Auditing in a Computerized Environment Questions

Explain your understanding with the internal control in a manual accounting system
environment in comparison with the internal control in a computerized environment. * 10
points

Notwithstanding the degree of computerization or data processing methods used in the

computerized information system (CIS) environment, management and those charged with
governance are still responsible for establishing and implementing appropriate internal control
systems in both the CIS and manual environments. The CIS environment, on the other hand,
offers key features that set it apart from manual processing systems. Because data can be
entered directly into the computer system without supporting documents in a CIS environment,
there are no visible transaction trails. However, for authorization purposes, a letter of
authorization should be provided as a supporting document. In contrast to a manual system, it
is normally possible to follow a transaction through the system by examining source
documents. Because the CIS environment executes operations exactly as intended, few clerical
mistakes are likely to occur because the computer will never tired of completing the assigned
duty in the same manner, unlike in a manual environment where human errors are prevalent.
In comparison to the manual system, the CIS environment allows for easier access to data and
computer programs, which is why some controls are included into the system to restrict access
to data files and programs to authorized users only. Due to the general computer's capacity to
handle data effectively, processes or duties that are traditionally separated in human
processing are merged in a CIS environment. Unlike in the manual environment, certain
transactions can indeed be performed by the CIS without the necessity for an input document.
Interest, for example, could be computed and charged automatically. Records are written in ink
on thick paper in a manual system, and the only way to lose information is to lose or destroy
the physical records. However, in the CIS environment, computer information may be readily
modified, leaving no trace of the original content, perhaps resulting in the loss of a large
quantity of data. As a result, in a CIS environment, cloud-based drives are used to backup vital
files or records to prevent data loss, because even if files are computerized, competitors or
hackers may still access the files despite of controls established by the company. 
Imagine yourself auditing financial statements in a CIS environment. How will you perform
your testing and documentation? (List your takeaways in the lecture) *10 points

Test of controls in a CIS environment, like in a manual processing environment, entails

examining the client's internal control policies and processes to see if they are working as
intended. Auditors must assess controls regardless of the client's data processing technology if
they want to depend on the client's internal controls. As an auditor, I have the option of
auditing around the computer or using Computer-Assisted Audit Techniques (CAATs) to assess
application controls. In the same way as testing control in a manual control structure examines
documents and reports to evaluate the system's reliability, auditing around the computer, or
the black box method, examines documents and reports to determine the system's
dependability. To ensure that the processing is accurate, the input data is simply reconciled
with the result. However, there is a chance that the files you are provided may be disorganized,
with the entire documents or records jumbled together, and the auditor would be the one to
sort everything. In CAATs, auditors may use the audit client company’s computer, or their own,
as an audit tool, to assist them in their audit procedures, this is also known as the white box
approach. The extent to which an auditor may choose between using CAATs and manual
techniques on a specific audit engagement depends on the factors such as the practicality of
carrying out manual testing, the cost effectiveness of using CAATs, the availability of audit time,
availability of the audit client’s computer facility, level of audit experience and expertise in
using a specified CAAT and the level of CAATs carried out by the audit client’s internal audit
function and the extent to which the external auditor can rely on this work. Some of the most
popular CAATs are the test data, Integrated Test Facility (ITF), parallel simulation and other
CAATs such as snapshots and Systems Control Audit Review Files (SCARF). The purpose of the
test data is to see how successful the internal control mechanisms in the client's computer
software are. The auditor creates a fake employee in ITF to overcome the disadvantage of not
knowing if the program is the same as the client's. In contrast to the previous two, the auditor
in parallel simulation is needed to develop test inputs or data and process these data using the
client's computer software. Snapshots entails photographing a transaction as it passes through
a computer system, whereas SCARF entails embedding audit software modules into an
application system to offer continuous monitoring of the system's transactions.