Information Produced by the Entity Example 3 – Audit procedures to address audit risks related to IPE...

70.2K

Verified Solution

Question

Accounting

Information Produced by the Entity
Example 3 – Audit procedures to address audit risksrelated to IPE from a transaction process
Complete the following table, indicating the audit procedurethat would be performed to address the identified risk.
Risk 1: The IT application is not processing data correctly(incomplete or inaccurate).
Information about ABC’s shipments is input manually into the ITapplication by the shipping clerk. The risk is that the shippingclerk mistypes the quantity shipped.
Audit procedure to address the risk:
Risk 2: The IT application is not collecting data correctlyfor output (incomplete or inaccurate).
The auditor obtains from the accounts receivable clerk an agedcustomer list of unpaid amounts. The risks include that the dataextracted includes paid invoices, does not include all unpaidinvoices (e.g., excludes the unpaid invoices for one line ofbusiness) or includes all unpaid invoices but excludes unmatchedcredit notes.
Audit procedure to address the risk:
Risk 3: The IT application is not computing or categorizingdata correctly for output (inaccurate).
The auditor obtains from the accounts receivable clerk an agedcustomer list of unpaid amounts. The risk includes that theinvoices may be aged differently than expected or the aging columnsmay not be totaled accurately (e.g., the aging column content maybe different than expected because the user expects aging of theinvoice date but the IT application ages according to the due date,or the user expects the total to be the sum of the numbers in thecolumn but the IT application obtains the total number from asummary data table rather than creating the sum of the detailsdisplayed).
Audit procedure to address the risk:
Risk 4: The output from the IT application into the EUC toolis modified or lost in the transfer to the tool (incomplete orinaccurate).
The auditor obtains from the accounts receivable clerk an agedcustomer list of unpaid amounts that was exported from the accountspayable application into Excel. The risk is that the data did nottransfer correctly, including such issues as larger numbers beingtruncated when exported or lines of information being dropped inthe transfer.
Audit procedure to address the risk:
Risk 5: The output from the IT application into the EUC toolor the output from the EUC tool is incomplete (data is missing) orinaccurate (data has been added, changed, computed or categorizedincorrectly).
The auditor obtains from the accounts receivable clerk an agedcustomer list of unpaid amounts that was exported from the accountspayable application into Excel. The risk is that fictitious unpaidinvoices are inserted into the spreadsheet or formulas intended tocalculate a provision for old, unpaid amounts are incorrect.
Audit procedure to address the risk:
Information Produced by the Entity (IPE)
Example 4 – Examples of IPE from an ITprocess
Complete the following table, indicating whether the item is anexample of IPE from an IT process and explain why or why not.
Item
IPE?
Why or why not?
An Excel log of actions by programmers who have access toproduction programs that comprise IT applications
An email exchange evidencing approval for a program change
A report of IT system settings of a particular financialreporting system
A listing of all program changes made during a given period ofthe year, from which the auditor plans to select a sample fortesting

Information Produced by the Entity
Example 5 – Audit risks associated with IPE from an ITprocess
Complete the following table, indicating which risk (by numberand description) is associated with each processing error.
Processing error
Risk number
Risk description
The quarterly user access review is initiated by the businessanalyst, who generates a report from the IT application and exportsit into Excel. The Excel spreadsheet then separates the listinginto five different reports based on the user’s business unit (BU).In categorizing the user by BU, Excel excludes all new employeesfrom the listing and, thus, those individuals are not subject tothe review by the respective BU director.
You have requested a system-generated listing of PeopleSoftusers with a create date from 1/1/2XX2 through 6/30/2XX2. Thecompany runs a report, but mistakenly inputs the end date as6/1/2XX2.
You have requested a system-generated listing of productiondirectories and files for a UNIX server that supports an in-scopeapplication. The client exports the results of the query to anExcel file. The client uses Excel 2003 and, because there is alimit of 65,000 rows, all remaining rows are dropped in thetransfer process.

Answer & Explanation Solved by verified expert

4.3 Ratings (590 Votes)

Risk 1 The IT application is not processing data correctly incomplete or inaccurate Information about ABCs shipments is input manually into the IT application by the shipping clerk The risk is that the shipping clerk mistypes the quantity shipped Audit procedure to address the risk Verify if there is any record maintained immediately after the shipment is ready with the details of shipment to be dispatched Cross verify that register with the Issue register maintained by the shipping clerk Verify the sales orders to be serviced in a particular month to get an estimate of quantity to be shipped Cross verify the quantity in sales orders and quantity in Issue registers Note cases of difference in quantities but the sales order has been closed If the sales order is short closed there are no issues If it is not short closed then it gives the picture of errors made by shipping clerk in recording the details Risk 2 The IT application is not collecting data correctly for output incomplete or inaccurate The auditor obtains from the accounts receivable clerk an aged customer list of unpaid amounts The risks include that the data extracted includes paid invoices does not include all unpaid invoices eg excludes the unpaid invoices for one line of business or includes all unpaid invoices but excludes unmatched credit notes Audit procedure to address the risk Obtain Balance Confirmations from the customers and cross See Answer

Get Answers to Unlimited Questions

Join us to gain access to millions of questions and expert answers. Enjoy exclusive benefits tailored just for you!

Membership Benefits:

Unlimited Question Access with detailed Answers
Zin AI - 3 Million Words
10 Dall-E 3 Images
20 Plot Generations
Conversation with Dialogue Memory
No Ads, Ever!
Access to Our Best AI Platform: Flex AI - Your personal assistant for all your inquiries!

Become a Member

Transcribed Image Text

Information Produced by the EntityExample 3 – Audit procedures to address audit risksrelated to IPE from a transaction processComplete the following table, indicating the audit procedurethat would be performed to address the identified risk.Risk 1: The IT application is not processing data correctly(incomplete or inaccurate).Information about ABC’s shipments is input manually into the ITapplication by the shipping clerk. The risk is that the shippingclerk mistypes the quantity shipped.Audit procedure to address the risk:Risk 2: The IT application is not collecting data correctlyfor output (incomplete or inaccurate).The auditor obtains from the accounts receivable clerk an agedcustomer list of unpaid amounts. The risks include that the dataextracted includes paid invoices, does not include all unpaidinvoices (e.g., excludes the unpaid invoices for one line ofbusiness) or includes all unpaid invoices but excludes unmatchedcredit notes.Audit procedure to address the risk:Risk 3: The IT application is not computing or categorizingdata correctly for output (inaccurate).The auditor obtains from the accounts receivable clerk an agedcustomer list of unpaid amounts. The risk includes that theinvoices may be aged differently than expected or the aging columnsmay not be totaled accurately (e.g., the aging column content maybe different than expected because the user expects aging of theinvoice date but the IT application ages according to the due date,or the user expects the total to be the sum of the numbers in thecolumn but the IT application obtains the total number from asummary data table rather than creating the sum of the detailsdisplayed).Audit procedure to address the risk:Risk 4: The output from the IT application into the EUC toolis modified or lost in the transfer to the tool (incomplete orinaccurate).The auditor obtains from the accounts receivable clerk an agedcustomer list of unpaid amounts that was exported from the accountspayable application into Excel. The risk is that the data did nottransfer correctly, including such issues as larger numbers beingtruncated when exported or lines of information being dropped inthe transfer.Audit procedure to address the risk:Risk 5: The output from the IT application into the EUC toolor the output from the EUC tool is incomplete (data is missing) orinaccurate (data has been added, changed, computed or categorizedincorrectly).The auditor obtains from the accounts receivable clerk an agedcustomer list of unpaid amounts that was exported from the accountspayable application into Excel. The risk is that fictitious unpaidinvoices are inserted into the spreadsheet or formulas intended tocalculate a provision for old, unpaid amounts are incorrect.Audit procedure to address the risk:Information Produced by the Entity (IPE)Example 4 – Examples of IPE from an ITprocessComplete the following table, indicating whether the item is anexample of IPE from an IT process and explain why or why not.ItemIPE?Why or why not?An Excel log of actions by programmers who have access toproduction programs that comprise IT applicationsAn email exchange evidencing approval for a program changeA report of IT system settings of a particular financialreporting systemA listing of all program changes made during a given period ofthe year, from which the auditor plans to select a sample fortesting Information Produced by the EntityExample 5 – Audit risks associated with IPE from an ITprocessComplete the following table, indicating which risk (by numberand description) is associated with each processing error.Processing errorRisk numberRisk descriptionThe quarterly user access review is initiated by the businessanalyst, who generates a report from the IT application and exportsit into Excel. The Excel spreadsheet then separates the listinginto five different reports based on the user’s business unit (BU).In categorizing the user by BU, Excel excludes all new employeesfrom the listing and, thus, those individuals are not subject tothe review by the respective BU director.You have requested a system-generated listing of PeopleSoftusers with a create date from 1/1/2XX2 through 6/30/2XX2. Thecompany runs a report, but mistakenly inputs the end date as6/1/2XX2.You have requested a system-generated listing of productiondirectories and files for a UNIX server that supports an in-scopeapplication. The client exports the results of the query to anExcel file. The client uses Excel 2003 and, because there is alimit of 65,000 rows, all remaining rows are dropped in thetransfer process.

Item	IPE?	Why or why not?
An Excel log of actions by programmers who have access toproduction programs that comprise IT applications
An email exchange evidencing approval for a program change
A report of IT system settings of a particular financialreporting system
A listing of all program changes made during a given period ofthe year, from which the auditor plans to select a sample fortesting

Processing error	Risk number	Risk description
The quarterly user access review is initiated by the businessanalyst, who generates a report from the IT application and exportsit into Excel. The Excel spreadsheet then separates the listinginto five different reports based on the user’s business unit (BU).In categorizing the user by BU, Excel excludes all new employeesfrom the listing and, thus, those individuals are not subject tothe review by the respective BU director.
You have requested a system-generated listing of PeopleSoftusers with a create date from 1/1/2XX2 through 6/30/2XX2. Thecompany runs a report, but mistakenly inputs the end date as6/1/2XX2.
You have requested a system-generated listing of productiondirectories and files for a UNIX server that supports an in-scopeapplication. The client exports the results of the query to anExcel file. The client uses Excel 2003 and, because there is alimit of 65,000 rows, all remaining rows are dropped in thetransfer process.