4. AUDIT PLAN
One area to examine is whether Golden Gate has purchased and received a
material amount of inventory and/or machinery in the last month and not yet
received or paid the invoice. One plan would be to trace all (or a sample) of
5. RISK IDENTIFICATION AND PLAN OF ACTION
Potential risk—unauthorized changes to the application programs have been
The external auditors should make sure that:
1. Strict control procedures are in place regarding program changes; all such
3. If CASE tools are being used, the auditors should verify that controls are
Chapter 1 Page 2
6. RISK IDENTIFICATION AND PLAN OF ACTION
Potential risk:
1. The internal auditors should NOT report to the controller. This could cause a
2. The controller and the internal auditors may be covering up fraudulent activities
The external auditors should:
3. Process the data test set created by the internal auditor with the accounting
4. Recommend that the internal auditors report to the Board of Directors in the
5. Examine the program version numbers and change requests to assess
7. SYSTEMS DEVELOPMENT AND PROGRAM CHANGES
A) RISKS ASSOCIATED WITH WFS’ SYSTEMS DEVELOPMENT
APPROACH
Chapter 1 Page 3
1) One-man-operation may result in poorly designed systems that contain
2) The programmer both designs and maintains the application and may
3) Documentation of the system may become inadequate and outdated thus
B) INTERNAL CONTROL WEAKNESSES
1) The maintenance programmer trained in VIEW is wholly responsible for the
design, implementation, and subsequent maintenance of new system.
Consequently, he will perform many incompatible tasks in contradiction with
2) Systems development and program changes should be segregated tasks.
Under the proposed approach the programmer who codes the upgrade
program also maintains the system later. Since WFS deals with client
investments and wealth management, this access could possibly lead to the
following frauds:
Chapter 1 Page 4
Since, the programmer will have unlimited maintenance access to the
Documentation Inadequacy
Because the system programmer and the maintenance programmer are the
same person, no formal transfer of the completed VIEW documentation to the
maintenance group will take place. As a result system documentation will likely
A related problem is one of dependency where the VIEW programmer
becomes indispensable to the company as he is the only one who understands
the new system.
Chapter 1 Page 5
In addition to these operational issues, inadequate documentation impacts the
8. AUDIT OBJECTIVES AND PROCEDURES
The auditor must sometimes rely on computer services personnel to produce a
flat file from the complex file structures. There is a risk that data integrity will be
compromised by the procedure used to create the flat file. In this case, where
9. RISK IDENTIFICATION AND PLAN OF ACTION
Chapter 1 Page 6
The concern is that many “immaterial” invoices may add up to a material
amount. If an organized, carefully planned scheme to embezzle numerous
small payments by customers is in effect, then the confirmation process will not
catch the scheme since small invoice amounts will not be subjected to the
10. COMPUTER ASSISTED AUDIT TOOLS AND TECHNIQUES
a. Advantages of using audit software to assist with audits include the following:
Chapter 1 Page 7
Examples of use include:
b.
1. Integrated Test Facility
The steps involved in performing ITF testing are:
Chapter 1 Page 8
2. Embedded Audit Module
Embedded audit module (EAM) techniques use one or more programmed modules
embedded in a host application to select, for subsequent analysis, transactions that
meet predetermined conditions. As the selected transaction is being processed by
controls on an ongoing basis as recommended in the COSO framework.
The steps involved in performing parallel simulation testing are:
Chapter 1 Page 9
3. Parallel Simulation
Parallel simulation involves creating a program that simulates key features or
processes of the application under review. The simulated application is then used to
functioning correctly.
The steps involved in performing parallel simulation testing are: