Auditing Complex EDP Systems - PowerPoint PPT Presentation

About This Presentation
Title:

Auditing Complex EDP Systems

Description:

... ensure completeness and accuracy of input concerned with data manipulation once it is in the computer what type of control can used as a process control? – PowerPoint PPT presentation

Number of Views:268
Avg rating:3.0/5.0
Slides: 37
Provided by: spartanAc
Category:

less

Transcript and Presenter's Notes

Title: Auditing Complex EDP Systems


1
SECTION 8
  • Auditing Complex EDP Systems

2
Auditing Complex EDP Systems
  • Computer used extensively
  • simple batch processing
  • complex on-line, real-time processing
  • Computer affect two aspects if audit risk
  • assessing control risk
  • managing detection risk

3
Around vs. Through the Computer
  • Around
  • manually calculate INPUT and trace to OUTPUT
  • Through
  • test the controls in the computer

4
Impact of Computer Controls
  • Change in the Audit Trail
  • less documentation offset by programmed controls
  • file storage reduces need for hard copy
  • testing shift to examination of EDP controls

5
  • Combination of Functions
  • computer processing allows combining functions
    that are usually separate in manual systems
  • e.g. input editing of a sales transaction
  • customer number
  • credit limit
  • inventory number and price

6
Types of EDP Accounting Systems
  • Batch Processing
  • accumulated and processed in groups
  • what is the main form of control?
  • the main problem?

7
  • Batch Processing System

8
  • Real-Time Processing
  • transactions are edited on-line as they occur
  • continuous file updating
  • more complex than batch
  • how does this method affect the audit trail?

9
  • Batch Processing System

10
Time Sharing and Service Bureaus
  • Time sharing
  • an entity processes data for itself and other
    entities
  • i.e. shares its computer
  • Service bureau
  • process transactions for other entities
  • i.e. this is their business

11
Separate Files vs. Integrated Data Base
  • File System
  • main characteristic?
  • Data Base
  • main characteristic?

12
Hardware Configurations
  • Electronic Data Interchange (EDI)
  • on-line format
  • computer-to-computer exchange
  • public standard format
  • Accredited Standards Committee of the American
    National Standards Institute
  • ANSI X12

13
  • Two methods for EDI
  1. The Direct Approach
  1. The Indirect Approach

14
  • Small Computer Systems
  • small firms
  • low cost and advanced hardware
  • Distributed Data Processing
  • companies with branches and divisions
  • geographic dispersion

15
  • A Distributed System
  • Types of computers at the branches?

16
Kinds of EDP Controls
  • Two main classifications
  • General controls
  • Application controls

17
  • General Controls
  • Organization and Operating Controls
  • segregation of duties very important

18
  1. Systems Development Documentation
  • control over definition, design, development,
    testing, and documentation of systems
  • once designed and developed, the system must be
    thoroughly tested
  • systems and programs must be documented
  • 1.
  • 2.
  • 3.

19
  1. Access Controls
  • prevents unauthorized use
  • batch systems
  • who controls access in this case?
  • on-line systems
  • primary control for access?

20
  1. Data and Procedural Controls
  • to control daily operations
  • backup files on and off the premises
  • environmental controls

21
  • Application Controls
  • a separate set for each application controls
  • How are application controls classified?
  • Input Controls
  • computer edit controls
  • ensure completeness and accuracy of input

22
  1. Process Controls
  • concerned with data manipulation once it is in
    the computer
  • what type of control can used as a process
    control?
  • Output Controls
  • verification and distribution of output

23
Techniques for Testing EDP-Based Controls
  • Best to understand as a number of steps as shown
    in the following flowchart

Test further
24
  • Gaining an Understanding of EDP Controls
  • Two main ways
  • observation and enquiry
  • studying the system and program documentation
  • Observation and Enquiry
  • should look for the following
  • Segregation of functions
  • Control of access to files and programs

25
  • Approval of new systems and programs
  • Existence of hardware and environmental controls
  • The functioning of data and procedural controls
  • Backup files

26
  1. Systems and Program Documentation
  • Documentation is an integral part
  • Should include
  • 1.
  • 2.

27
  • The Testing of EDP Controls
  • Auditor should be able to identify those controls
    that are necessary for the effectiveness of the
    application
  • by testing these controls, which component of
    audit risk may be reduced?
  • Two ways to look at testing
  • 1.
  • 2.

28
  1. Auditing Around the Computer

29
  1. Auditing Through the Computer

30
Techniques for Auditing Through the Computer
  • Test Data Approach
  • simulated data
  • of what should this data consist?
  • main problems of this approach
  • 1.
  • 2.

31
  1. Mini Company Approach
  • also called the Integrated Test Facility
  • a fictitious entity is created
  • fictitious transactions are processed along with
    regular transactions
  • any problems with this approach?

32
  1. Simulation / Auditors Program Approach
  • Auditor creates an application program that
    simulates the system
  • uses client data as input
  • potential uses of this approach
  • sampling
  • computations
  • comparing
  • summarizing

33
  1. Generalized Audit Software
  • most common type of audit software
  • transportable from one client to another
  • independent
  • limited by the availability of the clients data
    files

34
Small Computer Systems
  • Widespread
  • Weaknesses in General Controls
  • 1. Lack of segregation of duties
  • 2. Location of the computer

35
  1. Limited Knowledge of EDP
  • Special Consideration for Application Controls
  • 1. Data Entry
  • 2. Data processing
  • 3. Absence of Limit and Reasonableness Tests

36
  • Study and Evaluation of Internal Control
  • The effect of computer size on the auditor
  • General controls are often weak
  • More reliance on application controls
  • If application controls and any manual controls
    are not reliable, what should the auditor do with
    regards to testing?
Write a Comment
User Comments (0)
About PowerShow.com