Advanced Accounting Information Systems

Advanced Accounting Information Systems

Day 18

IT Auditing Wrap-up /

Control Frameworks IntroductionOctober 5, 2009

AnnouncementsAnnouncements

– Revised syllabus– Assignment 3 – Assignment 4

Outline for todayOutline for today

Continuous auditing example

Hot dog cart case

Validating Computer ProgramsValidating Computer Programs

Tests of programs change controls– responsibility system of computer program development and

maintenance Program comparison

– Control total tests Review of systems software

– Operating system software– Utility programs that do basic ‘housekeeping’ chores such as sorting and copying– Program library software that controls and monitors storage of programs– Access control software that controls logical access to programs and data files

Validating users and access privileges Continuous auditing

– Embedded audit modules or audit hooks (SCARF)– Exception reporting– Transaction tagging– Snapshot technique– Continuous and intermittent simulation

IT Auditing TodayIT Auditing Today

Component of IT governance– Process of using IT resources effectively to

meet organizational objectives– Two objectives

• Focus on use of IT strategically to fulfill the organizational mission and to compete effectively

• Making sure that organization’s IT resources are managed effectively and that management controls IT related risks

Fraud triangle (SAS 99)Fraud triangle (SAS 99)

Incentive / pressure Opportunity rationalization

SOXSOX

Section 201 – services outside scope of practice of auditors

Section 302 – corporate responsibility for financial reports

Section 404 – management assessment of IC – Small companies must now comply –

see SEC press release

Continuous Auditing Continuous Auditing

In groups of two to three, answer the following questions:– List two definitions of continuous auditing in

the paper and explain how they differ– Develop your own definition of continuous

auditing– Approximately what year did continuous

auditing start in?

Continuous Auditing Continuous Auditing

In groups of two to three, answer the following questions:– Identify factors influencing whether internal

auditing can be appraised as attaining continuous auditing status

– How does continuous auditing differ from continuous monitoring?

Continuous Auditing – American Electric Power Continuous Auditing – American Electric Power

In groups of two to three, answer the following questions:– How does American Electric Power

implement continuous auditing?– What technology does American Electronic

Power internal auditing use to implement continuous auditing

– What is a safety audit?

Continuous Auditing - Microsoft Continuous Auditing - Microsoft

In groups of two to three, answer the following questions:– What factors did Microsoft expect when it

developed its continuous auditing program? – What problems did it actually encounter?– Is Microsoft using continuous auditing or

continuous monitoring (or both) today? Explain..– How does Microsoft internal audit monitor is

business activities for possible fraud?

Continuous Auditing – Hospital Corporation of America Continuous Auditing – Hospital Corporation of America

In groups of two to three, answer the following questions:– How does Hospital Corporation of America

(HCA) determine which automated audits to implement?

– Give examples of variables HCA monitors.– How does HCA reduce the threat that senior

management could manipulate their financial statements?

Hot Dog Cart CaseHot Dog Cart Case

What business objectives do you expect your new employee to achieve?

What operational and financial risks do you face with allowing an employee to run your hot dog cart?

Hot Dog Cart CaseHot Dog Cart Case

How can the problem of lack of segregation of duties be addressed when you are away from the business?

Hot Dog Cart CaseHot Dog Cart Case

What controls could you develop to mitigate (notice I did NOT say completely eliminate) the operational and financial risks identified above while achieving your business objectives?

Hot Dog Cart CaseHot Dog Cart Case

How can we organize the controls identified above to ensure that our business objective is achieved?

Questions for WednesdayQuestions for Wednesday

Identify two control frameworks discussed in our textbook and determine if either framework would be useful if you were considering expanding your hot dog cart business