2. Computer Auditing – Types of Computer
System
• Information technology (IT) is integral to modern accounting
and management information systems. It is, therefore,
imperative that auditors should be fully aware of the impact of
IT on the audit of a client’s financial statements, both in the
context of how it is used by a client to gather, process and
report financial information in its financial statements, and
how the auditor can use IT in the process of auditing the
financial statements.
• Types of Computer system
– Hardware (i.e. CPU, monitor, printers, zip drive, scanners)
– Software (Operating systems, database, application software etc.
– The transmission media (i.e. wires, optical fiber cables and
microwave links)
– Network devices (i.e. modems, gateways etc)
3. Computer Assisted Audit Technique
Approaches to Auditing in a CIS
Environment
1. Auditing Around the Computer: It is the type of auditing done in a traditional
method. The auditor summarizes the input data and ignores the computer’s
processing but ensures the correctness of the output data generated by the computer,
this approach is generally referred to as “auditing around the computer”. This
methodology was primarily focused on ensuring that source documentation was
correctly processed and this was verified by checking the output documentation to
the source documentation
2. Auditing Through the Computer: Due to the “real time” computer environments,
there may only be a limited amount of source documentation or paperwork hence
the auditor may employ an approach known as “auditing through the computer”. In
this approach, the reliability and accuracy of the results are analyzed through the
computer. This involves the auditor to perform tests on the information technology
controls to evaluate their effectiveness like Compliance test, Test Packs,
Reprocessing.
3. Auditing with the Computer: The utilization of computer by the auditor for some
audit work and he uses some general software for the purpose of calculating
depreciation, printing letters, and duplicate checking and files comparison.
4. Characteristics of CIS Environment
• High speed and Automatic initiation/execution of transactions.
• Uniform processing of transaction, hence low clerical error.
• Ease of Access to Data and Computer programs.
• Systems generated transactions.
• Vulnerability of data and program storage media.
• Consistency in work
• Lack of visible transaction trail
5. Internal control In CIS Environment
• Internal controls in ICT/ CIS Environment. They are
classified into:
– General Control
– Application Control
6. General controls
• Controls over general environment in which the system
is developed, maintained and operated. They include:
– Complete review, testing and approval of the system and
programs before they become fully operational.
– Competence of staff to implement the system
– Authorization of any changes in the system by responsible
official.
– Segregation of duties so that different staffs perform the
duties of system development, programming and data entry.
– Access control- only authorized personnel should have access
of hardware, programs and data files.
– Stand by facilities for use in case of a temporary computer
failure.
– Back-up facilities to avoid loss of data.
7. Application Control
• Application controls classified into:
– a) Input controls
– b) Processing controls
– c) Output controls
• The main aim is to ensure Validity, completeness and accuracy
of accounting data.
• Controls within a computer application to ensure-
completeness, accuracy of input, processing and validity of
the resulting accounting entries. They can be done foe specific
areas of the system for example, control over sales, payroll,
control over inventory and etc.
8. Input controls
• The main aim of input controls is to reduce errors in the data
entered in the system for processing.
• Input controls include checking and ensuring that:
– Input data are authorized by the appropriate official.
– Data represent valid record of actual transaction
– Correctly classified for the purpose of accounting.
• Input control-examples (Sequence checks)
– Transactions that are serially numbered should be in sequence and
checked by the programs If sales invoice are serially numbered
– for example 010 to 0200; then if invoice numbered 14 recorded
before 12 then the system should reject invoice number 14 until
number 12 is posted.
9. Processing controls
• Processing controls, There are divided into
mechanical and programmed controls.
• Programmed control are done during the
system development to ensure that only data
related to a particular transaction is processed
and not otherwise.
10. Output Controls
• Controls relating to input and processing itself with
the final objective of ensuring that the output:
– Relates precisely to the original input.
– Represents the outcome of a valid and tested program of
instructions. (e.g., digit check, reasonableness checks)
– Output reports are only accessed by the authorized
personnel.
– Output reports checked by someone as to their
reasonableness.
11. Special Consideration in Case of Audit of
E- Commerce Transaction
• Electronic commerce includes activities of promoting and selling a product or
service and obtaining payment for the same.
• Objectives of E- commerce Audit:
– To gain an understanding of the E-commerce product line, transaction flow, and
settlement processes.
– To ensure that adequate internal controls are in place along with audit trails necessary to
recreate a transaction.
– To determine whether the top management recognizes additional business and control
risks adopts specific policies for e-commerce.
• General Overview Obtain the following documentation:
– List of personnel and their duties.
– Flow chart of the e-commerce system.
– Summaries of strategic plans.
– Independent reviews, assessments, or system certifications performed by consultants or
experts
– Details of E-commerce activities conducted.
– Details regarding complaints specific to E-commerce
– External audit reports and related materials.
– Relevant operating policies and procedures.
12. Computer-Assisted Audit Tools And
Techniques (CAATs)
• CAATs is a growing field within the IT audit profession. CAATs is the
practice of using computers to automate the IT audit processes.
• CAATs normally includes using basic office productivity software such
as spreadsheet, word processors and text editing programs and more
advanced software packages involving use statistical analysis and business
intelligence tools such as spreadsheets (e.g. Excel), databases
(e.g. Access), statistical analysis (e.g. SAS), generalized audit
software (e.g. ACL, Arbutus, EAS), business intelligence (e.g. Crystal
Reports and Business Objects), etc.
• CAATTs can refer to any computer program utilized to improve the audit
process.
• The nature of computer-based accounting systems is such that auditors may
use the audit client company’s computer, or their own, as an audit tool, to
assist them in their audit procedures.