IntroductionNowadays, with the development of information technologies, the use of IT in the accounting system has increased. At the mercy of computer information system (CIS), the entity's internal control structure has been enhanced. Meanwhile, the CIS also can introduce new risks, which the entity can manage through the implementation of controls specific to IT environments. This essay focuses on how CIS improves the quality of internal controls, reduces the risks through general controls and application controls, and increases the effectiveness and efficiency of audit procedures by Computer Assisted Audit Techniques (CAATs).
1. Effect of CIS processing on the entity's internal control structureAs a component of the internal control structure of an entity, a CIS has a number of roles. Such roles include actually performing controls in day-to-day transaction-processing activities and providing higher-quality information to management to assist them in controlling the business.
1.1 Characteristics of entity which can be affected by CIS processingCIS processing is likely to affect the entity which is lack of: transaction trailsprocessing of transactionssegregation of functionsauthorization of transactionsunauthorized access to data and filessupervision1.2
English: Access control door wiring using intellig...
English: Access control door wiring when using int...
English: Access control system diagram, using main...New risks which are introduced by information technologiesWhen entities rely heavily on IT systems to process financial information, there are new risks specific to IT environments that must be considered. Key risks include the following:Reliance on the functioning capabilities of hardware and softwareVisibility of audit trailReduced human involvementSystematic versus random errorsUnauthorised accessLoss of dataReduced segregation of dutiesLack of traditional authorisationNeed for IT experience1.3 Control groupings specific to ITBecause lots of risks associated with greater reliance on IT, organizations often implement controls specific to IT function and manage the risks through them. According to auditing standards, there are two control groupings for CIS: general controls and application controls.
1.3.1 General controlsA general controls review attempts to gain an...