| |
| |
| |
Auditing, Assurance, and Internal Control | |
| |
| |
Different Types of Audits | |
| |
| |
Internal Audits | |
| |
| |
Information Technology Audits | |
| |
| |
Fraud Audits | |
| |
| |
External/Financial Audits | |
| |
| |
External versus Internal Audits | |
| |
| |
What Is a Financial Audit? | |
| |
| |
Attest Services versus Assurance Services | |
| |
| |
Auditing Standards | |
| |
| |
A Systematic Process | |
| |
| |
Management Assertions and Audit Objectives | |
| |
| |
Obtaining Evidence | |
| |
| |
Ascertaining the Degree of Correspondence with Established Criteria | |
| |
| |
Communicating Results | |
| |
| |
Audit Risk | |
| |
| |
Audit Risk Components | |
| |
| |
Audit Risk Formula/Model | |
| |
| |
The Relationship Between Tests of Controls and Substantive Tests | |
| |
| |
What Is the Role of the Audit Committee? | |
| |
| |
What Is an IT Audit? | |
| |
| |
The IT Environment | |
| |
| |
The Structure of an IT Audit | |
| |
| |
Internal Control | |
| |
| |
Brief History of Internal Control | |
| |
| |
Modifying Assumptions | |
| |
| |
Exposures and Risk | |
| |
| |
The PDC Model | |
| |
| |
Statement on Auditing Standards No. 78 | |
| |
| |
The Importance of the Internal Controls | |
| |
| |
General Framework for Viewing IT Risks and Controls | |
| |
| |
Summary | |
| |
| |
| |
Computer Operations | |
| |
| |
Structuring the Information Technology Function | |
| |
| |
Centralized Data Processing | |
| |
| |
Segregation of Incompatible IT Functions | |
| |
| |
The Distributed Model | |
| |
| |
Controlling the DDP Environment | |
| |
| |
The Computer Center | |
| |
| |
Computer Center Controls | |
| |
| |
Disaster Recovery Planning | |
| |
| |
Fault Tolerance Controls | |
| |
| |
Operating Systems and System-Wide Controls | |
| |
| |
Operating System Security | |
| |
| |
Threats to Operating System Integrity | |
| |
| |
System-Wide Controls | |
| |
| |
Controlling Access Privileges | |
| |
| |
Password Controls | |
| |
| |
Controlling Against Malicious Objects and E-Mail Risks | |
| |
| |
Controlling Electronic Audit Trails | |
| |
| |
Personal Computer Systems | |
| |
| |
PC Operating Systems | |
| |
| |
PC Systems Risks and Controls | |
| |
| |
Summary | |
| |
| |
| |
Data Management Systems | |
| |
| |
Data Management Approaches | |
| |
| |
The Flat-File Approach | |
| |
| |
The Database Approach | |
| |
| |
Centralized Database Systems | |
| |
| |
Database Management System | |
| |
| |
Users | |
| |
| |
The Database Administrator | |
| |
| |
The Physical Database | |
| |
| |
Three DBMS Models | |
| |
| |
Databases in a Distributed Environment | |
| |
| |
Centralized Databases | |
| |
| |
Distributed Databases | |
| |
| |
Concurrency Control | |
| |
| |
Controlling and Auditing Data Management Systems | |
| |
| |
Access Controls | |
| |
| |
Backup Controls | |
| |
| |
Summary | |
| |
| |
| |
Systems Development and Maintenance Activities | |
| |
| |
Participants in Systems Development | |
| |
| |
Why Are Accountants and Auditors Involved with SDLC? | |
| |
| |
How Are Accountants Involved in the SDLC? | |
| |
| |
Information Systems Acquisition | |
| |
| |
In-House Development | |
| |
| |
Commercial Systems | |
| |
| |
The Systems Development Life Cycle | |
| |
| |
Systems Planning--Phase I | |
| |
| |
Systems Analysis--Phase II | |
| |
| |
Conceptual Systems Design--Phase III | |
| |
| |
System Evaluation and Selection--Phase IV | |
| |
| |
Detailed Design--Phase V | |
| |
| |
System Programming and Testing--Phase VI | |
| |
| |
System Implementation--Phase VII | |
| |
| |
Systems Maintenance--Phase VIII | |
| |
| |
Controlling and Auditing the SDLC | |
| |
| |
Controlling New Systems Development | |
| |
| |
Controlling Systems Maintenance | |
| |
| |
Summary | |
| |
| |
| |
Networks, Internet, and E-Commerce | |
| |
| |
Networks | |
| |
| |
Types | |
| |
| |
Network Topologies | |
| |
| |
Architectures | |
| |
| |
Protocols | |
| |
| |
Components | |
| |
| |
Internet | |
| |
| |
Internet Types/Applications | |
| |
| |
Components | |
| |
| |
EDI | |
| |
| |
Electronic Commerce | |
| |
| |
Types | |
| |
| |
Components | |
| |
| |
Risks | |
| |
| |
Controlling Internet/E-Commerce | |
| |
| |
Controls | |
| |
| |
Audit Objectives | |
| |
| |
Audit Procedures | |
| |
| |
Summary | |
| |
| |
| |
Issues of Increasing Importance to the Accounting Profession | |
| |
| |
Seals of Assurance | |
| |
| |
Privacy Violation | |
| |
| |
Audit Implications of XBRL | |
| |
| |
Continuous Auditing | |
| |
| |
Electronic Audit Trails | |
| |
| |
Confidentiality of Data | |
| |
| |
Authentication | |
| |
| |
Nonrepudiation | |
| |
| |
Certification Authority Licensing | |
| |
| |
Data Integrity | |
| |
| |
A Changing Legal Environment | |
| |
| |
| |
Enterprise Resource Planning Systems | |
| |
| |
What Is an ERP? | |
| |
| |
ERP Core Applications | |
| |
| |
Online Analytical Processing | |
| |
| |
ERP System Configurations | |
| |
| |
OLTP versus OLAP Servers | |
| |
| |
Database Configuration | |
| |
| |
Bolt-On Software | |
| |
| |
Data Warehousing | |
| |
| |
Modeling Data for the Data Warehouse | |
| |
| |
Extracting Data from Operational Databases | |
| |
| |
Cleansing Extracted Data | |
| |
| |
Transforming Data into the Warehouse Model | |
| |
| |
Loading the Data into the Data Warehouse Database | |
| |
| |
Decisions Supported by the Data Warehouse | |
| |
| |
Supporting Supply Chain Decisions from the Data Warehouse | |
| |
| |
Risks Associated with ERP Implementation | |
| |
| |
Big Bang versus Phased-In Implementation | |
| |
| |
Opposition to Changes to the Business Culture | |
| |
| |
Choosing the Wrong ERP | |
| |
| |
Choosing the Wrong Consultant | |
| |
| |
High Cost and Cost Overruns | |
| |
| |
Disruptions to Operations | |
| |
| |
Implications for Internal Control and Auditing | |
| |
| |
Transaction Authorization | |
| |
| |
Segregation of Duties | |
| |
| |
Supervision | |
| |
| |
Accounting Records | |
| |
| |
Access Controls | |
| |
| |
Auditing the Data Warehouse | |
| |
| |
Summary | |
| |
| |
| |
Leading ERP Products | |
| |
| |
SAP | |
| |
| |
J.D. Edwards | |
| |
| |
Oracle | |
| |
| |
PeopleSoft | |
| |
| |
BAAN | |
| |
| |
| |
Computer-Assisted Audit Tools and Techniques | |
| |
| |
Application Controls | |
| |
| |
Input Controls | |
| |
| |
Processing Controls | |
| |
| |
Output Controls | |
| |
| |
Testing Computer Application Controls | |
| |
| |
Black-Box Approach | |
| |
| |
White-Box Approach | |
| |
| |
Computer-Aided Audit Tools and Techniques for Testing Controls | |
| |
| |
Test Data Method | |
| |
| |
The Integrated Test Facility | |
| |
| |
Parallel Simulation | |
| |
| |
Summary | |
| |
| |
| |
CAATTs for Data Extraction and Analysis | |
| |
| |
Data Structures | |
| |
| |
Flat-File Structures | |
| |
| |
Hierarchical and Network Database Structures | |
| |
| |
Relational Database Structures | |
| |
| |
Embedded Audit Module | |
| |
| |
Disadvantages of EAMS | |
| |
| |
Generalized Audit Software | |
| |
| |
Using GAS to Access Simple Structures | |
| |
| |
Using GAS to Access Complex Structures | |
| |
| |
Audit Issues Pertaining to the Creation of Flat Files | |
| |
| |
ACL Software | |
| |
| |
Input File Definition | |
| |
| |
Customizing a View | |
| |
| |
Filtering Data | |
| |
| |
Stratifying Data | |
| |
| |
Statistical Analysis | |
| |
| |
Summary | |
| |
| |
| |
Auditing the Revenue Cycle | |
| |
| |
Overview of Revenue Cycle Technologies | |
| |
| |
Batch Processing Using Sequential Files--Manual Procedures | |
| |
| |
Batch Processing Using Sequential Files--Automated Procedures | |
| |
| |
Batch Cash Receipts System with Direct Access Files | |
| |
| |
Real-Time Sales Order Entry and Cash Receipts | |
| |
| |
Revenue Cycle Audit Objectives, Controls, and Tests of Controls | |
| |
| |
Input Controls | |
| |
| |
Process Controls | |
| |
| |
Output Controls | |
| |
| |
Substantive Tests of Revenue Cycle Accounts | |
| |
| |
Revenue Cycle Risks and Audit Concerns | |
| |
| |
Understanding Data | |
| |
| |
Testing the Accuracy and Completeness Assertions | |
| |
| |
Testing the Existence Assertion | |
| |
| |
Testing the Valuation/Allocation Assertion | |
| |
| |
Summary | |
| |
| |
| |
Auditing the Expenditure Cycle | |
| |
| |
Overview of Expenditure Cycle Technologies | |
| |
| |
Purchases and Cash Disbursement Procedures Using Batch Processing Technology | |
| |
| |
Reengineering the Purchases/Cash Disbursement System | |
| |
| |
Overview of Payroll Procedures | |
| |
| |
Expenditure Cycle Audit Objectives, Controls, and Tests of Controls | |
| |
| |
Input Controls | |
| |
| |
Process Controls | |
| |
| |
Output Controls | |
| |
| |
Substantive Tests of Expenditure Cycle Accounts | |
| |
| |
Expenditure Cycle Risks and Audit Concerns | |
| |
| |
Understanding Data | |
| |
| |
Testing the Accuracy and Completeness Assertions | |
| |
| |
Review Disbursement Vouchers for Unusual Trends and Exceptions | |
| |
| |
Testing the Completeness, Existence, and Rights and Obligations Assertions | |
| |
| |
Summary | |
| |
| |
| |
Introduction to Business Ethics and Fraud | |
| |
| |
Ethics | |
| |
| |
What Is Business Ethics? | |
| |
| |
How Some Firms Address Ethical Issues | |
| |
| |
What Is Computer Ethics? | |
| |
| |
Fraud and Accountants | |
| |
| |
Factors that Contribute to Fraud | |
| |
| |
Financial Losses from Fraud | |
| |
| |
The Perpetrators of Fraud | |
| |
| |
The Underlying Problems | |
| |
| |
Sarbanes-Oxley Act | |
| |
| |
Anit-Fraud Profession | |
| |
| |
Summary | |
| |
| |
| |
Fraud Schemes and Fraud Detection | |
| |
| |
Fraud Schemes | |
| |
| |
Fraudulent Statements | |
| |
| |
Corruption | |
| |
| |
Asset Misappropriation | |
| |
| |
Auditor's Responsibility for Detecting Fraud | |
| |
| |
Fraudulent Financial Reporting | |
| |
| |
Misappropriation of Assets | |
| |
| |
Auditor's Response to Risk Assessment | |
| |
| |
Response to Detected Misstatements Due to Fraud | |
| |
| |
Documentation Requirements | |
| |
| |
Fraud Detection Techniques | |
| |
| |
Payments to Fictitious Vendors | |
| |
| |
Payroll Fraud | |
| |
| |
Lapping Accounts Receivable | |
| |
| |
Summary | |
| |
| |
Glossary | |
| |
| |
Index | |