Group Three

Submitted to
Mohammed Seid (Assistant Professor)

Prepared by
GROUP MEMBERS ID NO
EDEN AREGAWI CBE/PE/807/09AA
HUNYALEW TESFU CBE/PE/814/09AA
MANAYE MEKONNEN CBE/PE/817/09AA
SEBILA KIYAR CBE/PE/819/09AA
WASIHUN TEKLIE CBE/PE/823/09AA
April 2017
 Chapter 6
INFORMATION
TECHNOLOGY
AUDIT AND
ASSURANCE
Objectives
 Purpose of an audit and the basic
conceptual elements of the IS audit process
 How auditing objectives and tests of control
are determined by the control structure of
the client firm
 Types of IT audits
 IT audit technologies
 Auditing techniques used to verify the
effective functioning of application controls
 Auditing techniques used to perform
substantive tests
Introduction
Assurance:
professional services that are designed to improve the quality
of information, both financial and non-financial, used by
decision-makers
includes, but is not limited to attestation
Attestation
an engagement in which a practitioner is engaged to issue,
or does issue, a written communication that expresses a
conclusion about the reliability of a written assertion that is
the responsibility of another party.
Auditing
• is a systematic process of objectively obtaining and evaluating
evidence regarding assertions about economic actions and
events to ascertain the degree of correspondence between the
assertions and established criteria
6.1. Information system auditing concept
 Since most information systems employ information
technology, the IT audit is typically a significant
component of all external (financial) and internal
audits.
 IS audits:
focus on the computer-based aspects of an
organization’s information system
assess the proper implementation, operation, and
control of computer resources
 6.1. Information system auditing
concept
 Function
Evaluate computer’s role in achieving audit and control
objectives

 Assurance Provided
Data and information are reliable, confidential, secure, and
available
Safeguarding assets, data integrity, and operational
effectiveness
6.1. Information system auditing
concept
 The IS audit function encompasses all the
components of a computer-based AIS: people,
procedures, hardware, data communications
,software, and databases.

 These components are a system of interacting

elements that auditors examine to accomplish the
purposes of their audits.
 External auditors examine an organization’s computer-
based AIS primarily to evaluate how the organization’s
control procedures over computer processing affect
the financial statements (attest objectives)
6.1. Information system auditing concept

 Modern financial reporting is driven by

information technology (IT)
 IT initiates, authorizes, records, and
reports the effects of financial transactions.
Financial reporting IC are inextricably
integrated to IT
6.1. Information system auditing
concept
6.2. Information system auditing
Technology
 Computer-Assisted Audit Techniques
(CAAT)
Use of computer processes to perform audit
functions
Performing substantive test
IS Audit processes
 Auditing Software
 Auditors can use a variety of software when
auditing with the computer.
Examples
 include general-use software such as word
processing programs, spreadsheet software,
and database management systems
 For instance
Word processing programs improve
effectiveness when writing reports because
built-in spell checks can significantly reduce
spelling errors
Auditing Software
 Spreadsheet software allows both accountants
and auditors to make complex calculations
automatically.

 It also allows the user to change one number

and update all related numbers at the click of a
mouse
Generalized Audit Software
 Generalized audit software (GAS) packages (or
programs) enable auditors to review computer
files without continually rewriting processing
programs.
 GAS includes mathematical computations, cross
footing, categorizing, summarizing, merging
files, sorting records, statistical sampling, and
printing reports.
 The advantage GAS packages have over other
software is that these programs are specifically
tailored to auditor tasks
Generalized Audit Software
Two popular GAS packages used by
auditors are
1. Audit Command Language (ACL) and

2. Interactive Data Extraction and Analysis

(IDEA).

 These programs allow auditors to

examine a company’s data in a variety
of formats.
Automated Work-paper Software
 The advantage of using automated work-
paper software is that Auditors can use this
software to prepare consolidated trial
balances and financial statements (that
combine accounts of multiple companies)
 In addition, automated work-paper software
can easily calculate financial statement ratios
and measurements, such as the current ratio,
the working capital , the inventory turnover
rate ,and the price-earnings ratio
Phases of an IS Audit
6.3. Types of Information system
Audit
 COSO identifies two groups of IS controls:
Application controls – apply to specific
applications and programs, and ensure data
validity, completeness and accuracy
• are designed for each software application and
o are intended to help a company
 To satisfy the six transaction-related audit
objectives.
Application controls fall into three categories:
Input
Processing, and
Output
6.3.Types of Information system Audit
 General controls – apply to all systems and
address IT governance and infrastructure,
security of operating systems and databases, and
application and program acquisition and
development
 Includes
Administration of IS functions
Separation of IS duties
Systems Development
Physical and online security
Backup and Contingency Planning
Hardware Controls
Types of Audit Tests
 Tests of controls – tests to determine if
appropriate IC are in place and functioning
effectively
 Substantive testing – detailed examination of
account balances and transactions
6.4. Information technology Governance

IT governance
 is a broad concept relating to the decision
rights and accountability for encouraging
desirable behavior in the use of IT.
Centralized IT Structure
 Critical to segregate:
systems development from computer operations
database administrator (DBA) from other
computer service functions
○ DBA’s authorizing and systems development’s
processing
○ DBA authorizes access
maintenance from new systems development
data library from operations
Distributed IT Structure
 Despite its many advantages, important IC
implications are present:
incompatible software among the various work
centers
data redundancy may result
consolidation of incompatible tasks
difficulty hiring qualified professionals
lack of standards