Auditing in a Computer
Based Environment
Information Technology (IT) is integral to modern
accounting and management information systems. It is, therefore, essential that
auditors should be aware of the impact of IT on the audit of a client’s
financial statements. Information Technology auditing (IT auditing) began as
Electronic Data Process (EDP) auditing and developed largely as a result of the
rise in technology in accounting systems. The last few years have been an
exciting time in the world of IT, auditing as a result of the accounting
scandals and increased regulations. Regardless of the computer systems used,
the audit objectives and approach will remain largely unchanged from that if
the audit was being carried out in a non-computer environment.
1. Auditing
Around the Computer: It is the
type of auditing done in a traditional method. The auditor summarises the input
data and ignores the computer’s processing but ensures the correctness of the
output data generated by the computer, this approach is generally referred to
as “auditing around the computer”. This methodology was primarily focused on
ensuring that source documentation was correctly processed and this was
verified by checking the output documentation to the source documentation
2. Auditing
Through the Computer: Due to
the “real time” computer environments, there may only be a limited amount of
source documentation or paperwork hence the auditor may employ an approach
known as “auditing through the computer”. In this approach, the reliability and
accuracy of the results are analysed through the computer. This involves the
auditor to perform tests on the information technology controls to evaluate
their effectiveness like Compliance test, Test Packs, Reprocessing.
3. Auditing
with the Computer: The utilization
of computer by the auditor for some audit work and he uses some general
software for the purpose of calculating depreciation, printing letters, and
duplicate checking and files comparison.
The computer is not used for all the audit work and
it is done manually.
The audit process for a computerized accounting
system involves the following five major steps:
1. Conducting
Preliminary Survey: This is a preliminary work to plan how the audit
should be conducted. The auditors gather information about the computerized
accounting system that is relevant to the audit plan. This includes an
understanding of how the computerized accounting functions are organized,
identification of the computer software used, understanding accounting
application processed by computer and identification applicable controls.
2. Reviewing and Assessing Internal Controls: There are two types of controls namely general controls and application controls.
·
General
Controls: General controls are those
that cover the organization, management and processing within the computer
environment. They should be tested prior to application controls, because if
they are found to be ineffective, the auditor will not be able to rely on
application controls. General controls include proper segregation of duties,
file backup, use of labels, access control, etc.
·
Application
Controls: Application controls relate
to specific tasks performed by the system. They include input controls,
processing controls, and output controls. They should provide reasonable
assurance that the initiating, recording, processing and reporting of data are
properly performed.
3. Compliance Testing: Compliance testing is performed to determine whether the controls actually exist and function as intended. This can be performed by comparing the results to predetermined results or by processing dummy transactions.
4. Substantive
Testing: This is performed to
determine whether the data is real. Substantive tests are tests of transactions
and balances and analytical procedures designed to substantiate the assertions.
Auditors must obtain and evaluate evidence concerning management’s assertions
about the financial statements. The auditor must obtain sufficient competent
evidential matter to provide a basis for an opinion regarding the financial
statements under audit. If sufficient competent evidence cannot be obtained
then an opinion cannot be issued.
5. Audit
Reporting: The audit report will contain detailed information on various aspects of their findings
in the process of audit in a computerized environment.
Related Topics
Privacy Policy, Terms and Conditions, DMCA Policy and Compliant
Copyright © 2018-2023 BrainKart.com; All Rights Reserved. Developed by Therithal info, Chennai.