Auditing in CIS Environment

avatar
Created by
Daniela S.

Subdecks (1)

Cards (156)

  • International Standards on Auditing (ISAs) are applied in the audit of financial statements
  • ISAs are also applied, adapted as necessary, to the audit of other information and related services
  • ISAs contain basic principles, essential procedures (identified in bold type black lettering), and related guidance
  • Basic principles and essential procedures are interpreted in the context of explanatory and other material that provide guidance
  • In exceptional circumstances, an auditor may depart from an ISA to more effectively achieve the audit objective
  • ISAs need only be applied to material matters
  • The Public Sector Perspective (PSP) by the Public Sector Committee of the International Federation of Accountants is set out at the end of an ISA
  • In a Computer Information Systems (CIS) environment:
    • A CIS environment exists when a computer is involved in processing financial information
    • The auditor should consider how a CIS environment affects the audit
    • The overall objective and scope of an audit remain the same in a CIS environment
    • A CIS environment may affect procedures, risk assessment, and tests performed by the auditor
  • Auditors should have sufficient knowledge of CIS to plan, direct, supervise, and review work performed
  • Specialized CIS skills may be needed in an audit to understand accounting systems, assess risks, and design appropriate tests
  • If specialized skills are needed, the auditor can seek assistance from a professional possessing such skills
  • In planning an audit affected by a client's CIS environment:
    • Obtain an understanding of the significance and complexity of CIS activities
    • Consider the significance and complexity of computer processing in each significant accounting application
    • Understand the organizational structure of the client's CIS activities and the availability of data
  • In a Computer Information Systems (CIS) environment, the auditor should obtain an understanding of the CIS environment and how it may influence the assessment of inherent and control risks
  • Characteristics of risks and internal controls in CIS environments include:
    • Lack of transaction trails
    • Uniform processing of transactions
    • Lack of segregation of functions
    • Potential for errors and irregularities
    • Initiation or execution of transactions
    • Dependence on other controls over computer processing
    • Potential for increased management supervision
    • Potential for the use of computer-assisted audit techniques
  • Risks and controls in CIS environments impact the auditor's assessment of risk, and the nature, timing, and extent of audit procedures
  • In a CIS environment, inherent risks and control risks may have a pervasive effect on all application systems processed on the computer, as well as an account-specific effect on specific applications, data bases, or processing activities
  • New CIS technologies can lead to increasingly complex computer systems, which may increase overall sophistication and complexity, thereby requiring further consideration and potentially increasing risk
  • The auditor should consider the CIS environment when designing audit procedures to reduce audit risk to an acceptably low level
  • The auditor's specific audit objectives remain the same whether accounting data is processed manually or by computer, but the methods of applying audit procedures may be influenced by computer processing methods
  • The auditor can use manual audit procedures, computer-assisted audit techniques, or a combination of both to gather sufficient evidential matter in accounting systems that use computers for processing significant applications
  • Audit evidence refers to information used by the auditor as a basis for their opinion on financial statements.
  • The auditor's report is the final product of an audit.
  • An audit trail is a chronological record of all changes made to data, including who made them and when they were made.
  • A general control is a type of control that applies throughout an organization and affects multiple transactions.
  • A qualified opinion expresses doubt about the fairness of certain amounts or disclosures in the financial statements.
  • Computer-Assisted Audit Techniques (CAAT) are tools and techniques used by auditors to collect, process, analyze, evaluate, and communicate audit evidence obtained from computerized records.
  • An unqualified opinion indicates that there are no material modifications required to the financial statements.
  • An adverse opinion states that the financial statements do not present fairly the entity's financial position, results of operations, or cash flows.
  • CAAT includes various types such as Data Mining, Statistical Sampling, Analytical Procedures, Computer Assisted Testing, and Electronic Document Retrieval.
  • A specific control is a type of control that applies only to certain types of transactions or activities within an organization.
  • Data mining involves using statistical analysis to identify unusual transactions or patterns within large volumes of data.