SANJITH.H.N

AUDIT IN COMPUTERIZED ENVIRONMENT

Change in the Environment

30TH NOVSANJITH2

Technological Revolution.Increase in Volumes & Complexities of transactions.

Time & Information became most sought after.

Fall in Prices of Computer Hardware.Availability of user friendly software.

No Change in overall objective

3rd July 2008Ashok Seth3

To establish reliability & integrity of information

To assess compliance with policies, laws & regulations

To see that assets are being safeguarded

To appraise economical & efficient use of resources

Accomplishment of established objectives & goals

Effect of EDP Environment

3rd July 2008Ashok Seth4

On procedures in obtaining sufficient understanding of accounting & internal control systems

On risk assessment method to be followed

Designing of tests of control and substantive procedures to meet audit objective

EDP Characteristics

3rd July 2008Ashok Seth5

Uniform Processing of TransactionsPotential for undetected errors & irregularities

Transaction Trail may be available for short duration or only in electronic form.

Automatic initiation & subsequent execution of transaction by computer

Problems with EDP systems

3rd July 2008Ashok Seth6

Unauthorized persons may gain access to data or program

Transactions may not be completely processed

Data may become corrupt giving wrong report

Programmers may make unauthorized changes to software

Difficult to Trace input errors Lack of Supervisory controls

Audit Approach

3rd July 2008Ashok Seth7

Auditing Around Computers

Auditing through Computers

Auditing Around Computers

3rd July 2008Ashok Seth8

Involves selection of representative sample of source documents and tracing them to final destination

The controls and procedures used in processing the data were considered unimportant

Auditing Through Computers

3rd July 2008Ashok Seth9

This approach de-emphasizes testing of records and focuses on the examination of the processing system to enhance the probability of system generated records being accurate.

Auditing Through Computers- Steps: -

3rd July 2008Ashok Seth10

Review and evaluation of systems of controls

Verification of record contents and generation of evidential information (Audit Evidence) from database

EDP Controls

3rd July 2008Ashok Seth11

General EDP Controls

EDP Application Controls

General EDP Controls

3rd July 2008Ashok Seth12

Access controls: - to preventUnauthorized access to online terminal devices, programs and data

Entry of unauthorized transactionsUnauthorized changes to data files.Use of programs that have not been authorized.

Controls over passwords

Contd

3rd July 2008Ashok Seth13

Programming Controls to prevent or detect improper changes to programs. The access may be restricted through program development libraries. The changes in programs are required to be documented.

Transaction Logs- Reports which are designed to create audit trail

EDP Application Controls

3rd July 2008Ashok Seth14

Pre Processing AuthorizationChanges to standing dataData Processing controls,

reasonableness and other validation tests.

Cut off proceduresFile Controls procedures- to ensure

correct data files are used.Balancing:- process of establishing

control totals to ensure accuracy

Computer Assisted Audit Techniques (CAATs)

3rd July 2008Ashok Seth15

Includes: -

Test Data TechniquesGeneralized audit software (GAS)

Utility Software

Test Data techniques

3rd July 2008Ashok Seth16

Live Processing with dummy data

Dummy processing with dummy data

Integrated test facilityOn line testing

Why CAATsAbsence of input documents or the lack of a visible

audit trailEffectiveness and Efficiency of auditing procedures

improvedInformation processing environments pose a stiff

challenge to collect sufficient, relevant and useful evidences since the evidence exists on magnetic media and can only be examined using CAATs.

With systems having different hardware and software environments, different data structure, record formats, processing functions, etc , it is almost impossible for the auditors to collect evidence without a software tool to collect and analyze the records

3rd July 2008Ashok Seth17

Functional Capabilities of CAATsFile access: Enables the reading of different

record formats and file structuresFile reorganization: Enables the indexing,

sorting, merging and linking with another fileData selection: Enables global filtration

conditions and selection criteriaStatistical functions: Enables sampling,

stratification and frequency analysis. Arithmetical functions: These functions

facilitate re-computations and re-performance of results.

3rd July 2008Ashok Seth18

How to use CAATs?Set the objective of the CAAT application Determine the content and accessibility

of the entity's files Define the transaction types to be tested Define the procedures to be performed

on the data Define the output requirements Identify the audit and IT personnel who

may participate in the design and use of tests for CAATs.

3rd July 2008Ashok Seth19

General Uses and Applications of CAATs- for exampleException identificationControl analysis: Identify whether controls

as set have been working as prescribedError identification: Identify data which is

inconsistent or erroneous.Statistical samplingVerification of calculationsCompleteness of data: Identify whether all

fields have valid data.Contd

3rd July 2008Ashok Seth20

DuplicatesObsolescence of inventoryUndeserved discounts for rapid paymentAccounts exceeding authorized limitOverdue invoices

3rd July 2008Ashok Seth21

Strategies for using CAATsIdentify the goals and objectives of the

investigation or auditIdentify what information will be requiredDetermine what the sources of the informationIdentify who is responsible for the informationReview documentation to know the type of data

in the systemReview documentation to know flow of data,

understand data, Know what each field in the data set represents and how it might be relevant.

Contd

3rd July 2008Ashok Seth22

Develop a plan for analyzing the data What - Specific objectives that should be

addressed by the analysisWhen – Define the period of time that will be

audited, and secure the data for that period Where – Define the sources of the data to be

analyzed (Accounts payable, payroll) Why – Reason for performing the tests and

analysis (general review, fraud audit)How – The types of analysis planned to be

carried out by the audit

3rd July 2008Ashok Seth23

Precautions in using CAATsIdentify correctly data to be audited Collecting the relevant and correct data files Identify all the important fields that need to be

accessed from the system State in advance the format the data can be

downloaded and define the fields correctly Ensure the data represent the audit universe

correctly & completely.Ensure the data analysis is relevant and

complete. Contd

3rd July 2008Ashok Seth24

Perform substantive testing as required.

Information provided by CAATs could be only indicators of problems as relevant and perform detailed testing as required.

3rd July 2008Ashok Seth25

3rd July 2008Ashok Seth26