Overview of Auditing in a CIS Environment

Introduction
• AUDITORS WILL AUDIT AROUND THE COMPUTER BY REVIEWING AND EXAMINING
SOURCE DOCUMENT
• REGARDLESS OF THE EXTENT OF COMPUTERIZATION OR THE METHODS OF DATA
PROCESSING BEING USED, THE AUDITORS RESPONSIBILITY IS TO OBTAIN AN
UNDERSTANDING OF THE ENTITY’S INTER CONTROL SYSTEM TO BE ABLE TO ASSESS
CONTROL RIST AND DETERMINE THE NATURE TIMING AND EXTENT TEST TO BE
PERFORMED

Objectives
1. The purpose of this Standard is to establish standards and provide guidance on procedures to
be followed when an audit is conducted in a computer information systems (CIS) environment.
2. The auditor should consider how a CIS environment affects the audit.
3. The overall objective and scope of an audit does not change in a CIS environment.

1.1. Theoretical Background

CIS environment exist when a computer of any type or size is involved in the processing by the
entity of financial information of significance to the audit, whether
that computer is operated by the entity or by a third party.

1.2. The Information System

Information System
 Is an academic study of systems with a specific reference to information and the
complementary networks of hardware and software that people and organizations use
to collect, filter, process, create and also distribute data. – Wikipedia
Computer Information System (CIS)
 Is a system composed of people and computers that processes or interprets information.

Characteristics of a Computer Information System

This study source was downloaded by 100000813109125 from CourseHero.com on 03-01-2022 05:26:46 GMT -06:00

https://www.coursehero.com/file/15333280/Overview-of-Auditing-in-a-CIS-Environment/
 • Lack of visible transaction trails
• Consistency of performance
• Ease of access to data and computer programs
• Concentration of duties
• Systems-generated transactions
• Vulnerability of data and program storage media

Types of Information System

1. Transaction Processing Systems (TPS)
2. Management Information Systems (MIS)
3. Decision Support Systems (DSS)
4. Executive Information Systems (EIS)

Types of Information System

1.3. TRANSACTION PROCESSING

This study source was downloaded by 100000813109125 from CourseHero.com on 03-01-2022 05:26:46 GMT -06:00

https://www.coursehero.com/file/15333280/Overview-of-Auditing-in-a-CIS-Environment/
 The Transaction Processing Information System
The information systems that support processes, mainly accounting and finance transaction,
with some sales, personnel and production activities as well.
• TYPE : operational- level
• INPUTS : transaction, events
• PROCESSING : updating
• OUTPUTS : detailed report
• USERS : operations personnel, supervisors
• DECISION- MAKING :highly structured

THE TRANSACTION PROCESSING CYCLES

• Data collection- the processing of capturing transaction related data
• Data editing- checking the validity, of data entered
• Data correction- implemented error found in the entered
• Data manipulation- processing transaction data
• Data storage- altering databases to reflect the transaction

THE TRANSACTION PROCESSING CYCLE

This study source was downloaded by 100000813109125 from CourseHero.com on 03-01-2022 05:26:46 GMT -06:00

https://www.coursehero.com/file/15333280/Overview-of-Auditing-in-a-CIS-Environment/
 ORIGINAL
DATA

DATA
COLLECTION

BAD DATA GOOD DATA

DATA EDITING

DATA
DATA MANIPULATION
CORRECTION

DATA STORAGE

DATA
PRODUCTION

TPS REPORTS

This study source was downloaded by 100000813109125 from CourseHero.com on 03-01-2022 05:26:46 GMT -06:00

https://www.coursehero.com/file/15333280/Overview-of-Auditing-in-a-CIS-Environment/
 THE PURPOSE OF TPS
1) To keep records about the state of the organization
2) To process transaction that affect the records
3) To produce outputs that reports on transaction that have occurred

1.4. Internal Control Concerns

Internal Control Procedures
• Authorization of Transactions
• Proper Segregation of Duties
• Independent Checking
Types of Internal Control Procedures
• General Controls
• Application Controls
General Controls
Control policies and procedures that relate to the overall computer information system.
1. Organizational Controls
2. Systems Development and Documentation Controls
3. Access Controls
4. Data Recovery Controls
5. Monitoring Controls

1. Organizational Controls
a) Segregation between the user and CIS Department

This study source was downloaded by 100000813109125 from CourseHero.com on 03-01-2022 05:26:46 GMT -06:00

https://www.coursehero.com/file/15333280/Overview-of-Auditing-in-a-CIS-Environment/
 b) Segregation of duties within the CIS Department

A. Segregation between the user and CIS Department

CIS Department User Department

- Independent - Initiates process transactions

- Process transaction - Computer files

B. Segregation of duties within the CIS Department

2. Systems Development and Documentation Controls

To ensure the computer programs are functioning as designed, the program must be tested and
modified, if needed by the user and CIS department.
3. Access Controls
Is any mechanism by which a system grants or revokes the right to access some data or perform
some action.
4. Data Recovery Controls

This study source was downloaded by 100000813109125 from CourseHero.com on 03-01-2022 05:26:46 GMT -06:00

https://www.coursehero.com/file/15333280/Overview-of-Auditing-in-a-CIS-Environment/
 Is the process of restoring data that has been lost, accidentally deleted, corrupted or made
inaccessible for any reason.
5. Monitoring controls
Are designed to ensure that CIS controls are working effectively planned
Application Controls
Are controls over the input, processing, and output functions. Ensuring that the input data is
complete, accurate and valid

Processing of Transaction – Three (3) Stages

1. Input Stage
2. Processing Stage
3. Output Stage

1.5. IT GOVERNANCE CONTROLS

Controls in CIS Environment
Impact on Internal Control environment
• An example of impact of Internal Control in CIS would be the application of IT Controls.
IT Control Components
IT controls encompass those processes that provide assurance for information and information
services and help mitigate the risks associated with an organization’s use of technology.
IT Governance Information technology (IT) governance
Is a relatively new subset of corporate governance that focuses on the management and
assessment of strategic IT resources.
IT Governance Controls: This controls focus on
1. Organizational structure of the IT function
2. Computer center operations
3. Disaster recovery planning

STRUCTURE OF THE INFORMATION TECHNOLOGY FUNCTION

This study source was downloaded by 100000813109125 from CourseHero.com on 03-01-2022 05:26:46 GMT -06:00

https://www.coursehero.com/file/15333280/Overview-of-Auditing-in-a-CIS-Environment/
 The organization of the IT function has implications for the nature and effectiveness of internal
controls, which, in turn, has implications for the audit.
Centralized Data Processing
Under the centralized data processing model, all data processing is performed by one or more
large computers housed at a central site that serves users throughout the organization.
Related Terms Database Administration
Centrally organized companies maintain their data resources in a central location that is shared
by all end users.
Data Processing
• It consists of the following organizational functions:
• data conversion
• computer operations; and
• the data library
Systems Development
Systems Development is responsible for analyzing user needs and for designing new systems to
satisfy those needs.
• Systems professionals
• Stakeholders
• End users

THE COMPUTER CENTER

The objective of this section is to present computer center risks and the controls that help to
mitigate risk and create a secure environment.
Audit Objective
The auditor should verify that management’s disaster recovery plan is adequate and feasible for
dealing with a catastrophe that could deprive the organization of its computing resources.

Conclusion
The Information System

This study source was downloaded by 100000813109125 from CourseHero.com on 03-01-2022 05:26:46 GMT -06:00

https://www.coursehero.com/file/15333280/Overview-of-Auditing-in-a-CIS-Environment/
 • Review of the system
• Compliance testing of CIS controls
• Substantive testing of computer based records

The nature of the risks and the internal control characteristics in CIS Environments
• Lack of transaction trails
• Uniform processing of transactions
• Lack of segregation of functions
• Potential for errors and irregularities
• Initiation or execution of transactions
• Dependence of other controls over computer processing
• Potential for increased management supervision
• Potential for the use of computer assisted audit techniques
Internal control concerns
• Security
• Transactions integrity
• Process alignment
IT Governance Controls
• To ensure sound internal control, program coding and program processing should be
separated
• Certain duties that are deemed incompatible in a manual system may be combined in a
computer-based information system environment

This study source was downloaded by 100000813109125 from CourseHero.com on 03-01-2022 05:26:46 GMT -06:00

https://www.coursehero.com/file/15333280/Overview-of-Auditing-in-a-CIS-Environment/
Powered by TCPDF (www.tcpdf.org)