IT Auditing and Application Controls for Small and Mid-Sized Enterprises
Revenue, Expenditure, Inventory, Payroll, and More
Published on 8. January 2014
448 pages
978-1-118-22245-4 (ISBN)
Description
Essential guidance for the financial auditor in need of aworking knowledge of IT
If you're a financial auditor needing working knowledge of ITand application controls, Automated Auditing FinancialApplications for Small and Mid-Sized Businesses provides youwith the guidance you need. Conceptual overviews of key IT auditingissues are included, as well as concrete hands-on tips andtechniques. Inside, you'll find background and guidance withappropriate reference to material published by ISACA, AICPA,organized to show the increasing complexity of systems, startingwith general principles and progressing through greater levels offunctionality.
* Provides straightforward IT guidance to financial auditorsseeking to develop quality and efficacy of software controls
* Offers small- and middle-market business auditors relevant ITcoverage
* Covers relevant applications, including MS Excel, Quickbooks,and report writers
* Written for financial auditors practicing in the small tomidsized business space
The largest market segment in the United States in quantity andscope is the small and middle market business, which continues tobe the source of economic growth and expansion. Uniquely focused onthe IT needs of auditors serving the small to medium sizedbusiness, Automated Auditing Financial Applications for Smalland Mid-Sized Businesses delivers the kind of IT coverage youneed for your organization.
More details
Other editions
Additional editions
Jason Wood | William Brown | Harry Howe
IT Auditing and Application Controls for Small and Mid-Sized Enterprises
Revenue, Expenditure, Inventory, Payroll, and More
Book
01/2014
Wiley
€83.50
Shipment within 15-20 days
Persons
Jason Wood, CPA, CITP, CIS, CIA, CFF, MBA, is Presidentof WoodCPA-Plus, a certified public accounting firm that focuses onIT auditing, consulting, and training. Mr. Wood has over seventeenyears of international business experience in IT auditing, helpingmiddle market and global Fortune 500 companies. He is an alumnus ofthe Big Four accounting firms--Deloitte, E&Y, and PwC.
William Brown, PhD, CPA, CISA, CITP, is Chair ofAccounting at Minnesota State University, Mankato, where he hastaught accounting and management information systems. He has overtwenty years of business experience including roles as vicepresident, controller, and CFO of several publicly traded companiesand the CIO of an IT intensive high-growth SME.
Harry Howe, PhD, is Professor of Accounting and Directorof the MS in Accounting Program at SUNY-Geneseo. Howe hascoauthored two volumes in the BNA Policy and Practice series andpublished numerous articles in scholarly and practitionerjournals.
Content
- Intro
- IT Auditing and Application Controls for Small and Mid-Sized Enterprises
- Contents
- Preface
- Acknowledgments
- CHAPTER ONE Why Is IT Auditing Important to the Financial Auditor and the Financial Statement Audit?
- MANAGEMENT'S ASSERTIONS AND THE IT AUDIT
- Existence
- Completeness
- Rights and Obligations
- Valuation
- Accounting Procedures
- OBJECTIVES OF DATA PROCESSING FOR SMALL AND MEDIUM-SIZED ENTERPRISES (SMEs)
- SPECIAL CHALLENGES FACING SMEs
- How a Small Business Evolves
- The Control Environment for SMEs
- The Board's and Management's Roles in the SME Control Environment
- RESEARCH CONFIRMING THE RISKS ASSOCIATED WITH SMEs
- A FRAMEWORK FOR EVALUATING RISKS AND CONTROLS, COMPENSATORY CONTROLS, AND REPORTING DEFICIENCIES
- Types of Errors and Fraud
- Control Procedures
- Audit Procedures
- Compensating Controls
- SUMMARY: THE ROAD AHEAD
- CHAPTER TWO General Controls for the SME
- GENERAL CONTROLS: SCOPE AND OUTCOMES
- Types of Controls
- Examples of General Controls
- IT Governance and General Controls
- IT Governance for the SME
- THE "COSO PROCESS"-PUTTING IT ALL TOGETHER: FINANCIAL STATEMENTS, ASSERTIONS, RISKS, CONTROL OBJECTIVES, AND CONTROLS
- The Vasa: Governance and General Control Failures
- SUMMARY
- CHAPTER THREE Application-Level Security
- KEY CONSIDERATIONS
- INITIAL SECURITY SETUP
- SECURITY ROLE DESIGN
- PASSWORD CONFIGURATION
- SEGREGATION OF DUTIES
- PERSONNEL, ROLES, AND TASKS
- ACCESS REVIEWS
- Accumulation of Access Rights
- Removal of Access Rights
- HUMAN ERROR
- SUMMARY
- CHAPTER FOUR General Ledger and the IT Audit
- THE GENERAL LEDGER: A CLEARINGHOUSE OF FINANCIAL INFORMATION
- CHART OF ACCOUNTS FOR QUICKBOOKS
- Subaccount Tracking in QuickBooks
- Changing Account Types in QuickBooks
- Account Deletion in QuickBooks
- SME RISKS SPECIFIC TO THE GENERAL LEDGER AND THE CHART OF ACCOUNTS
- ASSERTIONS UNDERLYING THE FINANCIAL STATEMENTS AND GENERAL LEDGER CONTROLS
- IT CONTROLS, THE TRANSACTION LEVEL, AND THE GENERAL LEDGER
- COBIT 4.1 Application Control 1: Source Data Preparation and Authorization
- COBIT 4.1 Application Control 2: Source Data Collection and Entry
- COBIT 4.1 Application Control 3: Accuracy, Completeness, and Authenticity Checks
- COBIT 4.1 Application Control 4: Processing Integrity and Validity
- COBIT 4.1 Application Control 5: Output Review, Reconciliation, and Error Handling
- COBIT 4.1 Application Control: Transaction Authentication and Integrity
- Analytical Reviews Using the General and Subsidiary Ledger Data
- Excel, Access, and CAATs
- Descriptive Statistics
- Vendor Summary Analysis for the Evaluation of Period-to-Period Comparison
- Benford's Law
- Above-Average Payments to a Vendor
- Duplicate Payment Testing
- Payments Made after Period-End for Valid Liabilities at Period-End
- Journal Entry Gap Test
- Identify Standard and Nonstandard Journal Entries Made after Year-End
- Summarize Activity by User Account
- Identify Weekend Journal Entries
- SUMMARY
- CHAPTER FIVE The Revenue Cycle
- RISK EXPOSURES AND SUBPROCESSES
- APPLICATION CONTROLS, REVENUE CYCLE RISKS, AND RELATED AUDIT PROCEDURES
- Application Controls
- Risks, Processes, and Application Controls
- SUMMARY
- CHAPTER SIX The Expenditure Cycle
- RISK EXPOSURES AND SUBPROCESSES
- APPLICATION CONTROLS, EXPENDITURE CYCLE RISKS, AND RELATED AUDIT PROCEDURES
- Application Controls
- Risks, Processes, and Application Controls
- SUMMARY
- CHAPTER SEVEN The Inventory Cycle
- RISK EXPOSURES AND SUBPROCESSES
- APPLICATION CONTROLS, INVENTORY CYCLE RISKS, AND RELATED AUDIT PROCEDURES
- Application Controls
- Risks, Processes, and Application Controls
- SUMMARY
- CHAPTER EIGHT The Payroll Cycle
- RISK EXPOSURES AND SUBPROCESSES
- APPLICATION CONTROLS, PAYROLL CYCLE RISKS, AND RELATED AUDIT PROCEDURES
- Application Controls
- Risks, Processes, and Application Controls
- SUMMARY
- CHAPTER NINE Risk, Controls, Financial Reporting, and an Overlay of COSO on COBIT
- PCAOB WARNINGS: INSUFFICIENT EVIDENCE TO SUPPORT OPINIONS
- HOW WE GOT HERE: A HISTORICAL PERSPECTIVE
- RISK
- RISK AND FRAUD
- CONTROLS
- Control Activities
- Communication and Monitoring
- FINANCIAL REPORTING
- Financial Reporting Assertions
- Control Objectives for Applications
- PCAOB GUIDANCE ON IT CONTROLS
- INTEGRATING COSO, COBIT, AND THE PCAOB
- SUMMARY
- CHAPTER TEN Integrating the IT Audit into the Financial Audit
- RISKS, MATURITY, AND ASSESSMENTS
- CROSS-REFERENCING COBIT TO THE PCAOB AND COSO
- PLAN AND ORGANIZE
- Luther Sound Exploration Inc.: Plan and Organize
- PROGRAM DEVELOPMENT AND CHANGE
- Luther Sound Exploration Inc.: Acquire and Implement (Program Development and Program Change)
- COMPUTER OPERATIONS AND ACCESS TO PROGRAMS AND DATA
- Luther Sound Exploration Inc.: Computer Operations and Access to Programs and Data
- MONITOR AND EVALUATE
- Luther Sound Exploration Inc.: Plan and Organize
- SUMMARY
- CHAPTER ELEVEN Spreadsheet and Desktop Tool Risk Exposures
- SPECIFIC TYPES OF RISKS AND EXPOSURES
- RESEARCH ON ERRORS IN SPREADSHEETS
- Spreadsheet Risk Vectors
- COMPLIANCE DIMENSIONS OF SPREADSHEET RISK EXPOSURES
- Sarbanes Oxley
- Data Privacy
- SPREADSHEET AUDITING TOOlS
- GOVERNANCE OF SPREADSHEETS AND DESKTOP TOOLS
- CONTROL CONSIDERATIONS
- AUDITING CONTROlS AND CREATING A BASELINE
- logical Security
- Change Management
- Operational Controls
- Business Controls
- LIFE AFTER THE BASELINE: MAINTAINING SPREADSHEETS AND DESKTOP TOOlS
- Downstream Controls and the Risk acceptance Process
- SUMMARY
- CHAPTER TWELVE Key Reports and Report Writers Risk Exposures
- HOW REPORTS ARE USED
- ORIGINAL REPORTS WITHIN THE APPLICATION
- GPD Report Security
- Accessing Reports in GPD
- Audit Trail Reports
- MODIFIED OR CUSTOMIZED REPORTS WITHIN THE APPLICATION
- Modifying Reports in GPD
- Customized Reports in GPD
- Aggregating Accounting Data
- REPORTS USING THIRD PARTY PACKAGES
- ANALYZING AND VALIDATING REPORTS
- SUMMARY
- CHAPTER THIRTEEN IT Audit Deficiencies: Defining and Evaluating IT Audit Deficiencies
- A FRAMEWORK FOR AUDIT DEFICIENCIES
- TYPES OF IT AUDIT FAILURES AND ILLUSTRATIVE CASES
- USE OF COMPENSATORY CONTROLS
- IDEAS FOR ADDRESSING SEGREGATION-OF-DUTIES ISSUES
- SUMMARY
- References
- About the Authors
- Index
