SlideShare a Scribd company logo

hhhh.ppt

Download as PPT, PDF
J
jack952975

This document summarizes key aspects of IT auditing including: 1. The stages of an audit including planning, risk assessment, testing of controls, and reporting. 2. The objectives and context of an audit and how they influence the audit approach. 3. Types of controls in a computer environment including general controls, application controls, input controls, processing controls, and system/intersystem testing.

Data & Analytics
1 of 12
Download to read offline
1
2
Most read
3
Most read
4
5
6
7
8
9
10
Most read
11
12
IT TRAINING- ICAN Computer Aided Audit Tools & Techniques  CA. Dhruba Adhikari, ISA
STAGES OF AN AUDIT Plan the audit Understand the entity (Preliminary Review) Assess risk of material misstatement Respond to risk Expect effective controls Expect ineffective controls Test of Control Unsatisfactory Report significant deficiencies to those charged with governance to management and all weakness to mgmt. Satisfactory Full Substantive tests Restricted substantive tests Overall review of Financial Statement Report to Mgmt. Auditor’s Report
OBJECTIVES AND CONTEXT OF AUDIT OBJECTIVE is what we are trying to accomplish. What goal we want. CONTEXT is the environment in which we perform our work. Its background and circumstances in which we perform our audit. What works for one organization, may not work for another, its all due to objectives and context
PRELIMINARY REVIEW  In preliminary review, the auditor will gather general information and the process and systems under review.  An overall summary or an overview flowchart of the major applications subsystems and their inter-relationships, including inputs and outputs  Programming languages, data processing standards, and procedures manuals used in the computer system  Data control procedures  Procedures and provisions for backup, recovery, and restart of operations in the event of equipment failure or accidental destruction of data  Descriptions of physical security control Method applied in gathering these data are mainly interviews and review of documentation.
SUBSTANTIVE TEST IN IT AUDIT  In an IT audit, substantive testing is used to determine the accuracy of information being generated by a process or application.  Audit tests are designed and conducted to verify the functional accuracy, efficiency, and control of the audit subject.  During the audit of an Information System application, the auditor may build and process test data to verify the processing steps of an application. Whether accounting system is manual or computerized , the procedures of auditing are more or less same except some changes in controls, documentation, audit techniques, and technical qualifications required by audit staff members.
CONTROLS AND AUDITING IN COMPUTER ENVIRONMENT Since accounting system is vulnerable to various mismanagements, frauds, errors etc, but these type of threats can be coped by adopting/implementing strong system of internal control Why internal control in computerized environment Lack of proper audit trails Information recorded cannot be read by bare eyes without computer Financial and business transaction are often generated by system itself based on data previously entered without further human instruction. Errors in computerized environment may go undetected as there is less involvement of human in computerized environment. There is maximum chances of errors in processing that might be applied to large number of transaction With proper controls, computerized system are more reliable than non-computerized systems.
CLASSIFICATION OF CONTROLS 1. General Controls 2. Application Controls 1. General Control General control is the control governing the environment in which the computer system is developed, maintained, and operated. 2. Application Control Its control for both computerized and manual, within the business application to ensure that data is processed completely, accurately and in a timely manner. Application controls are typically specific to the business application and include *Input control *Run to run comtrols
INPUT CONTROL •Field Check (Numeric- Alphabetic) •Limit Check •Range Check- Day in a month •Slab Check – like city •Existence- data should exist in some field •Check digit Record Level Tests Field’s logical interrelationship with other fields in a record {PF 10% of Basic Salary}  Reasonableness check 20 hours of overtime in a day  Consistency/Validity check A district must fall in a particular zone  Length PAN No 9 digit, Mobile no. 10 digit  Sign test PF cannot be (-)ve  Sequence Check Country code- Area Code- Phone No
GROUP OF RECORDS (BATCH) TESTS WHETHER THE CHARACTERISTICS OF A BATCH RECORDS ENTERED ARE IN LINE WITH THE STATED CHARACTERISTICS OF THE BATCH FOLLOWING TYPES OF BATCH CHECK CAN BE APPLIED CONTROL TOTALS: IS SUM OF A FIELD ACROSS ALL RECORDS IN A BATCH TRANSACTION TYPE: ALL DATA IN A PARTICULAR BATCH ARE OF SIMILAR TYPE BATCH SERIAL NUMBER: ALL RECORDS MUST HAVE A SERIAL NUMBER SEQUENCE CHECK: THE INPUT RECORDS MUST FOLLOW A PARTICULAR ORDER
PROCESSING CONTROL After data are entered (input is given) , transactions enter the processing stage of the system. Processing control are programmed procedures and can be divided into 3 categories- namely batch control, run to run control and audit trail controls  Batch controls used to manage the flow of high volumes of transactions through batch processing systems - to reconcile system output with the input To ensure  All records in the batch are processed.  No records are processed more than once.  An audit trail of transactions is created from input through processing to the output stage of the system.
PROCESSING CONTROL CONTD.  Run-to-run control use of batch figures to monitor the batch as it moves from one programmed procedure (run) to another. {Error Handling and Reprocessing}  Hash total summation of a nonfinancial field to keep track of the records in a batch  Inter table tests when a new transaction is entered- checks the other related tables for validity  Master reference where master is present, the data is validated against that master - customer exists?  Audit trail controls ensure that every transaction can be traced through each stage of processing  Transaction Logs: successfully processed transactions should be recorded  Log of Automatic Transactions: reorder point, entry scheduling  Transaction Listings: listing of all successful transactions
SYSTEM & INTERSYSTEM TEST Testing of system focus on evaluation of individual modules within a program. There are two types of system test- static analysis and dynamic analysis Static analysis test:- it evaluates the quality of module through direct examination of source code. Like desk checking , structured walk through, design and code inspection Dynamic analysis test:- Dynamic analysis test require the module to be executed on a machine Two important dynamic analysis test are •Black Box •White Box Inter system tests Evaluating groups of program modules (1) whether their interfaces are defective (2) overall whether they fail to meet their requirement specifications

More Related Content

PDF
Managing accounts payables process
Hamdy Rashed
 
PPT
Ch. 13 personality lecture notes
kbolinsky
 
PDF
ICT4GOV Project Management Essentials Training Notes
John Macasio
 
PDF
Caa ts
Chris Nicole Apat-Orcullo, CPA
 
PPTX
09.1 audit siklus penjualan dan penerimaan
Mulyadi Yusuf
 
PPTX
Computer-Assisted Audit Tools and Techniques
_supriadi
 
PPTX
Computer-Assisted Audit Tools and Techniques
_supriadi
 
PDF
Auditing information systems
Kenya Allmond
 
Managing accounts payables process
Hamdy Rashed
 
Ch. 13 personality lecture notes
kbolinsky
 
ICT4GOV Project Management Essentials Training Notes
John Macasio
 
Caa ts
Chris Nicole Apat-Orcullo, CPA
 
09.1 audit siklus penjualan dan penerimaan
Mulyadi Yusuf
 
Computer-Assisted Audit Tools and Techniques
_supriadi
 
Computer-Assisted Audit Tools and Techniques
_supriadi
 
Auditing information systems
Kenya Allmond
 

Similar to hhhh.ppt (20)

PDF
IT Revision and Auditing
Amith Reddy
 
PPTX
Icai seminar kolkata
sunil patro
 
PPT
Chapter 2.ppt
Accounting Guru
 
PPTX
Accounting System Design and Development-Internal Controls
HelpWithAssignment.com
 
PPTX
03.2 application control
Mulyadi Yusuf
 
PPTX
Information system audit
Jayant Dalvi
 
PPT
CH7-ACISE-Computer-Assisted Audit Techniques.ppt
Kenzellawas
 
PPT
CH7 Computer assissted audit technique ppt
filesyern10
 
PPTX
Chapter 4 : Auditing and the information technology environment
KugendranMani
 
PPTX
Auditing in computerized environment.pptx
infantemiliya18
 
PPT
IT System & Security Audit
Mufaddal Nullwala
 
PPTX
Chapter 6
Nur Dalila Zamri
 
PPT
Audit and Assurance
MuhamadSyawal7
 
PPT
Computerized Environment
VadivelM9
 
PPTX
Auditing in Computerized Environment
Dr. Sushil Bansode
 
PDF
3.42211- CIS Audit.pdf
Nehemiah27
 
PPT
Auditing by CIS . Chapter 6
Sharah Ayumi
 
PPTX
Pp 17-new
Sri Apriyanti Husain
 
PPTX
Information system audit 2
Jayant Dalvi
 
PPT
ETHICS FRAUD AND INTERNAL CONTROL AND AUDITING COMPUTERIZED FINANCIAL SYSSTEM...
PascalOtieno
 
IT Revision and Auditing
Amith Reddy
 
Icai seminar kolkata
sunil patro
 
Chapter 2.ppt
Accounting Guru
 
Accounting System Design and Development-Internal Controls
HelpWithAssignment.com
 
03.2 application control
Mulyadi Yusuf
 
Information system audit
Jayant Dalvi
 
CH7-ACISE-Computer-Assisted Audit Techniques.ppt
Kenzellawas
 
CH7 Computer assissted audit technique ppt
filesyern10
 
Chapter 4 : Auditing and the information technology environment
KugendranMani
 
Auditing in computerized environment.pptx
infantemiliya18
 
IT System & Security Audit
Mufaddal Nullwala
 
Chapter 6
Nur Dalila Zamri
 
Audit and Assurance
MuhamadSyawal7
 
Computerized Environment
VadivelM9
 
Auditing in Computerized Environment
Dr. Sushil Bansode
 
3.42211- CIS Audit.pdf
Nehemiah27
 
Auditing by CIS . Chapter 6
Sharah Ayumi
 
Pp 17-new
Sri Apriyanti Husain
 
Information system audit 2
Jayant Dalvi
 
ETHICS FRAUD AND INTERNAL CONTROL AND AUDITING COMPUTERIZED FINANCIAL SYSSTEM...
PascalOtieno
 
Ad

Recently uploaded (20)

PPTX
IBA_Chapter_11_Slides_Final_Accessible.pptx
SrikantKapoor1
 
PPTX
AI Strategy room jwfjksfksfjsjsjsjsjfsjfsj
ankitpratapsingh28
 
PDF
Transcultural that can help you someday.
jhongarin24
 
PPTX
Qualitative Qantitative and Mixed Methods.pptx
AhmaduMohammed
 
PDF
Mega Projects Data Mega Projects Data
saidsalah8181
 
PDF
Lecture1 pattern recognition............
ZafriFarid
 
PDF
Introduction to the R Programming Language
Suraj Patil
 
PDF
Capcut Pro Crack For PC Latest Version {Fully Unlocked 2025}
malikyahyah1122
 
PPTX
IB Computer Science - Internal Assessment.pptx
agarwal18harsh08
 
PPTX
01_intro xxxxxxxxxxfffffffffffaaaaaaaaaaafg
Vittaya Boon Suwansiri
 
PPTX
mbdjdhjjodule 5-1 rhfhhfjtjjhafbrhfnfbbfnb
CHINTU5000
 
PDF
BF and FI - Blockchain, fintech and Financial Innovation Lesson 2.pdf
JamesWilliams752225
 
PPTX
Microsoft-Fabric-Unifying-Analytics-for-the-Modern-Enterprise Solution.pptx
Mahesh Reddy
 
PPTX
modul_python (1).pptx for professional and student
putusurya12
 
PDF
"Python Programming for Geospatial Data Science." ...
institute of Geoinformatics and Earth Observation at PMAS ARID Agriculture University of Rawalpindi
 
PDF
.pdf is not working space design for the following data for the following dat...
jerinjoy242
 
PPTX
Managing Community Partner Relationships
alexmderr
 
PPT
Quality review (1)_presentation of this 21
abobaker13
 
PPTX
Acceptance and paychological effects of mandatory extra coach I classes.pptx
ZaheerAhmad228692
 
PPTX
Introduction to Firewall Analytics - Interfirewall and Transfirewall.pptx
kuthubussaman1
 
IBA_Chapter_11_Slides_Final_Accessible.pptx
SrikantKapoor1
 
AI Strategy room jwfjksfksfjsjsjsjsjfsjfsj
ankitpratapsingh28
 
Transcultural that can help you someday.
jhongarin24
 
Qualitative Qantitative and Mixed Methods.pptx
AhmaduMohammed
 
Mega Projects Data Mega Projects Data
saidsalah8181
 
Lecture1 pattern recognition............
ZafriFarid
 
Introduction to the R Programming Language
Suraj Patil
 
Capcut Pro Crack For PC Latest Version {Fully Unlocked 2025}
malikyahyah1122
 
IB Computer Science - Internal Assessment.pptx
agarwal18harsh08
 
01_intro xxxxxxxxxxfffffffffffaaaaaaaaaaafg
Vittaya Boon Suwansiri
 
mbdjdhjjodule 5-1 rhfhhfjtjjhafbrhfnfbbfnb
CHINTU5000
 
BF and FI - Blockchain, fintech and Financial Innovation Lesson 2.pdf
JamesWilliams752225
 
Microsoft-Fabric-Unifying-Analytics-for-the-Modern-Enterprise Solution.pptx
Mahesh Reddy
 
modul_python (1).pptx for professional and student
putusurya12
 
"Python Programming for Geospatial Data Science." ...
institute of Geoinformatics and Earth Observation at PMAS ARID Agriculture University of Rawalpindi
 
.pdf is not working space design for the following data for the following dat...
jerinjoy242
 
Managing Community Partner Relationships
alexmderr
 
Quality review (1)_presentation of this 21
abobaker13
 
Acceptance and paychological effects of mandatory extra coach I classes.pptx
ZaheerAhmad228692
 
Introduction to Firewall Analytics - Interfirewall and Transfirewall.pptx
kuthubussaman1
 
Ad

hhhh.ppt

  • 1. IT TRAINING- ICAN Computer Aided Audit Tools & Techniques  CA. Dhruba Adhikari, ISA
  • 2. STAGES OF AN AUDIT Plan the audit Understand the entity (Preliminary Review) Assess risk of material misstatement Respond to risk Expect effective controls Expect ineffective controls Test of Control Unsatisfactory Report significant deficiencies to those charged with governance to management and all weakness to mgmt. Satisfactory Full Substantive tests Restricted substantive tests Overall review of Financial Statement Report to Mgmt. Auditor’s Report
  • 3. OBJECTIVES AND CONTEXT OF AUDIT OBJECTIVE is what we are trying to accomplish. What goal we want. CONTEXT is the environment in which we perform our work. Its background and circumstances in which we perform our audit. What works for one organization, may not work for another, its all due to objectives and context
  • 4. PRELIMINARY REVIEW  In preliminary review, the auditor will gather general information and the process and systems under review.  An overall summary or an overview flowchart of the major applications subsystems and their inter-relationships, including inputs and outputs  Programming languages, data processing standards, and procedures manuals used in the computer system  Data control procedures  Procedures and provisions for backup, recovery, and restart of operations in the event of equipment failure or accidental destruction of data  Descriptions of physical security control Method applied in gathering these data are mainly interviews and review of documentation.
  • 5. SUBSTANTIVE TEST IN IT AUDIT  In an IT audit, substantive testing is used to determine the accuracy of information being generated by a process or application.  Audit tests are designed and conducted to verify the functional accuracy, efficiency, and control of the audit subject.  During the audit of an Information System application, the auditor may build and process test data to verify the processing steps of an application. Whether accounting system is manual or computerized , the procedures of auditing are more or less same except some changes in controls, documentation, audit techniques, and technical qualifications required by audit staff members.
  • 6. CONTROLS AND AUDITING IN COMPUTER ENVIRONMENT Since accounting system is vulnerable to various mismanagements, frauds, errors etc, but these type of threats can be coped by adopting/implementing strong system of internal control Why internal control in computerized environment Lack of proper audit trails Information recorded cannot be read by bare eyes without computer Financial and business transaction are often generated by system itself based on data previously entered without further human instruction. Errors in computerized environment may go undetected as there is less involvement of human in computerized environment. There is maximum chances of errors in processing that might be applied to large number of transaction With proper controls, computerized system are more reliable than non-computerized systems.
  • 7. CLASSIFICATION OF CONTROLS 1. General Controls 2. Application Controls 1. General Control General control is the control governing the environment in which the computer system is developed, maintained, and operated. 2. Application Control Its control for both computerized and manual, within the business application to ensure that data is processed completely, accurately and in a timely manner. Application controls are typically specific to the business application and include *Input control *Run to run comtrols
  • 8. INPUT CONTROL •Field Check (Numeric- Alphabetic) •Limit Check •Range Check- Day in a month •Slab Check – like city •Existence- data should exist in some field •Check digit Record Level Tests Field’s logical interrelationship with other fields in a record {PF 10% of Basic Salary}  Reasonableness check 20 hours of overtime in a day  Consistency/Validity check A district must fall in a particular zone  Length PAN No 9 digit, Mobile no. 10 digit  Sign test PF cannot be (-)ve  Sequence Check Country code- Area Code- Phone No
  • 9. GROUP OF RECORDS (BATCH) TESTS WHETHER THE CHARACTERISTICS OF A BATCH RECORDS ENTERED ARE IN LINE WITH THE STATED CHARACTERISTICS OF THE BATCH FOLLOWING TYPES OF BATCH CHECK CAN BE APPLIED CONTROL TOTALS: IS SUM OF A FIELD ACROSS ALL RECORDS IN A BATCH TRANSACTION TYPE: ALL DATA IN A PARTICULAR BATCH ARE OF SIMILAR TYPE BATCH SERIAL NUMBER: ALL RECORDS MUST HAVE A SERIAL NUMBER SEQUENCE CHECK: THE INPUT RECORDS MUST FOLLOW A PARTICULAR ORDER
  • 10. PROCESSING CONTROL After data are entered (input is given) , transactions enter the processing stage of the system. Processing control are programmed procedures and can be divided into 3 categories- namely batch control, run to run control and audit trail controls  Batch controls used to manage the flow of high volumes of transactions through batch processing systems - to reconcile system output with the input To ensure  All records in the batch are processed.  No records are processed more than once.  An audit trail of transactions is created from input through processing to the output stage of the system.
  • 11. PROCESSING CONTROL CONTD.  Run-to-run control use of batch figures to monitor the batch as it moves from one programmed procedure (run) to another. {Error Handling and Reprocessing}  Hash total summation of a nonfinancial field to keep track of the records in a batch  Inter table tests when a new transaction is entered- checks the other related tables for validity  Master reference where master is present, the data is validated against that master - customer exists?  Audit trail controls ensure that every transaction can be traced through each stage of processing  Transaction Logs: successfully processed transactions should be recorded  Log of Automatic Transactions: reorder point, entry scheduling  Transaction Listings: listing of all successful transactions
  • 12. SYSTEM & INTERSYSTEM TEST Testing of system focus on evaluation of individual modules within a program. There are two types of system test- static analysis and dynamic analysis Static analysis test:- it evaluates the quality of module through direct examination of source code. Like desk checking , structured walk through, design and code inspection Dynamic analysis test:- Dynamic analysis test require the module to be executed on a machine Two important dynamic analysis test are •Black Box •White Box Inter system tests Evaluating groups of program modules (1) whether their interfaces are defective (2) overall whether they fail to meet their requirement specifications