advanced accounting information systems day 18 it auditing wrap-up / control frameworks introduction...
TRANSCRIPT
![Page 1: Advanced Accounting Information Systems Day 18 IT Auditing Wrap-up / Control Frameworks Introduction October 5, 2009](https://reader036.vdocuments.us/reader036/viewer/2022083009/56649f115503460f94c23f0b/html5/thumbnails/1.jpg)
Advanced Accounting Information Systems
Advanced Accounting Information Systems
Day 18
IT Auditing Wrap-up /
Control Frameworks IntroductionOctober 5, 2009
![Page 2: Advanced Accounting Information Systems Day 18 IT Auditing Wrap-up / Control Frameworks Introduction October 5, 2009](https://reader036.vdocuments.us/reader036/viewer/2022083009/56649f115503460f94c23f0b/html5/thumbnails/2.jpg)
AnnouncementsAnnouncements
– Revised syllabus– Assignment 3 – Assignment 4
![Page 3: Advanced Accounting Information Systems Day 18 IT Auditing Wrap-up / Control Frameworks Introduction October 5, 2009](https://reader036.vdocuments.us/reader036/viewer/2022083009/56649f115503460f94c23f0b/html5/thumbnails/3.jpg)
Outline for todayOutline for today
Continuous auditing example
Hot dog cart case
![Page 4: Advanced Accounting Information Systems Day 18 IT Auditing Wrap-up / Control Frameworks Introduction October 5, 2009](https://reader036.vdocuments.us/reader036/viewer/2022083009/56649f115503460f94c23f0b/html5/thumbnails/4.jpg)
Validating Computer ProgramsValidating Computer Programs
Tests of programs change controls– responsibility system of computer program development and
maintenance Program comparison
– Control total tests Review of systems software
– Operating system software– Utility programs that do basic ‘housekeeping’ chores such as sorting and copying– Program library software that controls and monitors storage of programs– Access control software that controls logical access to programs and data files
Validating users and access privileges Continuous auditing
– Embedded audit modules or audit hooks (SCARF)– Exception reporting– Transaction tagging– Snapshot technique– Continuous and intermittent simulation
![Page 5: Advanced Accounting Information Systems Day 18 IT Auditing Wrap-up / Control Frameworks Introduction October 5, 2009](https://reader036.vdocuments.us/reader036/viewer/2022083009/56649f115503460f94c23f0b/html5/thumbnails/5.jpg)
IT Auditing TodayIT Auditing Today
Component of IT governance– Process of using IT resources effectively to
meet organizational objectives– Two objectives
• Focus on use of IT strategically to fulfill the organizational mission and to compete effectively
• Making sure that organization’s IT resources are managed effectively and that management controls IT related risks
![Page 6: Advanced Accounting Information Systems Day 18 IT Auditing Wrap-up / Control Frameworks Introduction October 5, 2009](https://reader036.vdocuments.us/reader036/viewer/2022083009/56649f115503460f94c23f0b/html5/thumbnails/6.jpg)
Fraud triangle (SAS 99)Fraud triangle (SAS 99)
Incentive / pressure Opportunity rationalization
![Page 7: Advanced Accounting Information Systems Day 18 IT Auditing Wrap-up / Control Frameworks Introduction October 5, 2009](https://reader036.vdocuments.us/reader036/viewer/2022083009/56649f115503460f94c23f0b/html5/thumbnails/7.jpg)
SOXSOX
Section 201 – services outside scope of practice of auditors
Section 302 – corporate responsibility for financial reports
Section 404 – management assessment of IC – Small companies must now comply –
see SEC press release
![Page 8: Advanced Accounting Information Systems Day 18 IT Auditing Wrap-up / Control Frameworks Introduction October 5, 2009](https://reader036.vdocuments.us/reader036/viewer/2022083009/56649f115503460f94c23f0b/html5/thumbnails/8.jpg)
Continuous Auditing Continuous Auditing
In groups of two to three, answer the following questions:– List two definitions of continuous auditing in
the paper and explain how they differ– Develop your own definition of continuous
auditing– Approximately what year did continuous
auditing start in?
![Page 9: Advanced Accounting Information Systems Day 18 IT Auditing Wrap-up / Control Frameworks Introduction October 5, 2009](https://reader036.vdocuments.us/reader036/viewer/2022083009/56649f115503460f94c23f0b/html5/thumbnails/9.jpg)
Continuous Auditing Continuous Auditing
In groups of two to three, answer the following questions:– Identify factors influencing whether internal
auditing can be appraised as attaining continuous auditing status
– How does continuous auditing differ from continuous monitoring?
![Page 10: Advanced Accounting Information Systems Day 18 IT Auditing Wrap-up / Control Frameworks Introduction October 5, 2009](https://reader036.vdocuments.us/reader036/viewer/2022083009/56649f115503460f94c23f0b/html5/thumbnails/10.jpg)
Continuous Auditing – American Electric Power Continuous Auditing – American Electric Power
In groups of two to three, answer the following questions:– How does American Electric Power
implement continuous auditing?– What technology does American Electronic
Power internal auditing use to implement continuous auditing
– What is a safety audit?
![Page 11: Advanced Accounting Information Systems Day 18 IT Auditing Wrap-up / Control Frameworks Introduction October 5, 2009](https://reader036.vdocuments.us/reader036/viewer/2022083009/56649f115503460f94c23f0b/html5/thumbnails/11.jpg)
Continuous Auditing - Microsoft Continuous Auditing - Microsoft
In groups of two to three, answer the following questions:– What factors did Microsoft expect when it
developed its continuous auditing program? – What problems did it actually encounter?– Is Microsoft using continuous auditing or
continuous monitoring (or both) today? Explain..– How does Microsoft internal audit monitor is
business activities for possible fraud?
![Page 12: Advanced Accounting Information Systems Day 18 IT Auditing Wrap-up / Control Frameworks Introduction October 5, 2009](https://reader036.vdocuments.us/reader036/viewer/2022083009/56649f115503460f94c23f0b/html5/thumbnails/12.jpg)
Continuous Auditing – Hospital Corporation of America Continuous Auditing – Hospital Corporation of America
In groups of two to three, answer the following questions:– How does Hospital Corporation of America
(HCA) determine which automated audits to implement?
– Give examples of variables HCA monitors.– How does HCA reduce the threat that senior
management could manipulate their financial statements?
![Page 13: Advanced Accounting Information Systems Day 18 IT Auditing Wrap-up / Control Frameworks Introduction October 5, 2009](https://reader036.vdocuments.us/reader036/viewer/2022083009/56649f115503460f94c23f0b/html5/thumbnails/13.jpg)
Hot Dog Cart CaseHot Dog Cart Case
What business objectives do you expect your new employee to achieve?
What operational and financial risks do you face with allowing an employee to run your hot dog cart?
![Page 14: Advanced Accounting Information Systems Day 18 IT Auditing Wrap-up / Control Frameworks Introduction October 5, 2009](https://reader036.vdocuments.us/reader036/viewer/2022083009/56649f115503460f94c23f0b/html5/thumbnails/14.jpg)
Hot Dog Cart CaseHot Dog Cart Case
How can the problem of lack of segregation of duties be addressed when you are away from the business?
![Page 15: Advanced Accounting Information Systems Day 18 IT Auditing Wrap-up / Control Frameworks Introduction October 5, 2009](https://reader036.vdocuments.us/reader036/viewer/2022083009/56649f115503460f94c23f0b/html5/thumbnails/15.jpg)
Hot Dog Cart CaseHot Dog Cart Case
What controls could you develop to mitigate (notice I did NOT say completely eliminate) the operational and financial risks identified above while achieving your business objectives?
![Page 16: Advanced Accounting Information Systems Day 18 IT Auditing Wrap-up / Control Frameworks Introduction October 5, 2009](https://reader036.vdocuments.us/reader036/viewer/2022083009/56649f115503460f94c23f0b/html5/thumbnails/16.jpg)
Hot Dog Cart CaseHot Dog Cart Case
How can we organize the controls identified above to ensure that our business objective is achieved?
![Page 17: Advanced Accounting Information Systems Day 18 IT Auditing Wrap-up / Control Frameworks Introduction October 5, 2009](https://reader036.vdocuments.us/reader036/viewer/2022083009/56649f115503460f94c23f0b/html5/thumbnails/17.jpg)
Questions for WednesdayQuestions for Wednesday
Identify two control frameworks discussed in our textbook and determine if either framework would be useful if you were considering expanding your hot dog cart business