Reference no: EM132529317 , Length: word count:2500
Part 1. Effectively auditing an AIS allows an auditor to have some knowledge of the machines and their accounting applications. However, every auditor increasing not be a computer expert. Discuss to what degree auditors should have the technical skills to be effective auditors.
Since most organizations make extensive use of computer-based systems in processing data, it is essential that computer expertise be available in the organization's audit group. Such expertise should include:
a. Extensive knowledge of computer hardware, software, data communications, and accounting applications
b. A detailed understanding of appropriate control policies and procedures in computer systems
c. An ability to read and understand system documentation
d. Experience in planning computer audits and in using modern computer assisted auditing tools and techniques (CAATTs).
Not all auditors need to possess expertise in all of these areas. However, there is certainly some minimum level of computer expertise that is appropriate for all auditors to have. This would include:
i. An understanding of computer hardware, software, accounting applications, and controls.
ii. The ability to examine all elements of the computerized AIS
iii. The ability to use the computer as a tool to accomplish these auditing objectives.
Part 2. Currently no Al Madina staff have expertise in auditing. Al madina may (a) train some of its computer experts in auditing to staff its new internal audit feature, (b) recruit professional auditors and train them to understand Al madina's information system, (c) use a combination of the first two approaches or (d) seek a different approach. Which approach would you support, and why?
The most effective auditor is a person who has training and experience as an auditor and training and experience as a computer specialist. However, few people have such an extensive background, and personnel training and development are both expensive and time consuming.
Berwick may find it necessary to accept some tradeoffs in staffing its audit function. Since auditors generally work in teams, Berwick should probably begin by using a combination of the first two approaches. Then, as audit teams are created for specific purposes, care should be taken to ensure that the members of each audit team have an appropriate mix of skills and experience.
Part 3. As an internal auditor for the Fast Manufacturing Group, you are taking part in the company's AIS audit. You've checked the computer system's internal controls, which handle much of the accounting applications. You also reviewed detailed documentation of structures at the organization.To complete the structured internal computer control questionnaire, you interviewed the information system manager, the operations supervisor, and other employees. You communicate to your boss that a effective collection of robust internal controls has been developed by the organization into its computer systems.He thanks you for your efforts and asks for a summarized report of your results to be included in an overall final report on internal controls in accounting.Did you forget about an important phase in the audit? Please clarify. List five examples of different audit procedures that may be recommended before a decision is reached.
The important audit step that has not been performed is tests of controls (sometimes called compliance tests). A system review only tells the auditor what controls are prescribed. Tests of controls allow the auditor to determine whether the prescribed controls are being adhered to and they are operating effectively.
Examples of audit procedures that would be considered tests of controls are:
• Observe computer operations, data control procedures, and file library control procedures.
• Inquiry of key systems personnel with respect to the way in which prescribed control procedures are interpreted and implemented. A questionnaire or checklist often facilitates such inquiry.
• Review a sample of source documents for proper authorization.
• Review a sample of on-line data entries for authorization.
• Review the data control log, computer operations log, file librarian's log, and error log for evidence that prescribed policies are adhered to.
• Test data processing by submitting a set of hypothetical transactions and comparing system outputs with expected results.
• Trace selected transactions through the system and check their processing accuracy.
• Check the accuracy of a sample of batch totals.
• Review system operating statistics.
• Use a computer audit software package to edit data on selected master files and databases.
Part 4. Mr. Thomas founded Techvantage, Inc. in 2002, a small, 75-employee company that manufactures and sells wireless keyboards and other devices to retailers from its Little Rock, Arkansas manufacturing plant. Techvantage saw a significant increase in revenue in its first 2 years in operation, and was unable to keep up with demand at current capacity. The company expanded its manufacturing facilities to succeed. The new plant expanded to 250 workers. Techvantage has paid little attention to the internal control procedures during this time of expansion.
Recently systems issues and hardware failures have recently triggered a crash in the operating system. Mr. Thomasl was deeply worried that sensitive business information was printed on the printers due to these crashes.It has also removed essential digital documents from storage devices. Malicious programs like viruses, worms, and trojan horses plagued the organization, causing severe corruption in data. company has dedicated substantial funds and resources to repairing the harm done to its operating system.The system administrators and programmers have provided users with fairly free access to the operating system due to the need to get the job done, as well as for philosophical reasons.Restricting access has been found inhibiting enterprise and preventing recovery from network failures. An open approach was seen from the beginning as an easy and successful way of ensuring that everybody received the knowledge they needed to perform their jobs.
Required
a. What internal control problems do you find?
b. How can MM improve internal controls
Part 5. Which control(s) would best mitigate the following threats? Discuss in detail (10 marks)
a) In a payroll transaction record the hours-worked area represented the value 400 instead of 40. As a result the employee received a $6,257.24 paycheck instead of $654.32 paycheck.
A limit check on hours worked. The limit would have to be higher than 40 (such as 55 - or whatever the company deemed appropriate) to allow for overtime, but would certainly catch the extra 0 added to the 40 hours worked.
b) The digit 0 in a $204 payment was incorrectly written as the letter "O" during the processing of customer payments. As a result, the transaction was not handled correctly and the customer erroneously received a letter claiming that the account was overdue.
A field check should be performed to check whether all characters entered in this field are numeric.
There should be a prompt correction and re-processing of erroneous transactions.
c) The clerk typed in the customer's account number as 45982 instead of 45892 while entering a broad credit sale. There was no such account number. The mistake was not found until later this week, when the weekly billing cycle was running. Consequently, the customer was not paid for another week, which delayed payment receipt.
Check digit verification on each customer account number Or a validity check for actual customers.
d) Two traveling sales members simultaneously accessed the Parts database. Salesperson A noticed that 55 units of part 723 were still available, and ordered 45 of them. While salesperson A keyed in the order, salesperson B also noted the availability of 55 units for part 723 in another state and placed an order for 33 of them.Both sales reps promised delivery to their customers next day.Nonetheless, the customer of Salesperson A discovered the next day that they would have to back-order the component. The customer canceled the deal, vowing to never do business with the company again.
Concurrent update controls protect records from errors when more than one salesman tries to update the inventory database by locking one of the users out of the database until the first salesman's update has been completed.
Attachment:- Assignment.rar