures with management and operating
personnel
Observe operating functions and activities
Examine financial and operating plans and reports
Test accuracy of operating information