Management and auditors evaluate controls over IT and conduct risk assessments of IT
facilities. Complete the requirements for Chapter 15, Case Analysis 15-13 (Tiffany Martin, CPA), on p. 484-485 of the textbook and submit via the course Dropbox by the final day of the unit (i.e., Tuesday midnight). Your deliverable needs to clearly identify each of the requirements and your respective answers.
Tiffany Martin is an audit manager in a medium-sized public accounting firm. Tiffany graduated from college seven years ago with a degree in accounting. She obtained her CPA certification soon after she joined the firm where she currently works. Tiffany is a financial auditor; she has had little training in auditing computerized information systems.
The current engagement Tiffany is working on includes a complex information processing system with multiple applications. The financial accounting transactions are processed on a server. The IT department employs 25 personnel, including programmers, systems analysts, a database adminis- trator, computer operators, technical support, and a director. Tiffany has not spoken with anyone in the department because she is fearful that her lack of technical knowledge relative to IT will cause some concern with the client.
Because Tiffany does not understand the complexities of the computer processing environment, she is unable to determine what risks might result from the computerized system’s operations. She is particularly worried about unauthorized changes to programs and data that would affect the reliability of the financial statements.
Tiffany has spoken to Dick Stanton, the partner who has responsibility for this audit client, about her concerns. Dick has suggested that Tiffany conduct more substantive testing than she would undertake in a less complex processing environment. This additional testing will hopefully ensure that there are no errors or fraud associated with the computer processing of the financial statements.
1. Do you think that Dick Stanton’s suggested approach is the most efficient way to control risks associated with complex computer environments?
2. How should Tiffany respond to Dick’s suggestion? 3. What can a public accounting firm, such as the one in which Tiffany works, do to ensure that
audits of computerized accounting information systems are conducted efficiently and effectively?
4. Should Tiffany be allowed to conduct this audit given her limited skill level? How might she acquire the necessary skills?