Professional Documents
Culture Documents
CHAPTER FIVE
AUDIT EVIDENCE AND EDP
AUDIT
5.1. Nature of audit evidence
4 05/10/20
What makes evidence competent and sufficient?
evidence.
Sufficiency is the presence of enough factual and
05/10/202
0
5.2. Types of Audit Evidence
observation of
(a) activities of people,
(b) property, or
(c) events.
observed;
Photographs;
Charts;
Maps; and
Actual samples.
13 05/10/20
20
Cont…
2. Documentary Evidence: is corroborating evidence
obtained from documents such as invoices, checks, contracts,
minutes of meetings etc. It may be obtained from the client's
files and is available to the auditor on request.
The documents, forms, journals or reports may originate
within the client organization or may come from an external
source. Example are:
Letters;
Contracts;
Laws;
Regulations;
procedures;
Budget information;
14 05/10/20
Cont…
Documentary evidence is classified in to three
categories depending on their source and reliability:
1. Documentary evidence created outside the client
client organization.
Documents may be created by the client (internal) or
additional evidences.
Testimonial evidence also needs to be
16 05/10/20
20
Cont…
17
4. Confirmation
It represent a distinct type of documentary
05/10/2020
Cont…
19
and expense amounts for the current year to those of prior periods,
to industry averages, to budgeted levels, and to relevant non
financial data, such as units of production or hour of direct labor.
Some of the techniques used to produce analytical evidence are
05/10/2020
Cont…
20
05/10/2020
5.3. Obtaining and Evaluating Audit
Evidence
21
05/10/2020
Cont…
22
05/10/2020
Cont…
23
05/10/2020
Cont…
24
Letter
05/10/2020
5.4. Audit Sampling
the population.
There are two types of sampling statistical and non-
statistical.
Statistical sampling involves the use of mathematically
the sample.
A judgmental sample is not statistically based and results
31 05/10/2020
5.5. Audit and EDP
32
Organizational structure:
When an organization uses EDP its organization structure is
are developed.
34 05/10/202
Cont…
Nature of Processing
Absence of input documents: In an EDP
system it is usual to enter transactions
directly to the computer without any source
documents.
Lack of visible transaction trial.
Lack of visible output.
Difference in nature of output.
Ease of access to data and computer
programs.
35 05/10/20
5.5.2. Internal control in an EDP Environment
36 05/10/2020
Cont…
EDP controls are divided into two categories:
General EDP controls and
Application EDP controls
General EDP controls are internal control
procedures that relate to all or most of the
EDP applications and not to any particular
application.
Application controls are control procedures
related to individual EDP application such as
payroll preparations, purchase accounting.
37 05/10/202
0
Cont…
General EDP Controls
General EDP controls can be classified into
those relating to:
The organizational structure of the EDP
functions,
adequate documentation and authorization
of computer programs,
access controls, and
hardware controls procedural controls for
safeguarding of program and data files, and
procedural controls for identification,
documentation and correction of errors.
38 05/10/202
Application controls
controls are:
1.To ensure transactions are properly
processed by the computer.
2. To ensure that transactions are not lost,
added, duplicated or improperly changed.
3.To ensure that processing errors are
identified and corrected on timely basis.
40 05/10/20
Cont…
Output controls
The effectiveness of input controls and
processing controls determines the quality of
the output, since the accuracy and
completeness of out put are dependent on
the accuracy and completeness of input data
and processing.
The main objectives of output controls are:
to ensure that results of processing are accurate.
to ensure that access to output is restricted to
authorized personnel
to ensure that output is provided to appropriate
authorized personnel on a timely basis.
41 05/10/20
5.5.3. Applicability of GAAS in EDP audit
processing activities.
The availability of data in hard copy and
computer readable form.
The use of computer-assisted audit techniques to
44 05/10/20
20
Cont…
The accounting records, supporting documents,
machine readable information, and specific accounts
in the financial statements involved in the EDP
processing and reporting of the significant classes of
transactions.
How the computer is used to process data from the
initiation of the transactions to its final inclusion in the
financial statements.
The types of potential misstatement that could occur.
In general in auditing clients with EDP system, the
auditor’s understanding of the internal control should
be documented in the working papers.
The extent of the documentation will vary directly
with the size and complexity of the structure.
45 05/10/20
5.5.4. Disaster Recovery Planning
A disaster Recovery planning project cannot be completed in
a week or even a month.
In many ways, a DRP is never completed-the plan must be
48 05/10/202
Disaster recovery planning project steps:
and detailed.
These will include, but not be limited to, the recovery
52 05/10/20