AUDCISE NOTES

1. Definition of Computer-based Information System

is a data processing system into a high-quality information and can be used as tools that
support decision-making, coordination and control as well as visualization and analysis.

2. Definition and Objective of IT Auditing

IT Audit is the process of collecting and evaluating evidence to determine whether a

computer system has been designed to maintain data integrity, safeguard assts, allows
organizational goals to be achieved effectively, and uses resources efficiently.

*IT Audit helps organizations in ascertaining the level of compliance with the applicable laws,
policies and standards in relation to IT.

3. Characteristics of a CIS Environment

- These systems provide fast, centralized access to database of personnel information and
reference reading.
- CIS Exists when a computer of any type or size is involved in the processing by the entity
of financial information of significance to the audit, whether that computer is operated
by the entity or by a third party.

- ABSENCE OF INPUT DOCUMENTS – data maybe entered directly into the computer
system without supporting documents.
- LACK OF VISIBLE TRANSACTION TRAIL AND OUTPUT – Certain data maybe
maintained on computer files only. Processing results may not be printed or only a
summary of data may be provided.
- CONSISTENCY OF PERFORMANCE – CIS perform functions exactly as programmed and
are potentially more reliable than manual systems.
- EAS OF ACCESS TO DATA AND COMPUTER PROGRAMS – Data and programs maybe
accessed and altered by an unauthorized person through the use of computer equipment
at remote locations.
- LACK OF SEGREGATION OF FUNCTIONS (CONCENTRATION OF DUTIES) – because of
the ability of the computer to process data efficiently, there are functions that are
normally segregated in manual processing that are combined in a CIS environment
- POTENTIAL FOR INCREASED MANAGEMENT SUPERVISION – CIS offers a variety of
analytical tools that maybe used to review and supervise the operations of that entity that
may be used to enhance the entire internal control structure.
- VULNERABILITY OF DATA AND PROGRAM STORAGE MEDIA – Large volumes of data
and programs are vulnerable to theft, loss, natural deterioration or destruction.
- POTENTIAL FOR THE USE OF COMPUTER ASSISTED AUDIT TECHNIQUES – the case
of processing and analyzing large quantities of data using computers may provide the
 auditors with opportunities to apply general or specialized computer audit techniques
and tools in the execution of audit tests.

4. ERP System (enterprise resource planning)

The objective of ERP is to integrate key process of the organization such as order entry,
manufacturing procurement and accounts payable, payroll, and human resource etc. By doing
so, a single computer system can serve the unique needs of each functional area. ERP
combines all of these into a single, integrated system that access a single database to facilitate
the sharing of information and to improve communications across the organization.
*Falls into two general groups:
CORE APPLICATIONS & BUSINESS ANALYSIS APPLICATIONS

CORE APPLICATIONS – are those applications that operationally support the day-to-day
activities of the business. Typical core applications include sales and distribution, business
planning, production planning, shop floor control, and logistics. Core applications are also
called ONLINE TRANSACTION PROCESSING (OLTP) applications.

*OLTP is a category of data processing that is focused on transaction-oriented tasks. Involves

inserting, updating, and/or deleting small amounts of data in a database.
*OLTP examples: airline reservation systems, bank automatic teller systems, and internet
website sales system.

BUSINESS ANALYSIS APPLICATIONS (Online analytical processing, OLAP) – It is a

decision support tool that supplies management with real-time information and permits
timely decisions that are needed to improve performance and achieve competitive advantage.
OLAP includes decision support, modeling, information retrieval, ad hoc reporting/analysis,
and what-if analysis.

*OLAP database stores historical data that has been inputted by OLTP. It allows a user to view
different summaries of multi-dimensional data. Using OLAP, you can extract information
from a large database and analyze it for decision making. OLAP also allows a user to execute
complex queries to extract multidimensional data.

DATA WAREHOUSE - is a huge (TB storage) relational or multi-dimensional database. If

organized ofr a single department or function, it is termed a “data mart”

5. IT General Controls vs IT Application Controls

IT GENERAL CONTROLS (ITGC) – control the design, security, and use of computer
programs and the security of data files in general throughout the organization. Not
application specific IT general controls apply to all computerized applications and consist of
 a combination of system software and manual procedures that create an overall control
environment.

IT APPLICATION CONTROLS – are specific controls unique to each computerized

application, such as payroll, accounts receivable, and order processing. Objective is to ensure
the validity, completeness and accuracy of financial transactions. These controls are designed
to be application-specific.

Examples:

• Format Check – the requirement that the date of a sales invoice be input in numeric
format only – not numeric and alphanumeric
• A cash disbursements batch balancing routine that verifies that the total payments
to vendors reconciles with the total postings to the accounts payable subsidiary
ledger.

UNIT 2

1. Pre-engagement Procedures (Audit Charter vs Engagement Letter)

2. Audit Planning (Risk Assessment Procedures/Audit Risk Model)
3. Audit Reporting (Opinion vs Recommendation)