Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
10-1
Auditing
AAAs Definition: Auditing is a systematic process of objectively obtaining and evaluating evidence regarding assertions about economic actions and events to ascertain the degree of correspondence between those assertions and established criteria and communicating the results to interested users. My Definition: To examine and assure
10-2
Auditing
2 broad categories of audits: 1. Internal Auditing (R&S focus) 2. External Auditing
10-3
Internal Auditing
10-5
Examination of a clients FS for the purpose of deciding whether or not the FS are fairly presented according to GAAP. Attest function: give an opinion on the fairness of the FS wrt GAAP applying GAAS. Reliability and integrity of accounting records
10-6
(3)
(4)
(5)
Audit Planning: Establish audit objectives, identify risks, Audit program Collect audit evidence: interviews, examinations, recalculations, sampling IDEA, ACL Evaluate evidence: materiality Arrive at an opinion FS: standard unqualified, unqualified with explanatory paragraph, qualified, adverse, disclaimer Communicate Audit Results FS: audit report
10-7
INPUT
AROUND
10-8
Ignores the controls and computer processing assumes accurate output = proper processing Auditor examines, on a sample basis, inputs to the computer and corresponding outputs Suitable only if the following conditions are met:
1. 2.
3.
computer processing is relatively simple Audit trail is clearly visible A substantial amount of up-to-date documentation exists about how the system works.
10-9
Visibility of audit trail is diminished In relational database systems, foreign keys that link related tables form an electronic audit trail. Example: I/S Revenue
Invoice No.
Sale invoice
Customer ID
Customer Table
10-10
Auditor follows the audit trail through the internal computer operations; attempts to verify that the processing controls are functioning correctly Directly tests the computer controls and verifies the accuracy of computer-based processing of input data. Tests controls that, if functioning properly would prevent errors from occurring.
10-11
10-12
Auditing Standards
Statement on Auditing Standards (SAS) 94 The Effect of Information Technology on the Auditor's Consideration of Internal Control in a Financial Statement Audit
Auditors must have sufficient understanding (and document) of each of the 5 components of the IC when planning the audit (2C RIM) Addresses the effects of IT on IC May need to design tests of controls in addition to substantive tests (of balances)
10-13
Consistent processing large volumes of transactions or data Enhanced information timeliness, availability, and accuracy Facilitation of the additional analysis of information Enhanced ability to monitor the performance of activities, policies, and procedures Reduction in the risk that controls will be circumvented, if IT system controls are effective
10-14
Incorrectly processing data or consistently processing inaccurate data Unauthorized access to data that might be destroyed or improperly changed Unauthorized changes to computer programs Failure to make necessary changes to computer programs Inappropriate manual intervention Potential loss of data
Increase in potential loss resulting from computer 10-15 fraud relative to manual fraud (increase of 10X).
10-16
10-22
Transaction tagging
Place a special identifier on transactions so that they can be recorded as they pass through the IS. EX: tag an employees transaction records, manually calculate & compare
Snapshot technique audit modules record selected transactions before and after processing. Auditor reviews to make sure all processing steps performed properly.
10-23
Continuous and intermittent simulation (CIS) - audit module in DBMS - examines all transactions that update the DBMS. If a transaction has special audit significance, the audit module independently processes the data, records the results and compares them with the DBMS results. If discrepancies, written to an audit log for subsequent review OR may stop DBMS from executing the update process.
10-24
Read, manipulate clients computer-based data Independent evidence about the validity of transactions and balances 10-25
10-26
reduce
and application controls applicable to each FS assertion; Tests of controls =Compliance tests
10-29
IR = inherent risk: susceptibility of an account or class of transactions to material error CR = control risk = likelihood that the IC control structure will fail to prevent/detect a material error DR = detection risk = likelihood that the auditors procedures will not uncover material errors
More auditing procedures = lower DR Inversely related to CR: if CR is high, then an auditor sets DR low and performs more substantive tests (detail tests of transactions and account balances)
10-30
10-31
2 main computer auditing software packages: ACL (Audit Command Language) and IDEA (Interactive Data Extraction and Analysis). In this class, we will be using IDEA to audit several different general ledger accounts and look for employee fraud. Clients: American Express, BDO Seidman, Grant Thorton, KPMG, McGladrey and Pullen LLP, PriceWaterhouseCoopers, FDIC, GAO, US Departments of Commerce, Education, Interior, Labor, Transportation, EPA, Treasury, Dow Chemical, Chicago Board of Trade, Exxon Company USA, Revlon 10-33
reformatting file manipulation calculation data selection data analysis file processing statistics report generation sampling
- data retrieval - apply edit checks - file operations (join, merge, sort)
10-34