Scribd
Upload
701 views

Chapter 2 Audit in Computerized Environment

This document provides an overview of auditing in a computerized environment. It discusses accounting information systems, the impact of IT on auditing economics, security concepts, and information systems management. Accounting records in computerized systems are stored in files like master, parameter, and transaction files with different security levels. IT impacts audit planning, risk assessment, tools, and documentation. Security involves maintaining data confidentiality, integrity and availability through controls. Information systems audits evaluate security, management of resources like data, applications and facilities, and controls implemented through systems software.

Uploaded by

Steffany Roque
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
701 views

Chapter 2 Audit in Computerized Environment

This document provides an overview of auditing in a computerized environment. It discusses accounting information systems, the impact of IT on auditing economics, security concepts, and information systems management. Accounting records in computerized systems are stored in files like master, parameter, and transaction files with different security levels. IT impacts audit planning, risk assessment, tools, and documentation. Security involves maintaining data confidentiality, integrity and availability through controls. Information systems audits evaluate security, management of resources like data, applications and facilities, and controls implemented through systems software.

Uploaded by

Steffany Roque
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

AUDITING IN CIS ENVIRONMENT

CHAPTER 2
AUDIT IN COMPUTERIZED ENVIRONMENT

Objective
1. Explain the Accounting Information Systems in Computerized
Environment
2. Explain Impact of IT on Economics of Auditing
3. Discuss the Concept of Security
4. Discuss the IS Management

Accounting Information Systems in Computerized


Environment

In this section we bring out the fact that Accounting Information System in the
manual and computerized environment is not the same.

In the computerized environment accounting records are kept in computer files,


which are of three types, namely master file, parameter file and transaction file.
This classification is not based on the types of records but on the basis of need
and frequency of updation and level of security required. File and record
security is implemented using the facilities provided by the operating system,
database and application software.

With the increasing use of information systems, transaction-processing


systems play a vital role in supporting business operations. And many a times,
a TPS is actually AIS. Every transaction processing system has three
components—input, processing and output. Since Information Technology
follows the GIGO principle, it is necessary that input to the system be accurate,
AUDITING IN CIS ENVIRONMENT

complete and authorized. This is achieved by automating the input. A large


number of devices are now available to automate the input process for a TPS.
There are two types of TPS—Batch processing and On-line processing. The
documents, control and security implementation is different for each system.

COBIT (Control Objectives for Information Technology) is an internal


control framework established by ISACA for an information system. COBIT
can be applied to the Accounting Information System. To apply the COBIT
framework an organization should
1.Define the information system architecture
2. Frame security policies
3. Conduct technology risk assessment
4. Take steps to manage technology risks like

 Designing appropriate audit trails; providing systems, software security;


Having a business continuity plan; Managing IS resources like data,
applications and facilities; Periodically assessing the adequacy of internal
controls and obtaining independent assurance for the information system.

Thus, we explain the functioning of typical sales, purchase and pay roll
accounting system in a computerized environment. In particular, we focus on
the inputs required, application control, processing, reports generated,
exception reports, files used and standing data used.

To enable an auditor to understand the accounting information system so that


he can collect audit evidence, we have covered flow charting techniques too.

Impact of IT on Economics of Auditing

In this section we have discussed the impact of IT on the


nature and economics of auditing. With the emerging areas
of practice and the auditors having acquired IT skills, the
economics of auditing have also changed. During the past
three decades, IFAC has issued several relevant standards
for auditing in a computerized environment. These standards
cover areas like risk assessment in a computerized
environment, stand-alone computers, database systems,
on-line information systems, etc. Some standards issued for
the manual environment are also applicable here. AICPA
and ISACA have issued standards covering various areas in
IS audit. Some of its standards like standards on evidence,
audit planning, etc. are relevant for financial auditors and find
a mention in this section.

Information Technology also impacts audit documentation,


reporting, work papers, etc. Auditing in a computerized
environment integrates the skills and knowledge of traditional auditing,
information systems, business and technology risks and IT impacts auditing,
audit planning, audit risk, audit tools and techniques, etc. Since detection of
AUDITING IN CIS ENVIRONMENT

risks can now be controlled using computer assisted tools and techniques,
overall audit risks can be controlled and reduced.

This risk-based audit approach starts with the preliminary review. The next
step is risk assessment. Under the audit approach, depending upon the
intensity of the use of Information Technology, audit is done either through the
computers or around the computers. Once the approach is decided, the next
step is to assess general IS controls and application controls. Using CAATs,
the controls are assessed, evidence is collected, evaluated and reports are
prepared using the information systems.

Concept of Security

In this section we discuss the concept of security in detail. IS resources are


vulnerable to various types of technology risks and are subject to financial,
productivity and intangible losses. Resources like data actually represent the
physical and financial assets of the organization.

Security is a control structure established to maintain confidentiality, integrity


and availability of data, application systems and other resources.

Few principles need to be followed for effective implementation of


information security. These are:
1. Accountability, which means clear apportionment of duties, responsibilities
and accountability in the organization;
2. Creation of security awareness in the organization;
3. Cost-effective implementation of information security;
4. Integrated efforts to implement security;
5. Periodic assessment of security needs; and
6. Timely implementation of security.

Information security is implemented using a combination of General IS


controls and application controls. General IS controls include implementation
of security policy, procedures and standards, implementation of security using
systems software, business continuity plan and information systems audit.

Besides, various other types of controls are also used for implementation like:
Framing and implementing security policy; environmental, physical, logical and
administrative controls; Physical controls including locks and key, biometric
controls and environmental controls; Logical controls like access controls
implemented by the operating systems, database management systems and
utility software are implemented through sign-on procedures, audit trail, etc;
Administrative controls like separation of duties, security policy, procedures
and standards; disaster recovery and business continuity plans; information
systems audit, etc.
AUDITING IN CIS ENVIRONMENT

IS Management

Information systems audit is a process


to collect and evaluate evidence to
determine whether the information
systems safeguard assets, maintain data
integrity, achieve organizational goals
effectively and consume resources
efficiently.

The common element between any


manual audit and IS audit is data integrity. All types of audits (information
audits) have to evaluate the data integrity. Since IS audit involves efficiency
and effectiveness, it includes some elements of management and proprietary
audit too.

IS audit evaluates the IS management function. According to COBIT, there


are five IS resources. People, application systems, technology, data and
facilities.
The IS management function can be divided into four phases, like any
other management function.

1. Management (which is equivalent for planning and organization)


2. Implementation and deployment
3. Directing and controls
4. Audit and monitoring.

In this section, we discuss the most important activities and controls for each of
the resources during each phase of information systems management. We
also discuss what an IS auditor would like to review during each phase for
each resource.
All said and done, it should never be forgotten that the heart of IS audit is the
systems audit, which reviews the controls implemented on the system using
systems software. Systems audit is a subject of skills acquisition and not
knowledge acquisition. Included is a sample checklist for UNIX audit in the
section.
AUDITING IN CIS ENVIRONMENT

For you to have an idea about Audit in Computerized


Environment kindly watch this video
https://youtu.be/f6w_Dzy5vf0
For more information about Impact of IT on Auditing
Process https://youtu.be/O2a3DIDCGA4
Additional information for Information System Audit
https://youtu.be/R3mw1Cy7cxg

Reference:
Compilation of lecture
notes by Dean Bacay

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy