Magtupa BSA 3 XI – AUDITING in a COMPUTERIZED INFORMATION SYSTEMS ENVIRONMENT
3. Basic Approach to the Audit of Electronically Processed Data
The auditor’s basic approach to the audit of electronically processed data (EDP) generally depends upon his study and evaluation of the client’s internal and accounting controls and how the EDP environment affects the availability of evidence. The auditor may perform tests to ascertain that computer processing is reliable by conducting tests similar to those in manual operations. He then tests the validity of manual inputs and the printed output. He may also run a series of simulated transactions in the client’s computer program and compare the results with the predetermined results. If he finds the results satisfactory, he may assume that computer processing is correct and reliable.
Introduction: Effects of Computers on the Audit Process
The overall objectives and scope of an audit do not change when an audit is conducted in a computer information system environment. The application of auditing procedures may require an auditor to consider computer assisted audit techniques that use computers as an audit tool. The use of computer assisted audit techniques may improve the effectiveness and efficiency of auditing procedures.
Auditing Clients that Use CIS
In auditing clients that use CIS, an auditor should initially study and evaluate client’s internal and accounting control systems. The auditor evaluates the availability of evidence and decides to audit around the computer or through the computer. He examines computer-generated evidence of controls applied or printouts for control total, hash total, record count, batch totals, and check digits. He ascertains the reliability of documentation and file controls The auditor may conduct the audit with generalized computer audit programs containing specialized audit packages The auditor may use his own audit program written specially for the client; or a program written by the client’s own programmer; or utility programs provided by software vendors. The auditor exercises due professional care and additional precaution in the conduct of an audit of clients using CIS.
Audit Techniques using EDP
The PAPS collectively refers to computer-assisted audit techniques or tools as CAATs, which may be used in performing various auditing procedures. CAATs - are computer programs that the auditor uses as part of the audit procedures to process data of significance contained in the client’s information system. CAATs may consist: package programs purpose-written programs utility programs or system management programs Computer Knowledge, Expertise, and Experience of the Auditor The purpose of PAPS 1009 is to provide guidance on the use of computer assisted audit techniques. The PAPS applies to all its uses involving computers of any type or size. An auditor must have adequate computer knowledge and sufficient expertise and experience to enable him to plan the conduct of an audit of clients using CIS. He should have sufficient computer knowledge to apply the CAATs and to use the results obtained as required by the objectives of the audit. Reference: Galanza, Raquel M., Auditing: Assurance Principles, Professional Ethics and Good Governance. 2015. Quezon City. Rex Printing Company, Inc.