View
531
Download
1
Tags:
Embed Size (px)
DESCRIPTION
Citation preview
1
Introduction
Audit objective – The audit objective will not change as the auditor must, “ Obtain relevant and reliable audit evidence sufficient to draw reasonable conclusions there from”.
2
Introduction
The obvious differences between a computerized system and manual system are as follows:
- changes in processing of financial data- changes in storage of financial data- changes in communication of financial
info- changes in the organization structure
and procedures
3
Effect of computerization on audit process However, in a computerized
accounting system, there are certain differences which must be taken into account and which inevitably will lead to a need for additional internal control. These main differences are :-
1.Invisibility of processing which can invariably lead to a lack of audit trail.
4
Effect of computerization on audit process2.Potentially better internal control. With
less human intervention (elimination of segregation of duties) and more automation, the system can be much more reliable than a manual system.
3.Speed, accuracy and consistency can be assured in a computer system. This is not the case with manual system.
5
Effect of computerization on audit process4.There will often be a long time lag
between the conception and implementation of the system. It may take six months, a year, and even longer, in larger systems, before the accounting system is working adequately.
6
Effect of computerization on audit process5.Centralization of processing. In
manual systems the payroll, the sales, the purchases, are processed in separate dept in isolation. In a computerized accounting system, processing is done in one location, the Central Processing Unit.
7
The benefits for auditor of using the computer software: Time may be saved by eliminating
manual casting and other routine calculation
Calculations and comparisons are performed more accurately
Audit sampling may be facilitate Potential weaknesses in a client’s
internal control system may be identified more readily
8
Potential of material errors: Data entry/processing – errors can
happen during data entry as a result from negligence or human error.
Unauthorized Access – data and information can be altered without physical evidence by an unauthorized person if he knows the password
Loss of data – theft and accidental erasure can cause loss of invaluable data and information
9
Internal control in EDP environment The differences between
computerized and manual accounting system mean there is a requirement for additional internal controls and they are : General controls (Administration &
System development) Application controls
10
General control
These are controls which cover the environment in which the application is developed, maintained and operated, and which are therefore applicable to all parts of the EDP.
The objectives are to ensure the proper development and implementation of applications and the integrity of program and data files and of computer operation.
11
General controls can be classified into 5 categories:• Organizational controls• System development and
maintenance controls• Hardware and systems software
controls• Security and access controls• Operations and data control
12
Application Controls
These are controls which seek to ensure the accuracy and completeness of input processing, and the validity of the resulting accounting entries.(apply to specific computer applications)
13
Application control can be classified into 5 categories: Data capture controls Data validation controls Processing control Output control Error control
14
Audit approach to computer environment Auditor shall obtain two approach:
a) Around the computer approachb) Through the computer approach
- the auditor shall used the microcomputer
software when performing this approach.
15
“Around the computer approach” In this approach the auditor does not
examine the computer processing but instead the auditor emphasis on the following matters:
a) To ensure the completeness, accuracy and validity of information by comparing the output reports with the input documentation
b) To ensure the effectiveness of input controls and output controls
16
“Around the computer approach”c) To ensure the adequacy of segregation
of duties
In other words, this approach concentrate solely on the input and corresponding output with emphasis on user departments only. These include checking authorization, coding and control totals of input and checking the output with source documents and clerical control totals.
17
“Through the computer approach” This approach requires the auditor to
examine the detailed processing routines of the computer to determine whether the controls in the system are adequate to ensure complete and correct processing of all data.
Therefore, the auditor will use CAATs.
18
Computer Assisted Audit Techniques
Tools used by auditor with the computer to aid in the effective and efficient performance of an audit whereby the computer programs allow auditors to test computer files and database . (if “through the computer” approach is adopted).
19
Types of CAATs:
Generalized Audit Software Programs (GASPs)
Custom Audit Software Test Data Integrated Test Facility Parallel simulation Concurrent auditing techniques
20
Generalized Audit Software Programs (GASPs) Readily available computer
programs that read the client’s data, process the data, performed the indicated audit procedures, and require little programming effort and technical knowledge of auditor. Used by auditor during substantive test. To determine reliability and integrity of computerized accounting records.
21
Generalized Audit Software Programs (GASPs) Its ability include:
a) Can select sample for confirmation of balances.
b) Can provide detailed schedule of what are the items that make up account balance.c) Can rearrange information in a manner suitable for the auditor to study and evaluate.d) Can calculate ratio and trend analysis.
22
Custom Audit Software
Is generally written by auditors for specific audit tasks
It is necessary when the entity’s computer system is not compatible with the auditor’s GAS or when the auditor wants to conduct some testing that may not be possible with the GAS.
23
Test Data
Development of imaginary data by auditor that are
subsequently processed using the client’s computer
system. Results obtained are then compared
with predetermined results. Used by auditor during test of controls.
24
Test Data
Its ability include:a) Can verify the correct functioning of a
programb) Can ensure computer responds correctly to deliberate errors on data.(error or
exception report is generated by computer)c) Can verify computer generated total balance and analysis. (computer will do the adding and subtracting, and analysis will be compared against the input).
25
Integrated Test Facility
CAAT that uses fictitious data and processes it with real data to test the computer system while the client’s personnel are unaware of testing process.
26
Parallel Simulation
CAAT that uses client input data and processes it on a duplicate program to test the computer system
27
Concurrent auditing techniques Advanced computer system may
require the auditor use concurrent auditing techniques, which may be conducted by internal auditors.
Three concurrent auditing techniques are:
1. Snapshot2. System control audit review3. Expert systems
28
Major steps in applying CAATs Set the objective of the CAAT application Identify the specific files or databases to
be examined Determine the accessibility of the
entity’s files Define the specific tests or procedures
and related transactions and balances affected
Define the output requirements Identify the personnel who will
participate in the application of the CAAT29
Major steps in applying CAATs Ensure the use of the CAAt is properly
controlled and documented Reconcile data to be used for the CAAT
with the accounting records; and Evaluate the results after execution of
the CAAt application
30