August 9, 2011
Ch 11 & 13
11-6 a. Briefly describe three strategies for testing internal controls when information technology is used for significant accounting processing. The three strategies for testing internal controls would first be to assess a control risk based on user controls. This can be done by comparing computer-generated output with the source documents that can support the transactions. The second strategy would be by planning for a low control risk assessment based on application controls. This means that the auditor should test the computer application controls, test the computer general controls, and test the manual follow up of the exceptions noted by the application controls. The last strategy would be planning for a high control risk assessment based on general controls and manual follow up. When an auditor test the general controls they can usually learn about the effectiveness of the design and testing application controls. b. Identify two strategies that might be used to support a low control risk assessment. Discuss the difference between the two strategies. The two different strategies that might support a low control risk assessment are the user controls and the application controls. If there is not effective evidence that there are good manual follow up controls setup under the user controls there might be reason to call for a low control risk assessment. The application controls should have all three levels in place and they should be effective. The three levels would be the testing of computer applications, the testing of computer general controls, and the testing of manual follow up of the exceptions noted by application controls. c. Discuss a third audit strategy that might be used to assess control risk at a high level. Explain why this strategy will not support a low control risk assessment. The third audit strategy is the general controls and manual follow up...