1 / 27

AUDIT IN COMPUTERIZED ENVIRONMENT

AUDIT IN COMPUTERIZED ENVIRONMENT . Ashok Seth, B.Sc, F.C.A. DISA (ICI) Lucknow ashok.seth@gmail.com. Change in the Environment . Technological Revolution. Increase in Volumes & Complexities of transactions. Time & Information became most sought after. Fall in Prices of Computer Hardware.

terri
Download Presentation

AUDIT IN COMPUTERIZED ENVIRONMENT

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. AUDIT IN COMPUTERIZED ENVIRONMENT Ashok Seth, B.Sc, F.C.A. DISA (ICI) Lucknow ashok.seth@gmail.com

  2. Change in the Environment • Technological Revolution. • Increase in Volumes & Complexities of transactions. • Time & Information became most sought after. • Fall in Prices of Computer Hardware. • Availability of user friendly software. Ashok Seth

  3. Graduate from • Tick to Click & • Mouse to CAAT Ashok Seth

  4. No Change in overall objective • To establish reliability & integrity of information • To assess compliance with policies, laws & regulations • To see that assets are being safeguarded • To appraise economical & efficient use of resources • Accomplishment of established objectives & goals Ashok Seth

  5. Effect of EDP Environment • On procedures in obtaining sufficient understanding of accounting & internal control systems • On risk assessment method to be followed • Designing of tests of control and substantive procedures to meet audit objective Ashok Seth

  6. EDP Characteristics • Uniform Processing of Transactions • Potential for undetected errors & irregularities • Transaction Trail may be available for short duration or only in electronic form. • Automatic initiation & subsequent execution of transaction by computer Ashok Seth

  7. Problems with EDP systems • Unauthorized persons may gain access to data or program • Transactions may not be completely processed • Data may become corrupt giving wrong report • Programmers may make unauthorized changes to software • Difficult to Trace input errors • Lack of Supervisory controls Ashok Seth

  8. Audit Approach • Auditing Around Computers • Auditing through Computers Ashok Seth

  9. Auditing Around Computers • Involves selection of representative sample of source documents and tracing them to final destination • The controls and procedures used in processing the data were considered unimportant Ashok Seth

  10. Auditing Through Computers • This approach de-emphasizes testing of records and focuses on the examination of the processing system to enhance the probability of system generated records being accurate. Ashok Seth

  11. Auditing Through Computers- Steps: - • Review and evaluation of systems of controls • Verification of record contents and generation of evidential information (Audit Evidence) from database Ashok Seth

  12. EDP Controls • General EDP Controls • EDP Application Controls Ashok Seth

  13. General EDP Controls • Access controls: - to prevent • Unauthorized access to online terminal devices, programs and data • Entry of unauthorized transactions • Unauthorized changes to data files. • Use of programs that have not been authorized. • Controls over passwords Ashok Seth

  14. Contd • Programming Controls to prevent or detect improper changes to programs. The access may be restricted through program development libraries. The changes in programs are required to be documented. • Transaction Logs- Reports which are designed to create audit trail Ashok Seth

  15. EDP Application Controls • Pre Processing Authorization • Changes to standing data • Data Processing controls, reasonableness and other validation tests. • Cut off procedures • File Controls procedures- to ensure correct data files are used. • Balancing:- process of establishing control totals to ensure accuracy Ashok Seth

  16. Computer Assisted Audit Techniques (CAATs) Includes: - • Test Data Techniques • Generalized audit software (GAS) • Utility Software Ashok Seth

  17. Test Data techniques • Live Processing with dummy data • Dummy processing with dummy data • Integrated test facility • On line testing Ashok Seth

  18. Why CAATs • Absence of input documents or the lack of a visible audit trail • Effectiveness and Efficiency of auditing procedures improved • Information processing environments pose a stiff challenge to collect sufficient, relevant and useful evidences since the evidence exists on magnetic media and can only be examined using CAATs. • With systems having different hardware and software environments, different data structure, record formats, processing functions, etc , it is almost impossible for the auditors to collect evidence without a software tool to collect and analyze the records Ashok Seth

  19. Functional Capabilities of CAATs • File access: Enables the reading of different record formats and file structures • File reorganization: Enables the indexing, sorting, merging and linking with another file • Data selection: Enables global filtration conditions and selection criteria • Statistical functions: Enables sampling, stratification and frequency analysis. • Arithmetical functions: These functions facilitate re-computations and re-performance of results. Ashok Seth

  20. How to use CAATs? • Set the objective of the CAAT application • Determine the content and accessibility of the entity's files • Define the transaction types to be tested • Define the procedures to be performed on the data • Define the output requirements • Identify the audit and IT personnel who may participate in the design and use of tests for CAATs. Ashok Seth

  21. General Uses and Applications of CAATs- for example • Exception identification • Control analysis: Identify whether controls as set have been working as prescribed • Error identification: Identify data which is inconsistent or erroneous. • Statistical sampling • Verification of calculations • Completeness of data: Identify whether all fields have valid data. • Contd Ashok Seth

  22. Duplicates • Obsolescence of inventory • Undeserved discounts for rapid payment • Accounts exceeding authorized limit • Overdue invoices Ashok Seth

  23. Strategies for using CAATs • Identify the goals and objectives of the investigation or audit • Identify what information will be required • Determine what the sources of the information • Identify who is responsible for the information • Review documentation to know the type of data in the system • Review documentation to know flow of data, understand data, Know what each field in the data set represents and how it might be relevant. • Contd Ashok Seth

  24. Develop a plan for analyzing the data • What - Specific objectives that should be addressed by the analysis • When – Define the period of time that will be audited, and secure the data for that period • Where – Define the sources of the data to be analyzed (Accounts payable, payroll) • Why – Reason for performing the tests and analysis (general review, fraud audit) • How – The types of analysis planned to be carried out by the audit Ashok Seth

  25. Precautions in using CAATs • Identify correctly data to be audited • Collecting the relevant and correct data files • Identify all the important fields that need to be accessed from the system • State in advance the format the data can be downloaded and define the fields correctly • Ensure the data represent the audit universe correctly & completely. • Ensure the data analysis is relevant and complete. • Contd Ashok Seth

  26. Perform substantive testing as required. • Information provided by CAATs could be only indicators of problems as relevant and perform detailed testing as required. Ashok Seth

  27. THANK YOU Ashok Seth

More Related