Scribd
Upload
114 views

Chapter 12 Systems Development, Program Changes, and Application Auditing

The document discusses controls over accounting information systems development, program changes, and application auditing. It covers topics such as authorizing new systems, testing program modules, controlling access to program libraries, and risks and controls within specific accounting applications like accounts payable, payroll, and the general ledger. The objectives are to understand relevant controls and audit tests for systems development, risks of unauthorized program changes, and techniques for auditing application controls and performing substantive tests in an IT environment.

Uploaded by

Viola carini
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
114 views

Chapter 12 Systems Development, Program Changes, and Application Auditing

The document discusses controls over accounting information systems development, program changes, and application auditing. It covers topics such as authorizing new systems, testing program modules, controlling access to program libraries, and risks and controls within specific accounting applications like accounts payable, payroll, and the general ledger. The objectives are to understand relevant controls and audit tests for systems development, risks of unauthorized program changes, and techniques for auditing application controls and performing substantive tests in an IT environment.

Uploaded by

Viola carini
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 14

Accounting Information

Systems
Systems Development, Program Changes, and
Application Auditing

ACCOUNTING PROGRAM
Overview
• Introducing System Development
• Introducing Program Change
• Introducing Application Controls
Objectives
• Controls and audit tests relevant to systems development
• Risks and controls for program changes and the source
program library
• Auditing Techniques used to verity application controls
• Auditing techniques used to perform substantive tests in an
IT environment
Contents
• System Development
• Program Change
• Application Controls
System Development
System Development Activities
❑ Authorizing development of new systems
❑ Addressing and documenting user needs
❑ Technical design phases
❑ Participation of internal auditors
❑ Testing program modules before implementing
• Testing individual modules by a team of users,
internal audit staff, and systems professionals
System Development Life Cycle
Business Needs and
Strategy

Legacy Situation
Business Requirements

1. Systems Strategy
- Assessment Feedback:
- Develop Strategic Plan User requests for New Systems
System Interfaces, Architecture and User
Requirements High Priority Proposals undergo Additional
Study and Development

2. Project Initiation
- Feasibility Study
- Analysis
- Conceptual Design
- Cost/Benefit Analysis Feedback:
User requests for System
Selected System Proposals go Improvements and Support
forward for Detailed Design

3. In-house Development 4. Commercial Packages


- Construct - Configure
- Deliver - Test
- Roll-out

New and Revised Systems Enter


into Production

5. Maintenance & Support


- User help desk
- Configuration Management
- Risk Management & Security
System Development Internal
Control
❑ New systems must be authorized.
❑ Feasibility studies were conducted.
❑ User needs were analyzed and addressed.
❑ Cost-benefit analysis was done.
❑ Proper documentation was completed.
❑ All program modules must be thoroughly tested before
they are implemented.
❑ Checklist of problems was kept.
Program Change
Program Change
Auditing objectives: detect unauthorized program
maintenance and determine that...
▪ maintenance procedures protect applications from
unauthorized changes
▪ applications are free from material errors
▪ program libraries are protected from unauthorized
access
Program Change
❑ Auditing procedures: verify that programs were
properly maintained, including changes
❑ Specifically, verify…
▪ identification and correction of unauthorized
program changes
▪ identification and correction of application errors
▪ control of access to systems libraries
Application Controls
Application Controls
❑ Narrowly focused exposures within a specific system,
for example:
▪ accounts payable
▪ cash disbursements
▪ fixed asset accounting
▪ payroll
▪ sales order processing
▪ cash receipts
▪ general ledger
Application Controls
❑ Risks within specific applications
❑ Can affect manual procedures (e.g., entering data) or
embedded (automated) procedures
❑ Convenient to look at in terms of:
▪ input stage
▪ processing stage
▪ output stage

INPUT PROCESSING OUTPUT

You might also like