Module 1. COMPUTERIZED INFORMATION (CIS) 2.

Application Controls
ENVIRONMENT a. Input Controls
i. Limit Check (Reasonableness Check)
AUDITOR’S RESPONSIBILITY TO AUDIT OF CIS
ii. Validity Check
ENVIRONMENT iii. Format Check
AUDITOR’S RESPONSIBILITY TO AUDIT OF CIS iv. Field Check
ENVIRONMENT v. Check Digit
 Plan, direct, and review work performance of
the management b. Processing Controls
 Seek assistance of a professional i. Run Control Totals (Sum Checks)
 Understand the CIS environment of the client; ii. Computer Matching (Data Matching)
influence the assessment of IR and CR iii. Batch Controls
 Consider the environment in designing audit
procedures to reduce risk c. Output Controls

THE IMPACT OF COMPUTERS ON ACCOUNTING AND Module 2.

INTERNAL CONTROL SYSTEMS
1. Process of Recording Transactions
2. Process of Recording Transactions
3. Form and Storage of Accounting Records
a. a. Absence of Input Documents
b. Lack of Visible Audit Trail
c. Lack of Visible Output
b. Lack of Visible Output
d. Ease of access to data and computer
programs
4. Use of Accounting Codes
DESIGN AND PROCEDURAL ASPECTS IN A CIS
ENVIRONMENT
1. Consistency of performance
2. Programmed control procedures
3. Single transaction update of multiple or data
base computer files
4. Systems generated transactions
5. Vulnerability of data and program storage
media
Internal Controls in a CIS Environment
Eight (8) COSO Components:
1. Internal Environment
2. Objective Setting
3. Event Identification
4. Risk Assessment
5. Risk Response
6. Control Activities
7. Information & Communication
8. Monitoring
COSO Two Broad Group of IS Controls:
1. General Controls
a. Organization and Management controls
b. Systems Development and Maintenance controls
c. Delivery and Support controls
d. Monitoring controls
Audit Approaches in a CIS Environment
a. Black-box approach
b. White-box approach
Common Types of Tests of Controls:
1. Access tests
2. Accuracy tests
3. Completeness tests
Computerized Information Systems (CIS)
Environments
1. STAND-ALONE PERSONAL COMPUTERS
2. ON-LINE COMPUTER SYSTEMS
Terminals used in online systems:
a. General Purpose Terminals
b. Special Purpose Terminals
Types of online computer systems:
a. Real Time Processing
b. Batch Processing
c. On-line Downloading or Uploading
Processing
Basic Types of Networks:
a. Local Area Network (LAN)
b. Wide Area Network (WAN)
c. Metropolitan Area Network (MAN)
3. DATABASE SYSTEMS
Auditing Operating Systems
- OP must protect itself from users.
- must protect users from each other.
- must protect users from themselves.
- must be protected from itself.
- must be protected from its environment.
Operating Systems Security
a. Log-On Procedure
 b. Access Token Advantages of Test Data Techniques
c. Access Control List a. Through the computer testing, explicit evidence
d. Discretionary Access Privileges concerning application function
b. Properly plan, test data runs w/ only minimal
1. Auditing Access Privileges Access Privileges disruption to org”s operations
2. Password Control c. Require minimal computer expertise
3. Malicious and Destructive Programs
4. System Audit Trail Controls System Disadvantages of Test Data Techniques
Setting Audit Trail Objectives: a. Auditors rely on computer service personnel to
a. Detecting Unauthorized Access obtain copies for test purposes.
b. Reconstructing Events b. Provide static picture of app integrity at a single
c. Personal Accountability point in time
c. High cost of implementation
Auditing Networks
2. The Integrated Test Facility
1. Intranet Risks Advantages of ITF
2. Internet Risks a. supports ongoing monitoring of controls
a. IP Spoofing b. Applications can be economically tested without
b. Denial of Service Attack disrupting the user's operations.
c. improves the efficiency of the audit and
Auditing Electronic Data Interchange (EDI) increases the reliability of the audit evidence
EDI Controls: gathered.
a. Authentication
b. Encryption Disadvantages of ITF
c. VAN Controls a. adjusting entries may be processed to remove
the effects of ITF from general ledger account
Auditing PC-Based Accounting Systems balances
b. data files can be scanned by special software
Auditing Database Systems that remove the ITF transactions.
a. Access Controls
3. Parallel Simulation
b. Backup Controls i. Creating a Simulation Program
ii. Continuous audit techniques
Audit Procedures of Testing Database Access a. AUDIT MODULES
a. Biometric Controls b. SYSTEMS CONTROL AUDIT REVIEW FILES
b. Inference Controls (SCARFs)
c. Encryption Controls c. AUDIT HOOKS
d. TRANSACTION TAGGING
MODULE 3. e. EXTENDED RECORDS
COMPUTER-AIDED AUDIT TOOLS AND TECHNIQUES
FOR TESTING CONTROLS COMPUTERIZED AUDIT TOOLS
Factors using CAATS:
1. Audit software
a. Degree of technical competence in IT
b. Availability of CAATs and appropriate computer a. Package programs (also called generalized audit
facilities software)
c. Impracticability of manual tests b. Purpose-written programs
d. Effectiveness and efficiency
e. Timing to test 2. Electronic spreadsheets
3. Automated workpaper software
I. Historical audit techniques 4. Text retrieval software
1. Test Data Method 5. Database management systems
i. Creating Test Data 6. Public databases
a. Base Case System Evaluation
b. Tracing