Auditing-CIS Environemnt

CIS environment exists when a computer of any type or size is involved in the processing by the entity of financial information of significance to the audit, whether that computer is operated by the entity or by a third party.

The auditor should consider how a

CIS environment affects the audit.

The use of a computer changes the processing, storage and communication of financial information and may affect the accounting and internal control systems employed by the entity.

A CIS environment changes the overall objective and scope of an audit.

General Standards

Reporting Standards

Second Standard of Field Work

Standards of Fieldwork

The auditor needs to obtain a

sufficient understanding of the accounting and internal control system affected by the CIS environment.

The auditor needs to determine the effect of the CIS environment on the assessment of overall risk and of risk at the account balance and class of transactions level.

Design and perform appropriate tests of controls and substantive procedures.

The need of the auditor to make analytical procedures during the completion stage of audit

Threshhold

Relevance

Complexity

Significance

Transactions are exchanged electronically with other organizations without manual review of their propriety.

The volume of the transactions is such that users would find it difficult to identify and correct errors in processing.

The computer automatically generates material transactions or entries directly to another applications.

The system generates a daily exception report

Lack of segregation of functions.

Lack of transaction trails.

Dependence of other control over computer processing.

Cost-benefit ratio

Errors embedded in an application program logic maybe difficult to manually detect on a timely basis.

Many control procedures that would ordinarily be performed by separate individuals in manual system maybe concentrated in CIS.

The potential unauthorized access to data or to alter them without visible evidence maybe greater.

Initiation of changes in the master file is exclusively handled by respective users

Compact disk

Tapes

Diskettes

Hard disk

More physical examination and confirmation of assets.

More analytical procedures than tests of details

Larger sample sizes.

Greater use of computer-assisted

audit techniques, where appropriate.

Using secret file names and hiding the files

Keeping of back up copies offsite

Employing passwords

Segregating data into files organized under separate file directories