Information Systems Auditing and Assurance
IT AUDITING is an innovative and cutting edge product, which provides students an understanding of how to audit accounting information systems, including such new and expanded coverage of enterprise systems, fraud and fraud detection topics as continuous online auditing. Its organization and its integration of ACL software within the package ensure a solid background in traditional auditing as well as in the auditing of accounting information systems. The combination of text and software...
Search in google:
Serving as a guide to ACL, which is included on a CD packaged with the book, this volume details the principles of auditing, assurance, and internal control and explains the use of computers in these endeavors. Chapters discuss data management systems, systems development and maintenance, networks and the internet, enterprise resource planning systems, computer-assisted auditing, CAATs, the revenue cycle, the expenditure cycle, ethics, and fraud detection. Hall teaches at Lehigh University. Singleton teaches at the University of Alabama at Birmingham. Annotation ©2004 Book News, Inc., Portland, OR
Chapter 1Auditing, Assurance, and Internal Control2Different Types of Audits3Internal Audits3Information Technology Audits3Fraud Audits4External/Financial Audits4External versus Internal Audits5What Is a Financial Audit?5Attest Services versus Assurance Services5Auditing Standards7A Systematic Process8Management Assertions and Audit Objectives8Obtaining Evidence8Ascertaining the Degree of Correspondence with Established Criteria9Communicating Results9Audit Risk9Audit Risk Components10Audit Risk Formula/Model11The Relationship Between Tests of Controls and Substantive Tests11What Is the Role of the Audit Committee?11What Is an IT Audit?12The IT Environment12The Structure of an IT Audit13Internal Control14Brief History of Internal Control15Modifying Assumptions17Exposures and Risk17The PDC Model19Statement on Auditing Standards No. 7821The Importance of the Internal Controls30General Framework for Viewing IT Risks and Controls30Summary32Chapter 2Computer Operations40Structuring the Information Technology Function41Centralized Data Processing41Segregation of Incompatible IT Functions43The Distributed Model47Controlling the DDP Environment52The Computer Center53Computer Center Controls54Disaster Recovery Planning57Fault Tolerance Controls64Operating Systems and System-Wide Controls65Operating System Security66Threats to Operating System Integrity67System-Wide Controls67Controlling Access Privileges67Password Controls68Controlling Against Malicious Objects and E-Mail Risks71Controlling Electronic Audit Trails75Personal Computer Systems77PC Operating Systems78PC Systems Risks and Controls79Summary84Chapter 3Data Management Systems92Data Management Approaches93The Flat-File Approach93The Database Approach95Centralized Database Systems97Database Management System97Users100The Database Administrator102The Physical Database104Three DBMS Models107Databases in a Distributed Environment114Centralized Databases114Distributed Databases116Concurrency Control118Controlling and Auditing Data Management Systems120Access Controls120Backup Controls125Summary130Chapter 4Systems Development and Maintenance Activities136Participants in Systems Development137Why Are Accountants and Auditors Involved with SDLC?137How Are Accountants Involved in the SDLC?138Information Systems Acquisition138In-House Development138Commercial Systems138The Systems Development Life Cycle141Systems Planning--Phase I142Systems Analysis--Phase II144Conceptual Systems Design--Phase III149System Evaluation and Selection--Phase IV153Detailed Design--Phase V161System Programming and Testing--Phase VI162System Implementation--Phase VII165Systems Maintenance--Phase VIII171Controlling and Auditing the SDLC172Controlling New Systems Development172Controlling Systems Maintenance174Summary181Chapter 5Networks, Internet, and E-Commerce192Networks193Types193Network Topologies194Architectures197Protocols198Components200Internet216Internet Types/Applications216Components217EDI218Electronic Commerce224Types224Components225Risks225Controlling Internet/E-Commerce227Controls228Audit Objectives237Audit Procedures239Summary240AppendixIssues of Increasing Importance to the Accounting Profession251Seals of Assurance251Privacy Violation253Audit Implications of XBRL254Continuous Auditing254Electronic Audit Trails255Confidentiality of Data255Authentication255Nonrepudiation255Certification Authority Licensing255Data Integrity256A Changing Legal Environment256Chapter 6Enterprise Resource Planning Systems258What Is an ERP?259ERP Core Applications260Online Analytical Processing262ERP System Configurations262OLTP versus OLAP Servers262Database Configuration266Bolt-On Software266Data Warehousing267Modeling Data for the Data Warehouse268Extracting Data from Operational Databases270Cleansing Extracted Data270Transforming Data into the Warehouse Model271Loading the Data into the Data Warehouse Database271Decisions Supported by the Data Warehouse273Supporting Supply Chain Decisions from the Data Warehouse273Risks Associated with ERP Implementation275Big Bang versus Phased-In Implementation275Opposition to Changes to the Business Culture276Choosing the Wrong ERP276Choosing the Wrong Consultant278High Cost and Cost Overruns279Disruptions to Operations280Implications for Internal Control and Auditing280Transaction Authorization280Segregation of Duties281Supervision281Accounting Records281Access Controls282Auditing the Data Warehouse283Summary284AppendixLeading ERP Products290SAP290J.D. Edwards293Oracle294PeopleSoft295BAAN296Chapter 7Computer-Assisted Audit Tools and Techniques298Application Controls298Input Controls299Processing Controls312Output Controls315Testing Computer Application Controls320Black-Box Approach320White-Box Approach320Computer-Aided Audit Tools and Techniques for Testing Controls323Test Data Method324The Integrated Test Facility327Parallel Simulation328Summary330Chapter 8CAATTs for Data Extraction and Analysis336Data Structures337Flat-File Structures337Hierarchical and Network Database Structures345Relational Database Structures346Embedded Audit Module357Disadvantages of EAMS359Generalized Audit Software360Using GAS to Access Simple Structures360Using GAS to Access Complex Structures361Audit Issues Pertaining to the Creation of Flat Files362ACL Software363Input File Definition363Customizing a View363Filtering Data364Stratifying Data365Statistical Analysis366Summary368Chapter 9Auditing the Revenue Cycle378Overview of Revenue Cycle Technologies378Batch Processing Using Sequential Files--Manual Procedures379Batch Processing Using Sequential Files--Automated Procedures383Batch Cash Receipts System with Direct Access Files388Real-Time Sales Order Entry and Cash Receipts390Revenue Cycle Audit Objectives, Controls, and Tests of Controls393Input Controls394Process Controls398Output Controls402Substantive Tests of Revenue Cycle Accounts404Revenue Cycle Risks and Audit Concerns404Understanding Data405Testing the Accuracy and Completeness Assertions408Testing the Existence Assertion414Testing the Valuation/Allocation Assertion418Summary420Chapter 10Auditing the Expenditure Cycle436Overview of Expenditure Cycle Technologies436Purchases and Cash Disbursement Procedures Using Batch Processing Technology437Reengineering the Purchases/Cash Disbursement System442Overview of Payroll Procedures446Expenditure Cycle Audit Objectives, Controls, and Tests of Controls450Input Controls450Process Controls455Output Controls460Substantive Tests of Expenditure Cycle Accounts462Expenditure Cycle Risks and Audit Concerns462Understanding Data463Testing the Accuracy and Completeness Assertions467Review Disbursement Vouchers for Unusual Trends and Exceptions468Testing the Completeness, Existence, and Rights and Obligations Assertions472Summary475Chapter 11Introduction to Business Ethics and Fraud494Ethics495What Is Business Ethics?495How Some Firms Address Ethical Issues496What Is Computer Ethics?499Fraud and Accountants503Factors that Contribute to Fraud505Financial Losses from Fraud506The Perpetrators of Fraud506The Underlying Problems509Sarbanes-Oxley Act511Anit-Fraud Profession512Summary513Chapter 12Fraud Schemes and Fraud Detection520Fraud Schemes520Fraudulent Statements521Corruption521Asset Misappropriation523Auditor's Responsibility for Detecting Fraud528Fraudulent Financial Reporting529Misappropriation of Assets529Auditor's Response to Risk Assessment530Response to Detected Misstatements Due to Fraud530Documentation Requirements531Fraud Detection Techniques531Payments to Fictitious Vendors531Payroll Fraud532Lapping Accounts Receivable533Summary535Glossary547Index557
