1

Introduction

Audit objective – The audit objective will not change as the auditor must, “ Obtain relevant and reliable audit evidence sufficient to draw reasonable conclusions there from”.

2

Introduction

The obvious differences between a computerized system and manual system are as follows:

- changes in processing of financial data- changes in storage of financial data- changes in communication of financial

info- changes in the organization structure

and procedures

3

Effect of computerization on audit process However, in a computerized

accounting system, there are certain differences which must be taken into account and which inevitably will lead to a need for additional internal control. These main differences are :-

1.Invisibility of processing which can invariably lead to a lack of audit trail.

4

Effect of computerization on audit process2.Potentially better internal control. With

less human intervention (elimination of segregation of duties) and more automation, the system can be much more reliable than a manual system.

3.Speed, accuracy and consistency can be assured in a computer system. This is not the case with manual system.

5

Effect of computerization on audit process4.There will often be a long time lag

between the conception and implementation of the system. It may take six months, a year, and even longer, in larger systems, before the accounting system is working adequately.

6

Effect of computerization on audit process5.Centralization of processing. In

manual systems the payroll, the sales, the purchases, are processed in separate dept in isolation. In a computerized accounting system, processing is done in one location, the Central Processing Unit.

7

The benefits for auditor of using the computer software: Time may be saved by eliminating

manual casting and other routine calculation

Calculations and comparisons are performed more accurately

Audit sampling may be facilitate Potential weaknesses in a client’s

internal control system may be identified more readily

8

Potential of material errors: Data entry/processing – errors can

happen during data entry as a result from negligence or human error.

Unauthorized Access – data and information can be altered without physical evidence by an unauthorized person if he knows the password

Loss of data – theft and accidental erasure can cause loss of invaluable data and information

9

Internal control in EDP environment The differences between

computerized and manual accounting system mean there is a requirement for additional internal controls and they are : General controls (Administration &

System development) Application controls

10

General control

These are controls which cover the environment in which the application is developed, maintained and operated, and which are therefore applicable to all parts of the EDP.

The objectives are to ensure the proper development and implementation of applications and the integrity of program and data files and of computer operation.

11

General controls can be classified into 5 categories:• Organizational controls• System development and

maintenance controls• Hardware and systems software

controls• Security and access controls• Operations and data control

12

Application Controls

These are controls which seek to ensure the accuracy and completeness of input processing, and the validity of the resulting accounting entries.(apply to specific computer applications)

13

Application control can be classified into 5 categories: Data capture controls Data validation controls Processing control Output control Error control

14

Audit approach to computer environment Auditor shall obtain two approach:

a) Around the computer approachb) Through the computer approach

- the auditor shall used the microcomputer

software when performing this approach.

15

“Around the computer approach” In this approach the auditor does not

examine the computer processing but instead the auditor emphasis on the following matters:

a) To ensure the completeness, accuracy and validity of information by comparing the output reports with the input documentation

b) To ensure the effectiveness of input controls and output controls

16

“Around the computer approach”c) To ensure the adequacy of segregation

of duties

In other words, this approach concentrate solely on the input and corresponding output with emphasis on user departments only. These include checking authorization, coding and control totals of input and checking the output with source documents and clerical control totals.

17

“Through the computer approach” This approach requires the auditor to

examine the detailed processing routines of the computer to determine whether the controls in the system are adequate to ensure complete and correct processing of all data.

Therefore, the auditor will use CAATs.

18

Computer Assisted Audit Techniques

Tools used by auditor with the computer to aid in the effective and efficient performance of an audit whereby the computer programs allow auditors to test computer files and database . (if “through the computer” approach is adopted).

19

Types of CAATs:

Generalized Audit Software Programs (GASPs)

Custom Audit Software Test Data Integrated Test Facility Parallel simulation Concurrent auditing techniques

20

Generalized Audit Software Programs (GASPs)    Readily available computer

programs that read the client’s data, process the data, performed the indicated audit procedures, and require little programming effort and technical knowledge of auditor.   Used by auditor during substantive test.   To determine reliability and integrity of computerized accounting records.   

21

Generalized Audit Software Programs (GASPs) Its ability include:

a)      Can select sample for confirmation of balances.

b)      Can provide detailed schedule of what are the items that make up account balance.c)      Can rearrange information in a manner suitable for the auditor to study and evaluate.d)      Can calculate ratio and trend analysis.

22

Custom Audit Software

Is generally written by auditors for specific audit tasks

It is necessary when the entity’s computer system is not compatible with the auditor’s GAS or when the auditor wants to conduct some testing that may not be possible with the GAS.

23

Test Data

      Development of imaginary data by auditor that are

subsequently processed using the client’s computer

system.      Results obtained are then compared

with predetermined results.      Used by auditor during test of controls.

24

Test Data

Its ability include:a)      Can verify the correct functioning of a

programb)      Can ensure computer responds correctly to deliberate errors on data.(error or

exception report is generated by computer)c)      Can verify computer generated total balance and analysis. (computer will do the adding and subtracting, and analysis will be compared against the input).

25

Integrated Test Facility

CAAT that uses fictitious data and processes it with real data to test the computer system while the client’s personnel are unaware of testing process.

26

Parallel Simulation

CAAT that uses client input data and processes it on a duplicate program to test the computer system

27

Concurrent auditing techniques Advanced computer system may

require the auditor use concurrent auditing techniques, which may be conducted by internal auditors.

Three concurrent auditing techniques are:

1. Snapshot2. System control audit review3. Expert systems

28

Major steps in applying CAATs Set the objective of the CAAT application Identify the specific files or databases to

be examined Determine the accessibility of the

entity’s files Define the specific tests or procedures

and related transactions and balances affected

Define the output requirements Identify the personnel who will

participate in the application of the CAAT29

Major steps in applying CAATs Ensure the use of the CAAt is properly

controlled and documented Reconcile data to be used for the CAAT

with the accounting records; and Evaluate the results after execution of

the CAAt application

30