Information System Auditing - Essay Example

Information System Auditing Information System Auditing Introduction The paper aims at presenting guidelines on how to ensure prompt and accurate servicing of transactions as a result of developing audit systems. Information system audit refers to the computerized elements of an accounting information system. Audit tests are of the following basic types: control tests-determine the accuracy of the internal controls and substantive tests-determine the fairness of the data in reflection to financial affairs of the organization (Alderson, 1993). Basically, this paper will provide guidelines or explanations on the importance of effective use of information systems in auditing. I. CHAPTER 4, PROBLEM 5 SYSTEM CONFIGURATION The following is the way databases and data communications facilities can be configured for First State Bank: The configuration will entail a hybrid of centralized and decentralized processing. Since customers should be at a position to bank at any of the 11 branches, cash withdrawal transactions from each branch should be centrally processed and the customer databases updated. Deposits of cash and checks and payment of customers’ bills can be stored on remote computers, with the data being sent to the mainframe periodically. Banks tend to be more concerned with the promptness in recording cash withdrawals than cash receipts. Thus, the data representing the payment of customers’ bills may be sent to the mainframe computer four to six times a day for updating, while deposits of cash may be transmitted only twice a day. The payroll accounts can be stored and processed on the remote computers because these accounts do not have ATM cards. The mainframe at the main office can process more efficiently if a front-end processor is used to relieve the mainframe of data communication processes. A common-carrier network is probably a good communication medium, but the data should be encrypted. The individual teller terminals should be connected to the remote main computer via dumb terminals. The tellers should not have any reason to download data regarding customer accounts (Botha & Boon, 2003). CHAPTER 5, PROBLEM 12 AUDIT SYSTEMS DEVELOPMENT A. THE IMPORTANCE OF THE SIX ACTIVITIES IN PROMOTING EFFECTIVE CONTROL. The following is a discussion on the significance of each of the activities in endorsing effective control: 1. Activities in Systems Authorization This is done to ensure their economic validation and feasibility. A formal environment is required in which users present their written requests to system professionals. 2. Activities for User Specification The systems development process requires active involvement of users. The involvement by the user must not be stifled by the system’s technical complexity. The technology used notwithstanding, the users should create detailed written descriptions pertaining to their requirements. It takes joint efforts of the user and systems professionals to come up with a user specification document. However, this document will have to remain a statement of user requirements. The users view of the problem should be described and not that of the system professionals (Botha, 2000). 3. Activities for Technical Design The activities for technical design translate user specifications into a set of well elaborated specifications which pertain to the technicals for a system meeting the user’s requirements. Systems analysis, feasibility analysis and detailed systems design are the scope of these activities. The quality of the documentation emerging from each phase is reflected from the adequacy pertaining to these activities. 4. Participation of Internal Audit An organization’s internal audit department requires independence, objectivity and technical qualification in order to meet the governance-related expectations of management. Therefore, the internal auditor is at a position to play critical role in systems control partaining to the activities in development (Davis, 2005). B. TESTS CONTROLS IN MEETING AUDIT OBJECTIVES 1. Program Testing There must be a thorough test of all of the program modules before implementation. The results of the tests are then compared to other previous tests to determine the level of accuracy. 2. Testing Computer Applications Application controls is the last area of exposure to be considered. There are two categories of application controls: application controls tests and transaction details and account balances tests. Auditors regularly encountered “black box” which they did not understand when computerized systems of accounting first made their way into the business world. Much of the data was processed after which they were requested to voice views (Hoelzer, 2009). At first, by observing input and output, they conducted an audited around the computer inspection for mutual consistency. However, it was inefficient no matter how adequate it was. There was also hampering of the evaluation of the internal control system. Tracing audit trails through the automated parts of the system proved impossible. Auditing around the computer may not have been acceptable if an application had a material effect on the financial statements. Auditing through the computer is the name given to the second approach of auditing computer systems. The capability of tracing paths of transaction from input to output manual and automated system is required (Hoelzer, 2009). Data flow that moves through the system has to be verified while the contents of machine and readable files have to be examined. As they operate on the data, the internal controls are tested. Since the black box is gone, the current trend is towards computer auditing, which uses the computer as an audit tool. Many procedures have been made feasible due to the use of computers. From a clerical standpoint, these procedures would have otherwise been impractical. It is necessary for practicing auditors to have extensive and up-to-date computer system knowledge. The major problem created by this method is the difficulty to remain updated on technological changes. As a result, new demands for continuing professional education have come up (Hoelzer, 2009). A. The White Box Approach This is auditing through the computer to contrast it to the “black box approach.” The purpose of these different tests is to assist in the appreciation of the concerns faced by an auditor (Hoelzer, 2009). B. White Box Testing Techniques Five proven procedures are stated: Test data method Base case system evaluation Tracing Integrated test facility Parallel simulations These are very complex techniques. One should focus on the most essential purpose, the first three being the variations of the same method which all work through the computer, while the last two incorporates the computer as an auditing tool (Davis, 2005). C. The Integrated Test Facility The integrated test facility builds the systems audit ability. Both the controls and the application’s logic are tested during normal operations. The computer is now part of the audit process since it is being done with it (Hoelzer, 2009). D. Parallel Simulation Parallel simulation is an imitation of the application which is under review. It should be written in a way in which it performs the same steps as the application to compare the results. If the “real” system and the parallel yield the same output, one would have confidence in the feasibility of the “real” system if both the real and the parallel system yield similar output. Substantive Testing Techniques Substantive tests are the second main audit test types after the tests of controls. Substantive tests are used in verifying the money on the financial statements and in the accounts. There must be ways to get at it since these tests evaluate the data in the system (Hoelzer, 2009). A. The Imbedded Audit Module This is a set of specially written computer instructions which are built into the client software in order to obtain specified types of data which can be used later for testing. B. Generalized Audit Software This refers to a number of programs which are developed as tools for auditors. Many public accounting firms have produced these packages as a result of the need to repeatedly perform basic tasks in auditing (Hoelzer, 2009). The paper has looked into the whole concept of internal auditing so as to add value and improve the way any given organization operates. The information here equips an organization to accomplish its objectives by providing case scenarios with a disciplined approach and systematic ways and procedures of evaluation, management of risks, control and improving the effectiveness of governance processes (Davis, 2005). CHAPTER 6, PROBLEM 23 XBRL a) THE CURRENT STATE OF XBRL AND ITS APPROPRIATENESS FOR INTERNAL REPORTING PROJECTS This technology is appropriate since XBRL is characteristically used in aggregated financial data reporting. XBRL is also applicable in communicating information regarding individual transactions and internal business units. The data needs to be organized to make it useful to others and it should also be labeled, and reported in a generally acceptable manner. Mapping the organization’s internal data to XBRL taxonomy elements will be involved in order to come up with a document which is an XBRL. Companies internally using native-XBRL database technology as their main platform for information storage can speed the process of reporting. XBRL documents can be imported into internal databases and analysis tools in order to significantly facilitate decision making. B) ENHANCEMENTS TO BE REALIZED BY USING XBRL The financial community can be provided with a method which is standardized that can be incorporated for the preparation, publishing and automatic exchange of financial information which includes that of companies which are publicly held. XBRL information can be put on internet servers for the purpose of internal use. They can be placed on an internet so as to circulate to customers or trading partners. XBRL is fast and very accurate XBRL can be used to back up information hence avoiding data loss XBRL enhances or promotes standardization. C). DATA INTEGRITY, INTERNAL CONTROL AND REPORTING CONCERNS ASSOCIATED WITH XBRL So as to ensure the correct generation of XBRL taxonomies, controls have to be designed and in place and there is a need to establish independent verification procedures to validate the instance documents, thus ensuring that appropriate application of taxonomy and tags before posting to Web servers. In addition, there has to be an assessment of audit scope and its implementation with respect to these documents (Swash, 1997). Conclusion The above discussion clearly outlines the importance of information systems in financial auditing. The first part addresses the ways in which data systems in a bank can be clearly configured to facilitate proper and easy auditing of its financial records. Part two of the paper concentrates on the issue of audit systems development, and basically discusses the importance of various information systems in promoting effective auditing. The last question discusses the current state of XBRL, and goes ahead to discuss its appropriateness for internal reporting projects and all this information is very critical in understanding and improving auditing systems. References Alderson, P. (1993). Managing the costs of on-line information. Best’s review (Life/Health), 94 (3), 74–78. Botha, H., & Boon, J. A. (2003). The Information Audit: Principles and Guidelines. Libri, 53, 23–38. Botha, H. (2000). The information audit: principles and guidelines. Unpublished Master’s dissertation. Pretoria: University of Pretoria. Davis, R. E. (2005). IT Auditing: An Adaptive Process. Mission Viejo: Pleier Corporation. Hoelzer, D. (2009). Audit Principles, Risk Assessment & Effective Reporting. London: SANS Press. Swash, G. D. (1997). The information audit. Journal of managerial psychology, 12 (5), 312– 318. Read More