AUDITING IN A COMPUTER INFORMATION SYSTEMS (CIS) ENVIRONMENT
Stages of Study and Evaluation of Internal Control
The stages/activities involve in studying and evaluating internal control are:
A. Obtaining an understanding of the entity’s internal control structure.
B. Assessing the preliminary level of control risk.
C. Obtaining evidential matter to support the assessed level of control risk.
D. Evaluating the results of evidential matter.
E. Determining the necessary level of detection risk.
STAGE A. Obtaining an understanding of the entity’s internal control structure.
In planning the audit examination, each of the five components of internal control must be studied and understood by the auditor to enable him to (1) identify types of potential misstatements; (2) consider factors that affect the risk of misstatement; and (3) begin to design appropriate testing procedure.
Understanding the Control Environment
The auditor should obtain sufficient knowledge of the control environment to understand management’s and the board of director’s attitude, awareness, and actions concerning the control environment. The auditor should concentrate on the substance of management’s policies, procedures, and related actions rather than their form because management may establish appropriate policies and procedures but not act on them.
Understanding Control Procedures
Because some control procedures are integrated in specific components of the control environment and accounting system, as the auditor obtains an understanding of the control environment and accounting system, he is also likely to obtain knowledge about some control procedures. The auditor should consider the knowledge about the presence or absence of the control procedures obtained from the understanding of the control environment and accounting system in determining whether it is necessary to devote additional attention to obtain an understanding of control procedures to plan the audit.
Understanding the Accounting and Internal Control Systems
To understand
The stages/activities involve in studying and evaluating internal control are:
A. Obtaining an understanding of the entity’s internal control structure.
B. Assessing the preliminary level of control risk.
C. Obtaining evidential matter to support the assessed level of control risk.
D. Evaluating the results of evidential matter.
E. Determining the necessary level of detection risk.
STAGE A. Obtaining an understanding of the entity’s internal control structure.
In planning the audit examination, each of the five components of internal control must be studied and understood by the auditor to enable him to (1) identify types of potential misstatements; (2) consider factors that affect the risk of misstatement; and (3) begin to design appropriate testing procedure.
Understanding the Control Environment
The auditor should obtain sufficient knowledge of the control environment to understand management’s and the board of director’s attitude, awareness, and actions concerning the control environment. The auditor should concentrate on the substance of management’s policies, procedures, and related actions rather than their form because management may establish appropriate policies and procedures but not act on them.
Understanding Control Procedures
Because some control procedures are integrated in specific components of the control environment and accounting system, as the auditor obtains an understanding of the control environment and accounting system, he is also likely to obtain knowledge about some control procedures. The auditor should consider the knowledge about the presence or absence of the control procedures obtained from the understanding of the control environment and accounting system in determining whether it is necessary to devote additional attention to obtain an understanding of control procedures to plan the audit.
Understanding the Accounting and Internal Control Systems
To understand