A systematic process of objectively obtaining and evaluating evidence regarding assertions about economic actions to ascertain the degree of correspondence between those assertions and established criteria and communicating the results to interested users.
Examines the reliability and integrity of accounting records and correlates with the first of the five scope standards. (p.307)
Information Systems/Internal Control Audit
Reviews the controls of an AIS to assess its compliance with internal control policies and procedures and its effectiveness in safeguarding assets. Its scope roughly corresponds to the IIA's second and third standards.
Concerned with the economical and efficient use of resources and the accomplishment of established goals and objectives. Its scope corresponds to the fourth and fifth standards.
The susceptibility to material risk in the absence of controls.
The risk that a material misstatement will get through the internal control structure and into the financial statements.
The risk that auditors and their audit procedures will not detect a material error or misstatement.
What is and is not important in a given set of circumstances.
A reasonable assurance that no material error exists in the information or process audited.
Reviewing system documentation and interviewing appropriate personnel to determine if the necessary procedures are in place.
Tests of Controls
Determine if procedures are satisfactorily followed.
Procedures that compensate for a control deficiency.
Using a verified copy of the source code to reprocess data and compare its output with the company's actual output.
An auditor writes a program to compare with the company's results to verify the correctness of data.
Test Data Generator Program
Automatically prepares test data based on program specifications.
Concurrent Audit Techniques
Continually monitor the system and collect audit evidence while live data are processed during regular operating hours.
Embedded Audit Modules
Segments of program code that perform audit functions.
Integrated Test Facility (ITF)
Places a small set of fictitious records in the master files.
Examines the way transactions are processed. Audit modules track selected transactions and their master file records before and after processing.
System Control Audit Review File (SCARF)
Uses embedded audit modules to continuously monitor transaction activity and collect data on transactions with special audit significance.
"A log containing transactions generated by SCARF, containing transactions with special audit significance."
Audit routines that flag suspicious transactions.
When audit hooks are used and auditors are informed of questionable transactions as they occur.
Continuous and Intermittent Simulation (CIS)
Embeds an audit module in a database management system. It examines all transactions that update the database using criteria similar to those of SCARF.
Automated Flowcharting Programs
Interpret program source code and generate a corresponding program flowchart.
Automated Decision Table Programs
Generate a decision table representing the program logic.
Search a program for occurrences of a specified variable name or other character combinations.
Identify unexecuted program code.
Sequentialliy prints all application program steps executed during a program run.
Input Controls Matrix
Documents the review of source data controls. It shows the control procedures applied to each field of an input record.
Information Systems Audits Objectives
"Overall security, Program development and acquisition, Program modification, Computer processing, Source data, Data files"