Professional Documents
Culture Documents
PROCESSING:
GENERAL CONCEPTS
2 Comprehensive Evaluations for each Processing
System Application by Computer Auditor
• In this approach, the auditor may assess a low level of risk on controls
external to EDP called user controls. The auditor does not assess a low
level of risk on EDP controls.
Auditing without processing data
(4 segments of discussion)
1. The conditions that must exist so that the auditor can
use the technique.
2. Controls testing , including the objectives the auditor
will satisfy when using the technique and examples of
performing tests of controls without processing data.
3. Brief discussion of substantive testing using the
approach.
4. The factors the auditor must consider in deciding
whether to use the approach.
Conditions Necessary for Using the
Approach
In order to perform tests without processing data, the auditor
must be able to:
If content of subsidiary ledgers is available only on magnetic tape or disk, the auditor
cannot read the output without the help of computer.
Test of Control
Operating effectiveness of controls can be tested by the use of
technique of non-processing data. After obtaining an understanding of
internal control structure, the auditor may elect take one of 2 alternative
courses of action:
1. Assess a low level of risk on controls external to EDP after evaluating the
strengths and weaknesses of EDP controls or
2. Assess a low level of risk on controls external to EDP before evaluating
the strengths and weaknesses of EDP controls
The computer auditor ‘s decision regarding the assessment of risk
EDP controls requires the completion of an understanding of the internal
control structure. This understanding is normally completed before the
auditor can decide which course of action to follow, or whether control tests
will even be performed.
One course of action will lead to design of control tests. (This will
happen if auditor concludes that strengths exist in the controls systems. The
auditor cannot audit around the computer . Test of programs and files will be
necessary.
Second course of action may not lead to design of EDP controls test.
( This maybe true because of two elections available to the auditor).
Election to evaluate EDP Controls
The auditor may elect to forgo controls
testing
After processing, the A/R personnel reconcile the new total balance to the
beginning balance, determine that the total dollar amounts of debits and credits
agree with the total generated before processing, and ensure that the number of
transactions and subsidiary ledgers updated agree with the control totals. In
testing of these user controls, the auditor would ascertain that the reconciliations
and verifications were actually being made and would test a sample of them.
Example : Payroll Application
A payroll department calculate the gross payroll, estimates the
withholdings and deductions, and estimates the net payroll within some range as
financial control totals. It also generates a record count control total for the
number of payroll checks to be prepared. After the payroll has been prepared by
the computer, the payroll department compares the computer-calculated amounts
and number of checks printed with the manually prepared control totals. In the
testing of these user controls, the auditor would again ascertain whether the
comparisons were actually being performed and would test a sample of them to
ensure that they were being performed properly.
Substantive Test
The performance of the substantive tests on the computer
systems without processing any data through the system
involves examining computer printouts and source documents.
The auditor can trace from computer printouts to the source
documents or from the source documents to the printouts.
Factors to be considered in deciding whether to
use the approach
• Relatively low cost
• Ease of understanding
• Ease of application
Reasons why auditor may decide not to use the
approach of testing without processing of data.
1. The auditor may lack assurance that the computer output is
an accurate representation of the processing performed.
2. The amounts printed by the computer maybe fraudulent.
3. Fraud that should be detected by other controls may not be
detected because of other controls may not be detected
because of other adjustments or transfer made in the
system.
4. The ease with which the computer can be instructed to
calculate one thing and print another introduces a high level
of risk to auditing without processing data.
INTEGRATION OF TYPES OF TESTS
Various type of test:
1. The separate tests on each program in a series of
programs for a single application can be combined for
all programs for that application.
2. The separate tests on each file used in or resulting
from the processing for a single application can be
combined into an overall evaluation for all files used
in that application.
3. The separate test on program and files can be
combined into an overall evaluation.
4. The testing of programs and files can be combined into
a single test. This single test may enable the auditor to
perform:
a) A controls test of both programs and files at the
same time,
b) A substantive test of both programs and files at the
same time,
c) A dual purpose test of both programs and files at
the same time.
5. Multiple tests can be combined mixtures of controls an
substantive tests on both programs and files into an
overall evaluation of the system.
6. The separate tests performed on user, general and
application controls can be combined into an overall
evaluation.
Series of Programs
PAYROLL APPLICATION
calculates gross payroll, withholdings and deductions along w/ the year to date
Update Program totals and prints the payroll checks and journals
prepares quarterly and annual payroll report for union, pension, profit-sharing and
Report Program government purposes
Multiple Files
Accounts Receivable Master File accessed to determine whether the sum of the new
order, amount to be due for back orders and amounts
currently receivable exceed the credit limit
Inventory Back-order File
Programs and Files
Separate Test
Single Test
Multiple Test
User, General and Application Controls
User Control
General Control
Application Control
Processing of Actual Data
Combinations of Techniques for Testing
ACCOUNTS RECEIVABLE
APPLICATION
Input errors detected were Credit limit field in each
corrected and resubmitted account contains a certain
Output was reconciled amount
to input
The balance due does not
Output was distributed exceed the credit limit
to authorized personnel
PAYROLL APPLICATION
ACCOUNTS RECEIVABLE
APPLICATION
Foot
subsidiary
ledgers
Process AR
payment
transactions
Control
account
SUBSTANTIVE TESTING ILUSTRATION
PAYROLL APPLICATION
Foot
BALANCES
Process
PAYROLL
Control
account
REASONS FOR DECIDING TO USE A MIXTURE
• EFFECTIVENESS
• EFFICIENCY
Processing of Simulated Data
-Used to determine the operating
effectiveness of application controls and
the accuracy of processing results.
CONTROLS TESTING ILUSTRATION
ACCOUNTS RECEIVABLE
APPLICATION