Professional Documents
Culture Documents
Auditing in A CIS Environment V1
Auditing in A CIS Environment V1
Auditing in a CIS
Environment
(Understanding the Client and Its Environment Including Internal Control)
Sir Ali
V.1
Diagram of the Audit
Plan Audit Perform Test of Controls
Note: Computer processing (historically referred to as Electronic Data Processing or EDP) does not
necessitate modification of the diagram.
I. Auditors Consideration of Internal Control
When a Computer is Present
Auditor’s consideration of internal control may be affected in that computer systems may
a. Result in transaction trails that exist for a short period of time or only in computer readable
form.
b. Include program errors that cause uniform mishandling of transactions.
c. Include computer controls that need to be tested in addition to segregation of duties.
d. Involve increased difficulty in detecting unauthorized access.
e. Allow increased management supervisory.
f. Include less documentation of initiation and execution of transactions.
g. Include computer controls that affect the effectiveness of related manual control activities
that use computer output.
Test of Operating Effectiveness of Internal Control
Perform TOC
QUESTION!
What are the audit procedures to test the operating effectiveness of general and specific
application controls?
The controls generally most relevant to audits are those that pertain to the entity’s objective
of preparing financial statements for external reporting.
Major Components of Internal Control
a. Control Environment – set the tone of an organization.
Control Environment Factors (I CHAMBO)
I – Integrity and ethical values
C – Commitment to competence
H – Human resource policies
A – Assignment of authority and responsibility
M – Management’s philosophy and operating style
B – Board of directors or audit committee participation
O – Organizational structure
Major Components of Internal Control
b. Risk Assessment – identification, analysis, and management of risks relevant to the
preparation of financial statements following GAAP or some other comprehensive basis.
P – Performance reviews
I – Information processing
P – Physical controls
S – Segregation of duties
Major Components of Internal Control
d. Information and Communication – includes the accounting system, consisting of
the methods and records established to record, process, summarize, and report entity
transactions and to maintain accountability of the related assets and liabilities.