SAS94 Overview - PowerPoint PPT Presentation

1 / 31
About This Presentation
Title:

SAS94 Overview

Description:

SAS94 Overview. Chris M. Luikart. Malin, Bergquist & Co., LLP. SAS94 General Statement 'The Effect of Information Technology on the Auditor's Consideration of Internal ... – PowerPoint PPT presentation

Number of Views:52
Avg rating:3.0/5.0
Slides: 32
Provided by: chr1208
Category:
Tags: chrism | overview | sas94

less

Transcript and Presenter's Notes

Title: SAS94 Overview


1
SAS94 Overview
  • Chris M. Luikart
  • Malin, Bergquist Co., LLP

2
SAS94 General Statement
  • The Effect of Information Technology on the
    Auditors Consideration of Internal Control in a
    Financial Statement Audit

3
SAS94 Coverage
  • Technology is Used Extensively
  • Increased Technology Increased Risk
  • Human Mistakes Still Take Place

4
SAS94 Since 2001..
  • What has taken place since it issuance?
  • SAS99 Fraud (IT Controls Here)
  • SAS112 How to communicate IT related control
    issues to Management

5
SAS94 Internal Control
  • What is internal control?
  • A process designed to provide reasonable
    assurance regarding the achievement of
    objectives in the reliability of financial
    reporting, operational effectiveness and
    efficiency and compliance with law.

6
SAS94 Control Components
  • Control Environment
  • Risk Assessment
  • Control Activities
  • Information and Communication
  • Monitoring

7
SAS94 Control Environment
  • Has the tone of control been set by the
    environment?
  • If it is not stated from the top then it is hard
    to expect people to follow.
  • Is there structure and dicipline?

8
SAS94 Risk Assessment
  • What are the relevant risks?
  • Will they prevent the organization from achieving
    their goals?
  • Does the organization know of these risks?

9
SAS94 Control Activities
  • Are there policy and procedures in place?
  • Better yet, are they being followed?
  • What is their process for creating and educating
    on their P Ps?

10
SAS94 Info Communication
  • How does the systems process information?
  • Is it timely and reliable?
  • Does it allow for responsiveness?

11
SAS94 Monitoring
  • Is there a system in place?
  • Does it assess the internal control over time?
  • Is it quantitative in nature?

12
SAS94 Matrix
13
SAS94 Quality Audit
  • Is there a need for testing of IT controls?
    Depends..
  • Auditor has to consider what testing is needed to
    satisfy IT controls.
  • Does that require an IT expert or not?

14
SAS94 Auditing IT Controls
  • What does IT Auditing Cover?
  • It is NOT a financial audit
  • It is NOT an attestation
  • It IS supporting the Financial Auditor

15
SAS94 Auditing IT Controls
  • Determinations
  • Organization Size
  • Organization Ownership
  • Nature of Business
  • Diversity and Complexity
  • Legal and Regulatory Requirements

16
SAS94 Auditing IT Controls
  • What do you do for an IT Audit?
  • Review General Controls
  • 6 Main Areas

17
SAS94 Auditing IT Controls
  • Physical Environmental Controls
  • Physical Controls
  • Power Conditioning
  • Environment (AC, humidity, etc.)
  • Fire Suppression
  • Protection from Water

18
SAS94 Auditing IT Controls
  • System Administration
  • Review of system types
  • Security of system
  • Databases
  • User rights and access
  • Policy and Procedures

19
SAS94 Auditing IT Controls
  • Application Controls
  • Access controls
  • Exception handling
  • Validation
  • Flow controls
  • Manual controls vs. Automated

20
SAS94 Auditing IT Controls
  • Change Control
  • Who can makes significant changes?
  • Request process
  • Testing
  • Implementation

21
SAS94 Auditing IT Controls
  • Network Security
  • Internal connections
  • External connections
  • Firewalls and Routers
  • IDS

22
SAS94 Auditing IT Controls
  • Disaster Recovery/Business Continuity
  • Test plan
  • Off site storage
  • Failover
  • RTO and RPO
  • Spares

23
SAS94 Auditing IT Controls
  • Data Testing
  • Review on screen
  • Review paper
  • Use software like ACL to test data, can even use
    Excel

24
SAS94 Auditing IT Controls
  • Application Testing
  • Input/Output
  • Processing of data
  • Preventive, Detective and Corrective controls

25
SAS94 Auditing IT Controls
  • How to Approach Applications
  • What is the app used for
  • Does it do what it is supposed to do
  • What controls are in place
  • How are updates to the app completed
  • Who has access and what can they do

26
SAS94 Auditing IT Controls
  • Applications Continued..
  • Can use software mimic data flow
  • Test data from start to finish

27
SAS94 Auditing IT Controls
  • What are some of the IT Risks
  • Access controls is key
  • Internal Users are Highest Risk
  • Hackers
  • Software glitches
  • Improper setup of hardware

28
SAS94 Auditing IT Controls
  • Things to look for during IT Audit
  • People
  • Places
  • Equipment
  • Recovery Planning
  • System/Database Administration

29
SAS94 Auditing IT Controls
  • Do you need and IT person for IT Audit
  • I think so.
  • Accountants dont ask us to do their work
  • Experience and expertise is key
  • Knowledge
  • Respect of peers

30
Summary
  • SAS94 requires IT support
  • More sophisticated than ever
  • Requires more technology skills than the past
  • IT Auditor needs to be able to communicate
    effectively the results

31
Thank You!
Any Questions Chris M. Luikart Information
Technology Manager Malin, Bergquist Co.,
LLP cluikart_at_malinbergquist.com 412.364.9395
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "SAS94 Overview" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!