Question

Ergonomics Furniture Pty Ltd (Ergonomics Furniture) is an Ergonomics Furniture manufacturer located in Sydney and has just installed the company’s first computer system.

In preparing for your current audit, you have identified the following information:

• The system is a local area network (LAN).
• The file server and two PCs are located at Head Office in Sydney, with two other PCs located in Melbourne.
• Selma Taylor, the CEO, who is located at Head Office and three clerical staff, Scot Davis, who is located at Head Office and Andy Johnson and Yang Chan, who are located in Sydney, are the only ones having logical access privileges to the computer. Their access privileges are as follows:
• Selma: access to all software and all files
• Scot: access to inventory
• Andy: access to receipts, sales and debtors.
• Yang: access to payroll, payments and payables
• All software was purchased off-the-shelf with the exception of the inventory program. Due to the specialised nature of Ergonomics Furniture’s inventory, an independent IT contractor was engaged to design, develop, test and install their program.

• The IT contractor fully documented the workings of the inventory system, however, neither Scot nor Selma understand the documentation.
• The computer hardware at both locations is kept in locked offices.
• Selma backs up all data kept on the file server on a daily basis and places a copy in a local secure storage facility.
• Scot, Andy and Yang print summary reports of inventory; sales, cash receipts and debtors; and cash payments, payables and payroll, respectively, and reconcile these on a weekly basis. Any apparent errors or problems are referred to Selma for resolution.

REQUIRED

1. Identify five (5) strengths in Ergonomics Furniture’s general controls that will impact on the reliability of the IT information that is generated.   

2. Outline how each of these strengths affect the audit overall.   

Answer 1

Anwers:

Identify five (5) strengths in Ergonomics Furniture’s general controls that will impact on the reliability of the IT information that is generated.

1. The computer hardware being kept in locked offices is a strength in itself as it greatly contributes to the Data Integrity of the company. This would mean that not anyone could access computer hardware. It suggests less propensity for any employees or outsiders to hack the system through the hardware. It also suggests that the computer hardware are in safe and regulated environments.
2. Another control strength is Selma's daily back up of files. Backup files are crucial in an audit. This would mean that Selma practices a good control over output, which is a beneficial feat in an audit engagement since auditors can assess that controls over output is good in relation to backup files.
3. As stated, Scot, Andy, and Yang print summary reports and reconcile on a daily basis. This is a good control over output. The auditor, upon understanding the printing and reconciliation process, can review the summary reports when testing for specific accounts balances.
4. Separation of duties is a crucial concept in auditing. Scot, Andy, and Yang all have their respective access privileges and one cannot access the other's privileges. With that being said, this may give the auditors in the engagement reasonable assurance that incompatible duties and functions are not present among Scot, Andy, and Yang, since the three of them have different access privileges.
5. The proactive involvement of Selma as CEO is also a control strength in itself. Any problems regarding the pertinent data are brought to her attention and resolved. This may have the possibility of contributing to reasonable assurance that any errors or mistakes in the financial reports are resolved appropriately. This would signal the auditors in the engagement to take into account Selma's involvement in the reconciliation and resolution process of the company.

Outline how each of these strengths affect the audit overall ?

1. As mentioned, keeping computer hardwares in restricted areas greatly contribute to the integrity of data, this means that the auditors in the engagement would probably assess physical controls over these assets as reliable. Reliable physical controls over computer hardware would mean that auditors in the engagement can rely on these controls when assessing the nature, timing, and extent of any substantive tests.
2. Furthermore, if, in an unfortunate event, that current data is lost during the audit, the auditors can still rely on the back up files that Selma has secured in a storage facility.
3. Additionally, the presence of summary reports and reconciliations allows the auditors to test the computer programs, whether they work efficiently in terms of input and output processing. Auditors can also easily determine with summary reports whether reconciliations made are accurate and reliable.
4. The separate access privileges can contribute to reasonable assurance that financial reports of one person are not tampered by another person. The separation of duties would also give auditors an easier time with communicating with the appropriate person regarding any specific account. (for example: auditors can easily determine that anything that has to do with inventory would involve Scot).
5. This would signal the auditors in the engagement to take into account Selma's involvement in the reconciliation and resolution process of the company.

.

Even though there are control strengths, the auditors would still need to practice professional skepticism in order to conduct an unbiased audit engagement.

These are the control strengths I think would affect the reliability of financial data in the IT environment. If you have any other ideas you can add or change that would make more sense to you, that would be great as well!