Auditing in a computerized environment The objective and scope of audit does not change in a computerized environment.

Auditor has to plan procedures to evaluate and assess the adequacy and completeness of the data processing and information system. In developing audit procedures, auditor has to acquire sufficient understanding as to how the datas are recorded, processed and finally information is generated. An audit trial will enable the auditor to follow the transaction right from its beginning till end. Basic steps to plan an audit in a Computerised environment:1. Understanding of the system and procedures 2. Sufficient understanding of the Internal Control System and test . 3. Methods for detection of risk and assessment. 4. Checking of output to ensure the completeness. 5. Documentation of evidences. Computer Information System and Internal Control Some of the internal controls available in a computerized environment are listed below:1. Password :- Users of inputs are identified by the passwords which is unique for each user. This enables to evaluate the authority levels available to each user for making entries and for authorization of transactions. 2. Edit Test:- This helps in ensuring accurate inputs. 3. Batch Cancellation Stamp:- This ensures that the data are not duplicated 4. Audit Trails :- This ensures that all records and processes are maintained in the system from which Financial statements are generated. 5. General Control:- This refers to the overall control such as Hardware control, Software control, Access control etc. 6. Application Control:- This includes input control, Processing control and Output control. Computer Assisted Audit Techniques [CAAT] CAATs are used for testing general controls and application controls. This techniques are useful for extracting data from Auditee’s records.

(iv) Evaluate the extent of risk addressed by the auditor due to use of e-commerce. certain records of such service providers relating to the auditee be asked for and verified. (x) Verify the efficiency of physical. e. authenticity. . (ii) Examine the business risk affecting the Balance Sheet due to e-commerce transactions. (vi) Measure the risk involved in e-commerce transactions in the case of use of public network. (v) In case the auditee is using services of an Internet Service Provider. It may pose certain difficulties in accounting. Mapping 5. Auditing in E-commerce Environment E-Commerce denotes the buying and selling transactions through internet using computers.g. While accounting in such e-commerce environment. revenue recognition etc. firewalls. (viii) Verify the non compliances of taxation and legal matters in the case of international ecommerce. Audit software 3. encryption etc.Some of the CAAT are as under :1.confidentiality. Online testing 6. Snap shots 7. Test data 2. an auditor should consider the following guidelines contained in the International Auditing Practical Statement : (i) Evaluate the changes in the auditee’s business environment as an effect of ecommerce. security for information etc. Tracing etc. logical and technical controls established for authorization. (iii) The officers including chief information officer are enquired to get the real picture of e-commerce and its effect on the state of affairs of the auditee. Data Base Analysis 4. (vii) See whether appropriate accounting policy is adopted for recording development costs and revenue recognition. passwords. (ix) Verify the controls established to reduce the risk associated with e-commerce transactions.

computer files are updated to give immediate effect to the transactions entered through terminals. prevention of transactions to be omitted or duplicated. (vii) He should verify the effectiveness of separating the transactions accounting period wise to avoid confusion in the situation of overflow of online transactions. processing results are not available in printed form. are introduced in the system effectively to avoid the loss of data by accident or corruption. (xii) See that adequate controls regarding validation of input. while auditing in such environment should consider the following points (i) He should get acquainted with the computer network. prevention of acceptance of order if all steps are not completed by the customer. (vi) He should insist upon the retaining of important links in audit trials. (viii) He should see that proper measures like establishment of appropriate controls to detect and correct line errors. The auditor. this is called as online realtime system. The controls used in such systems depend upon the specific hardware and software used.(xi) Evaluate the reliability of the system to check the completeness. timeliness and authorization of information. acceptance of terms of agreement before order processing. Auditing in Online System Environment In online computer system the data stored on a central computer can be used by number of persons through the number of terminals. cryptographic controls etc. (iii) He should verify whether proper control measures are in use to avoid unauthorized transactions. entry points from other organizations and for collecting the network diagram. (ix) He should test the sample transaction derived at random from the addition of audit instructions to the programs used in data processing for continuous monitoring the system . and the reports required by the auditor are many times not available in printed form. ensuring proper distribution of transaction details across multiple systems in a network and ensuring the retention of backup and security of the related record. In some online systems. unauthorized changing in the data or program. (v) He should see into the procedures to ensure proper authorization of data fed into the computer. (ii) He should review the network control system. In some organizations distribution system is used where in computers are distributed 4throughout the network and data processed at various stages. accuracy. (iv) He should review the internal controls as source documents are not available for every transaction.

(vii) He should concentrate on substantive tests and not waste his time in detailed examining of the computer information system’s controls effectiveness.C.s and also on hard disk.s generally do not have controls as many as those in large computers. improper use of storage capacity etc. (iv) He should ensure that software are not subject to manipulation. Audit in the Case of Data Processing through Computer Service Centers Small organizations get their data processed through computer service centers due to their incapability of investing huge amount in establishing the computer systems. downloading data.Auditing in an Environment of Personal Computer The environment where in personal computers are used is different from the environment where in large computers are in use and that is why auditor has to adopt different approach to audit in such environment. (ii) He should know that inadequate control measures can create serious problems like theft or alteration of data due to unauthorized use of P.C. (iii) He should see whether proper controls are introduced to avoid unauthorized use of P. the program and data can be saved on portable media like C. improper documentation. testing of application programs. (viii) He should use computer assisted audit techniques. documentation of processed data.D. the auditor has to consider following points while conducting audit in such environment of personal computers : (i) He should understand that P.s. (x) He should verify the effectiveness of different control measures utilized and report about that. (ix) He should examine larger samples of transactions. (v) He should examine the control procedure like cross checking the results. Portable storage media are also subject to damage or theft or misplacement.C. In this case the organization provides documents to service center. According to the guideline issued by International Federation of Accountants. (vi) He should verify whether proper arrangement is made for back up copies of all data and important programs. . and range test of data to strengthen the software and data integrity. The storage media is prone to accident. which processes it and hands over the final output documents.

the service center’s responsibility in terms of maintaining data integrity and providing suitable back up and recovery. (iv) Usage of sophisticated audit software would become a necessity. (ii) Evaluate the suitability of the contracted terms with regard to fixed cost.on auditing. variable cost. Auditing around the computer Auditing around the computer is one of the several methods that an auditor evaluate the client’s computer controls.Multiplying the unit price with qty sold to ensure that the total sales value is correct. Auditors must adapt themselves to the changing environment much and acquire necessary additional skills. radically changing the nature of audit evidence. (v) The move towards paperless electronic data interchange would eliminate much of the traditional audit trail. . The Impact on auditing is as follows :(i) Wide spread end user computing could sometimes result in unintentional errors creeping into systems owning to inexperienced persons being involved. (iii) Auditor’s participation to a limited extent in systems development may become inevitable to ensure that adequate controls are built in. since conventional methods of auditing would no longer be sufficient. (ii) Improper use of decision support systems can have serious repercussions. It involves selecting some source documents at random and verifying the corresponding outputs with the inputs.433 In such circumstances auditor should : (i) Verify that the vendor is reliable and suitable having the skills. Also coordinated program modifications may not be possible. (iv) Seek to ensure that his ability to collect and evaluate evidence in relation to the attainment of the objectives of outsourcing is not inhibited. Eg:. (iii) Check the compliance with the terms of contract. The rapid advancements in information technology would no doubt have a dramatic impact . the scope & timing of audit activities. Also their underlying assumptions must be clearly documented. experience and reputation.

the existence and evaluation of controls are not initiated.Under audit around computer. This is mainly used in areas where computers are mainly used for calculation / billing purposes. .