╨╧рб▒с>■  @B■   ?                                                                                                                                                                                                                                                                                                                                                                                                                                                ье┴5@ Ё┐╞bjbj╧2╧2 (нXнXб$      ИxxxxxxxМppp8и ┤,М═2ьь(LNNNNNN$ RQ"XrxрррrxxЗ   р.xxL рL Z d6рxxр 0│ААЭ╬┴p"р8Э0═№й"0─й"8ММxxxxй"x vКT ▐D"╛rrММф pЇММp Karl E. Dahlberg New Jersey, ISACA The Fourth Continuous Reporting and Auditing Conference April 118th/19th, 2002 Salford University Salford, England Statement of Auditing Standard No. 94 The Effect of Information Technology on the AuditorТs Consideration of Internal Control in a Financial Statement Audit SAS 94 The Effect of Information Technology on the AuditorТs Consideration of Internal Control in a Financial Statement Audit This amendment to SAS 55 provides guidance to auditors relative to information technology. Prior to this amendment, the SAS did not contain any IT guidance. Although the SAS makes no reference to continuous auditing, several of the requirements of SAS 94 appear to be best satisfied by use of continuous auditing techniques. SAS 94 says an organizationТs IT use may effect and of the five internal control components as well as how businesses initiate, record, process and report transactions. The SAS offers auditors some direction by pointing out these key aspects of the systems and controls on which organizations rely. The purpose of this paper is to suggest specific points of SAS 94 where continuous auditing techniques can be applied. The CPA would then be able to perform a more efficient audit and satisfy the requirements of SAS 94. Generally, the Уspecific risksФ identified by SAS 94 are areas that many CPAs have little familiarity. Continuous auditing techniques could be linked to these specific risks thereby creating a benefit to the CPA for employing continuous auditing. Summary of Audit Process Phase I Plan and design an audit approach Preplan Obtain background information Obtain information about contractorТs legal obligations Perform preliminary analytical procedures Set materiality, and assess acceptable risk and inherent risk Understand internal control and assess control risk Develop overall audit plan and audit program Phase II Perform tests of controls and substantive tests of transactions Plan to reduce assessed level of control risk? Yes/No Perform tests of controls Perform substantive tests of transactions Assess likelihood of misstatements in financial statements Phase III Perform analytical procedures and tests of details of balances Perform analytical procedures Perform tests of key items Perform additional tests of details of balances Phase IV Complete the audit and issue an audit report Review for contingent liabilities Review for subsequent events Accumulate final evidence Evaluate results Issue audit report Communicate with interested parties SAS 94 Guidance Obtaining an understanding of internal control A sufficient understanding is obtained by performing procedures to understand the design of controls relevant to an audit of financial statement and determining whether they have been placed in operation. In planning the audit, such knowledge should be used to: Identify types of potential misstatement. Consider factors that affect the risk of material misstatement. Design tests of controls, when applicable. Design substantive tests. Definition of УInformation TechnologyФ Information technology (IT) encompasses automated means of originating, processing, storing, and communicating information, and includes recording devices, communication systems, computer systems (including hardware and software components and data), and other electronic devices. Five interrelated components Control environment Risk assessment Control activities Information and communication systems support Monitoring Potential benefits Consistently apply predefined business rules and perform complex calculations in processing large volumes of transactions and data. Enhance the timeliness, availability, and accuracy of information. Facilitate the additional analysis of information Enhance the ability to monitor the performance of the entityТs activities and its policies and procedures. Reduce the risk that controls will be circumvented. Specific risks Reliance on systems or programs that are inaccurately processing data, processing inaccurate data, or both. Unauthorized access to data that may result in destruction of data or improper changes to data, including the recording of unauthorized or nonexistent transactions or inaccurate recording of transactions. Unauthorized changes to data in master files. Unauthorized changes to systems or programs. Failure to make necessary changes to systems or programs. Inappropriate manual intervention. Potential loss of data. Page  PAGE 1 of  NUMPAGES 4  0ghqsvx~деF G ┼ ╞  < - LM/Ig╪ыЖХбжзноп░┤╡┐└┴┬├┼╞№°№°№Ё№Ё№°№°№°№ъхъхъхъ№ъ▐ъ№ъ№ъ№ъ№ъ№ъ╓╩╓╩╜╩╓╩╓╩╜╩ъ№ъhБ880JCJmHnHujhБ880JCJUhБ880JCJ hБ885БCJ hБ885Б hБ88CJhБ88hБ88H*hК&hБ883    /0hАУдеB C D E F ┼ ╞ ···························°$a$б┼¤¤╞   ; < -.X`~╢рRА╔D∙ўёя∙яяэяф╓╓╓╓╓╓╓╨ф╟╟╟╟ & FДX^ДXДЁ^ДЁ & F ╞h8ДX^ДX & FД8^Д8Д╨`Д╨Д╨`Д╨А╔ч23iЛи┬╙ц   MNVWБ∙Ёттт∙Ё╘╘╘╘╘╘╥╥╨╥╥╬╬╬┼  & F ДX^ДX & F ╞h8ДX^ДX & F ╞h8ДX^ДX & FД8^Д8ДЁ^ДЁБ┴ь./HIfg{ЛЮ╠╫╪ыьp│хPЎЎЎЁъш▐▐ъш╨╨╨╨╨▐ъ▐┬┬┬┬ & F ╞hД^Д & F ╞hД^Д Д╨Д╨^Д╨`Д╨Д`ДДЁ^ДЁ  & F ДX^ДXPДЖХЦ╧¤*dЗЯаб├─┼╞ёчсч╪╪╪╪╪╪╪чч╙╤╤ч$a$ & FД^ДД`Д Д╨Д╨^Д╨`Д╨ & F ╞hД^Д░╨/ ░р=!░"░#Ра$Ра%░Ь8@ё 8 Normal_HmH sH tH L@L Heading 1$Д╨Д╨@&^Д╨`Д╨5БCJ<@< Heading 2$@&5БCJDA@Є бD Default Paragraph FontVi@є │V  Table Normal :V Ў4╓4╓ laЎ (k@Ї ┴(No List 4>@Є4 Title$a$5БCJ0J@0 SubtitleCJHC@H Body Text Indent Д╨^Д╨CJ6B@"6 Body Text5БCJ:P@2: Body Text 25БCJ4@B4 Header  ╞р└!4 @R4 Footer  ╞р└!.)@вa. Page Number╞(     /0hАУдеBCDEF┼╞;<-.X`~╢рRА╔DА╔ч 2 3 i Л и ┬ ╙ ц   M N V W Б ┴ ь   . / H I f g { Л Ю ╠ ╫ ╪ ы ь p│хPДЖХЦ╧¤*dЗЯаб├─╟Ш0ААШ0ААpШ0ААpШ0ААpШ0ААШ0ААpШ0ААpШ0ААШ0ААШ0ААpШ0ААИШ0ААШ0ААpШ0ААpШ0ААpШ0ААШ0ААШ0ААpШ0ААpШ0ААШ0ААШ0ААШ0ААpШ0ААШ0ААpШ0ААШ0ААpM90АM90АM90АM90АM90АM90АM90АM90АM90АM90АM90АM90АM90АM90АM90АM90АM90АM90АM90АM90АM90АM90АM90АM90АM90АM90АM90АM90АM90АM90АM90АM90АM90АM90АM90АM90АM90АM90АM90АM90АM90АM90АM90АM90АM90АM90АM90АM90АM90АM90АM90АM90АM90АM90АM90АM90АM90АM90АM90АM90АM90АM90АM90АM90АM90АM90АM90АM90АM90АШ0АА0ААШ0ААШ 0ААШ 0ААШ 0ААШ 0ААШ 0ААШ 0ААШ 0ААШ0ААШ0ААШ@0АА°АMy0бY(┐###&╞ ╞ БP╞┼  &! ХА ХА  9 $O: ,╝; lL< мЕ= ┼> ╘}!? tа#@ Їs!ААИУУЬ╟''ЗТТЪгг╟8*Аurn:schemas-microsoft-com:office:smarttagsАCityАB*Аurn:schemas-microsoft-com:office:smarttagsАcountry-regionА=*Аurn:schemas-microsoft-com:office:smarttags АPlaceTypeА=*Аurn:schemas-microsoft-com:office:smarttags АPlaceNameА9*Аurn:schemas-microsoft-com:office:smarttagsАStateА9*Аurn:schemas-microsoft-com:office:smarttagsАplaceА АЗУЪб─╟ЕОб─╟3 hАд.X~╢р∙D╔ i  ь / I ь ЖЦdабж░┤─╟б─╟  DCAADCAADCAAKarlDCAADCAADCAA Х,Q  ╠hu2  L"╙5  ╔J[8  кT>@  °#╩E дF ╠:mH  ~s@S  Ї%YT╠╡+         ;S(y  ЩPm{   ДhДШ■╞h^Дh`ДШ■OJQJo(vЁ ДhДШ■╞h^Дh`ДШ■OJQJo(╪Ё ДhДШ■╞h^Дh`ДШ■OJQJo(╖Ё ДhДШ■╞h^Дh`ДШ■OJQJo(vЁ ДhДШ■╞h^Дh`ДШ■OJQJo(╪ЁДhДШ■╞h^Дh`ДШ■B*OJQJo(▐Ё ДhДШ■╞h^Дh`ДШ■OJQJo(иЁДhДШ■╞h^Дh`ДШ■CJOJQJo(qЁhД╨ДШ■╞╨^Д╨`ДШ■OJQJo(ЗhИH╪ЁhДаДШ■╞а^Да`ДШ■OJQJ^Jo(ЗhИHoРhДpДШ■╞p^Дp`ДШ■OJQJo(ЗhИHзЁРhД@ ДШ■╞@ ^Д@ `ДШ■OJQJo(ЗhИH╖ЁРhДДШ■╞^Д`ДШ■OJQJ^Jo(ЗhИHoРhДрДШ■╞р^Др`ДШ■OJQJo(ЗhИHзЁРhД░ДШ■╞░^Д░`ДШ■OJQJo(ЗhИH╖ЁРhДАДШ■╞А^ДА`ДШ■OJQJ^Jo(ЗhИHoРhДPДШ■╞P^ДP`ДШ■OJQJo(ЗhИHзЁ ДhДШ■╞h^Дh`ДШ■OJQJo(№Ё ДhДШ■╞h^Дh`ДШ■OJQJo(╪Ё Ї%YTХ,QЩPm{╠:mH~s@S;S(yкT>@╠hu2╔J[8L"╙5°#╩E                                                  хК&Б88б─╟ @А ,╪ ╞0@  Unknown            GРЗz А Times New Roman5РАSymbol3&Р Зz А Arial;РАWingdings?5Р Зz А Courier New"qМЁ╨hКСc&ЎТc&Тc& б  б YЁе└┤┤А24dШШЁ▀▀H(Ё ?ф                     К&  SAS 94 March 26DCAAKarl8         ■ рЕЯЄ∙OhлС+'│┘0ДШа╕─╘рь№  4 @ L Xdlt|фSAS 94 March 26AS DCAA4 MCAACAANormalMKarllM6rlMicrosoft Word 10.0@Оъ╨@Ъ ;}╬┴@┤┌qm╬┴@─@АЭ╬┴б■ ╒═╒Ь.УЧ+,∙о0 hpШаи░ ╕└╚╨ ╪ ЇфDefense Contract Audit Agency M  ШA SAS 94 March 26 Title ■   ■    !"#$%&'()*+,-.■   0123456■   89:;<=>■   ¤   A■   ■   ■                                                                                                                                                                                                                                                   Root Entry         └FиШАЭ╬┴CАData             1Table    с"WordDocument    (SummaryInformation(            /DocumentSummaryInformation8        7CompObj            j            ■                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           ■       └FMicrosoft Word Document MSWordDocWord.Document.8Ї9▓q