COMPUTERIZED AUDITING &COMPUTER ASSISTED AUDITING

TECHNIQUES

 Auditing is the examination or inspection of

various books of accounts by an auditor.
 It is done to ascertain the accuracy of financial
statements provided by the organization.
COMPUTERIZED AUDITING
 Information technology (IT) is integral to modern
accounting and management information systems.
 It is, therefore, imperative that auditors should be
fully aware of the impact of IT on the audit of a
client’s financial statements, both;
 in the context of how it is used by a client to gather,
process and report financial information in its
financial statements, and
 how the auditor can use IT in the process of auditing
the financial statements.
Types of Auditing

Internal Auditing
 This is the first-party audit that is performed within an

organization to measure its strengths and weaknesses

against its own procedures or methods and/or against
external standards adopted by (voluntary) or imposed
on (mandatory) the organization.
 A first-party audit is an internal audit conducted by

auditors who are employed by the organization being

audited but who have no vested interest in the audit
results of the area being audited
External Auditing
 Is an audit is performed by an independent audit

organization. Independence of the audit

organization is a key component
 External audits may result in certification,

recognition, an award, a fine, or a penalty

Phases in Computerized Auditing

Audit preparation
 Audit preparation consists of everything that is
done in advance by interested parties, such as
the auditor, the lead auditor, the client, and the
audit program manager, to ensure that the
audit complies with the client’s objective.
 The preparation stage of an audit begins with
the decision to conduct the audit.
 Preparation ends when the audit itself begins.
 Audit performance
 The performance phase of an audit is often
called the fieldwork.
 It consists of activities including
 on-site audit management,

 meeting with the auditee,


 understanding the process and
system controls and verifying that
these controls work,
 communicating among team
members, and communicating with
the auditee
 Audit reporting
 The purpose of the audit report is to
communicate the results of the investigation.
 The report should provide correct and clear data
that will be effective as a management aid in
addressing important organizational issues.
 The audit process may end when the report is
issued by the lead auditor or after follow-up
actions are completed.
 Audit follow-up and closure
 An audit is officially closed after all of the
recommendations have been recommended
for closure through the follow-up audit process.
 Audit standards require that a follow-
up process is implemented to monitor the
disposition of audit results and ensure that
action plans have been effectively implemented.
Computerized Auditing Stages

Interim Auditing
 This is the very first stage in computerized auditing

which involves review of transactions and accounting

system in general.
 At this stage, an auditor goes through the system to

cross-check the transactions and other related issues

that were pre-determined through compliance
before the actual accounting process began.
 This is why it is sometimes referred to as the

compliance testing auditing.

NOTE
 Auditors perform tests of controls to determine

that the control policies, practices, and

procedures established by management are
functioning as planned.
 A test of control describes any auditing

procedure used to evaluate a company's

internal controls.
Financial Statement Auditing
 At this stage an auditor verifies as to whether the

financial statements really represent the fair view of

the business conduct of the organization.
 Because this is the intrinsic part of the computerized

auditing, it is most of the time referred to as the

substantive testing auditing. Substantive testing is the
direct verification of financial statement figures.
 The auditor at the end of the day produces

qualified or unqualified reports based on GAAP

Computerized Auditing Strategies

Auditing Around the Computer

 This is the strategy through which an auditor goes

through the input documents and compares with the

output from the computer.
 In this way the auditor tends to avoid the computer

by just dealing with the inputs and outputs.

Auditing With the Computer
 Through this strategy an auditor utilizes the

computer to perform some audit work that would

otherwise have to be done manually.
 Instead of dealing with inputs that are in hard

copies, the auditor goes through them that are in

soft copies found in the system.
Auditing Through the Computer
 This is the process of reviewing and evaluating

the internal controls in an electronic data

processing system by an auditor.

COMPUTER ASSISTED AUDIT
TECHNIQUES (CAATs)

 Computer assisted audit techniques (CAATs) refer

to the use of technology to help you evaluate
controls by extracting and examining relevant data.
 The extent to which an auditor may choose
between using CAATs and manual techniques on a
specific audit engagement depends on the
following factors:
 the practicality of carrying out manual testing
 the cost effectiveness of using CAATs

 the availability of audit time

 the availability of the audit client’s computer

facility
 the level of audit experience and expertise in
using a specified CAAT
 the level of CAATs carried out by the audit

client’s internal audit function and the extent

to which the extern al auditor can rely on this
work.
Classification of CAATs
There are two broad categories of CAAT:
 Audit software; and

 Test data.
1. Audit software

 Audit software is used to interrogate/cross-examine

a client's system.
 The main advantage of these
programs/softwares is that they can be used to
scrutinize large volumes of data, which it would
be inefficient to do manually.
 The programs can then present the results so that
they can be investigated further.
Specific procedures that these
softwares/programs can perform include:
i. Extracting samples according to specified
criteria, such as:
 Random;
 Over a certain amount;
 Below a certain amount;
 At certain dates.
ii. Calculating ratios and select indicators that fail to
meet certain pre-defined criteria (i.e. benchmarking);
iii. Check arithmetical accuracy (for example additions);
iv. Preparing reports (budget vs actual);
v. Stratification/arrangement of data (such as invoices by
customer or age);
vi. Produce letters to send out to customers and
suppliers; and
vii. Tracing transactions through the computerised
system.
 These procedures can simplify the auditor's task
by;
 selecting samples for testing,
 identifying risk areas and
 by performing certain substantive procedures.
 The software does not, however, replace the need
for the auditor's own procedures.
2. Test data

 Test data involves the auditor submitting

dummy/replica data into the client's system to
ensure that the system correctly processes it and
that it prevents or detects and corrects
misstatements.
 THE OBJECTIVE OF THIS IS TO TEST THE
OPERATION OF APPLICATION CONTROLS
WITHIN THE SYSTEM.
 To be successful test data should include both data
with errors built into it and data without errors.
Examples of errors include:
 codes that do not exist, e.g. customer, supplier and

employee;
 transactions above pre-determined limits, e.g. salaries

above contracted amounts, credit above limits agreed

with customer;
 invoices with arithmetical errors; and

 submitting data with incorrect batch control totals.

Advantages of CAATs

CAATs allow the auditor to:

 Independently access the data stored on a computer

system without dependence on the client;

 Test the reliability of client software, i.e. the IT

application controls
 Increase the accuracy of audit tests; and

 Perform audit tests more efficiently, which in the

long-term will result in a more cost effective audit.

Disadvantages of CAATs

 CAATs can be expensive and time consuming to set

up, the software must either be purchased or
designed (in which case specialist IT staff will be
needed);
 Client permission and cooperation may be difficult
to obtain;
 Potential incompatibility with the client's computer
system;
 The audit team may not have sufficient IT skills
and knowledge to create the complex data extracts
and programming required;
 The audit team may not have the knowledge or
training needed to understand the results of the
CAATs; and
 Data may be corrupted or lost during the
application of CAATs.
NOTE
 The key objectives of an audit do not change

irrespective of whether the audit engagement is

carried out in a manual or a computer-based
environment.
 The audit approach, planning considerations

and techniques used to obtain sufficient

appropriate audit evidence do of course change.