200 likes | 301 Views
Why Computers Provide Opportunities to Auditors. Auditing “around”, “through”, “with” Mathematical and logical capabilities reperformance of calculations Speed of processing fraction of the time Consistency of performance provides reliable basis for application of audit techniques
E N D
Why Computers Provide Opportunities to Auditors • Auditing “around”, “through”, “with” • Mathematical and logical capabilities • reperformance of calculations • Speed of processing • fraction of the time • Consistency of performance • provides reliable basis for application of audit techniques • performance will be predictable and consistent
Why Computers Provide Opportunities to Auditors • Data archiving and retrieval • ability to access client data, also archive own electronic data • Communication networks • access auditees from remote sites • Office automation and LANs • store audit documentation in servers, etc. • Personal computers • transported everywhere
audit software spreadsheet working paper generator flowcharting word processing database data communications web browser presentation graphics desktop publishing utilities admin aids Why Computers Provide Opportunities to Auditors Preprogrammed Software
Create /update flowcharts Create /transfer documentation Ratio analysis Graphical presentations of entity operations Record explanations Access client computer Sampling Communicate Consult external databases Maintain admin. records and bill Auditor can use software to
Economic means to audit More effective procedures More timely performance Remove tedious calculations Expand resource capabilities Fill gaps in audit/mgmt trails Enhance understanding of auditee systems Perform execution of multiple steps Reduce total audit costs Add value to client CAATs help because
CAAT Requirements • Clearly stated objectives • Advance planning • Effective integration into overall audit plan • Knowledgeable audit staff • Adequate audit control stds over computerized audit logic and audit conclusions drawn • Coverage of multiple steps to achieve economies from development costs
CAATs - Professional Responsibilities • GAAS - gen std: adequate technical training & proficiency • exam std (i) - adequate planning and proper execution. If assistants are used, they are properly supervised (specialist may be required but may not be a trained accountant) • IAG #15, par 8: Planning should address degree of reliance on EDP controls, need for specialists, need for CAATs • IAG # 15, par 6: Auditor cannot delegate responsibilities for forming audit conclusionsand expressing opinions. Thus, require some EDP knowledge • exam std (iii) - sufficient appropriate audit evidence • IAG #15, par 10: CAATs may be required if absence of input documents or generation of acctg transactions by computer may preclude auditor from examining documentary evidence;or if lack visible audit trail or visible output
System Oriented vs Data Oriented CAATs • System oriented tests the system directly but can permit inferences to be drawn about the data • Data oriented tests data directly but can draw inferences about the system • System oriented are less efficient for drawing conclusions about data and cannot quantify the effect of errors • Data oriented are less effective at discovering potential problems that have not yet occurred
Categories of CAATs • Audit planning aids • Audit program generator • generates list of audit procedures by financial statement item assertion in response to risk assessment, extent, timing, staffing • Working paper generation • generates trial balance, adjustments, lead sheets, draft f/s, journal entry listings, closing entry listings, variance analysis, ratio analysis, trend analysis
Categories of CAATs • System analysis and documentation • Automatic flowcharting • analyses source code for a program then prints a block diagram of the key steps; may be more readable than actual source code • can only be used for certain programming languages, diagrams may be difficult to interpret. • always question whether source code charted is the actual program • Flowchart packages • first must be drawn by auditor, makes changes, modifications easier.
Categories of CAATs • System analysis and documentation • Internal Control Modeling Systems • Electronic questionnaire to record info and summarize deficiencies. • Review of Program logic - not strictly a CAAT • Detailed, visual review of source code usually with help of text editors and compiler cross reference listings. • Helps auditor acquire good understanding of system processing, but require good understanding of programming language.
System Testing Techniques • Used for verifying processing steps performed by systems and programs and drawing conclusions about performance • Types • test data • ITF • parallel simulation • program comparison
Test Data • Uses test data to simulate regular processing • Check to predetermined results • Can test for: • on line password and data access controls • edit and validation routines • branching logic in transaction processing • complex calculations
Test Data Steps • Define the app. function to be tested (the accounting procedures and controls) • Obtain reasonable understanding of the processing logic to permit test data construction • Develop test data and predetermine expected results • Process the data through normal processing channels and compare output • Investigate differences
Test Data • Can be prior actual data, original prog. test data, data invented by auditor, product of test generator program • Should contain valid and invalid data to test error routines • Can be used to test accounting procedures such as computations, postings, auto transactions etc. • Can be used for specific prog reviews or entire systems • Entire system more difficult - risk of permanent effect on master files
Limits of Test Data • At a point in time only - watch process/control changes • Difficult to assess that prog tested is one being actively used • Difficult to simulate all conditions that might occur, can't detect fraudulent manipulations of data • May not be feasible due to time/cost constraints • Requires great deal of expertise from auditor
Integrated Test Facility (ITF) • Extension of dummy data to "dummy branch" • extra teller, check-out register, etc. • Run test and live data together - then reverse • Set up dummy master files for branch • Can be applied frequently as part of regular operations • Make sure that live master file data isn't affected
Parallel Simulation • Use computer software package to embody the major processing logic of the program to be used • Feasibility depends on the complexities of the program being simulated and the capacity to have logic simulated • Spreadsheets often ideal • Use real data in simulated environment rather than simulated data in a real environment (test data)
Program Comparison • Keep exact duplicate of a special purpose program • e.g., ageing prog • Use a special program to compare with object program, character by character and report differences
Bonus Program Background Audit Objectives Documentation Company Policy Software Flowcharts Input (record layout) Process (black box) Output Organizing Test Data Decision Tree Decision Table Paths not tested Break point analysis How to run the program When to stop What to hand in Test Data Case Study