1 / 36

SECTION 8

SECTION 8. Auditing Complex EDP Systems. Auditing Complex EDP Systems. Computer used extensively simple batch processing complex on-line, real-time processing Computer affect two aspects if audit risk assessing control risk managing detection risk. Around vs. Through the Computer. Around

cleo-phelps
Download Presentation

SECTION 8

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. SECTION 8 Auditing Complex EDP Systems

  2. Auditing Complex EDP Systems • Computer used extensively • simple batch processing • complex on-line, real-time processing • Computer affect two aspects if audit risk • assessing control risk • managing detection risk

  3. Around vs. Through the Computer • Around • manually calculate INPUT and trace to OUTPUT • Through • test the controls in the computer

  4. Impact of Computer Controls • Change in the Audit Trail • less documentation offset by programmed controls • file storage reduces need for hard copy • testing shift to examination of EDP controls

  5. computer processing allows combining functions that are usually separate in manual systems • e.g. input editing of a sales transaction • customer number • credit limit • inventory number and price • Combination of Functions

  6. Types of EDP Accounting Systems • Batch Processing • accumulated and processed in groups • what is the main form of control? • the main problem?

  7. Compare BatchTotal Input Convert to machine readable form Process Transactions T/A Tape Old Master New Master Output Batch Processing System

  8. transactions are edited on-line as they occur • continuous file updating • more complex than batch • how does this method affect the audit trail? • Real-Time Processing

  9. Terminal Update Master File 1 Master File 2 Master File 3 Input Batch Processing System

  10. Time Sharing and Service Bureaus • Time sharing • an entity processes data for itself and other entities • i.e. shares its computer • Service bureau • process transactions for other entities • i.e. this is their business

  11. Separate Files vs. Integrated Data Base • File System • main characteristic? • Data Base • main characteristic?

  12. Hardware Configurations • Electronic Data Interchange (EDI) • on-line format • computer-to-computer exchange • public standard format • Accredited Standards Committee of the American National Standards Institute • ANSI X12

  13. Manufacturers Computer Suppliers Computer Customer 1 Company Computer Third Party Network Customer 2 Customer 3 • The Direct Approach Two methods for EDI • The Indirect Approach

  14. small firms • low cost and advanced hardware • Distributed Data Processing • companies with branches and divisions • geographic dispersion • Small Computer Systems

  15. Branch 1 Computer Head Office Mainframe Branch 2 Computer Branch 4 Computer Branch 3 Computer A Distributed System • Types of computers at the branches?

  16. Kinds of EDP Controls • Two main classifications • General controls • Application controls

  17. Chief Operating Officer Director of MIS EDP Manager Computer Operators Programmers Systems Analysts Input Preparation Data Control Data Librarian • Organization and Operating Controls • segregation of duties very important General Controls

  18. control over definition, design, development, testing, and documentation of systems • once designed and developed, the system must be thoroughly tested • systems and programs must be documented 1. 2. 3. • Systems Development & Documentation

  19. prevents unauthorized use • batch systems • who controls access in this case? • on-line systems • primary control for access? • Access Controls

  20. to control daily operations • backup files on and off the premises • environmental controls • Data and Procedural Controls

  21. a separate set for each application controls • How are application controls classified? • Input Controls • computer edit controls • ensure completeness and accuracy of input Application Controls

  22. concerned with data manipulation once it is in the computer • what type of control can used as a process control? • Output Controls • verification and distribution of output • Process Controls

  23. Understand EDP Controls NO Document Understanding YES Test Controls Assess Control Risk Design Substantive Tests Techniques for Testing EDP-Based Controls • Best to understand as a number of steps as shown in the following flowchart Test further

  24. Two main ways: • observation and enquiry • studying the system and program documentation • Observation and Enquiry • should look for the following: • Segregation of functions • Control of access to files and programs Gaining an Understanding of EDP Controls

  25. Approval of new systems and programs • Existence of hardware and environmental controls • The functioning of data and procedural controls • Backup files

  26. Documentation is an integral part • Should include 1. 2. • Systems and Program Documentation

  27. Auditor should be able to identify those controls that are necessary for the effectiveness of the application • by testing these controls, which component of audit risk may be reduced? • Two ways to look at testing 1. 2. The Testing of EDP Controls

  28. CPU Audit Comparison Auditor Predetermines Output Client Input Client Output Client Input Predetermined Output • Auditing Around the Computer

  29. CPU Comparison Auditor Predetermines Results Auditor Input Output Auditor Input Predetermined Results • Auditing Through the Computer

  30. Techniques for Auditing Through the Computer • Test Data Approach • simulated data • of what should this data consist? • main problems of this approach 1. 2.

  31. also called the Integrated Test Facility • a fictitious entity is created • fictitious transactions are processed along with regular transactions • any problems with this approach? • Mini Company Approach

  32. Auditor creates an application program that simulates the system • uses client data as input • potential uses of this approach • sampling • computations • comparing • summarizing • Simulation / Auditor’s Program Approach

  33. most common type of audit software • transportable from one client to another • independent • limited by the availability of the clients data files • Generalized Audit Software

  34. Small Computer Systems • Widespread • Weaknesses in General Controls 1. Lack of segregation of duties 2. Location of the computer

  35. Limited Knowledge of EDP • Special Consideration for Application Controls 1. Data Entry 2. Data processing 3. Absence of Limit and Reasonableness Tests

  36. The effect of computer size on the auditor • General controls are often weak • More reliance on application controls • If application controls and any manual controls are not reliable, what should the auditor do with regards to testing? • Study and Evaluation of Internal Control

More Related