Professional Documents
Culture Documents
CH 16 Auditing ITand CH 3 ECommerce
CH 16 Auditing ITand CH 3 ECommerce
IS AUDITING CONCEPTS
Auditing through the computer is the process of reviewing and evaluating the internal
controls in an electronic data processing system.
Auditing with the computer is the utilization of the computer by an auditor to perform some
audit work that otherwise would have to be done manually.
Ch 16 and 3 Page 1 of 8
IS AUDITING TECHNOLOGY
• Test data are input containing both valid and invalid data.
• Example: Payroll transactions for fictitious employees are processed concurrently
with valid payroll transactions.
Ch 16 and 3 Page 2 of 8
• Integrated test facility (ITF) involves both the use of test data and
the creation of fictitious records (vendors, employees) on the master files
of a computer system.
• Example: Payroll transactions for fictitious employees are processed concurrently
with valid payroll transactions.
Ch 16 and 3 Page 3 of 8
• Audit software is a computer programs that permit the computer to
be used as an auditing tool.
• Example: An auditor uses a computer program to extract data records from a
master file.
- PC Software
- ACL
- Deloitte & Touche AuditSystem/2
Ch 16 and 3 Page 4 of 8
• Embedded audit routines is a special auditing routines included in
regular computer programs so that transaction data can be subjected to
audit analysis.
• Example: Data items that are exceptions to auditor-specified edit tests included in
a program are written to a special audit file.
Ch 16 and 3 Page 5 of 8
• Analytic flowcharts or other graphic techniques are used to describe
the controls in a system.
• Example: An auditor prepares an analytic flowchart to review controls in the
payroll application system.
TYPES OF IS AUDITS
General Approach to an Information Systems Audit
• The first phase consists of an initial review and evaluation of the area to be audited
and audit plan preparation.
• The second phase is a detailed review and evaluation of controls.
• The third phase involves compliance testing and is followed by analysis and reporting
of results.
Application Audits
• Application controls are divided into three general areas.
1 Input
2 Processing
3 Output
Ch 16 and 3 Page 6 of 8
• Audits might be undertaken in several areas.
• Audits of computer service center operations require a high degree of technical
training and familiarity with computer operations.
Ch 16 and 3 Page 7 of 8
FINAL REVIEW
• 50 Multiple Choice
Ch 16 and 3 Page 8 of 8