An IS auditor performing a review of application controls would evaluate the
Relevant to Foundation level Paper FAU and ACCA Qualification Papers F8 and P7 Show Specific aspects of auditing in a computer-based environmentInformation technology (IT) is integral to modern accounting and management information systems. It is, therefore, imperative that auditors should be fully aware of the impact of IT on the audit of a client’s financial statements, both in the context of how it is used by a client to gather, process and report financial information in its financial statements, and how the auditor can use IT in the process of auditing the financial statements. The purpose of this article is to provide guidance on following aspects of auditing in a computer-based accounting environment:
Exam questions on each of the aspects identified above are often answered to an inadequate standard by a significant number of students – hence the reason for this article. Dealing with application controls and CAATs in turn: APPLICATION CONTROLS Input controls Specific input validation checks may include: Format checks Range checks
Compatibility checks Validity checks Exception checks Sequence checks Control totals Check digit verification Processing controls
Output controls
Master file controls These include:
COMPUTER ASSISTED AUDIT TECHNIQUES (CAATs)
There are three classifications of CAATs – namely:
Dealing with each of the above in turn: Audit software Packaged programs Purpose written programs Enquiry programs Test data Integrated test facilities
Other techniques Other CAATs include: Embedded audit facilities (EAFs) Application program examination Summary Written by a member of the audit exam team Which of these are evaluated by an IS auditor while performing a review of the application controls?An IS auditor performing a review of application controls would evaluate the: impact of any exposures discovered. The PRIMARY advantage of a continuous audit approach is that it: allows the IS auditor to review and follow up on audit issues in a timely manner.
What are application controls in auditing?Application controls are automated process controls and are designed to protect the validity and integrity of business data in an organisation's application. An application controls audit examines and evaluates a number of data input, processing and output controls.
What is an application Control Review?—Application controls are those controls that pertain to the scope of individual processes or application systems in use. Application systems range from very small to Enterprise Resource Planning (ERP) systems.
Why does the IS auditor often review the system logs?By reviewing audit logs, systems administrators can track user activity, and security teams can investigate breaches and ensure compliance with regulatory requirements.
|