Audit around the computer means that processing done by the computer system needs not to be

audited as auditor expects that sufficient appropriate audit evidence can be obtained by reconciling
inputs with outputs. In simple words evidence is drawn and conclusions are reached without
considering how inputs are being processed to provide outputs. Sometimes it also means conducting
audit without the use of computer system. However, former is widely understood meaning of the
phrase. Now a days audit around the computer is considered as an auditing approach. It is more often
known as black box audit approach

Most often this approach is used either because:

processing done by the computer is too simple e.g. casting, sorting etc
auditor is already aware of the software’s reliability. This is the case with most of off-the-shelf
software used by client without any in-house alteration and thus need not to be checked.
auditor has no mean to gain understanding of the computer system and thus resorts with this
approach. This situation can arise out of circumstances including:
lack of appropriate system documentation
auditor lacks expertise or skills to understand or use the computer system for auditing purposes.
auditor is not given access to computer system at the level required

Audit around the computer approach is used in situations when auditor is of the opinion that computer
system is reliable and often comparison of inputs i.e. source documents to outputs i.e. financial
reports is done which in auditor’s judgement is enough. In other auditor will not assess whether
required controls are in place and if they are working operating effectively while inputs are
processed. Due to the same reason, relying too much on this approach is not recommended for
important aspects of the audit especially where assessed risk is high as this may result in ineffective
audit and ultimately inappropriate audit opinion being expressed by the auditor.

As mentioned earlier that auditor will bypass computer system and will not check for existence and/or
operating effectiveness of controls in processing data therefore auditor may use any one or
combination of the following methods:
 Output oriented method: Sample select the information generated by the computer system
(output) and compare it with auditor’s ideal system or information gathered from other sources or
evidence collected by the auditor by the application of other audit procedures. For example
comparing receivables balances with the statement of accounts received from customers or
comparing stock records with reports of inventory counts
Input oriented method: Sample select source documents (input) that are fed in to the computer
system for processing and auditor independently processes the inputs using his own computer
system or software and then compare the outputs generated by auditor’s computer system with
the output generated by the client’s computer system to confirm accuracy, completeness and other
assertions. Auditor’s processing may be manually done without getting any assistance of the
computer. For example client’s system reports that cash book balance reconciles with bank balance
as per bank statement. Auditor may conduct his own reconciliation to confirm whether it is true.

As discussed earlier that this approach comes with serious drawbacks and may render audit useless.
Getting technical we can discuss how the above two methods can limit audit effectiveness:

For instance in output orient approach auditor is considering only the final product ignoring what has
been fed into the system i.e. input might be incomplete or altogether wrong and auditor looking at
output cannot identify such problems. For example comparing stock records with inventory does not
help auditor in identifying whether inventory has been misappropriated. For this auditor has to match
output with input i.e. source documents like purchase orders, goods received note, goods despatch
note etc.

Similarly, in input oriented approach, although it is better than output oriented approach as auditor
reperforms the process independently and output must match, however, auditor has no way of finding
if the computer system has been programmed to give similar results if client’s system is used. And if
auditor has its own computer system then cost-benefit issues may arise. Moreover it may be very
difficult to ascertain the reason of deviations and for that auditor has to inspect the system itself.