You are on page 1of 2

AUDITING IN A COMPUTERISED ENVIRONMENT iv. The need to have a computer literate audit staff.

iv. The need to have a computer literate audit staff. Most firms now days have the
necessary expertise.
AUDIT TRIAL
In developing audit procedures the auditors have to understand how the accounting INTERNAL CONTROLS IN CIS (COMPUTER INFORMATION SYSTEM)
information system record, classify and summarize data. An audit trial can be described as i. Establishing a general attitude and environment in which all the relevant personnel
the series of cross references that enable the auditor to follow transactions from the start to in both computer and other departments are aware of the need for control.
the end to check the operation performed at each stage of processing e.g. individual may ii. Lay down procedures for setting up all systems and applications. This must involve
manually record sales order on a paper form, authorize credit, prepare invoices and record full consultation on planning, writing and implementation.
the sales in sales journal. In such cases the auditor can follow the transaction from the start iii. Full documentation and recording of all systems and applications.
to the end which is referred to as audit trial. iv. The procedures for normal approval and acceptance of all new and changed
applications.
LOSS OF AUDIT TRIAL IN COMPUTERISED ENVIRONMENT v. Tight control of a system developers and programmers.
Information technology may affect the fundamental manner in which transactions are vi. Where outside contractors are used there must be adequate definition of system
initiated, recorded, processed and reported. objectives and full briefing of requirements, adequate testing and implementation
Loss of audit, trial is as a result of the following:- procedures, full documentation and adequate continuing support.
1. An audit difficulty with advance I.T based system; information systems that while an vii. Proper segregation of duties both between computer personnel and other
audit trial may exist it may not exist in printed form i.e. it may be available only in personnel and within computer departments.
machine readable form. viii. Assess controls such as physical barriers and passwords.
2. Where a complex application system performs a large number of processing steps ix. Back-up reconstruction facilities at adequacy of fire precautions etc.
audit trial information may not be kept online only for a short period of time then
transferred to a low-cost storage medium (secondary storage)- tapes, diskettes etc. COMPLEXITY OF C.I.S
3. With advent of electronic data interchange (EDI) or e-commerce where source i. The large volume of transactions processed means that details are inaccessible
document are replaced with electronic transactions e.g. in an EDI system a ii. Computers automatically generate material transactions e.g. direct debits.
purchase transaction may be automatically initiated by the client I.T based system iii. The computer performs complex calculations without demonstrating how it has
by sending an electronic message (purchase order) directly to the supplier’s been done e.g. interest charged to customers for overdue debts.
system. iv. Transactions are exchanged electronically (EDI) with other organizations e.g.
customers and suppliers.
SOLUTIONS TO THE PROBLEMS v. The organizational inspect of CIS restricts segregation of duties and reduces
1) During the design of I.T based system, management will normally consult with both supervision.
its internal and external auditors to ensure that adequate audit trial is built into the
system and retained. THE RISK AND CIS
2) Audit trial may consist of computer print outs, documents stored in machine i. Control environment - where management often feel they have no control over an
readable form etc rather than the traditional handwritten source documents e.g. the understanding of transaction and records.
journals, ledgers etc. ii. Lack of a transaction trial or audit trial.
3) Portion of the audit trial such as the date and the time of the last change in a record iii. Lack of segregation of duties commonly in the past every transaction would
and the person making the change are often stored as part of the on-line records. probably be reviewed and processed by several people which is not the case in
4) Emphasis should be placed on coordinating the effects of external and internal CIS.
auditors to ensure adequate audit coverage. iv. The potential for fraud and error as result of system or program faults. Once a fault
is in a system, the system processes incorrectly for ever as no human intervention
BASIC CONSIDERATION BY AN AUDTIOR IN PLANNING FOR AUDIT IN CIS or review may be included in the controls or the fault may simply not be visible as
ENVIRONMENT processing is not transparent e.g. use of wrong price for the sale of commodities or
i. How to obtain a sufficient understanding of what may be a very complex accounting using a wrong wage-rate while paying wages and salaries to the employees.
and internal control system. v. The initiation or execution of transactions may be automatic e.g. the system may be
ii. The inherent, control and detection risk and how to assess them. fraudulently programmed to procedure fraudulent transactions.
iii. The design and performance of substantive and compliance tests

1
vi. Output may not be complete e.g. computer generated totals or list of goods This technique allows test to be made at the time the data is being processed. It is a real time
received and matched with purchase invoices may be incomplete but the manager auditing.
reviewing the risk will have no way of knowing this. It is useful where the audit trail is deficient so that historical audit work is difficult to retrieve or
where files especially the master files are constantly being updated regularly.
COMPUTER ASSISTED AUDIT TECHNIQUES (CAATS) In real time auditing results are printed out immediately or are copied to secondary storage
These consist of computer programs used by auditors to perform procedure to get a good and later evaluated by the auditor. The technique may achieve the following objectives.
and reliable audit opinion. Those computer programs are written by or for the auditor and i. Store information as it is processed for subsequent audit review.
have the capability to analyse data. They are usually written in high level languages to ii. Check the integrity of files which have been processed
enable auditors to write these programs quickly and with very few instructions. Also computer iii. Stop and record items which are of special audit interests as previously designed
audit programs can be used to recalculate certain items e.g. depreciation charge for the non- by the auditor
current assets, interest on the bank overdraft.
TAGGING AND TRACING.
CIRCUMSTANCES WHEN THE USE OF CAATS WHEN PRFORMING AUDIT This technique involves tagging transactions with an indication e.g. a different color when
PROCEDURES WOULD BE NECESSARY they enter into the system. The computer provides the auditor with print out of the details of
i. When the company has recently installed a new computer system the steps in processing tagged transactions. This print out is examined for evidence of an
ii. when software has been changed in the past year authorized program steps.
iii. When standard software allows the company to change the programs or add Tagging and tracing is possible when the appropriate logic has been built in the I.T based
procedures system.
iv. When there is a significant loss of audit trail in the computer system
v. When the auditor has identified weaknesses in the company accounting software APPROACHES TO AUDIT WITH COMPUTERISED ACCOUNTING SYSTEM
There are two:
TEST DATA OR TEST PACKS i. auditing around the computer
This is data devised by the auditor to check the operation of the company’s accounting ii. auditing through the computer
system. Under this method only individual programs can be tested i.e. not the entire system.
Test data comprises of both valid data and invalid data. AUDITING ROUND THE COMPUTER
Valid data is used to check that the company software processes the data accurately. This means examining evidence for all the items in the financial statements without getting
Invalid data is used to check the company’s software, gives either a warning or rejects the immersed in the detail of CIS.
data. The benefit of this approach is that it saves much time and cuts on costs.
The justification is that the computer is 100% accurate in processing transactions i.e. errors
do not occur. The draw back of this technique is that once an application is programmed to
PARALLEL SIMULATION process an item incorrectly then it processes exactly as it programmed i.e. GIGO (Garbage
This is the extension of the test data. The system is designed at the output stage to handle In Garbage Out).
the audit test data without unwanted side effects. The auditor uses test data input as part of a In this method the auditor concerns himself with the completeness, accuracy and validity of
normal run and applies to “dummy” test held on master files. all the input and matches against the output trying to confirm that for every input there is an
The weakness of this test is that there is a danger of test data being subject to special output and vice versa.
procedures which are not applied to normal transactions.
The method is left in the system to see what happens e.g. a dummy sales record eventually Auditing round the computer is only possible where:
create an overdue sales ledger balance. The auditor can use the method to carry out regular i. There is a visible audit trail sufficient for audit purposes
testing of the system without using a special test run and indeed without being present during ii. The auditor does not intend placing reliance on controls that can only be verified by
processing. means of CAATS
The method is used largely to test application control. iii. The auditor fully understands those controls on which reliance is being placed and
both general application of computer operations.
EMBEDDED AUDIT FACILITIES
It consists of a module of a computer program written by the auditor which is incorporated
into the client’s computer system either temporarily or permanently.