audit in computer environment kanpur 3rd july 08
TRANSCRIPT
SANJITH.H.N
AUDIT IN COMPUTERIZED ENVIRONMENT
Change in the Environment
30TH NOVSANJITH2
Technological Revolution.Increase in Volumes & Complexities of transactions.
Time & Information became most sought after.
Fall in Prices of Computer Hardware.Availability of user friendly software.
No Change in overall objective
3rd July 2008Ashok Seth3
To establish reliability & integrity of information
To assess compliance with policies, laws & regulations
To see that assets are being safeguarded
To appraise economical & efficient use of resources
Accomplishment of established objectives & goals
Effect of EDP Environment
3rd July 2008Ashok Seth4
On procedures in obtaining sufficient understanding of accounting & internal control systems
On risk assessment method to be followed
Designing of tests of control and substantive procedures to meet audit objective
EDP Characteristics
3rd July 2008Ashok Seth5
Uniform Processing of TransactionsPotential for undetected errors & irregularities
Transaction Trail may be available for short duration or only in electronic form.
Automatic initiation & subsequent execution of transaction by computer
Problems with EDP systems
3rd July 2008Ashok Seth6
Unauthorized persons may gain access to data or program
Transactions may not be completely processed
Data may become corrupt giving wrong report
Programmers may make unauthorized changes to software
Difficult to Trace input errors Lack of Supervisory controls
Audit Approach
3rd July 2008Ashok Seth7
Auditing Around Computers
Auditing through Computers
Auditing Around Computers
3rd July 2008Ashok Seth8
Involves selection of representative sample of source documents and tracing them to final destination
The controls and procedures used in processing the data were considered unimportant
Auditing Through Computers
3rd July 2008Ashok Seth9
This approach de-emphasizes testing of records and focuses on the examination of the processing system to enhance the probability of system generated records being accurate.
Auditing Through Computers- Steps: -
3rd July 2008Ashok Seth10
Review and evaluation of systems of controls
Verification of record contents and generation of evidential information (Audit Evidence) from database
EDP Controls
3rd July 2008Ashok Seth11
General EDP Controls
EDP Application Controls
General EDP Controls
3rd July 2008Ashok Seth12
Access controls: - to preventUnauthorized access to online terminal devices, programs and data
Entry of unauthorized transactionsUnauthorized changes to data files.Use of programs that have not been authorized.
Controls over passwords
Contd
3rd July 2008Ashok Seth13
Programming Controls to prevent or detect improper changes to programs. The access may be restricted through program development libraries. The changes in programs are required to be documented.
Transaction Logs- Reports which are designed to create audit trail
EDP Application Controls
3rd July 2008Ashok Seth14
Pre Processing AuthorizationChanges to standing dataData Processing controls,
reasonableness and other validation tests.
Cut off proceduresFile Controls procedures- to ensure
correct data files are used.Balancing:- process of establishing
control totals to ensure accuracy
Computer Assisted Audit Techniques (CAATs)
3rd July 2008Ashok Seth15
Includes: -
Test Data TechniquesGeneralized audit software (GAS)
Utility Software
Test Data techniques
3rd July 2008Ashok Seth16
Live Processing with dummy data
Dummy processing with dummy data
Integrated test facilityOn line testing
Why CAATsAbsence of input documents or the lack of a visible
audit trailEffectiveness and Efficiency of auditing procedures
improvedInformation processing environments pose a stiff
challenge to collect sufficient, relevant and useful evidences since the evidence exists on magnetic media and can only be examined using CAATs.
With systems having different hardware and software environments, different data structure, record formats, processing functions, etc , it is almost impossible for the auditors to collect evidence without a software tool to collect and analyze the records
3rd July 2008Ashok Seth17
Functional Capabilities of CAATsFile access: Enables the reading of different
record formats and file structuresFile reorganization: Enables the indexing,
sorting, merging and linking with another fileData selection: Enables global filtration
conditions and selection criteriaStatistical functions: Enables sampling,
stratification and frequency analysis. Arithmetical functions: These functions
facilitate re-computations and re-performance of results.
3rd July 2008Ashok Seth18
How to use CAATs?Set the objective of the CAAT application Determine the content and accessibility
of the entity's files Define the transaction types to be tested Define the procedures to be performed
on the data Define the output requirements Identify the audit and IT personnel who
may participate in the design and use of tests for CAATs.
3rd July 2008Ashok Seth19
General Uses and Applications of CAATs- for exampleException identificationControl analysis: Identify whether controls
as set have been working as prescribedError identification: Identify data which is
inconsistent or erroneous.Statistical samplingVerification of calculationsCompleteness of data: Identify whether all
fields have valid data.Contd
3rd July 2008Ashok Seth20
DuplicatesObsolescence of inventoryUndeserved discounts for rapid paymentAccounts exceeding authorized limitOverdue invoices
3rd July 2008Ashok Seth21
Strategies for using CAATsIdentify the goals and objectives of the
investigation or auditIdentify what information will be requiredDetermine what the sources of the informationIdentify who is responsible for the informationReview documentation to know the type of data
in the systemReview documentation to know flow of data,
understand data, Know what each field in the data set represents and how it might be relevant.
Contd
3rd July 2008Ashok Seth22
Develop a plan for analyzing the data What - Specific objectives that should be
addressed by the analysisWhen – Define the period of time that will be
audited, and secure the data for that period Where – Define the sources of the data to be
analyzed (Accounts payable, payroll) Why – Reason for performing the tests and
analysis (general review, fraud audit)How – The types of analysis planned to be
carried out by the audit
3rd July 2008Ashok Seth23
Precautions in using CAATsIdentify correctly data to be audited Collecting the relevant and correct data files Identify all the important fields that need to be
accessed from the system State in advance the format the data can be
downloaded and define the fields correctly Ensure the data represent the audit universe
correctly & completely.Ensure the data analysis is relevant and
complete. Contd
3rd July 2008Ashok Seth24
Perform substantive testing as required.
Information provided by CAATs could be only indicators of problems as relevant and perform detailed testing as required.
3rd July 2008Ashok Seth25
3rd July 2008Ashok Seth26