You are on page 1of 24

CHAPTER 6

AUDITING IN COMPUTERISED
INFORMATION SYSTEM ENVIRONMENT

NOR AMALIA BINTI AHAD


10DAT11F2027
NORMASTURA BINTI AHMAD
10DAT11F2039
SITI NABILAH BINTI ABDULLAH
10DAT11F2042
NUR SYUHADA BINTI RUSLAN
10DAT11F2048
6.1.1 Describe The Changing
Information Of Technology and
Implication For Auditing
People are constantly looking for online activities and expect
faster delivery. In accounting as well as auditing, IT plays a
vital role in producing reliable and timely financial statements
and reports.

Most companies use IT to improve company internal control


system through the addition of new control procedure through
computer and replacing the manual control due to the
likelihood of possible human error.
Electronic Data Processing (EDP)

Planning

Recording

Managing

Reporting business
transaction
Electronic Data Processing (EDP)

Source Document :
Invoice
Revenue Receipt
Payment Voucher
Cheque
Electronic Data Processing (EDP)

The basic financial reporting :


Statement of financial position (balance
sheet)
Profit and Loss account
Statement of cash flows
Statement of changes in equity
Advantages and Disadvantages of
Using IT Systems
Advantages Disadvantages
Easier to have instant data The use of electronic data
processing compared to manual processing has resulted in
data processing. decreased vacancies for job
searchers like accountant
More accurate and effective High cost for companies as
time of transactions. effective electronic data
processing software tends to be
expensive.
Increase performances Additional cost for support
especially in manufacturing and backup systems in the
industries and related industries event of power failure.
due to improved the inventory
automated systems.
Implication

From manual control to electronic environment :


Traditional paperwork in which the auditor can see and
feel the printed marks evidencing transaction are carried
out online and most cases in real time.
Generally looks for the authorizing signatures on the
papers evidencing the transactions and Electronic.
It processing environment such authority is evidenced by
the user of identification codes and passwords which are
all physically invisible.
The level of complexity can be classified into 2
level that is low and high.
6.1.2 Determine the level of
complexity in computerized
information system environment

1. EDP systems can be defined by their technical


complexity and the extent to which they are used in an
organization.
2. Technical complexity :
Online-line processing
- An online system allows direct access
into the computer. Transactions can be put directly into the
system so that master files are updated at time the entry is
made.
Communication systems
- Communication channels can connect the computer
directly to users anywhere in the world.
Distributed processing
- When the computing function is apportioned among
CPUs spread geographically and connected by a
communication system.
Data Base Management
- As the volume and uses of computer-processed data
expand, data on different files are often redundant.
-The effect is inefficient use of file space and the need
to update files continually.
6.1.3 General Control CIS
Control Descriptions
The it control The IT government structure
environment How IT risk are identified, mitigated
and managed
The information system, strategic plan
and budget
The organizational structure and
segregation of duties
Day-to-day computer Acquisition, installations,
operations configuration, integration and
maintenance of the IT infrastructure
Delivery of information service to user
Management of third-party provider
Access to program and data Security of passwords
Internet firewalls and remote access
controls
Data encryption and cryptographic
keys

Program development and Acquisition and implementation of


program changes new applications
System development and quality
assurance methodology

Monitoring of IT operations Policies and procedures regarding


the information system and reporting
that ensure that user comply with IT
general control.
Application Control On CIS

1. Application control is controls within a computer application


to ensure- completeness, accuracy of input, processing and
validity of the resulting accounting entries.
2. The main aim is to ensure Validity, completeness and
accuracy of accounting data.
3. Application controls classified into:
a) Input controls
b) Processing controls
c) Output controls
a) Input controls
The main aim of input controls is to reduce errors in the data
entered in the system for processing. Input controls include
checking and ensuring that :
- Input data are authorized by the appropriate official.
- Data represent valid record of actual transaction
- Correctly classified for the purpose of accounting.
Example : - Sequence checks
- Batch control
b) Processing controls
There are divided into mechanical and programmed
controls.
Programmed control are done during the system
development to ensure that only data related to a particular
transaction is processed and not otherwise.

c) Output Controls
Controls relating to input and processing itself with the final
objective.
Relates precisely to the original input.
Represents the outcome of a valid and tested program of
instructions.
6.1.4 The Plan An Audit Strategic

1) Ensure that these is adequate compliance and substantive


procedures and transmitted date are correct and completed.
2) Apply professional scepticism by cross verification of
record, reconciliation between primary and subsidiary
ledger, questioning and critical assessment of audit
evidence.
3) The audit which may be affected by the client CIS
environment.
An application may be considered to be complex when:

a) The volume of transactions is such that users would find


it difficult to identify and correct error processing.
b) The computer automatically generate material
transactions or entries directly to another application.
c) The computer perform complicated computations of
financial information and automatically generates
material transaction.
6.2 .1 The Concept Of Computer
Assisted Audit Techniques
(CAAT)
CAATs are computer programs and data that the auditor
uses as part of the audit procedures to process data of audit
significance contained in a client computer information
system (CIS).

Auditor's use of a computer-assisted audit technique is


something special- normally the techniques used by an
auditor are not computer assisted.
The term CAAT refers to the use of certain software that
can be used by the auditor to perform audits and to achieve
the goals of auditing.

CAATs offer much needed help a the audit technology


tools facilitate more granular analysis of data and help to
determine the accuracy of the information.
6.2.2 Types Of CAATs
I. Generalized Audit Software (GAS)
Comprises computer programs used for audit purposes to
process data audit significance from the client accounting
system.
It is used by the auditor to examine the entity computer
files and may be used during both test of control and
substantive testing of transactions and balances.

II. Test Data


Test data is data submitted by the auditor for processing
by the clients computer based accounting system.
The review of an application system will provide
information about internal controls built in the system.
III. Utility Software
Utility software is the subset of software, such as database
management systems report generators, that provides
evidence to the auditors about system control effectiveness.

IV. The audit-expert system


The audit expert system will give direction and valuable
information to all levels of auditors while carrying out the
audit because the-based system knowledge-base of the senior
auditors and managers.
The Advantages Of CAAT

Independently access the data stored on a computer system


without dependence on the client
Test the reliability of client software, for example the IT
application controls
Increase the accuracy of audit tests
Perform audit tests more efficiently, which in the long-term
will result in a more cost effective audit.
6.2.3 Method Audit Computerized
Information System (CIS)

1) Auditing around the computer


This approach, the auditor is not using computer control to
reduce assessed control risk.
Instead, the auditor uses manual controls to support reduced
control risk assessment.
Often, smaller companies lack dedicated IT personnel, or
they rely on periodic involvement of IT consultants to assist
in installing and maintaining hardware and software.
Auditing around the computer is effective because these
system often produce sufficient audit trails to permit auditor
to compare source documents.
2) Auditing through the computer

as organisations expand their use of IT, internal controls are


often embedded in applications that are visible only in
electronic form.
Example Of Auditing Around And
Through The Computer
Internal Control Auditing Around the Auditing Through
Computer Approach the Computer
Approach
1. Credit is approved Select a sample of Obtain a copy of the
for sales on account sales transaction from client sales
the journal and obtain applications program
the related customer and related credit limit
sales order master file
2. Payroll is processed Select a sample of Create a test data file
only payroll disbursements of valid and invalid
from the payroll employee ID number
journal