520 likes | 2.16k Views
AUDIT IN COMPUTERIZED ENVIRONMENT . Ashok Seth, B.Sc, F.C.A. DISA (ICI) Lucknow ashok.seth@gmail.com. Change in the Environment . Technological Revolution. Increase in Volumes & Complexities of transactions. Time & Information became most sought after. Fall in Prices of Computer Hardware.
E N D
AUDIT IN COMPUTERIZED ENVIRONMENT Ashok Seth, B.Sc, F.C.A. DISA (ICI) Lucknow ashok.seth@gmail.com
Change in the Environment • Technological Revolution. • Increase in Volumes & Complexities of transactions. • Time & Information became most sought after. • Fall in Prices of Computer Hardware. • Availability of user friendly software. Ashok Seth
Graduate from • Tick to Click & • Mouse to CAAT Ashok Seth
No Change in overall objective • To establish reliability & integrity of information • To assess compliance with policies, laws & regulations • To see that assets are being safeguarded • To appraise economical & efficient use of resources • Accomplishment of established objectives & goals Ashok Seth
Effect of EDP Environment • On procedures in obtaining sufficient understanding of accounting & internal control systems • On risk assessment method to be followed • Designing of tests of control and substantive procedures to meet audit objective Ashok Seth
EDP Characteristics • Uniform Processing of Transactions • Potential for undetected errors & irregularities • Transaction Trail may be available for short duration or only in electronic form. • Automatic initiation & subsequent execution of transaction by computer Ashok Seth
Problems with EDP systems • Unauthorized persons may gain access to data or program • Transactions may not be completely processed • Data may become corrupt giving wrong report • Programmers may make unauthorized changes to software • Difficult to Trace input errors • Lack of Supervisory controls Ashok Seth
Audit Approach • Auditing Around Computers • Auditing through Computers Ashok Seth
Auditing Around Computers • Involves selection of representative sample of source documents and tracing them to final destination • The controls and procedures used in processing the data were considered unimportant Ashok Seth
Auditing Through Computers • This approach de-emphasizes testing of records and focuses on the examination of the processing system to enhance the probability of system generated records being accurate. Ashok Seth
Auditing Through Computers- Steps: - • Review and evaluation of systems of controls • Verification of record contents and generation of evidential information (Audit Evidence) from database Ashok Seth
EDP Controls • General EDP Controls • EDP Application Controls Ashok Seth
General EDP Controls • Access controls: - to prevent • Unauthorized access to online terminal devices, programs and data • Entry of unauthorized transactions • Unauthorized changes to data files. • Use of programs that have not been authorized. • Controls over passwords Ashok Seth
Contd • Programming Controls to prevent or detect improper changes to programs. The access may be restricted through program development libraries. The changes in programs are required to be documented. • Transaction Logs- Reports which are designed to create audit trail Ashok Seth
EDP Application Controls • Pre Processing Authorization • Changes to standing data • Data Processing controls, reasonableness and other validation tests. • Cut off procedures • File Controls procedures- to ensure correct data files are used. • Balancing:- process of establishing control totals to ensure accuracy Ashok Seth
Computer Assisted Audit Techniques (CAATs) Includes: - • Test Data Techniques • Generalized audit software (GAS) • Utility Software Ashok Seth
Test Data techniques • Live Processing with dummy data • Dummy processing with dummy data • Integrated test facility • On line testing Ashok Seth
Why CAATs • Absence of input documents or the lack of a visible audit trail • Effectiveness and Efficiency of auditing procedures improved • Information processing environments pose a stiff challenge to collect sufficient, relevant and useful evidences since the evidence exists on magnetic media and can only be examined using CAATs. • With systems having different hardware and software environments, different data structure, record formats, processing functions, etc , it is almost impossible for the auditors to collect evidence without a software tool to collect and analyze the records Ashok Seth
Functional Capabilities of CAATs • File access: Enables the reading of different record formats and file structures • File reorganization: Enables the indexing, sorting, merging and linking with another file • Data selection: Enables global filtration conditions and selection criteria • Statistical functions: Enables sampling, stratification and frequency analysis. • Arithmetical functions: These functions facilitate re-computations and re-performance of results. Ashok Seth
How to use CAATs? • Set the objective of the CAAT application • Determine the content and accessibility of the entity's files • Define the transaction types to be tested • Define the procedures to be performed on the data • Define the output requirements • Identify the audit and IT personnel who may participate in the design and use of tests for CAATs. Ashok Seth
General Uses and Applications of CAATs- for example • Exception identification • Control analysis: Identify whether controls as set have been working as prescribed • Error identification: Identify data which is inconsistent or erroneous. • Statistical sampling • Verification of calculations • Completeness of data: Identify whether all fields have valid data. • Contd Ashok Seth
Duplicates • Obsolescence of inventory • Undeserved discounts for rapid payment • Accounts exceeding authorized limit • Overdue invoices Ashok Seth
Strategies for using CAATs • Identify the goals and objectives of the investigation or audit • Identify what information will be required • Determine what the sources of the information • Identify who is responsible for the information • Review documentation to know the type of data in the system • Review documentation to know flow of data, understand data, Know what each field in the data set represents and how it might be relevant. • Contd Ashok Seth
Develop a plan for analyzing the data • What - Specific objectives that should be addressed by the analysis • When – Define the period of time that will be audited, and secure the data for that period • Where – Define the sources of the data to be analyzed (Accounts payable, payroll) • Why – Reason for performing the tests and analysis (general review, fraud audit) • How – The types of analysis planned to be carried out by the audit Ashok Seth
Precautions in using CAATs • Identify correctly data to be audited • Collecting the relevant and correct data files • Identify all the important fields that need to be accessed from the system • State in advance the format the data can be downloaded and define the fields correctly • Ensure the data represent the audit universe correctly & completely. • Ensure the data analysis is relevant and complete. • Contd Ashok Seth
Perform substantive testing as required. • Information provided by CAATs could be only indicators of problems as relevant and perform detailed testing as required. Ashok Seth
THANK YOU Ashok Seth