Explain your understanding with the internal control in a manual accounting system environment in comparison with the internal control in a computerized environment. * 10 points
Notwithstanding the degree of computerization or data processing methods used in the
computerized information system (CIS) environment, management and those charged with governance are still responsible for establishing and implementing appropriate internal control systems in both the CIS and manual environments. The CIS environment, on the other hand, offers key features that set it apart from manual processing systems. Because data can be entered directly into the computer system without supporting documents in a CIS environment, there are no visible transaction trails. However, for authorization purposes, a letter of authorization should be provided as a supporting document. In contrast to a manual system, it is normally possible to follow a transaction through the system by examining source documents. Because the CIS environment executes operations exactly as intended, few clerical mistakes are likely to occur because the computer will never tired of completing the assigned duty in the same manner, unlike in a manual environment where human errors are prevalent. In comparison to the manual system, the CIS environment allows for easier access to data and computer programs, which is why some controls are included into the system to restrict access to data files and programs to authorized users only. Due to the general computer's capacity to handle data effectively, processes or duties that are traditionally separated in human processing are merged in a CIS environment. Unlike in the manual environment, certain transactions can indeed be performed by the CIS without the necessity for an input document. Interest, for example, could be computed and charged automatically. Records are written in ink on thick paper in a manual system, and the only way to lose information is to lose or destroy the physical records. However, in the CIS environment, computer information may be readily modified, leaving no trace of the original content, perhaps resulting in the loss of a large quantity of data. As a result, in a CIS environment, cloud-based drives are used to backup vital files or records to prevent data loss, because even if files are computerized, competitors or hackers may still access the files despite of controls established by the company. Imagine yourself auditing financial statements in a CIS environment. How will you perform your testing and documentation? (List your takeaways in the lecture) *10 points
Test of controls in a CIS environment, like in a manual processing environment, entails
examining the client's internal control policies and processes to see if they are working as intended. Auditors must assess controls regardless of the client's data processing technology if they want to depend on the client's internal controls. As an auditor, I have the option of auditing around the computer or using Computer-Assisted Audit Techniques (CAATs) to assess application controls. In the same way as testing control in a manual control structure examines documents and reports to evaluate the system's reliability, auditing around the computer, or the black box method, examines documents and reports to determine the system's dependability. To ensure that the processing is accurate, the input data is simply reconciled with the result. However, there is a chance that the files you are provided may be disorganized, with the entire documents or records jumbled together, and the auditor would be the one to sort everything. In CAATs, auditors may use the audit client company’s computer, or their own, as an audit tool, to assist them in their audit procedures, this is also known as the white box approach. The extent to which an auditor may choose between using CAATs and manual techniques on a specific audit engagement depends on the factors such as the practicality of carrying out manual testing, the cost effectiveness of using CAATs, the availability of audit time, availability of the audit client’s computer facility, level of audit experience and expertise in using a specified CAAT and the level of CAATs carried out by the audit client’s internal audit function and the extent to which the external auditor can rely on this work. Some of the most popular CAATs are the test data, Integrated Test Facility (ITF), parallel simulation and other CAATs such as snapshots and Systems Control Audit Review Files (SCARF). The purpose of the test data is to see how successful the internal control mechanisms in the client's computer software are. The auditor creates a fake employee in ITF to overcome the disadvantage of not knowing if the program is the same as the client's. In contrast to the previous two, the auditor in parallel simulation is needed to develop test inputs or data and process these data using the client's computer software. Snapshots entails photographing a transaction as it passes through a computer system, whereas SCARF entails embedding audit software modules into an application system to offer continuous monitoring of the system's transactions.