Basic Consideration of

Auditing in EDP
Environment

Submitted To :- Submitted By :-
Mrs. Monika Bhatia Ma’am Rohan Singh
 Introduction

➔ In recent years there has been a rapid development in the use of computers as a means of
producing financial information. This development has created certain problems for the auditor
in that although general auditing principles have not been affected.

➔ As a result of this, there has emerged from within the accounting profession a group of
electronic data processing (EDP) audit specialists, equipped with sufficient technical expertise to
make an intelligent analysis of complex computer audit situations.
 Functions of EDP Audit

1. Get Electronic Data

To commence the auditing process, auditors must first retrieve the data stored in the
computer. Documents such as sales receipts and supplies invoices are used to verify the
data entered into the computer. This ensures that correct information was input into the
computer.

2. Data Conversion

Organizations use different types of software to store their data. This data should be
converted from the stored software to the auditing software. This is done using special
software programs known as package and utility programs. This ensures that there is no
inconsistency when auditing data stored in different software.
3. Compliance Test

Auditors need to verify that procedures followed when entering data into the data
processing system are being applied as prescribed. These procedures act as the
underlying evidence of whether the accounting data is correctly fed into the processing
system. Obtaining this evidence involves reviewing the accounting journals, ledgers and
worksheets.

4. Substantive Test

Auditors obtain evidence to verify the completeness, validity and accuracy of a client's
records. This evidence is an important factor in determining the auditor's opinion on the
records. Substantive tests in a merchandising firm would include examining inventory at
the end of the period to verify that the levels of such inventory are as indicated in the
records

5. Reporting

The main aim of an audit is to report to the client

 General Approach to an Edp-
Based Audit
It is normal for the auditor to base his approach to an EDP-
based audit upon two completely separate types of review :

1. Organisational Review
2. System Review
 1. Organisational Review

Organisational review is the review of the organisational controls within the

computer installation itself. This review seeks to examine the internal control
within the computer installation, to ensure the following:

1. An acceptable standard of discipline and efficiency is maintained.

2. An adequate division of duties exists, thus preventing any undue
concentration of functions.

Serious weaknesses in internal control within the EDP department itself can
throw doubt on the validity of all the data it produces.
 2. System Review

System review is a detailed review of the controls operating within each computer-based
accounting system. This review seeks to establish that controls operate within each individual
system which, inter alia, ensure the following:

1. All data is completely and accurately processed

2. Permanent data is adequately protected
3. A satisfactory ‘audit trail’ exists

Both types of review are carried out by the use of questionnaires and these questionnaires
are based on the ‘key question’ principle. It is necessary to evaluate both the general and
computer questionnaires together to obtain a proper understanding of the system and to
assess the significance of individual controls.
 Approaches to EDP Auditing

Rapid changes in hardware and software have changed the conceptual approach to
auditing in an EDP environment.

In earlier times, audit approach consisted of ignoring the existence of computer, was
treated it as a black box and audit was conducted around the computer.

However, the increasing developments of computers has since led to computers being
used in two different ways:

1. As a tool to the auditor in conducting audit such as printing confirmation requests.

2. As the target of the audit where data are submitted to the computer and the results
are analysed for processing reliability and accuracy of the computer system.
The auditor must plan whether to use the computer to assist the
audit or whether to audit without using the computer.

These two approaches are commonly known as :-

1. Auditing around the computer.

2. Auditing through the computer.
 1. Auditing Around the Computer

Auditing around the computer involves arriving at a conclusion through examining the
internal control system for computer installation and the input and output only for
application systems.

On the basis of the quality of the input and output of the application system, the auditors
take decision about the quality of the processing carried out.

Usually the auditors adopt this approach of auditing around the computer, when any of the
following conditions are fulfilled.

● The system itself is very simple.

● The system is batch-oriented.
● The system uses generalised software, which is well tested and used widely by
many concerns.
 2. Auditing through the Computer

The auditor can use the computer to test the logic and controls existing within the system and the
records produced by the system.

Depending upon the complexity of the application system being audited, the approach may be fairly
simple or require extensive technical competence on the part of the auditor.

Following are the situations where auditing through computer must be adapted:

● The logic of the system is complex and there are large portions that facilitate use of the system or
efficient processing.
● The application system processes large volumes of inputs and produces large volumes of output
that makes extensive direct examination of the validity of input and output difficult.
● Because of cost-benefit considerations, there are substantial gaps in the visible audit trial.
● Significant parts of the internal control system are embodied in the computer system.
Special Techniques for Auditing in an
EDP Environment

Due to the special characteristics of an EDP environment, auditors

often use the computer for performing several compliance
procedures as well as substantive procedures.

The techniques, which involve the use of the computer for audit
purposes, are known as ‘Computer assisted audit techniques’
(CAATs).
What are CAATs?

● Computer assisted audit techniques involve the use of computers in the

process of an audit rather than limiting it to an entirely manual approach.
● CAATs are defined as computer based tools and techniques, which
facilitate auditors to increase their personal productivity as well as that
of audit function.
● CAATs are software tools for auditors to access, analyse and interpret
data and to draw an opinion for an audit objective.
Need for CAATs

CAATs may be used in performing various auditing procedures, including the

following:

1. Tests of details of transactions and balances.

2. Analytical procedures.
3. Tests for general controls.
4. Sampling programmes to extract data for audit testing.
5. Tests of application controls.
6. Re-performing calculations performed by the entity’s accounting system.
Types of CAATs

CAATs can be broadly categorised into the following three

types:

1. Generalised audit software (GAS).

2. Specialised audit software (SAS).
3. Utility software.
Thank You !