## Component 3: Information System, Related Business Processes, and Communication

The auditor must understand the information system relevant to financial reporting, covering six areas:

#	Area
(a)	Classes of transactions that are significant to the financial statements
(b)	Procedures by which transactions are initiated, recorded, processed, corrected, transferred to the general ledger, and reported
(c)	Related accounting records and specific accounts used to initiate, record, process, and report transactions
(d)	How the system captures events and conditions significant to the financial statements
(e)	The financial reporting process used to prepare financial statements
(f)	Controls surrounding journal entries (including non-standard/manual entries)

### What Is an Information System?

An information system consists of:

Infrastructure (physical and hardware components)
Software
People
Procedures
Data

Many systems rely heavily on IT. The system should produce qualitative (reliable, relevant) financial information.

### Why Journal Entry Controls Matter

Manual/non-standard journal entries are a high-risk area because they can be used to manipulate financial results outside the normal transaction cycle.

Worked example

### Example 1

Area (b) – Transaction processing: The auditor traces a sample of sales orders through the order-entry system → inventory module → billing → accounts receivable → general ledger. Understanding this flow allows the auditor to identify where cut-off errors or fictitious transactions could be introduced.

### Example 2

Area (f) – Journal entry controls: During a fraud investigation, it is found that a CFO made year-end journal entries to reduce expense provisions without supporting documentation. Had the entity required dual authorisation and a supporting memo for all non-standard journal entries, this manipulation could have been detected earlier. The auditor should test controls over journal entries as part of understanding the information system.

### Example 3

IT-heavy system: An e-commerce company processes thousands of daily transactions automatically. The auditor focuses on IT general controls (access, program change, operations) and automated application controls (e.g., system validation of credit card authorisations) as the primary means of understanding the information system.

⚠️ Common exam mistakes

Limiting 'information system' to only the accounting software — it also includes people, procedures, and data.
Overlooking journal entry controls (area f) as a separate, distinct item — journal entry fraud is a major financial reporting risk.
Treating this component as purely IT-focused — even manual systems have an information system (paper ledgers, manual procedures).
Failing to link information system understanding to the design of substantive procedures (e.g., knowing the transaction flow helps determine where to test for cut-off).

Reference:

Now that you've read this — what's next?

Move from understanding → mastery in 3 clicks. Each option below picks up from this lesson's topic.

🔥 Drill 5 Qs on this → ✍️ Adaptive practice →