Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
COLLEGE OF ACCOUNTANCY
SY 2017-2018
Group 3:
Leonora Jane C. Pinlac
Nerys Sophia Quinto
Jonnadelle B. Valenzuela
Charis Faith Daroy
Princess Eve E. Ocado
Michaella Ariane Ferrer
Samantha Grace Bueno
Iris Manansala
Rodecca Velasco
Jingo Glenn Diaz
Instructor:
Prof. Jharam A. Tolentino , CPA
Auditing IT Controls Part III:
System Development
1. System analysis
2. Feasibilty analysis
Figure 17-2 shows the SPL without controls. In this situation, access to application
programs is completely unrestricted. Legitimate maintenance programmers or others
may access any programs stored in the library, which has no provision for detecting an
unauthorized intrusion.
A Controlled SPL Environment
To control SPL, protective features and procedures must be explicitly addressed,
and this requires the implementation of an SPL Management System (SPLMS).
SPL Management System (SPLMS)
Black box surrounding the SPL.
Used to control four routine but critical functions:
1) Storing programs on the SPL.
2) Retrieving Programs for maintenance purposes.
3) Deleting obsolete programs from the library.
4) Documenting program changes to provide an audit trail of the changes.
The following are control techniques to ensure program integrity address only
the vulnerable areas and should be considered minimum control:
a) Password Control
b) Separate Test Libraries
c) Audit Trail and Management Reports
d) Program Version Numbers
e) Controlling Access to Maintenance Control
Audit Objective relating to System Maintenance
1. Maintenance procedures protect applications from unauthorized changes.
2. Applications are free from material errors, and
3. Program libraries are protected from unauthorized access
1. Audit procedures for Identifying Unauthorized Program Changes.
Reconcile program version numbers- The permanent file of the application
should contain program change authorization documents that correspond to the
current version number of the production application
Confirm maintenance authorization- The program maintenance authorization
should indicate the nature of the change requested and the date of the change.
2. Audit Procedures for Identifying Apllications Errors
Reconcile the source code- Each application's permanent file should the contain
current program listing and listings of all changes made to the application.
Review the test results- Every program change should be thoroughly tested
before implemented.
Retest the program- The auditor can retest the application to confirm its integrity.
3. Audit Procedures for Testing Access to Libraries.
INPUT CONTROLS
- check the integrity of data entered into a business application.
PROCESSING CONTROLS
- ensure processing is complete, accurate and authorized.
OUTPUT CONTROLS
- compare output results with expected results by checking the output against
input.
ACCESS TESTS
Verify that individuals, programmed procedures, or
messages attempting to access a system
are AUTHENTIC and VALID.
VALIDITY TESTS
Ensure that the system processes
only data values that conform to specified tolerances.
ACCURACY TESTS
Ensure that the mathematical calculations are accurate and posted to the correct
amounts.
COMPLETENESS TESTS
Identifying missing data within a single record and entire record missing from a
batch.
REDUNDANCY TESTS
Determine that an application processes each record ONLY ONCE.
AUDIT TRAIL TESTS
Ensure that the application creates an adequate audit trail.
Advantages of ITF
Supports continuous monitoring of controls.
Economically tested without disrupting the users operations and without the
intervention of computer services personnel.
It provides prima facie evidence of correct program functions.
Disadvantages of ITF
The potential for corrupting corporate databases with test data that may end up
in the financial reporting process.
PARALLEL SIMULATION
Involves creating a program that simulates key feature or processes of the
application under review. The simulated application is then used to reprocess the same
transaction that the production application previously processed. The results obtained
from the simulation are reconciled with the results of the original production run to
determine if application processes and controls are functioning correctly.
Generalized Audit Software
an off-the-shelf package that can provide a means to gain access to and
interrogate data maintained on computer storage media.
one of the tools IT Auditors utilize to obtain evidence directly on the quality of the
records produced and obtained by application systems.
Disadvantage of EAM
Operational efficiency
- EAM decrease operational performance.
4 Factors
GAS language are easy to use and require little background on the part of the
auditor
GAS may be used on any type of computer because it is hardware independent
Auditors can perform their test on data independent of client IT professionals
GAS can be used to audit the data files of many different applications.