Scribd
Upload
227 views6 pages

Auditing in A Computerized Information Systems (Cis) Environment

The document discusses auditing in a computerized information systems environment. It begins by defining hardware and software, describing how computers consist of physical hardware components and instructional software programs. It then explains that a computer information systems environment exists when a computer processes significant financial information for an entity. The environment encompasses infrastructure like databases, operating systems and networks, as well as accounting software applications. Controls are needed to test IT systems that produce financial reports, including general controls over management, business processes, and IT services, as well as application controls. Systems relevant to audits include management reporting systems and transaction processing systems. The document concludes by describing the types of internal controls used in a computer information systems environment, such as general controls over organization,

Uploaded by

joyce Kim
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
227 views6 pages

Auditing in A Computerized Information Systems (Cis) Environment

The document discusses auditing in a computerized information systems environment. It begins by defining hardware and software, describing how computers consist of physical hardware components and instructional software programs. It then explains that a computer information systems environment exists when a computer processes significant financial information for an entity. The environment encompasses infrastructure like databases, operating systems and networks, as well as accounting software applications. Controls are needed to test IT systems that produce financial reports, including general controls over management, business processes, and IT services, as well as application controls. Systems relevant to audits include management reporting systems and transaction processing systems. The document concludes by describing the types of internal controls used in a computer information systems environment, such as general controls over organization,

Uploaded by

joyce Kim
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 6

AUDITING IN A COMPUTERIZED INFORMATION

SYSTEMS (CIS) ENVIRONMENT

Computers, in general…
It is a programmable electronic device that has the ability to store, retrieve and process
data. It also comes in various sizes and types, depending on the manufacturer but they
all consist of the same basic components, the hardware and the software.

Hardware and Software: What are they?

HARDWARE – These are the physical or tangible devices or equipment used to


accomplish data processing functions. Hardware devices include:

1. Central Processing Unit (CPU)


2. Input devices (Keyboards, mouse, etc)
3. Output devices (Printers, monitors, CD roms)
4. Data storage (Flash drives and hard drives)

SOFTWARE – This component consists of sets of instructions or programs that


direct, control, and coordinate the operation of the hardware components. Types
of software are enumerated below:

1. Systems software
2. Application software
3. Database management system
4. Source program
5. Object program
6. Compiler
7. Interpreter
8. Virtual memory (storage)
Computer Information Systems Environment
An IT environment or Computer Information Systems environment exists when a
computer of any type or size is involved in the processing by the entity of financial
information of significance to the audit, whether that computer is operated by the entity
or by a third party.

With technology being developed and improved every day, the use of computer
information systems have become of use and essential later on, due to its ability to
simplify steps or transactions that were recorded manually in the past. Almost all
establishments, even the small scale businesses, have their entries for transactions
computerized and encoded in accounting systems.

The use of computers has offered new opportunities for professional accountants but it
has also created some challenges for auditors due to its complexity and newly
introduced features.

Components of CIS Environment


Computers serve as the main component of a CIS Environment; however, the CIS
Environment encompasses a much broader scope which consists of sub-components
which are: (1) IT infrastructure and (2) Software applications

 IT infrastructure serves as the foundation of the CIS environment, which


includes all the hardware, software, networks, and facilities that are necessary to
perform the IT services. This is composed of:
 Database System
 Operating System
 Networks

 Software applications (for auditing) are programs designed for a specific end
user. These accounting applications include word processors, spreadsheets,
internet browsers and email clients. These applications allow management of
accounting records and generation of reports that are important for decision-
making. Listed are the different applications according to the need and size of the
entity:
 Small and medium-sized business accounting software
 Enterprise accounting software
 Cloud or online accounting software
 End-user computing systems

Controls of the CIS Environment


Most organizations rely on their IT systems for their financial reports; hence, controls
are needed to be tested on these IT systems to ensure that the reports produced are
accurate and complete. These IT systems play an important role in the management of
its finances which is relevant in the financial statements audit and are controlled by
specific elements in the organization:

 Executive management
 Business processes or Transaction cycles
 IT Services (General controls)

Computer systems used in Financial Statement audit


Computer systems refer to the structure of hardware and software that is intended for a
specific purpose. There are two types of systems are commonly relevant in financial
statements audit, namely:

1. Management reporting system

A system designed to help with the decision-making process by providing


access to computer data.

 Decision support system


 Executive information system
 Expert system
 Management information system

2. Transaction processing system

This involves the daily processing of transactions in the entity.

Internal Control in CIS Environment


Everything that was done in manual processing for accounting and auditing, also
applies in the Control Information Systems Environment. These processes include
authorization of transactions, proper segregation of duties, and independent checking.
The elements of internal control are the same, the computer just changes the methods
by which these elements are implemented.

Control procedures are performed to check accuracy, completeness, and authorization


of transactions in computer processing; there are two types of internal control
procedures: (1) General and (2) Application Controls.

 General Controls

These controls are present within the IT infrastructure of the entity. They
serve as the backbone for a reliable operating environment and effective
operation of application controls.

These are control policies and procedures to the overall information


system.

1. Organizational controls
An organization must have a plan with a clear assignment of
authority and responsibility, just like how it is in manual system. In a
CIS environment, there should be segregation between the user
and CIS department, and segregation of duties within CIS
department.

a. Segregation between the CIS department and user


departments
b. Segregation of duties within the CIS environment

2. Systems development and documentation controls


Software developments and changes must be approved by
appropriate level of management and the user management. To
ensure computer programs are functioning as designed, the
program must be tested and modified by the user and CIS
department. Adequate documentation must be made in order to
facilitate the use of the program as well as changes that may be
introduced later into the system.

3. Access Controls
Every computer system should have adequate security controls to
protect equipment, files, and programs. Access to the computer
should be limited only to operators and other authorized
employees.

4. Data recovery controls


This provides for the maintenance of back-up files and off-site
storage procedures. Computer files should be copied daily to tape
or disks and secured off-site. In the event of disruption,
reconstruction of files is achieve by updating the most recent back-
up with subsequent transaction data.

5. Monitoring controls
Monitoring controls are designed to ensure that CIS controls are
working effectively as planned. These include periodic evaluation of
the adequacy and effectiveness of the overall CIS operations,
conducted by persons within or outside the entity.

You might also like