INTRODUCTION

This module covers an overview of a Computer Information System (CIS), characteristics of

specific computer information system, internal control over IT activities, the auditor’s
objectives, approach and procedures in performing an audit in an IT environment.

The in-depth discussion of the topics related to Auditing in an Information Technology

Environment is covered in a separate 3-Unit Course called Auditing in as CIS or Information
(IT) Environment.

Nature of IT and its Capabilities

The term information technology (IT) generally refers to a wide variety of computer
hardware and software technology that are used to manage and control information, when
IT is organized to perform a specific task or organizational process, an information system is
created.

In a traditional IT environment, information is processed on a large mainframe computer by

a separate information systems department, often using software developed or modified by
employees of that department. The other departments of the company, referred to as user
department, send their data to the information systems department and receive computer-
generated reports when processing is complete. In recent years, however, commercially
available computer software varies from application costing less than P15,000 that are in
essence electronic checkbooks (e.g. money, quicker) or basic general ledger systems (e.g.
quickbooks) to ERP systems costing into hundreds of thousand or million of pesos (e.g
systems by Microsoft, Oracle, People and SAP).

For small businesses, computer applications are frequently implemented by personnel

within uses department, using off-the-shelf software packages. The need for client employ
computer programmer for those applications in thus eliminated?

For large businesses they may use client/server architecture (IT architecture) in which a
member of “client” computers are connected to the corporate mainframe system or to
another “server” computer.

A more recent development is the use if cloud computing by companies of all sizes. Cloud
computing involves the use of IT services are accessible over the Internet by subscription or
lease from IT service providers, such as Amazon Web Service.

Although IT has created some challenging problems for professional accountants, it also has
broadened the horizons of these professionals and expanded the range and value of the
services they offer. Technology is more than a tool for performing routine accounting tasks
with unprecedented speed and accuracy. It makes possible the development of
information that could not have been gathered in the past because of time and cost
limitations. When a client maintains accounting records with a complex and sophisticated
IT-based system auditors often find it helpful, and even necessary, to utilize technology in
performing many auditing procedures. In addition, these systems make large amounts of
data available to the auditors to perform data analytics that can improve the effectiveness
and efficiency of certain audit procedures.

Major components of and Information System

 A typical information system records, processes, stores and disseminates information
system that consists if the methods and records established to record, process, summarize,
and report an entity’s transactions and to maintain accountability for the related assets,
liabilities, and equity.

Generally, all information systems are comprised of the following major components:
1. Hardware
This refers to the computer and peripheral equipment for input, output and storage
data.

Different Hardware Components of a Computer

The main hardware components of a computer are as under:
1. Central Processing Unit (CPU)
2. Motherboard
3. Main memory (RAM)
4. BIOS (ROM)
5. Secondary storage device (hard disk, floppies, optical disks)
6. Input devices (keyboard, mouse, touchpad)
7. Output devices (monitor)
8. SMPS (Switch Mode Power Supply)

When we look at the inside of any computer, all these hardware can be physically seen and
touched by our hands.

CPU
The central processing unit or the processor is the brain of the Computer. It is the main
think tank where all the calculations and logical decisions are made. The modern processor
consists of millions of semiconductor transistors. The processor comes in many variants
depending on their processing speed. The example of CPU is Intel Pentium, Intel Celeron,
Dual-Core processor, etc.

Motherboard

The motherboard is the primary printed multilayered circuit board. It holds all the
associated components of a computer system such as processor, memory, SMPS, input-
output ports, etc. Motherboards come with different form factors that define their size and
the components on the motherboard.

Main Memory (RAM)

The purpose of the main memory also called RAM in a computer system is to store
information. RAM is volatile and cannot retain its memory when the system is powered off.
RAM stores all the files and programs that are currently running. Dynamic RAM is used for
the main memory. The different variants of main memory available in the modern
computer systems are DDR, DDR2, DDR3 SDRAM, etc.

BIOS (ROM)
BIOS stands for Basic Input Output System. It is a ROM which stores firmware to start up
the computer system. It performs a POST (Power On Self Test) initially to test all the
hardware and then performs booting processing with the help of bootstrap code stored in
the ROM.

Secondary Storage device

The secondary storage device such as hard disk, optical disk, floppy disk, etc is used to
stored data in large quantities for long term use. the secondary memory can store an
enormous amount of data and cheaper as compared to the main memory. however, the
secondary storage is much slower than the main memory.

Input devices

The primary function of an input device is to receive the raw data from the user for
processing. The different input devices used in the computer system are keyboard, mouse,
microphone, scanner, etc.

Output devices
The job of the output device is to display meaningful results after processing is done. The
different output devices used in the computer are monitor printer, multimedia projector,
speakers, etc.

SMPS

SMPS stands for Switched Mode Power Supply. It provides a regulated power supply to the
sensitive parts of the computer. The different voltages are supplied to the computer
motherboard by the SMPS. The main DC regulated voltages generated by SMPS are: 5volt
DC, 12volt DC, 3volt DC, power good signal, etc.

2. Software
This refers to the series of programs that provide instructions for operating the
computer or tell the computer equipment what to do:

Software id of two major types:

a) System software which controls the operations the operations of the
computer itself (e.g., the operating system which schedules tasks, executes
application and controls connected devices and
b) Application software which is designed to perform specific tasks (e.g.,
payroll/application).
 Application Software Type Examples

Word processing software: Tools that are used to create Microsoft Word, WordPad,
word sheets and type documents etc. AppleWorks and Notepad

Spreadsheet software: Software used to compute Apple Numbers, Microsoft Excel

quantitative data. and Quattro Pro

Database software: Used to store data and sort Oracle, MS Access and FileMaker
information. Pro

Application Suites: A collection of related programs sold

as a package. OpenOffice, Microsoft Office

Multimedia software: Tools used for a mixture of audio,

video, image and text content. Real Player, Media Player

Communication Software: Tools that connect systems and

allow text, audio, and video-based communication. MS NetMeeting, IRC, ICQ

Netscape Navigator, MS Internet

Internet Browsers: Used to access and view websites. Explorer, and Google Chrome

Microsoft Outlook, Gmail, Apple

Email Programs: Software used for emailing. Mail

System Software
System software helps the user, hardware, and application software to interact and
function together. These types of computer software allow an environment or
platform for other software and applications to work in. This is why system software
is essential in managing the whole computer system .

When you first power up your computer, it is the system software that is initially
loaded into memory. Unlike application software, the System software is not used
by end-users like you. It only runs in the background of your device, at the most
basic level while you use other application software. This is why system software is
also called “low-level software”.

Operating systems are an example of system software. All of your computer-like

devices run on an operating system, including your desktop, laptop, smartphone,
and tablet, etc. Here is a list of examples of an operating system. Let’s take a look
and you might spot some familiar names of desktop software :

For desktop computers, laptops and tablets:

 Microsoft Windows
 Mac Application (for Apple devices)
 Linux
For smartphones:
 Apple’s iOS
 Google’s Android
 Windows Phone OS
Other than operating systems, some people also classify programming software and
driver software as types of system software. However, we will discuss them
individually in the next two sections.

3. Data
This refers to the inputs and outputs of the computer system. Most accounting
information systems are structures to store data in a database, which is an
organized collection of data

4. People
These are the users and information systems professionals.

5. Procedures
These are policies and practices within a company for operating and maintaining
the information system.

6. Networks
These are the specialized hardware and software that allow different IT devices to
connect with each other to share data, software, and other hardware resources.

Functions of an Information System

Regardless of the information system components used, the architecture or the business
task undertaken, information systems perform five fundamental functions briefly discussed
below:
1) Capture Input
Inputs are the data needed by the system. An information system must provide a
mechanism to capture input. Input can come from many different types of devices,
including data entered via a keyboard, a mouse, barcodes, RFID tags, scanning
devices, or voice-enables applications such as Siri and Alexa.

2) Process
The transformation of input into output is called processing. Performing
calculations, validating information, updating records, and tracking raw materials
are all examples of processing.

3) Convey output
Outputs are the result of processing the data. The most common types of output
are hardcopy (printed) reports, output that is displayed electronically (onscreen),
and out that is used as input for other information systems.

4) Collect Feedback
In order to determine whether the system is working as planned, feedback - data
about the performance of the system – is collected.

5) Controls
Controls refer to the processes and procedures that restrict and monitor input,
processing and output to provide reasonable assurance that organizational
objectives are being met, including reliable financial reporting.
CHARACTERISTICS OF VARIOUS TYPES OF IT-BASED SYSTEMS
Butch processing is a system in which like transactions are processed periodically as a group
(e.g., payroll transactions). This system does not provide up-to the minute or real-time
transaction.

Real-time or online processing is a system that allows immediate update or access to data,
or instantaneous analysis of data.

Online transaction processing (OTP) is a processing method in which the IT system

processes data immediately after it is captures and provide information to the uses on a
timely basis. (OLTP examples include airline reservation systems and banking systems)

Designing Support System IT information system that combine models and data in an
attempt to solve non-structured problems with extensive user involvement.

Expert System a computerized information system that guides decision processes within a
well-defined area and allows the making of decision comparable to those of an expert.

Centralized Processing System

Computer system in which processing is performed by one computer or by a cluster of
coupled computers in a single location. Data are often input and reports printed using
workstations. When the workstations themselves perform significant processing, the
system becomes a client/server environment.

Decentralized Processing Systems

Computer system in different locations. Although data may be transmitted between the
computers periodically, such a system involves only limited communications among
systems. Contrast with distributed processing and centralized processing.

Client/server architecture (IT architecture)

A network system in which multiple computers (clients) share the memory and other
capabilities of a larger computer (the server), or that of printers, database, and so on.

Local Area Network (LAN)

A communications network that interconnects computers within a limited area, typically a
building or a small cluster of buildings.

Wide Area Network

A communications network that interconnects computers within a large geographical area.

Cloud Computing
A model for enabling on-demand user network access to a shared pool of computing
resources (e.g., servers, storage, applications, and services), often through a web browser,
with minimal effort on the part of the user. For example, an independent service provider
may maintain databases for a client that can be accessed in a number of locations by client
personnel.

Virtualized client/Server infrastructure

A virtual infrastructure is a software-based IT infrastructure being hosted on another
physical infrastructure. This type of infrastructure is used for cloud computing.
Electronic Data Infrastructure (EDI)
A system in which data are exchanged electronically between the computers of different
companies. In an EDI system, source documents are replaced with electronic transactions
created in standard format.

AUDITOR’S RESPONSIBILITIES
The auditor’s responsibilities with respect to internal control over IT systems remains the
same as with manual systems, that is to obtain an understanding adequate (1) to aid in
planning the remainder of the audit and (2) to assess control risk. Yet, factors such as the
following may affect the study of internal control in that computer systems may:

1. Result in transaction trails that exist for a short period of time or only in computer
readable form;

2. Include program error that cause uniform mishandling of transactions-clerical error

become less frequent;

3. Include computer controls that need to be relied upon instead of segregation of

functions;

4. Involve increased difficulty in detecting an authorized access;

5. Allow increased management supervisory potential resulting from more timely

reports;

6. Include less documentation of initiation and execution of transactions;

7. Include computer controls that affect the effectiveness of related manual control
procedures that use computer output.

INTERNAL CONTROL IN AN IT ENVIRONMENT

1. General Control Activities
2. Application control activities
3. User Control Activities