Auditing – a systematic process of objectively obtaining - A major threat is the potential loss of assets from and evaluating evidence regarding assertions about unauthorized access to programs and files (ex. economic actions and events to ascertain the degree of ATM) correspondence between those assertions and - Data might be lost during transmission established criteria. - Phishing is the attempt to acquire sensitive information such as usernames, passwords, Systematic process bank account and credit card details for - It is structured as a dynamic activity in a logical malicious reasons, by masquerading as a manner trustworthy entity in an electronic Obtaining and e valuating evidence communication - Auditor is concerned about assertions relating to 6. Speed, On-line / Real-time processing the reliability of the system of internal control - since account balances are updated immediately and the content of the files or outputs produced upon entering the system, it could mean that by computer processing before the auditor had finished reading and - He performs both compliance testing and adding the balances, some of the balances may substantive testing have already changed. Ascertain the degree of correspondence between those 7. Multiple locations assertions and established criteria - Multi-processing, on-line/real-time systems is - It requires judgment on the auditor’s part as to compounded by processing in several locations what constitutes a non-compliance - Several floors and offices in a building Communicating the results (audit report) - Several buildings in a compound - To the client and other interested parties - Several geographical locations - Preparation of the audit report 8. Rapid changes: technology, business needs
Who shall perform the audit? Auditing approaches
A person or persons having adequate technical 1. Auditing around the computer training and proficiency as an auditor. 2. Auditing with the computer 3. Auditing through the computer Impact of computers on the accounting and auditing process Auditing Standards and Computer auditing concepts 1. Internal storage - With the representation of information in Standard of field work electronic form inside the computer, the auditor 1. Compliance testing is no longer able to observe the processing of - “The auditor must obtain a sufficient data to determine…….. understanding of the entity and its 2. Programs can be change without the auditor’s environment, including its internal control knowledge - To assess the risk of material misstatements of - Such change can occur through a console the financial statements whether due to error intervention, or with codes that can modify or fraud, and themselves while program is running - To design the nature, timing and extent of 3. Elimination of audit trail further audit procedures.” - partial elimination or disappearance of those Internal control documents, records, journals, ledgers and other - Comprises the plan of the organization and all of documents that enable the auditor to trace a the methods and procedures adopted by a transaction from source document to business to: summarized totals in an accounting report, or Objectives Safeguard its assets vice versa. Check the accuracy and reliability of its of Internal 4. Multi-programming or multi-processing accounting data control: - With the ability of computer systems to process Promote operational efficiency and several applications simultaneously, files Encourage adherence to prescribed currently being reviewed can be modified during managerial policies data processing by another program. Internal control system Dual purpose testing Administrative controls Accounting controls - Both types of tests, compliance and -the plan of the -the plan of the substantive, are performed at the same time organization and the organization and the methods and procedures methods and procedures Who performs the computer auditing task? to promote operational used to safeguard assets Demands as to expertise placed on the auditors: efficiency and encourage and to check the reliability “If clients uses electronic processing in its adherence to prescribed of accounting data accounting system, whether the application is managerial policies -AIS controls: simple or complex, the auditor needs to General controls understand the entire system sufficiently to Application enable him to identify and evaluate its essential controls accounting control features” AIS controls A. General controls When to perform the procedures? - having pervasive effects Auditing concurrently with processing If they are weak or absent, they negate the - Information is available to the auditor while a effects of the application controls program is running 1. Organizational controls Auditing after processing 2. Sound personnel practices - Audit procedures are performed after a 3. Standard operating procedures computer program is finished 4. Systems development controls 5. Documentation controls Where in the processing cycle the audit should be 6. Hardware controls performed? 7. Systems software controls Auditing the phases of processing 8. Systems security controls - Refers to the study and evaluation of internal B. Application controls control - relate to the specific tasks performed by the Auditing the results of processing computer - Refers to the collection of evidential matter, Input controls emphasis is on the direct test of account Processing controls balances Output controls Which parts of the system the Audit should be 2. Substantive testing performed? - The auditor must obtain sufficient appropriate Auditing computer programs audit evidence y performing audit procedures Auditing computer files to afford a reasonable basis for an opinion Auditing computer systems regarding the financial statements under audit 1) Test of details of transactions and balances Complexities include automatic: o authorization of sales within certain limits o issuance of checks to vendors on due dates 2) Analytical review procedures Performed to detect unusual relationships among financial information Review may include comparison of this year’s amounts with the last year’s; actual results with budget or forecast; review of financial ratios Not significantly different from a manual or mechanical system