+ All Categories
Home > Economy & Finance > Pp 17-new

Pp 17-new

Date post: 19-Jul-2015
Category:

Economy & Finance
Upload: sri-apriyanti-husain
View: 54 times
Download: 0 times
Download Report this document
Share this document with a friend
Popular Tags:
accessible website
8e2013 cengage learning
application controls
maintenance activities
program changes
program modules
audit tests relevant
substantive tests
26
Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Accounting Information Systems, 8e James A. Hall Chapter 17 IT Controls Part III: Systems Development, Program Changes, and Application Controls
Transcript
Page 1: Pp 17-new

Hall, Accounting Information Systems, 8e

©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

Accounting Information Systems, 8e

James A. Hall

Chapter 17

IT Controls Part III:

Systems Development,

Program Changes, and

Application Controls

Page 2: Pp 17-new

Hall, Accounting Information Systems, 8e

©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

Objectives for Chapter 17

Be familiar with the controls and audit tests relevant to the systems development process.

Understand the risks and controls associated

with program change procedures and the role

of the source program library.

Understand the auditing techniques (CAATTs)

used to verify the effective functioning of

application controls.

Understand the auditing techniques used to

perform substantive tests in an IT

environment.2

Page 3: Pp 17-new

Hall, Accounting Information Systems, 8e

©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

Systems Development Controls

Controllable activities that distinguish an effective

systems development process include:

Systems authorization

User specification

Technical design

Internal audit participation

Program testing

User test and acceptance procedures

3

Page 4: Pp 17-new

Hall, Accounting Information Systems, 8e

©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

Auditor’s objectives

The auditor’s objectives are to ensure that

all systems development activities are applied consistently and follow management’s policies

system as originally implemented was free from material errors and fraud

system was judged necessary and justified at checkpoints throughout the SDLC, and

system documentation is sufficiently accurate and complete to facilitate audit and maintenance activities.

4

Page 5: Pp 17-new

Hall, Accounting Information Systems, 8e

©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

Tests of Systems Development

Controls New systems must be authorized.

Feasibility studies were conducted.

User needs were analyzed and addressed.

Cost-benefit analysis was done.

Proper documentation was completed.

All program modules must be thoroughly tested before they are implemented.

Checklist of problems was kept.

5

Page 6: Pp 17-new

Hall, Accounting Information Systems, 8e

©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

System Maintenance Controls

Last, longest and most costly phase of

systems development

Up to 80-90% of entire cost of a

system

All maintenance actions should require

Technical specifications

Testing

Documentation updates

Formal authorizations for any changes6

Page 7: Pp 17-new

Hall, Accounting Information Systems, 8e

©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

Program Change

Audit objectives: detect unauthorized

program maintenance and determine

that...

maintenance procedures protect

applications from unauthorized changes

applications are free from material errors

program libraries are protected from

unauthorized access

7

Page 8: Pp 17-new

Hall, Accounting Information Systems, 8e

©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

Source Program Library

Source program library (SPL)

library of applications and software

place where programs are

developed and modified

once compiled into machine

language, no longer vulnerable

8

Page 9: Pp 17-new

Hall, Accounting Information Systems, 8e

©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

Uncontrolled Access to the SPL

9

Figure 17-2

Page 10: Pp 17-new

Hall, Accounting Information Systems, 8e

©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

Controlled SPL Environments

SPL Management Systems (SPLMS)

protect the SPL by controlling the

following functions:

storing programs on the SPL

retrieving programs for maintenance

purposes

deleting obsolete programs from the

library

documenting program changes to

provide an audit trail of the changes

10

Page 11: Pp 17-new

Hall, Accounting Information Systems, 8e

©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

Source Program Library under the

Control of SPL Management Software

11

Figure 17-3

Page 12: Pp 17-new

Hall, Accounting Information Systems, 8e

©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

SPL Control Features

Password control

Separation of test libraries

Audit trails

Reports that enhance management

control and the audit function

Assigns program version numbers

automatically

Controlled access to maintenance

commands 12

Page 13: Pp 17-new

Hall, Accounting Information Systems, 8e

©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

Program Change

Auditing procedures: verify that

programs were properly maintained,

including changes

Specifically, verify…

identification and correction of

unauthorized program changes

identification and correction of application

errors

control of access to systems libraries

13

Page 14: Pp 17-new

Hall, Accounting Information Systems, 8e

©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

Testing Application Controls

Techniques for auditing applications

fall into two classes:

1. testing application controls – two

general approaches:

– black box – around the computer

– white box – through the computer

2. examining transaction details and

account balances—substantive

testing14

Page 15: Pp 17-new

Hall, Accounting Information Systems, 8e

©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

Auditing Around the Computer -

The Black Box Approach

15

Figure 17-9

Page 16: Pp 17-new

Hall, Accounting Information Systems, 8e

©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

Auditing through the Computer:

The ITF Technique

16Figure 17-14

Page 17: Pp 17-new

Hall, Accounting Information Systems, 8e

©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

Testing Application Controls

Black Box Approach – focuses on

input procedures and output results

To Gain need understanding…

analyze flowcharts

review documentation

conduct interviews

17

Page 18: Pp 17-new

Hall, Accounting Information Systems, 8e

©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

Testing Application Controls

Auditing through-the-computer

focuses on understanding the internal logic of processes between input and output Common tests

• Authenticity tests

• Accuracy tests

• Completeness tests

• Redundancy tests

• Access tests

• Audit trail tests

• Rounding error tests18

Page 19: Pp 17-new

Hall, Accounting Information Systems, 8e

©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

Audit Testing Techniques

Test data method: testing for logic or control

problems - good for new systems or systems

which have undergone recent maintenance

base case system evaluation (BCSE) - using a

comprehensive set of test transactions

tracing - performs an electronic walkthrough of

the application’s internal logic

Test data methods are not fool-proof

a snapshot - one point in time examination

high-cost of developing adequate test data

19

Page 20: Pp 17-new

Hall, Accounting Information Systems, 8e

©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

Audit Testing Techniques

Integrated test facility (ITF): an

automated, on-going technique that

enables the auditor to test an

application’s logic and controls during

its normal operation

Parallel simulation: auditor writes

simulation programs and runs actual

transactions of the client through the

system20

Page 21: Pp 17-new

Hall, Accounting Information Systems, 8e

©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

The Parallel Simulation Technique

21

Figure 17-11

Page 22: Pp 17-new

Hall, Accounting Information Systems, 8e

©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

Substantive Testing

Techniques to substantiate account balances. For example:

search for unrecorded liabilities

confirm accounts receivable to ensure they are not overstated

Requires first extracting data from the system. Two technologies commonly used to select, access, and organize data are:

embedded audit module

generalized audit software

22

Page 23: Pp 17-new

Hall, Accounting Information Systems, 8e

©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

Embedded Audit Module

An ongoing module which filters out non-

material transactions

The chosen, material transactions are

used for sampling in substantive tests

Requires additional computing resources

by the client

Hard to maintain in systems with high

maintenance

23

Page 24: Pp 17-new

Hall, Accounting Information Systems, 8e

©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

Embedded Audit Module Technique

24Figure 17-12

Page 25: Pp 17-new

Hall, Accounting Information Systems, 8e

©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

Generalized Audit Software

Very popular & widely used

Can access data files & perform

operations on them:

screen data

statistical sampling methods

foot & balance

format reports

compare files and fields

recalculate data fields

25

Page 26: Pp 17-new

Hall, Accounting Information Systems, 8e

©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

Using GAS to Access

Complex File Structure

26

Figure 17-14


Recommended
Objective 16-17, Capnography PP

Objective 16-17, Capnography PP

Documents

New literacies pp

New literacies pp

Education

Chapter 17 2 Pp

Chapter 17 2 Pp

News & Politics

Ch. 17 4 pp

Ch. 17 4 pp

Education

Wilson’s New Freedom Section 17-5 pp. 538-543. Preview Questions.

Wilson’s New Freedom Section 17-5 pp. 538-543. Preview Questions.

Documents

Literature Pp NEW

Literature Pp NEW

Documents

Tina New Pp

Tina New Pp

Documents

17.PP Pelatihan Panelis

17.PP Pelatihan Panelis

Documents

Sae Pp New

Sae Pp New

Business

Book - Chapter 17 PP

Book - Chapter 17 PP

Documents

Kreps Chapter 2 Pp 7-17

Kreps Chapter 2 Pp 7-17

Documents

04_28.1_Ford & Goodwin pp 17-30.pdf

04_28.1_Ford & Goodwin pp 17-30.pdf

Documents

Idel, Methodological Observations, in Kabbalah New Perspective, pp. 17-35.

Idel, Methodological Observations, in Kabbalah New Perspective, pp. 17-35.

Documents

A New Fresh Spring (Pp Tminimizer) (Pp Tminimizer) (1)

A New Fresh Spring (Pp Tminimizer) (Pp Tminimizer) (1)

Art & Photos

Cables & Connectivity Products ...Composite Video Cables (Yellow RCA Connector) pp. 17 Component Video Cables (Red/Green/Blue RCA Connectors) pp. 17 S-Video Cables pp. 17 RG59 Coaxial

Cables & Connectivity Products ...Composite Video Cables (Yellow RCA Connector) pp. 17 Component Video Cables (Red/Green/Blue RCA Connectors) pp. 17 S-Video Cables pp. 17 RG59 Coaxial

Documents

Lesson 17 pp

Lesson 17 pp

Entertainment & Humor

New pp chip

New pp chip

Business

PP NEW PATTERN

PP NEW PATTERN

Documents