![Page 1: Chapter 13 Auditing Information Technology Presentation Outline I.Concepts in Information Systems Auditing II.Auditing Technology for Information Systems](https://reader036.vdocuments.us/reader036/viewer/2022062300/56649d985503460f94a81dd8/html5/thumbnails/1.jpg)
Chapter 13Auditing Information Technology
![Page 2: Chapter 13 Auditing Information Technology Presentation Outline I.Concepts in Information Systems Auditing II.Auditing Technology for Information Systems](https://reader036.vdocuments.us/reader036/viewer/2022062300/56649d985503460f94a81dd8/html5/thumbnails/2.jpg)
Presentation Outline
I. Concepts in Information Systems Auditing
II. Auditing Technology for Information Systems
![Page 3: Chapter 13 Auditing Information Technology Presentation Outline I.Concepts in Information Systems Auditing II.Auditing Technology for Information Systems](https://reader036.vdocuments.us/reader036/viewer/2022062300/56649d985503460f94a81dd8/html5/thumbnails/3.jpg)
I. Concepts in Information Systems Auditing
A. The Phases to the Information Systems
Audit
B. Structure of the Financial Statement Audit
C. Auditing Around the Computer
D. Auditing With the Computer
E. Auditing Through the Computer
![Page 4: Chapter 13 Auditing Information Technology Presentation Outline I.Concepts in Information Systems Auditing II.Auditing Technology for Information Systems](https://reader036.vdocuments.us/reader036/viewer/2022062300/56649d985503460f94a81dd8/html5/thumbnails/4.jpg)
A. Phases of the Information Systems Audit
1. Initial review and evaluation of the area to be audited, and the audit plan preparation
2. Detailed review and evaluation of controls
3. Compliance testing4. Analysis and reporting of
results
![Page 5: Chapter 13 Auditing Information Technology Presentation Outline I.Concepts in Information Systems Auditing II.Auditing Technology for Information Systems](https://reader036.vdocuments.us/reader036/viewer/2022062300/56649d985503460f94a81dd8/html5/thumbnails/5.jpg)
B. Structure of the Financial Statement Audit
TransactionsTransactionsAccounting
SystemAccounting
System
FinancialReportsFinancialReports
Interim Audit
Compliance Testing
Financial Statement Audit
Substantive Testing
![Page 6: Chapter 13 Auditing Information Technology Presentation Outline I.Concepts in Information Systems Auditing II.Auditing Technology for Information Systems](https://reader036.vdocuments.us/reader036/viewer/2022062300/56649d985503460f94a81dd8/html5/thumbnails/6.jpg)
B1. Compliance Testing
Auditors perform tests of controls to determine that the control policies, practices, and
procedures established by management are functioning as planned. This is known as
compliance testing.
![Page 7: Chapter 13 Auditing Information Technology Presentation Outline I.Concepts in Information Systems Auditing II.Auditing Technology for Information Systems](https://reader036.vdocuments.us/reader036/viewer/2022062300/56649d985503460f94a81dd8/html5/thumbnails/7.jpg)
B2. Substantive Testing
Substantive testing is the direct verification of financial statement figures. Examples would
include reconciling a bank account and confirming accounts receivable.
Audit Confirmation
To ABC Co. Customer:
Please confirm that the balance of your account
on Dec. 31 is _____ .
![Page 8: Chapter 13 Auditing Information Technology Presentation Outline I.Concepts in Information Systems Auditing II.Auditing Technology for Information Systems](https://reader036.vdocuments.us/reader036/viewer/2022062300/56649d985503460f94a81dd8/html5/thumbnails/8.jpg)
C. Auditing Around the Computer
The auditor ignores computer processing. Instead, the auditor selects source documents that have been input into the system and summarizes them manually to see if they match the output of
computer processing.
Processing
![Page 9: Chapter 13 Auditing Information Technology Presentation Outline I.Concepts in Information Systems Auditing II.Auditing Technology for Information Systems](https://reader036.vdocuments.us/reader036/viewer/2022062300/56649d985503460f94a81dd8/html5/thumbnails/9.jpg)
D. Auditing With The Computer
The utilization of the computer by an auditor to perform some audit work that would otherwise
have to be done manually.
![Page 10: Chapter 13 Auditing Information Technology Presentation Outline I.Concepts in Information Systems Auditing II.Auditing Technology for Information Systems](https://reader036.vdocuments.us/reader036/viewer/2022062300/56649d985503460f94a81dd8/html5/thumbnails/10.jpg)
E. Auditing Through the Computer
The process of reviewing and evaluating the internal controls in an electronic data
processing system.
Audit
![Page 11: Chapter 13 Auditing Information Technology Presentation Outline I.Concepts in Information Systems Auditing II.Auditing Technology for Information Systems](https://reader036.vdocuments.us/reader036/viewer/2022062300/56649d985503460f94a81dd8/html5/thumbnails/11.jpg)
II. Auditing Technology for Information Systems
A. Review of Systems Documentation
B. Test Data
C. Integrated-Test-Facility (ITF) Approach
D. Parallel Simulation
E. Audit Software
F. Embedded Audit Routines
G. Mapping
H. Extended Records and Snapshots
![Page 12: Chapter 13 Auditing Information Technology Presentation Outline I.Concepts in Information Systems Auditing II.Auditing Technology for Information Systems](https://reader036.vdocuments.us/reader036/viewer/2022062300/56649d985503460f94a81dd8/html5/thumbnails/12.jpg)
A. Review of Systems Documentation
The auditor reviews documentation such as narrative descriptions, flowcharts, and program listings. In desk checking the auditor processes
test or real data through the program logic.
![Page 13: Chapter 13 Auditing Information Technology Presentation Outline I.Concepts in Information Systems Auditing II.Auditing Technology for Information Systems](https://reader036.vdocuments.us/reader036/viewer/2022062300/56649d985503460f94a81dd8/html5/thumbnails/13.jpg)
B. Test Data
The auditor prepares input containing both valid and invalid data. Prior to processing the test
data, the input is manually processed to determine what the output should look like.
The auditor then compares the computer-processed output with the manually processed
results.
![Page 14: Chapter 13 Auditing Information Technology Presentation Outline I.Concepts in Information Systems Auditing II.Auditing Technology for Information Systems](https://reader036.vdocuments.us/reader036/viewer/2022062300/56649d985503460f94a81dd8/html5/thumbnails/14.jpg)
Illustration of Test Data Approach
Computer Operations
Prepare TestTransactionsAnd Results
Prepare TestTransactionsAnd Results
Auditors
ComputerApplication
System
ComputerApplication
System
ComputerOutput
ComputerOutput
Auditor Compares
TransactionTest Data
TransactionTest Data
Manually Processed
Results
Manually Processed
Results
![Page 15: Chapter 13 Auditing Information Technology Presentation Outline I.Concepts in Information Systems Auditing II.Auditing Technology for Information Systems](https://reader036.vdocuments.us/reader036/viewer/2022062300/56649d985503460f94a81dd8/html5/thumbnails/15.jpg)
C. Integrated Test Facility (ITF) Approach
A common form of an ITF is as follows:
1. A dummy ITF center is created for the auditors.
2. Auditors create transactions for controls they want to test.
3. Working papers are created to show expected results from manually processed information.
4. Auditor transactions are run with actual transactions.
5. Auditors compare ITF results to working papers.
![Page 16: Chapter 13 Auditing Information Technology Presentation Outline I.Concepts in Information Systems Auditing II.Auditing Technology for Information Systems](https://reader036.vdocuments.us/reader036/viewer/2022062300/56649d985503460f94a81dd8/html5/thumbnails/16.jpg)
Illustration of ITF Approach
ComputerApplication
System
ComputerApplication
System
ReportsWith Only Actual Data
ReportsWith Only Actual Data
AuditorsComputer Operations
Prepare ITFTransactionsAnd Results
Prepare ITFTransactionsAnd Results
ActualTransactions
ActualTransactions
ITFTransactions
ITFTransactions
Data FilesData FilesITF Data
ReportsWith Only ITF Data
ReportsWith Only ITF Data
Manually Processed
Results
Manually Processed
Results
Auditor
Compares
![Page 17: Chapter 13 Auditing Information Technology Presentation Outline I.Concepts in Information Systems Auditing II.Auditing Technology for Information Systems](https://reader036.vdocuments.us/reader036/viewer/2022062300/56649d985503460f94a81dd8/html5/thumbnails/17.jpg)
D. Parallel Simulation
The test data and ITF methods both process test data through real programs. With parallel
simulation, the auditor processes real client data on an audit program similar to some aspect of the
client’s program. The auditor compares the results of this processing with the results of the
processing done by the client’s program.
![Page 18: Chapter 13 Auditing Information Technology Presentation Outline I.Concepts in Information Systems Auditing II.Auditing Technology for Information Systems](https://reader036.vdocuments.us/reader036/viewer/2022062300/56649d985503460f94a81dd8/html5/thumbnails/18.jpg)
Illustration of Parallel SimulationComputer Operations Auditors
ActualTransactions
ActualTransactions
ComputerApplication
System
ComputerApplication
System
Auditor’sSimulationProgram
Auditor’sSimulationProgram
Actual ClientReport
Actual ClientReport
Auditor Simulation
Report
Auditor Simulation
Report
Auditor Compares
![Page 19: Chapter 13 Auditing Information Technology Presentation Outline I.Concepts in Information Systems Auditing II.Auditing Technology for Information Systems](https://reader036.vdocuments.us/reader036/viewer/2022062300/56649d985503460f94a81dd8/html5/thumbnails/19.jpg)
E. Audit SoftwareComputer programs that permit computers to be
used as auditing tools include:
1. Generalized audit software
Perform tasks such as selecting sample data from file, checking computations, and searching files for unusual items.
2. P.C. Software
Allows auditors to analyze data from notebook computers in the field.
![Page 20: Chapter 13 Auditing Information Technology Presentation Outline I.Concepts in Information Systems Auditing II.Auditing Technology for Information Systems](https://reader036.vdocuments.us/reader036/viewer/2022062300/56649d985503460f94a81dd8/html5/thumbnails/20.jpg)
F. Embedded Audit Routines1. In-line Code – Application program performs
audit data collection while it processes data for normal production purposes.
2. System Control Audit
Review File (SCARF)–
Edit tests for audit
transaction analysis are
included in program.
Exceptions are written
to a file for audit review.
The Auditor
![Page 21: Chapter 13 Auditing Information Technology Presentation Outline I.Concepts in Information Systems Auditing II.Auditing Technology for Information Systems](https://reader036.vdocuments.us/reader036/viewer/2022062300/56649d985503460f94a81dd8/html5/thumbnails/21.jpg)
G. Mapping
Special software counts the number of times each program statement in a program executes.
Helps identify code that is bypassed when the bypass is not readily apparent in the program code
and/or documentation.
![Page 22: Chapter 13 Auditing Information Technology Presentation Outline I.Concepts in Information Systems Auditing II.Auditing Technology for Information Systems](https://reader036.vdocuments.us/reader036/viewer/2022062300/56649d985503460f94a81dd8/html5/thumbnails/22.jpg)
H. Extended Records and Snapshots
Extended RecordsSpecific transactions are
tagged, and the intervening processing
steps that normally would not be saved are added to the extended record, permitting the
audit trail to be reconstructed for these
transactions.
Snapshot
A snapshot is similar to an extended record
except that the snapshot is a printed
audit trail.
![Page 23: Chapter 13 Auditing Information Technology Presentation Outline I.Concepts in Information Systems Auditing II.Auditing Technology for Information Systems](https://reader036.vdocuments.us/reader036/viewer/2022062300/56649d985503460f94a81dd8/html5/thumbnails/23.jpg)
Summary
Compliance and Substantive TestingAuditing Around the ComputerAuditing with the Computer
Auditing Through the ComputerTesting Approaches Through the Computer