Process of a CIS Audit ◆Examine the CIS environment – the boundaries in which the systems are used◆Examine accounting applications software eg payroll, accounts receivable, accounts payable etc◆Tests of CIS controls ◆Substantive testing ◆Examine financial statements ◆Prepare audit report
ASA 315◆ASA 315.79The auditor shall obtain an understanding of the control environment. ◆ASA 315.109The auditor shall obtain an understanding of how the entity has responded to risks arising from IT.◆ASA 315.110From the auditor’s perspective, controls over IT systems are effective when they maintain the integrity of information and the security of the data such systems process.
Effect of CIS on Internal Controls◆CIS processing is likely to affect the entity’s internal control structure, for example:➟transaction trails➟processing of transactions➟segregation of functions➟authorisation of transactions➟unauthorised access to data and files➟supervision
Internal Controls in a CIS EnvironmentCommonly classified as:
A. General Controls◆1. Organisational controls◆2. Systems development and maintenance controls◆3. Access controls◆4. Other controls
General Controls◆1. Organisational controls:
General Controls◆Organisational controls include:➟clear roles and responsibilities➟CIS department independent of user departments➟CIS should nottake responsibility for errors originating in user departments➟CIS should notauthorise or initiate transactions➟CIS should nothave custody of resulting assets