A systematic process of objectively obtaining and evaluating evidence regarding assertions about economic actions to ascertain the degree of correspondence between those assertions and established criteria and communicating the results to interested users.
Examines the reliability and integrity of accounting records and correlates with the first of the five scope standards. (p.307)
Information Systems/Internal Control Audit
Reviews the controls of an AIS to assess its compliance with internal control policies and procedures and its effectiveness in safeguarding assets. Its scope roughly corresponds to the IIA's second and third standards.
Concerned with the economical and efficient use of resources and the accomplishment of established goals and objectives. Its scope corresponds to the fourth and fifth standards.
The risk that a material misstatement will get through the internal control structure and into the financial statements.
The risk that auditors and their audit procedures will not detect a material error or misstatement.
A reasonable assurance that no material error exists in the information or process audited.
Reviewing system documentation and interviewing appropriate personnel to determine if the necessary procedures are in place.
Using a verified copy of the source code to reprocess data and compare its output with the company's actual output.
An auditor writes a program to compare with the company's results to verify the correctness of data.
Concurrent Audit Techniques
Continually monitor the system and collect audit evidence while live data are processed during regular operating hours.
Examines the way transactions are processed. Audit modules track selected transactions and their master file records before and after processing.
System Control Audit Review File (SCARF)
Uses embedded audit modules to continuously monitor transaction activity and collect data on transactions with special audit significance.
"A log containing transactions generated by SCARF, containing transactions with special audit significance."
When audit hooks are used and auditors are informed of questionable transactions as they occur.
Continuous and Intermittent Simulation (CIS)
Embeds an audit module in a database management system. It examines all transactions that update the database using criteria similar to those of SCARF.
Automated Flowcharting Programs
Interpret program source code and generate a corresponding program flowchart.
Search a program for occurrences of a specified variable name or other character combinations.
Input Controls Matrix
Documents the review of source data controls. It shows the control procedures applied to each field of an input record.
Information Systems Audits Objectives
"Overall security, Program development and acquisition, Program modification, Computer processing, Source data, Data files"