Question
Information Produced by the Entity Example 3 Audit procedures to address audit risks related to IPE from a transaction process Complete the following table, indicating
Information Produced by the Entity
Example 3 Audit procedures to address audit risks related to IPE from a transaction process
Complete the following table, indicating the audit procedure that would be performed to address the identified risk.
| Risk 1: The IT application is not processing data correctly (incomplete or inaccurate). Information about ABCs shipments is input manually into the IT application by the shipping clerk. The risk is that the shipping clerk mistypes the quantity shipped. |
| Audit procedure to address the risk:
|
| Risk 2: The IT application is not collecting data correctly for output (incomplete or inaccurate). The auditor obtains from the accounts receivable clerk an aged customer list of unpaid amounts. The risks include that the data extracted includes paid invoices, does not include all unpaid invoices (e.g., excludes the unpaid invoices for one line of business) or includes all unpaid invoices but excludes unmatched credit notes. |
| Audit procedure to address the risk:
|
| Risk 3: The IT application is not computing or categorizing data correctly for output (inaccurate). The auditor obtains from the accounts receivable clerk an aged customer list of unpaid amounts. The risk includes that the invoices may be aged differently than expected or the aging columns may not be totaled accurately (e.g., the aging column content may be different than expected because the user expects aging of the invoice date but the IT application ages according to the due date, or the user expects the total to be the sum of the numbers in the column but the IT application obtains the total number from a summary data table rather than creating the sum of the details displayed). |
| Audit procedure to address the risk:
|
| Risk 4: The output from the IT application into the EUC tool is modified or lost in the transfer to the tool (incomplete or inaccurate). The auditor obtains from the accounts receivable clerk an aged customer list of unpaid amounts that was exported from the accounts payable application into Excel. The risk is that the data did not transfer correctly, including such issues as larger numbers being truncated when exported or lines of information being dropped in the transfer. |
| Audit procedure to address the risk:
|
| Risk 5: The output from the IT application into the EUC tool or the output from the EUC tool is incomplete (data is missing) or inaccurate (data has been added, changed, computed or categorized incorrectly). The auditor obtains from the accounts receivable clerk an aged customer list of unpaid amounts that was exported from the accounts payable application into Excel. The risk is that fictitious unpaid invoices are inserted into the spreadsheet or formulas intended to calculate a provision for old, unpaid amounts are incorrect. |
| Audit procedure to address the risk:
|
Information Produced by the Entity (IPE)
Example 4 Examples of IPE from an IT process
Complete the following table, indicating whether the item is an example of IPE from an IT process and explain why or why not.
| Item | IPE? | Why or why not? |
| An Excel log of actions by programmers who have access to production programs that comprise IT applications |
|
|
| An email exchange evidencing approval for a program change |
|
|
| A report of IT system settings of a particular financial reporting system |
|
|
| A listing of all program changes made during a given period of the year, from which the auditor plans to select a sample for testing |
|
|
Information Produced by the Entity
Example 5 Audit risks associated with IPE from an IT process
Complete the following table, indicating which risk (by number and description) is associated with each processing error.
| Processing error | Risk number | Risk description |
| The quarterly user access review is initiated by the business analyst, who generates a report from the IT application and exports it into Excel. The Excel spreadsheet then separates the listing into five different reports based on the users business unit (BU). In categorizing the user by BU, Excel excludes all new employees from the listing and, thus, those individuals are not subject to the review by the respective BU director. |
|
|
| You have requested a system-generated listing of PeopleSoft users with a create date from 1/1/2XX2 through 6/30/2XX2. The company runs a report, but mistakenly inputs the end date as 6/1/2XX2. |
|
|
| You have requested a system-generated listing of production directories and files for a UNIX server that supports an in-scope application. The client exports the results of the query to an Excel file. The client uses Excel 2003 and, because there is a limit of 65,000 rows, all remaining rows are dropped in the transfer process. |
|
|
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access with AI-Powered Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started