NTP modul 14 dampak TI terhadap audit rev sept2016 2018
IT can improve a company’s internal controls; however, it can also affect the company's overall control risk.
If IT systems fail, organizations can be paralyzed by the inability to retrieve information or by the use of unreliable
information caused by processing errors.
Specific risks to IT systems include the aforementioned.
Without proper physical protection, hardware or software may not function or may function improperly.
When organizations replace manual procedures with technology-based procedures, the risk of random error from
human involvement decreases. However, the risk of systematic error increases because once procedures are
programmed into computer software, the computer processes information consistently for all transactions.
IT cased accounting systems often allow online access to electronic data in master files software and other records.
Because online access can occur from remote access points, there is potential for illegitimate access.
Since much of the data is stored in centralized electronic files, this increases the risk of loss or destruction of entire
data files.
With the use of computers, IT often reduces or even eliminates source documents and records that allow the
organization to trace accounting information.
In many IT systems, employees who deal with the initial processing of transactions never see the final results.
Therefore, they are less able to identify mistakes.
Advanced IT systems can often initiate transactions automatically, such as calculating interest on savings accounts
and ordering inventory when pre-specified order levels are reached.
It is important to have personnel with knowledge and experience to install, maintain, and use the system.
General controls apply to all aspects of the IT function including IT admin, separation of IT duties, systems
development, physical and online security over access to hardware, software and related data.
Application controls apply to processing transactions.
The CIO or IT manager should be responsible for oversight of the IT function.
Systems analysts are responsible for the overall design of each application system
Computer operators are responsible for the day-to-day operations of the computer following the schedule
established by the CIO.
Pilot testing is when a new system is implemented in one part of the organization while other locations continue to
rely on the old system.
Parallel testing is when the new and old systems operate simultaneously in all locations.
Physical controls decrease the risk of unauthorized changes to programs and improper use of programs and data
files.
Proper user IDs and passwords control access to software and related data files this reducing the likelihood that
unauthorized changes are made to software applications and data files.
One key to a backup and contingency plan is to make sure that all critical copies of
software and data files are backed up and stored off the premises.
Ineffective general controls create the potential for material misstatements across all system applications regardless
of the quality of the application controls.
Client changes to application software affect the auditor’s reliance on automated controls.
Auditors obtain information about general and application controls through interviews, examination of system
documentation, and reviews of detailed questionnaires completed by IT staff.
If general controls are ineffective, the auditor’s ability to rely on IT-related application controls to reduce control risk
in all cycles is reduced.
After identifying specific IT-based application controls that can be used to reduce control risk, auditors can reduce
substantive testing.
Auditor’s process their own test data using the client’s computer system and application program to determine
whether the automated controls correctly process the test data.
If IT systems fail, organizations can be paralyzed by the inability to retrieve information or by the use of unreliable
information caused by processing errors.
Specific risks to IT systems include the aforementioned.
Without proper physical protection, hardware or software may not function or may function improperly.
When organizations replace manual procedures with technology-based procedures, the risk of random error from
human involvement decreases. However, the risk of systematic error increases because once procedures are
programmed into computer software, the computer processes information consistently for all transactions.
IT cased accounting systems often allow online access to electronic data in master files software and other records.
Because online access can occur from remote access points, there is potential for illegitimate access.
Since much of the data is stored in centralized electronic files, this increases the risk of loss or destruction of entire
data files.
With the use of computers, IT often reduces or even eliminates source documents and records that allow the
organization to trace accounting information.
In many IT systems, employees who deal with the initial processing of transactions never see the final results.
Therefore, they are less able to identify mistakes.
Advanced IT systems can often initiate transactions automatically, such as calculating interest on savings accounts
and ordering inventory when pre-specified order levels are reached.
It is important to have personnel with knowledge and experience to install, maintain, and use the system.
General controls apply to all aspects of the IT function including IT admin, separation of IT duties, systems
development, physical and online security over access to hardware, software and related data.
Application controls apply to processing transactions.
The CIO or IT manager should be responsible for oversight of the IT function.
Systems analysts are responsible for the overall design of each application system
Computer operators are responsible for the day-to-day operations of the computer following the schedule
established by the CIO.
Pilot testing is when a new system is implemented in one part of the organization while other locations continue to
rely on the old system.
Parallel testing is when the new and old systems operate simultaneously in all locations.
Physical controls decrease the risk of unauthorized changes to programs and improper use of programs and data
files.
Proper user IDs and passwords control access to software and related data files this reducing the likelihood that
unauthorized changes are made to software applications and data files.
One key to a backup and contingency plan is to make sure that all critical copies of
software and data files are backed up and stored off the premises.
Ineffective general controls create the potential for material misstatements across all system applications regardless
of the quality of the application controls.
Client changes to application software affect the auditor’s reliance on automated controls.
Auditors obtain information about general and application controls through interviews, examination of system
documentation, and reviews of detailed questionnaires completed by IT staff.
If general controls are ineffective, the auditor’s ability to rely on IT-related application controls to reduce control risk
in all cycles is reduced.
After identifying specific IT-based application controls that can be used to reduce control risk, auditors can reduce
substantive testing.
Auditor’s process their own test data using the client’s computer system and application program to determine
whether the automated controls correctly process the test data.