Answered step by step
Verified Expert Solution
Link Copied!

Question

1 Approved Answer

Question 1 The capabilities of computer systems have advanced rapidly over the past several decades. In many organizations, the entire data has been computerised and

Question 1

The capabilities of computer systems have advanced rapidly over the past several decades. In many organizations, the entire data has been computerised and all the information is available only in digital media. In this changed scenario, auditors have to adapt their methodology to changed circumstances. The approach of auditors to evaluate internal controls has changed accordingly. The continual development is changing the way organization works. Many companies have introduced Information Technology (IT) audit function because it is considered to be a valuable element of management control which provides assurance to the business audit committee and management and adds to the organizations credibility with investors and creditors. Management is responsible for establishing and maintaining a system of internal financial controls and in some cases, may be required by regulators to provide written certification of the adequacy of the controls. Legal and regulatory requirements are changing fast and companies must make sure they are aware of the latest rules. Presence of controls in a computerized system is significant from the audit point of view The Business and Financial Educational Services provider Company Limited is an organizations that do not have an IT audit function. The company is considering to establish one. They are work shopping their company size and type of business, source of capital and risk factors that warrant such an investment. They agree that the potential benefits of the IT audit function should be assessed and compared against the estimated costs. IT audit function should ensure the establishment and compliance to IT Controls in the organizations computer system. They are undecided on the decision to establish an IT audit function. They think the decision should involve the CEO, CFO, and audit committee. The following is a list of criteria they are considering: 1. The audit committee wants to get independent and objective assurance on the adequacy of internal controls from someone other than the CEO or CFO. 2. The CEO wants to get independent and objective assurance on the adequacy of internal controls from someone other than the CFO or line managers. 3. The CFO wants to get independent and objective assurance on the adequacy of internal controls from someone other than the line managers. 4. The organization gets too large or geographically dispersed for frequent and economical first-hand monitoring of controls by the audit committee, CEO or CFO.

Required: a. You are an IT Audit consultant who is familiar with the works of the company and is well connected to the company. In a meeting with the CEO, CFO, and audit committee the CEO has asked that you name and explain the broad categories of IT Audit controls (if any) that must be put in place in their work environment. b. Carefully consider the scenarios in the submissions provided and write out your report to be submitted to the Audit committee. From your submissions the Audit committee decided to fully contract you to support the management of the company to develop and put in place some General IT control tools. You decided to constitute and hold a sub-project committee meeting to discuss the details on the following. i. IT policies and standards. ii. Physical controls (access and environment). iii. Logical access controls. iv. Business continuity v. Disaster recovery controls.

QUESTION 2 In accounting, the financial transactions are recorded, processed and presented to generate financial statements that is useful to the readers, in making decisions. It is often said that both manual and computerized accounting systems are based on the same principles, conventions and concept of accounting and auditing. However, they differ in their mechanism (devices, instruments and tools used). The manual auditor uses pen and paper, to record and document transactions. Whereas computerized auditing makes use of computers and internet, to document transactions electronically. Auditors should adequately document the audit evidence in working papers, including the basis and extent of the planning, work performed and the findings of the audit. Documentation includes a record of: 1. The planning and preparation of the audit scope and objectives 2. The audit programme 3. The evidence collected on the basis of which conclusions are arrived at. 4. All work papers including general file pertaining to the organization and system 5. Points discussed in interviews clearly stating the topic of discussion, person interviewed, position and designation, time and place. 6. Observations as the auditor watched the performance of work. The observations may include the place and time, the reason for observation and the people involved. 7. Reports and data obtained from the system directly by the auditor or provided by the audited staff. The auditor should ensure that these reports carry the source of the report, the date and time and the conditions covered. 8. At various points in the documentation the auditor may add his comments and clarifications on the concerns, doubts and need for additional information. The auditor should come back to these comments later and add remarks and references on how and where these were resolved.

Required; It is the practice that the report should be timely, complete, accurate, objective, convincing, and as clear and concise as the subject permits. Briefly explain what the following headings entails with relevant examples how an IT Audit report can be broadly structured under the following headings: i. IT Audit Report. ii. Introduction. iii. Objectives. iv. Scope and Methodology. v. Audit Results. vi. Findings. vii. Conclusions. viii. Recommendations. ix. Noteworthy Management Accomplishments. x. Limitations that were faced.

QUESTION 3 You are a manager in the audit department of Huntsman & Co, a firm of Chartered Certified Accountants, responsible for the audit of several companies and for evaluating the acceptance decisions in respect of potential new audit clients. One of your audit clients is Redback Sports Co, which operates a chain of sport and leisure centres across the country. The client invited you into a meeting with the CEO and CFO. According to the CEO of the company the incessant development of information technology is changing the way their organization works in many ways. The pen and paper of manual transactions have made way for the online data entry of computerized applications; the locks and keys of filing cabinets have been replaced by passwords and identification codes that restrict access to electronic files. The implementation of innovative technology is helping their organizations to improve the efficiency of their business processes and considerably increase their data processing and transmission capacity, but has also introduced new vulnerabilities that need to be controlled. The CFO was concerned about the new vulnerabilities. He is asking how these vulnerabilities could be controlled You quickly responded by saying that assessing the adequacy of each control requires new methods of auditing. With the increase in the investment and dependence on computerized systems by the company, it has become imperative for audit to change the methodology and approach to audit because of the risks to data integrity, abuse, privacy issues etc. An independent audit is required to provide assurance that adequate measures have been designed and are operated to minimize the exposure to various risks.

Required: i. The CEO is asking if there is any difference between your regular Audit periodically conducted and an IT Audit. You are required to identify, name and explain the core differences between your Internal Audits periodically conducted and an IT Audit. ii. Explain 5 objectives of an IT Audit to Redback Sports Co. iii. Explain 5 benefits that Redback Sports Co. may derive from an effective IT Audit. iv. The CFO of Redback Sports Co. is asking that you explain the processes to follow to undertake an effective IT Audit for the company and how long you think it will take them to be ready for your audit. Name and explain the Phases of the Audit Process.

Step by Step Solution

There are 3 Steps involved in it

Step: 1

blur-text-image

Get Instant Access to Expert-Tailored Solutions

See step-by-step solutions with expert insights and AI powered tools for academic success

Step: 2

blur-text-image

Step: 3

blur-text-image

Ace Your Homework with AI

Get the answers you need in no time with our AI-driven, step-by-step assistance

Get Started

Recommended Textbook for

Financial Accounting

Authors: Paul D. Kimmel, Jerry J. Weygandt, Donald E. Kieso

7th Edition

1118725786, 978-1118725788

More Books

Students also viewed these Accounting questions

Question

evaluate signs to determine their value on communication.

Answered: 1 week ago