Академический Документы
Профессиональный Документы
Культура Документы
engaged to issue, or does issue, a written communication that expresses a conclusion about the reliability of a written assertion that is the responsibility of another party (SSAE No. 1, AT
Sec. 100.01)
Assurance:
professional services that are designed to improve the quality of information, both financial and non-financial, used by decision-makers 3 includes, but is not limited to, attestation
What is Auditing?
An independent attestation by a professional (CPA) regarding the faithful representation of the financial statements Three phases of a financial audit:
Familiarization with client firm Evaluation and testing of internal controls Assessment of reliability of financial data
5
which can reduce external audit fees and help to achieve audit efficiency and reduce audit fees.
information technology, the IT audit is typically a significant component of all external (financial) and internal audits.
IT audits:
focuses on the computer-based aspects of an organizations information system assessing the proper implementation, operation, and control of computer resources
7
Elements of an Audit
systematic procedures are used evidence is obtained
tests of internal controls substantive tests
determination of materiality for weaknesses found prepare audit report and audit opinion
8
Phases of an IT Audit
AUDIT PLANNING PHASE TESTS OF CONTROLS PHASE
Perform Tests of Controls
Start
Audit Report
Audit Risk is
the probability the auditor will issue an unqualified (clean) opinion when in fact the financial statements are materially misstated.
10
13
Organizational Structure Internet & Intranet Data Management Internet & Intranet
Systems Maintenance
15
16
Controls:
access - encryption, user authorization tables, inference controls, and biometric devices are a few examples backup - grandfather-father-son and direct access backup; recovery procedures
17
20
Controls:
authorization requirements for program maintenance appropriate documentation of changes adequate testing of program changes reconciling program version numbers review programmer authority table test authority table
22
24
Controls:
Equipment failure: line checks (parity & echo) and backups Subversive threats: access controls, encryption of data, and firewalls Message control: sequence numbering, authentication, transaction logs, requestresponse polling
26
28
30
substantive testing
31
Input
Master File
Output
Auditor prepares test transactions, test master files, and expected results.
Test Data
Test Data
Predetermined Results
After test run, auditor compares test results with predetermined results.
Test Results
ITF Transactions
Production Transactions
Expected Results
Production Reports
Application Specifications
Simulation Program
Simulation Output
Auditor reviews audit file and prepares a list of material transactions for use in substantive tests.
Production Output
Production output goes to users.
Flat File
Transactions List