Scribd Logo
Upload

Welcome to Scribd!

  • 11 views

    Lecture 1024

    Uploaded by

    jasonnumahnalkel
    The document discusses IT controls and accounting systems used by businesses and the public sector. It describes IT general controls and application controls, which help secure systems and data integrity. The document also discusses communicating control deficiencies identified during an audit and how to assess their severity.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    Lecture 1024

    Uploaded by

    jasonnumahnalkel
    11 views23 pages
    The document discusses IT controls and accounting systems used by businesses and the public sector. It describes IT general controls and application controls, which help secure systems and data integrity. The document also discusses communicating control deficiencies identified during an audit and how to assess their severity.

    Original Description:

    Advanced Auditing & Assurance Lecture Notes on Topic 10

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The document discusses IT controls and accounting systems used by businesses and the public sector. It describes IT general controls and application controls, which help secure systems and data integrity. The document also discusses communicating control deficiencies identified during an audit and how to assess their severity.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    11 views23 pages

    Lecture 1024

    Uploaded by

    jasonnumahnalkel
    The document discusses IT controls and accounting systems used by businesses and the public sector. It describes IT general controls and application controls, which help secure systems and data integrity. The document also discusses communicating control deficiencies identified during an audit and how to assess their severity.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    You are on page 1of 23

    IT CONTROLS

    Understanding IT Controls
    • Now understanding the IT Controls is important given all transactions
    are recorded in Accounting or ERP Systems. Systems used by
    businesses are;
    • MYOB
    • Pronto
    • Oracle
    • Attaché
    • QuickBooks (not an ERP system as it provides accounting function
    only, which is only one component of ERP systems)
    • Etc.
    Systems for Public Sector
    • PNG Government Accounting System (PGAS)
    • Replaced by Integrated Financial Management System (IFMS)
    • Public Sector Payroll is Alesco System
    • During breakdowns, ransom ware attacks, network issues, BSP’s
    Kundu Pei system is used
    • Records are then updated in the IFMS system
    IT System
    • IT system is made up of;
    • Hardware
    • Software

    • Hardware consists of the server, switches, routers, cables, etc


    • Software includes applications
    IT General Controls
    • IT is essentially the lifeblood of a company,
    • It ensures computers and applications are in place for employees to work
    and they do not need to worry about what is happening at the back-end.
    • ITGC, or IT general controls, are a set of policies and procedures that
    govern how a company’s IT systems operate and ensure the confidentiality,
    integrity, and availability of data.
    • These controls help prevent unauthorized access, data breaches, and
    operational disruptions.
    • Effective ITGC improves reliability and accuracy of financial reporting and
    reduce the risk of fraud.
    You might require
    the skills of an IT
    expert to
    understand these
    controls.
    IT Application Controls
    • An application is a computer system that processes data for a specific
    business purpose.
    • Application controls are security measures implemented within
    applications to keep them private and secure and avoid breaches.
    • Each time users or applications share data there is a risk that the data
    could be compromised. IT application controls (ITACs) help mitigate
    that risk by putting checks in place to secure data.
    Three Categories of ITAC’s
    • They include input, processing, and output controls.
    • Application controls:

    • Verify transmitted data


    • Validate data sent out of the system
    • Authenticate information input into the system
    • Ensure output reports are protected from disclosure
    • Guarantee the input data is complete, accurate, and valid
    • Ensure the internal processing produces the expected results

    • Both automated controls and manual controls should be implemented to ensure proper
    protection of your applications.
    Enterprise Resource Planning (ERP)
    Systems/Software
    • ERP systems tie together a multitude of business processes and
    enable the flow of data between them hence eliminate data
    duplication and provide data integrity with a single source of truth.
    • Various modules feed data into the General Ledger and less human
    involvement
    • If there are standalone applications/systems, they are linked to the
    ERP to ensure smooth flow of data
    Accounting Cycle Process Flowchart
    Standalone systems linked
    to Oracle ERP System
    1. Chris21 Payroll System
    2. Gentrack Billing System
    3. Suprima Easipay System

    Modules within Oracle ERP


    System

    1. Purchasing
    2. Accounts Payable
    3. Inventory
    4. Capital Projects
    5. Fixed Assets
    6. Accounts Payable
    7. Cash Management
    8. General Ledger
    Narrations
    Communicating Deficiencies in Internal Control
    Control Deficiencies
    • During the course of the audit, control deficiencies are noted

    • In understanding and evaluating internal controls


    • In making risk assessments
    • Performing audit procedures
    • Or from other observations made at any stage of the audit process.
    Communicating Control Deficiencies
    • There is no restriction on what control deficiencies can be
    communicated with those charged with governance and with
    management.
    • However, where an identified deficiency is assessed by the auditor as
    being significant, the auditor would first discuss it with management,
    • and is then required to communicate it (and any other significant
    deficiencies) in writing to those charged with governance.
    • This can happen at any stage of the audit
    Some of the common control deficiencies
    Fraud
    • If evidence confirms fraud exists, raise it with the appropriate level of
    management as soon as is practicable. This should be done even if
    matter is inconsequential.
    • The appropriate level of management is a matter of professional
    judgment, but would be at least one level above the persons who
    appear to be involved with the suspected fraud.
    • Collusion may be involved
    • Where senior management is involved raise it with board
    • If board is involved then raise it with authorities if laws permit
    Assessing the Severity of a Deficiency
    • Some matters that could be considered in assessing the severity of a
    deficiency are shown in the table below.

    Those that in your


    professional judgement
    warrants management’s
    attention.
    Smaller Entities
    • When assessing control deficiencies in smaller entities, the auditor
    would pay attention to the following factors.
    Documenting Control Deficiencies
    • A possible approach to documenting deficiencies as they are
    identified is outlined below. This documentation can be used for:
    • Discussing deficiencies with management;
    • Assessing the severity of the deficiencies;
    • Considering the need for any additional audit procedures to respond
    to the unmitigated risk; and
    • Preparing the required communication to management and those
    charged with governance.
    Example

    You might also like