Professional Documents
Culture Documents
Digital Transcations Vs Audit EY
Digital Transcations Vs Audit EY
Digital Transcations Vs Audit EY
versus
Audit
Profesi Keuangan Expo 2022
IAMI
14 October 2022
Auditing Digital Enterprise
• Auditors
• Competency
• Independence
• Auditee Audit
Auditee
• Third-party/Service Organizations Process
• Non-human auditees
1 2 3 4
Identifying Evaluating Testing the Analyzing
payment method roles reconciliation trends
► Auditors will ask for a list ► Auditors will request a list ► Auditors will review prior ► Cashless transactions
of the types of payments of employees involved in sales reconciliations to test create an electronic audit
your company accepts and the receipt, recording, their accuracy and ensure trail. So, there’s ample
the process maps for each reporting and analysis of appropriate recognition of data for auditors to
payment vehicle. Examples cashless transactions. They revenue. This may be analyze. To uncover
of cashless payment will also want to see how especially challenging as anomalies, auditors may,
methods include: your company manages companies implement the for example, analyze sales
- Credit and debit cards, and monitors employee new accounting rules on by payment vehicle, over
- Mobile wallets access to every technology revenue recognition for different time periods and
- Wire transfers, and platform connected to long-term contracts. according to each
- Payments via cashless payments. Auditors also will test employee’s sales activity.
intermediaries. accounting entries related
► Evaluating who handles to such accounts as ► If your company has
► Be prepared to provide each aspect of the cashless inventory, deferred experienced payment
documents detailing how payment cycle helps revenue and accounts fraud, it’s important to
the receipt of cashless auditors confirm whether receivable. share that information with
payments works and how you have the appropriate your audit team. Also tell
the funds end up in your level of security and them about steps you took
company’s bank account. segregation of duties to to remediate the problem
prevent fraud and and recover losses.
misstatement.
Since digital transactions involves the use of the Internet, the most important
risks associated with digital transactions are IT risks.
The following IT risks can be distinguished: IT infrastructure, IT application, and IT IT Risks
business process risks.
IT General
Controls
Application controls
Automated
Type of control
Manual
Manual controls
functioning of automated
misstatement correct
aspects of prevent,
control
1 2 3
IT Risks
Cloud computing services
IT Risks
Cloud computing services
Client responsible
Configurable controls have additional IT risks related to inappropriate users with access to
change the control configuration to affect transaction processing.
Configurable Non-configurable
• A public sector entity’s management is responsible for ensuring the privacy of personal
information obtained through electronic service delivery activities. Although privacy
and security of information are highly related, secure electronic delivery service
systems do not automatically provide assurance that privacy is not being abused or
violated.
• Management is responsible for ensuring that electronic service delivery operations are
conducted in compliance with applicable laws and regulations.
01
In order to test the controls, the auditor should determine whether the entity has
responded to the identified inherent risks in the IT system by establishing effective
internal controls. From the auditor’s perspective internal controls and internal
control systems are effective when they prevents inherent risks in the IT system
from causing material error, fault or failure during a specified period.
02
A material prerequisite for the assessment of the effectiveness of controls is the
auditor’s assessment of the appropriateness of management’s evaluation of IT risks
in the context of the implementation of the IT strategy.
03
To test the effectiveness of the internal controls, the following steps are required in
04
the audit areas defined in audit planning:
• Documentation of the IT system as the basis for the auditor’s understanding of
the internal controls and the internal control system;
• Testing the design of the internal controls (test of design);
• Testing the operation of the IT controls (test of operation).
The purpose of tests of design is to assess, whether the stipulated controls are
05
appropriate and effective to the extent intended. The specific controls (i.e. input,
output and processing controls) and their interaction are the subjects of this test.
Typical audit procedures for tests of design include reviewing documents, making
inquiries, observing activities and work processes.
06
Page 22 13 October 2022 Presentation title
Focus of Auditing Digital Enterprise