Scribd
Upload
57 views8 pages

Aud Cis Cpar

Uploaded by

Elizabeth Santos
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF or read online on Scribd
57 views8 pages

Aud Cis Cpar

Uploaded by

Elizabeth Santos
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF or read online on Scribd
You are on page 1/ 8
(OPA REVIEW SCHOOL OF THE PHILIPPINES, AT-8909 Manila AUDITING THEORY CPA Review AUDITING IN A CIS (IT) ENVIRONMENT 1, ACIS environment exists when a computer of any type or size is involved in the processing by the entity of financial information of significance to the audit, whether the computer is ‘operated by the entity or by a third party. 2. The overall objective and scope of an audit does not change in a CIS environment. 3, ACIS environment may affect: a, The procedures followed in obtaining a sufficient understanding of the accounting and Internal control systems. . The consideration of the inherent and control risk. cc. The design and performance of tests of controls and substantive procedures. 4, The auditor should have sufficient knowledge of the CIS to plan, direct, and review the work performed. 5, If specialized skills are needed, the auditor would seek the assistance of a professional possessing such skills, who may be either on the auditor's staff or an outside professional 6. Inplanning the portions of the audit which may be affected by the client's CIS environment, the auditor should obtain an understanding of the significance and complexity of the CIS activities and the availabilty of data for use in the audit, 7. When the CIS are significant, the auditor should also obtain an understanding of the CIS environment and whether it may influence the assessment of inherent and control risks. 8, The auditor should consider the CIS environment in designing audit procedures to reduce audit risk to an acceptably low level. The auditor can use either manual audit procedures, ‘computer-assisted audit techniques, or a combination of both to obtain sufficient evidential matter, RISK ASSESSMENTS AND INTERNAL CONTROL: ‘CIS CHARACTERISTICS AND CONSIDERATIONS, ‘Organizational Structure Characteristics of a CIS organizational structure includes: a, Concentration of functions and knowledge Although most systems employing CIS methods will include certain manual operations, ‘generally the number of persons involved in the processing of financial information is significantly reduced. b. Concentration of programs and data ‘Transaction and master fle data are often concentrated, usually in machine-readable form, either in one computer installation located centrally or in a number of installations istributed throughout the entity Nature of Processing The use of computers may result in the design of systems that provide less visible evidence than those using manual procedures. In addition, these systems may be accessible by a larger number (of persons. Page 1 of 12 Papes 2PAR - MANILA 9009 ‘System characteristics that may result from the nature of CIS processing include: a, Absence of input documents + Data may be entered directly into the computer system without supporting document, ‘In some on-line transaction systems, written evidence of individual data entry authorization (e.9., approval for order entry) may be replaced by other procedures, such as authorization controls contained in computer programs (e.g., credit limit approval). b. Lack of visible audit trat ‘The transaction tral may be partly in machine-readable form and may exist only for a limited periad of time (e.g., audit logs may be set to overwrite themselves after a period of time or when the allocated disk space is consumed) ¢. Lack of visible output Certain transactions or results of processing may not be printed, or only summary data may be printed. 4d, Ease of access to data and computer programs Data and computer programs may be accessed and altered at the computer or through the Use of computer equipment at remote locations. Therefore, in the absence of appropriate ‘controls, there is an increased potential for unauthorized access to, and alteration of, data {and programs by persons inside or outside the entity. Design and Procedural Aspects ‘The development of CIS will generally result in design and procedural characteristics that are

You might also like