CHAPTER 6AUDITING IN COMPUTERISED INFORMATION SYSTEM ENVIRONMENT

NOR AMALIA BINTI AHAD

10DAT11F2027

NORMASTURA BINTI AHMAD

10DAT11F2039

SITI NABILAH BINTI ABDULLAH

10DAT11F2042

NUR SYUHADA BINTI RUSLAN

10DAT11F2048

6.1.1 Describe The Changing Information Of Technology and Implication For Auditing People are constantly looking for online activities and expect

faster delivery. In accounting as well as auditing, IT plays a

vital role in producing reliable and timely financial statements

and reports.

Most companies use IT to improve company internal control

system through the addition of new control procedure through

computer and replacing the manual control due to the

likelihood of possible human error.

Electronic Data Processing (EDP)

Planning

Recording

Managing

Reporting business transaction

Electronic Data Processing (EDP)

Source Document : Invoice Revenue Receipt Payment Voucher Cheque

Electronic Data Processing (EDP)

The basic financial reporting : Statement of financial position (balance

sheet) Profit and Loss account Statement of cash flows Statement of changes in equity

Advantages and Disadvantages of Using IT Systems

Advantages Disadvantages

• Easier to have instant data processing compared to manual data processing.

• The use of electronic data processing has resulted in decreased vacancies for job searchers like accountant

• More accurate and effective time of transactions.

• High cost for companies as effective electronic data processing software tends to be expensive.

• Increase performances especially in manufacturing industries and related industries due to improved the inventory automated systems.

• Additional cost for support and backup systems in the event of power failure.

Implication

From manual control to electronic environment : Traditional paperwork in which the auditor can see and

feel the printed marks evidencing transaction are carried

out online and most cases in ‘real time’. Generally looks for the authorizing signatures on the

papers evidencing the transactions and Electronic. It processing environment such authority is evidenced by

the user of identification codes and passwords which are

all physically invisible.

The level of complexity can be classified into 2 level that is low and high.

6.1.2 Determine the level of complexity in computerized information system environment

1. EDP systems can be defined by their technical

complexity and the extent to which they are used in an

organization.

2. Technical complexity : Online-line processing

- An online system allows direct access

into the computer. Transactions can be put directly into the

system so that master files are updated at time the entry is

made.

Communication systems

- Communication channels can connect the computer

directly to users anywhere in the world. Distributed processing

- When the computing function is apportioned among

CPUs spread geographically and connected by a

communication system. Data Base Management

- As the volume and uses of computer-processed data

expand, data on different files are often redundant.

-The effect is inefficient use of file space and the need

to update files continually.

Control DescriptionsThe it control environment

• The IT government structure• How IT risk are identified, mitigated

and managed• The information system, strategic plan

and budget• The organizational structure and

segregation of duties

Day-to-day computer operations

• Acquisition, installations, configuration, integration and maintenance of the IT infrastructure

• Delivery of information service to user• Management of third-party provider

6.1.3 General Control CIS

Access to program and data • Security of passwords• Internet firewalls and remote access

controls• Data encryption and cryptographic

keys

Program development and program changes

• Acquisition and implementation of new applications

• System development and quality assurance methodology

Monitoring of IT operations • Policies and procedures regarding the information system and reporting that ensure that user comply with IT general control.

Application Control On CIS

1. Application control is controls within a computer application to ensure- completeness, accuracy of input, processing and validity of the resulting accounting entries.

2. The main aim is to ensure Validity, completeness and accuracy of accounting data.

3. Application controls classified into:

a) Input controls

b) Processing controls

c) Output controls

a) Input controlsThe main aim of input controls is to reduce errors in the data

entered in the system for processing. Input controls include checking and ensuring that :

- Input data are authorized by the appropriate official.

- Data represent valid record of actual transaction

- Correctly classified for the purpose of accounting. Example : - Sequence checks

- Batch control

b) Processing controls There are divided into mechanical and programmed controls. Programmed control are done during the system

development to ensure that only data related to a particular

transaction is processed and not otherwise.

c) Output Controls Controls relating to input and processing itself with the final

objective. Relates precisely to the original input. Represents the outcome of a valid and tested program of

instructions.

6.1.4 The Plan An Audit Strategic

1) Ensure that these is adequate compliance and substantive procedures and transmitted date are correct and completed.

2) Apply professional scepticism by cross verification of record, reconciliation between primary and subsidiary ledger, questioning and critical assessment of audit evidence.

3) The audit which may be affected by the client CIS environment.

An application may be considered to be complex when:

a) The volume of transactions is such that users would find it difficult to identify and correct error processing.

b) The computer automatically generate material transactions or entries directly to another application.

c) The computer perform complicated computations of financial information and automatically generates material transaction.

6.2 .1 The Concept Of Computer Assisted Audit Techniques (CAAT)

CAAT’s are computer programs and data that the auditor uses as part of the audit procedures to process data of audit significance contained in a client computer information system (CIS).

Auditor's use of a computer-assisted audit technique is something special- normally the techniques used by an auditor are not computer assisted.

The term CAAT refers to the use of certain software that can be used by the auditor to perform audits and to achieve the goals of auditing.

CAATs offer much needed help a the audit technology tools facilitate more granular analysis of data and help to determine the accuracy of the information.

6.2.2 Types Of CAATsI. Generalized Audit Software (GAS)Comprises computer programs used for audit purposes to

process data audit significance from the client accounting system.

It is used by the auditor to examine the entity computer files and may be used during both test of control and substantive testing of transactions and balances.

II. Test Data Test data is data submitted by the auditor for processing

by the clients computer based accounting system. The review of an application system will provide

information about internal controls built in the system.

III. Utility Software Utility software is the subset of software, such as database

management systems report generators, that provides evidence to the auditors about system control effectiveness.

IV. The audit-expert system The audit expert system will give direction and valuable

information to all levels of auditors while carrying out the audit because the-based system knowledge-base of the senior auditors and managers.

The Advantages Of CAAT

Independently access the data stored on a computer system without dependence on the client

Test the reliability of client software, for example the IT application controls

Increase the accuracy of audit testsPerform audit tests more efficiently, which in the long-term

will result in a more cost effective audit.

6.2.3 Method Audit Computerized Information System (CIS)

1) Auditing around the computer This approach, the auditor is not using computer control to

reduce assessed control risk. Instead, the auditor uses manual controls to support reduced

control risk assessment. Often, smaller companies lack dedicated IT personnel, or they

rely on periodic involvement of IT consultants to assist in installing and maintaining hardware and software.

Auditing around the computer is effective because these system often produce sufficient audit trails to permit auditor to compare source documents.

2) Auditing through the computer

as organisations expand their use of IT, internal controls are often embedded in applications that are visible only in electronic form.

Example Of Auditing Around And Through The Computer

Internal Control Auditing Around the Computer Approach

Auditing Through the Computer Approach

1. Credit is approved for sales on account

Select a sample of sales transaction from the journal and obtain the related customer sales order

Obtain a copy of the client sales applications program and related credit limit master file

2. Payroll is processed only

Select a sample of payroll disbursements from the payroll journal

Create a test data file of valid and invalid employee ID number