Part 1 ? Explain the Accounting Information Systems in Computerized Environment ? Explain Impact of IT on Economics of Auditing ? Discuss the Concept of Security Part 2: ? Identify one example of Accounting Information System ? Discuss it's Systems Architecture ? Discuss it's feautures, functions and capabilities ? Discuss it's requirements for effective and efficient use REFLECTION PAPER: Part 1 ? Explain the Accounting Information Systems in Computerized Environment ? Explain Impact of IT on Economics of Auditing ? Discuss the Concept of Security Part 2: ? Identify one example of Accounting Information System ? Discuss it's Systems Architecture ? Discuss it's feautures, functions and capabilities ? Discuss it's requirements for effective and efficient use

AUDITING IN CIS ENVIRONMENT risks can now be controlled using computer assisted tools and techniques, overall audit risks can be controlled and reduced. 3 This risk-based audit approach starts with the preliminary review. The next step is risk assessment. Under the audit approach, depending upon the intensity of the use of Information Technology, audit is done either through the computers or around the computers. Once the approach is decided, the next step is to assess general IS controls and application controls. Using CAATs, the controls are assessed, evidence is collected, evaluated and reports are prepared using the information systems. Concept of Security In this section we discuss the concept of security in detail. IS resources are vulnerable to various types of technology risks and are subject to financial, productivity and intangible losses. Resources like data actually represent the physical and financial assets of the organization. Security is a control structure established to maintain confidentiality, integrity and availability of data, application systems and other resources Few principles need to be followed for effective implementation of information security. These are: 1. Accountability, which means clear apportionment of duties, responsibilities and accountability in the organization; 2. Creation of security awareness in the organization; 3. Cost-effective implementation of information security; 4. Integrated efforts to implement security; 5. Periodic assessment of security needs; and 6. Timely implementation of security. Information security is implemented using a combination of General IS controls and application controls. General IS controls include implementation of security policy, procedures and standards, implementation of security using systems software, business continuity plan and information systems audit. Besides, various other types of controls are also used for implementation like: Framing and implementing security policy; environmental, physical, logical and administrative controls; Physical controls including locks and key, biometric controls and environmental controls; Logical controls like access controls implemented by the operating systems, database management systems and utility software are implemented through sign-on procedures, audit trail, etc; Administrative controls like separation of duties, security policy, procedures and standards; disaster recovery and business continuity plans; information systems audit, etc.AUDITING IN CIS ENVIRONMENT 4 IS Management Information systems audit is a process to collect and evaluate evidence to determine whether the information systems safeguard assets, maintain data integrity, achieve organizational goals effectively and consume resources (/> CO efficiently. M.i.hi The common element between any manual audit and IS audit is data integrity. All types of audits (information audits) have to evaluate the data integrity. Since IS audit involves efficiency and effectiveness, it includes some elements of management and proprietary audit too. IS audit evaluates the IS management function. According to COBIT, there are five IS resources. People, application systems, technology, data and facilities. The IS management function can be divided into four phases, like any other management function. 1. Management (which is equivalent for planning and organization) 2. Implementation and deployment 3. Directing and controls 4. Audit and monitoring. In this section, we discuss the most important activities and controls for each of the resources during each phase of information systems management. We also discuss what an IS auditor would like to review during each phase for each resource. All said and done, it should never be forgotten that the heart of IS audit is the systems audit, which reviews the controls implemented on the system using systems software. Systems audit is a subject of skills acquisition and not knowledge acquisition. Included is a sample checklist for UNIX audit in the section. 4/5AUDITING IN CIS ENVIRONMENT CHAPTER 2 AUDIT IN COMPUTERIZED ENVIRONMENT Objective 1. Explain the Accounting Information Systems in Computerized Environment O 2. Explain Impact of IT on Economics of Auditing 3. Discuss the Concept of Security 4. Discuss the IS Management Accounting Information Systems In Computerized Environment In this section we bring out the fact that Accounting Information System in the manual and computerized environment is not the same. In the computerized environment accounting records are kept in computer files, which are of three types, namely master file, parameter file and transaction file. This classification is not based on the types of records but on the basis of need and frequency of updatingand level of security required. File and record security is implemented using the facilities provided by the operating system, database and application software. With the increasing use of information systems, transaction-processing systems play a vital role in supporting business operations. And many a times, a TPS is actually AIS. Every transaction processing system has three components-input, processing and output. Since Information Technology follows the GIGO principle, it is necessary that input to the system be accurate