IT Auditing and Application Controls for Small and Mid-Sized Enterprises: Revenue, Expenditure, Inve

Preface xiAcknowledgments xiiiChapter 1: Why Is IT Auditing Important to the Financial Auditorand the Financial Statement Audit? 1Management's Assertions and the IT Audit 2Objectives of Data Processing for Small and Medium?]Sized Enterprises (SMEs) 5Special Challenges Facing SMEs 8Research Confirming the Risks Associated with SMEs 13A Framework for Evaluating Risks and Controls, Compensatory Controls, and Reporting Deficiencies 16Summary: The Road Ahead 20Chapter 2: General Controls for the SME 21General Controls: Scope and Outcomes 22The "COSO Process"--Putting It All Together: Financial Statements, Assertions, Risks, Control Objectives, and Controls 30Summary 35Chapter 3: Application?]Level Security 37Key Considerations 37Initial Security Setup 40Security Role Design 42Password Configuration 44Segregation of Duties 48Personnel, Roles, and Tasks 49Access Reviews 56Human Error 58Summary 58Chapter 4: General Ledger and the IT Audit 59The General Ledger: A Clearinghouse of Financial Information 60Chart of Accounts for QuickBooks 62SME Risks Specific to the General Ledger and the Chart of Accounts 65Assertions Underlying the Financial Statements and General Ledger Controls 66IT Controls, the Transaction Level, and the General Ledger 66Summary 78Chapter 5: The Revenue Cycle 81Risk Exposures and Subprocesses 81Application Controls, Revenue Cycle Risks, and Related Audit Procedures 84Summary 105Chapter 6: The Expenditure Cycle 107Risk Exposures and Subprocesses 107Application Controls, Expenditure Cycle Risks, and Related Audit Procedures 111Summary 133Chapter 7: The Inventory Cycle 135Risk Exposures and Subprocesses 136Application Controls, Inventory Cycle Risks, and Related Audit Procedures 143Summary 157Chapter 8: The Payroll Cycle 159Risk Exposures and Subprocesses 159Application Controls, Payroll Cycle Risks, and Related Audit Procedures 163Summary 248Chapter 9: Risk, Controls, Financial Reporting, and an Overlay of COSO on COBIT 249PCAOB Warnings: Insufficient Evidence to Support Opinions 250How We Got Here: A Historical Perspective 251Risk 260Risk and Fraud 261Controls 262Financial Reporting 269PCAOB Guidance on IT Controls 279Integrating COSO, COBIT, and the PCAOB 280Summary 286Chapter 10: Integrating the IT Audit into the Financial Audit 289Risks, Maturity, and Assessments 290Cross?]Referencing COBIT to the PCAOB and COSO 295Plan and Organize 303Program Development and Change 311Computer Operations and Access to Programs and Data 317Monitor and Evaluate 330Summary 334Chapter 11: Spreadsheet and Desktop Tool Risk Exposures 337Specific Types of Risks and Exposures 338Research on Errors in Spreadsheets 339Compliance Dimensions of Spreadsheet Risk Exposures 344Spreadsheet Auditing Tools 348Governance of Spreadsheets and Desktop Tools 352Control Considerations 355Auditing Controls and Creating a Baseline 356Life after the Baseline: Maintaining Spreadsheets and Desktop Tools 368Summary 369Chapter 12: Key Reports and Report Writers Risk Exposures 371How Reports Are Used 371Original Reports within the Application 372Modified or Customized Reports within the Application 376Reports Using Third?]Party Packages 378Analyzing and Validating Reports 382Summary 383Chapter 13: IT Audit Deficiencies: Defining and Evaluating IT Audit Deficiencies 385A Framework for Audit Deficiencies 385Types of IT Audit Failures and Illustrative Cases 388Use of Compensatory Controls 388Ideas for Addressing Segregation?]of?]Duties Issues 388Summary 398References 399About the Authors 405Index 407