Scribd
Upload
2 views

AUDITOR TECH

The document outlines various types of information systems including Integrated Auditing, Decision Support Systems, ERP, CRM, and specialized applications, emphasizing their roles in decision-making and data management. It also discusses batch and real-time processing, general and application controls, and two auditing methodologies: auditing around the computer and auditing through the computer. The focus is on ensuring data accuracy, integrity, and compliance within IT systems.

Uploaded by

rdom87617
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
2 views

AUDITOR TECH

The document outlines various types of information systems including Integrated Auditing, Decision Support Systems, ERP, CRM, and specialized applications, emphasizing their roles in decision-making and data management. It also discusses batch and real-time processing, general and application controls, and two auditing methodologies: auditing around the computer and auditing through the computer. The focus is on ensuring data accuracy, integrity, and compliance within IT systems.

Uploaded by

rdom87617
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

Integrated Auditing

To provide managers with reports and tools to support decision-making. It focuses on


summarizing and analyzing transaction data.

Examples: Business intelligence dashboards, financial reporting tools.

3. Decision Support Systems (DSS)

Interactive systems used for problem-solving and decision-making. It often includes data
modeling, "what-if" analysis, and predictive analytics.

Examples: Budgeting software, forecasting tools, supply chain analytics.

4. Enterprise Resource Planning (ERP) Systems

Integrated systems that manage core business processes like finance, HR, manufacturing, and
supply chain in one platform.

Examples: SAP, Oracle, Microsoft Dynamics.

5. Customer Relationship Management (CRM) Systems

Systems that manage customer data, interactions, and relationships.

Often used in marketing, sales, and customer support.

Examples: Salesforce, HubSpot

6. Specialized Application Systems

Systems designed for specific industries or business needs.

Examples: Healthcare management systems, banking software, or logistics platforms.

7. Cloud-Based Systems

Systems hosted online, accessible via the internet, and managed by third-party providers.

Examples: Google Workspace, Amazon Web Services (AWS) platforms.

8. Embedded Systems

Systems built into hardware devices to perform specific functions.

Examples: Manufacturing automation systems.

9. Database Management Systems (DBMS)

Systems that store and manage data for access by other applications or users.

Examples: SQL Server, Oracle Database.


10. Networked Systems

Systems connected through local or wide-area networks to facilitate communication and


resource sharing.

Examples: Intranets, VPNs, and cloud networks.

Batch and Real-time Processing

In a CIS audit, batch processing and real-time processing refer to how data is handled within computer
systems.

Batch Processing

Definition: Data is collected, grouped, and processed at a scheduled time or in large batches, not
immediately after each transaction.

Example: Payroll systems that process employee salaries at the end of a pay period.

Audit Focus: Ensuring the accuracy and completeness of data in the batch, verifying controls like
error handling and reconciliation.

Real-Time Processing

Definition: Data is processed immediately as transactions occur, providing instant updates to


records or systems.

Example: ATM withdrawals or online banking transactions.

Audit Focus: Ensuring real-time systems process data accurately, maintaining data integrity, and
implementing proper access controls to prevent fraud or errors.

General and Application Controls

General controls- apply to the overall IT environment and ensure all systems function properly. They
include access controls to allow only authorized users (e.g., passwords and multi-factor authentication),
change management to oversee and approve system updates, and data backup and recovery to protect
against data loss. Physical security safeguards IT equipment from unauthorized access or damage, while
IT governance ensures IT operations align with business goals through proper policies and procedures.

Audit Focus:

-Verifying that general controls prevent unauthorized access, maintain data integrity, and
support system availability.

-Assessing the effectiveness of backup, disaster recovery, and incident response processes.
Application Controls- as what I have learned, it focuses on specific software or systems to ensure data is
accurate, complete, and properly processed. These include input controls to check data accuracy during
entry, processing controls to ensure correct handling of data, and output controls to verify accurate and
complete reports. Authorization controls ensure only approved transactions are processed, while
integrity controls protect data from corruption or errors during storage and processing.

Audit Focus:

-Evaluating whether application controls ensure data is entered, processed, and output
accurately.

-Reviewing the alignment of application controls with organizational policies and user
requirements.

Key Difference

General Controls: Broad, system-wide; focus on the IT environment and its overall governance.

Application Controls: Specific, transaction-focused; ensure the accuracy of data within particular
applications.

In the Computer Information Systems (CIS) audit environment, the methodologies used to
evaluate the integrity, security, and accuracy of IT systems are critical. Two common approaches are
auditing around the computer and auditing through the computer. These methods differ in their focus,
scope, and depth of analysis, but both aim to assess the reliability of systems in supporting financial and
operational processes.

Auditing Around the Computer

Auditing around the computer involves evaluating the inputs and outputs of a system without
examining its internal processes or logic. In this approach, the auditor focuses on verifying that the data
entered into the system (inputs) aligns with the results produced (outputs). The underlying assumption
is that if the outputs are accurate and consistent with the inputs, the system's processing can be trusted.

For example, an auditor may review employee timesheets (inputs) and compare them to payroll
reports (outputs) to confirm that salaries are calculated correctly. However, this method does not
involve checking the software's algorithms, controls, or logic that processes the data.

While auditing around the computer is straightforward and less time-consuming, it has limitations. It
may fail to detect errors or fraud within the system’s processing logic, making it less suitable for
complex or highly automated environments. As a result, this approach is often used when the system’s
reliability is already well-established or when resources are limited.

Auditing Through the Computer


In contrast, auditing through the computer involves a deeper analysis of the system's internal
workings, including its processing logic, controls, and data flows. The auditor examines how data is
processed within the system to ensure accuracy, completeness, and compliance with established
controls.

This method often includes using tools like test data, which is input into the system to observe
how it processes transactions. Additionally, auditors may use embedded audit modules, specialized
software, or system walkthroughs to evaluate the system’s performance and identify potential
weaknesses.

For example, in a financial system, the auditor may test how the system handles unusual
transactions or how access controls prevent unauthorized changes to financial records. This approach
provides a more comprehensive understanding of the system's reliability and is particularly effective for
modern, automated environments where significant data processing occurs within the system.

You might also like