Page 62 - Accounting Information Systems
P. 62

C H A P TER 1      The Information System: An Accountant’s Perspective  33

                         Both internal and external auditors conduct audits. External auditing is often called independent audit-
                       ing because certified public accounting (CPA) firms that are independent of the client organization’s
                       management perform them. External auditors represent the interests of third-party stakeholders in the or-
                       ganization, such as stockholders, creditors, and government agencies.

                       External Auditing
                       Historically, the external accountant’s responsibility as a systems auditor was limited to the attest func-
                       tion described previously. In recent years this role has been expanded by the broader concept of assur-
                       ance. The Big Four public accounting firms have now renamed their traditional audit functions assurance
                       services.

                       ASSURANCE. Assurance services are professional services, including the attest function, that are
                       designed to improve the quality of information, both financial and nonfinancial, used by decision makers.
                       For example, a client may contract assurance services to obtain an opinion as to the quality or marketabil-
                       ity of a product. Alternatively, a client may need information about the efficiency of a production process
                       or the effectiveness of their network security system. A gray area of overlap exists between assurance and
                       consulting services, which auditors must avoid. They were once allowed to provide consulting services to
                       audit clients. This is now prohibited under SOX legislation. These issues are discussed in later chapters.

                       IT AUDITING. IT auditing is usually performed as part of a broader financial audit. The organizational
                       unit responsible for conducting IT audits may fall under the assurance services group or be independent.
                       Typically they carry a name such as IT Risk Management, Information Systems Risk Management, or
                       Global Risk Management. The IT auditor attests to the effectiveness of a client’s IT controls to establish
                       their degree of compliance with prescribed standards. Because many of the modern organization’s inter-
                       nal controls are computerized, the IT audit may be a large portion of the overall audit. We examine IT
                       controls, risks, and auditing issues in Chapters 15, 16, and 17.
                       Internal Auditing
                       Internal auditing is an appraisal function housed within the organization. Internal auditors perform a
                       wide range of activities on behalf of the organization, including conducting financial statement audits,
                       examining an operation’s compliance with organizational policies, reviewing the organization’s com-
                       pliance with legal obligations, evaluating operational efficiency, detecting and pursuing fraud within
                       the firm, and conducting IT audits. As you can see, the tasks that external and internal auditors perform
                       are similar. The feature that most clearly distinguishes the two groups is their respective constituen-
                       cies. External auditors represent third-party outsiders, whereas internal auditors represent the interests
                       of management.



                       Summary

                       The first section of this chapter introduced basic systems con-  focused on functional segmentation as the predominant
                       cepts and presented a framework for distinguishing between  method of structuring a business and examined the functions
                       accounting information systems and management information  of a typical manufacturing firm. The section presented two
                       systems. This distinction is related to the types of transactions  general methods of organizing the IT function: the centralized
                       these systems process. AIS applications process financial trans-  approach and the distributed approach.
                       actions, and MIS applications process nonfinancial transactions.  The third section reviewed the evolution of AIS models.
                       The section then presented a general model for accounting in-  Each new model evolved because of the shortcomings and
                       formation systems. The model is composed of four major tasks  limitations of its predecessor. As new approaches evolved,
                       that exist in all AIS applications: data collection, data process-  however, the predecessor or legacy systems often remained
                       ing, database management, and information generation.  in service. Thus, at any point in time, various generations of
                         The second section examined the relationship between  systems coexist across different organizations and even within
                       organizational structure and the information system. It  a single enterprise. Five AIS models were examined.
   57   58   59   60   61   62   63   64   65   66   67