Download presentation
Presentation is loading. Please wait.
1
AUDIT IN COMPUTERIZED ENVIRONMENT
Ashok Seth, B.Sc, F.C.A. DISA (ICI) Lucknow Chairman of the session CA Girish C Gupta ji, paper writers of this technical session, fellow brothers and dear students. It is indeed a pleasure to submit key note in the students seminar on the occasion of celeberation of Diamond Jubilee year of our Institute
2
Change in the Environment
Technological Revolution. Increase in Volumes & Complexities of transactions. Time & Information became most sought after. Fall in Prices of Computer Hardware. Availability of user friendly software. Ashok Seth 3rd July 2008
3
Graduate from Tick to Click & Mouse to CAAT Ashok Seth 3rd July 2008
4
No Change in overall objective
To establish reliability & integrity of information To assess compliance with policies, laws & regulations To see that assets are being safeguarded To appraise economical & efficient use of resources Accomplishment of established objectives & goals Ashok Seth 3rd July 2008
5
Effect of EDP Environment
On procedures in obtaining sufficient understanding of accounting & internal control systems On risk assessment method to be followed Designing of tests of control and substantive procedures to meet audit objective Ashok Seth 3rd July 2008
6
EDP Characteristics Uniform Processing of Transactions
Potential for undetected errors & irregularities Transaction Trail may be available for short duration or only in electronic form. Automatic initiation & subsequent execution of transaction by computer Ashok Seth 3rd July 2008
7
Problems with EDP systems
Unauthorized persons may gain access to data or program Transactions may not be completely processed Data may become corrupt giving wrong report Programmers may make unauthorized changes to software Difficult to Trace input errors Lack of Supervisory controls Ashok Seth 3rd July 2008
8
Audit Approach Auditing Around Computers Auditing through Computers
Ashok Seth 3rd July 2008
9
Auditing Around Computers
Involves selection of representative sample of source documents and tracing them to final destination The controls and procedures used in processing the data were considered unimportant Ashok Seth 3rd July 2008
10
Auditing Through Computers
This approach de-emphasizes testing of records and focuses on the examination of the processing system to enhance the probability of system generated records being accurate. Ashok Seth 3rd July 2008
11
Auditing Through Computers- Steps: -
Review and evaluation of systems of controls Verification of record contents and generation of evidential information (Audit Evidence) from database Ashok Seth 3rd July 2008
12
EDP Controls General EDP Controls EDP Application Controls Ashok Seth
The effectiveness or otherwise of these controls will determine the nature and extent of substantive verifications required Ashok Seth 3rd July 2008
13
General EDP Controls Access controls: - to prevent
Unauthorized access to online terminal devices, programs and data Entry of unauthorized transactions Unauthorized changes to data files. Use of programs that have not been authorized. Controls over passwords These include the use of passwords and specialized access control software and also physical controls Ashok Seth 3rd July 2008
14
Contd Programming Controls to prevent or detect improper changes to programs. The access may be restricted through program development libraries. The changes in programs are required to be documented. Transaction Logs- Reports which are designed to create audit trail Transaction Logs often documents the source of transactions also (terminal, Time and user) . Ashok Seth 3rd July 2008
15
EDP Application Controls
Pre Processing Authorization Changes to standing data Data Processing controls, reasonableness and other validation tests. Cut off procedures File Controls procedures- to ensure correct data files are used. Balancing:- process of establishing control totals to ensure accuracy Cut off procedures are important specially where there is continuous flow of transactions in a RTS. Changes to master files are required to be controlled more stringently. Ashok Seth 3rd July 2008
16
Computer Assisted Audit Techniques (CAATs)
Includes: - Test Data Techniques Generalized audit software (GAS) Utility Software Ashok Seth 3rd July 2008
17
Test Data techniques Live Processing with dummy data
Dummy processing with dummy data Integrated test facility On line testing The major problem is design of comprehensive set of transactions. In ITF test transactions are processed through the system in the production mode. The technique is particularly effective in situation where the visibility of the audit trail has been impaired or where the complexity of the system makes it difficult to trace the flow of transactions. On-line testing provides an effective means of testing edit and validation controls. When on line testing is used to test edit and validation controls, satisfactory results obtained from an attempt to enter an appropriate combination of valid and invalid transactions can convince the auditor that only valid transactions are accepted by the system. Ashok Seth 3rd July 2008
18
Why CAATs Absence of input documents or the lack of a visible audit trail Effectiveness and Efficiency of auditing procedures improved Information processing environments pose a stiff challenge to collect sufficient, relevant and useful evidences since the evidence exists on magnetic media and can only be examined using CAATs. With systems having different hardware and software environments, different data structure, record formats, processing functions, etc , it is almost impossible for the auditors to collect evidence without a software tool to collect and analyze the records Ashok Seth 3rd July 2008
19
Functional Capabilities of CAATs
File access: Enables the reading of different record formats and file structures File reorganization: Enables the indexing, sorting, merging and linking with another file Data selection: Enables global filtration conditions and selection criteria Statistical functions: Enables sampling, stratification and frequency analysis. Arithmetical functions: These functions facilitate re- computations and re-performance of results. Ashok Seth 3rd July 2008
20
How to use CAATs? Set the objective of the CAAT application
Determine the content and accessibility of the entity's files Define the transaction types to be tested Define the procedures to be performed on the data Define the output requirements Identify the audit and IT personnel who may participate in the design and use of tests for CAATs. IS Auditor need to have adequate computer knowledge, expertise and experience in using CAATs. They need to formulate appropriate methodology for using CAATs. This includes having a walk- through of the system to identify areas of weakness. Based on the results, IS Auditors will perform compliance tests, evaluate the results and if required, design substantive tests. CAATs can also be used to carry out detailed testing and collect evidences. Based on the results of these tests, IS Auditors would recommend suitable control measures as relevant Ashok Seth 3rd July 2008
21
General Uses and Applications of CAATs- for example
Exception identification Control analysis: Identify whether controls as set have been working as prescribed Error identification: Identify data which is inconsistent or erroneous. Statistical sampling Verification of calculations Completeness of data: Identify whether all fields have valid data. Contd Ashok Seth 3rd July 2008
22
Obsolescence of inventory Undeserved discounts for rapid payment
Duplicates Obsolescence of inventory Undeserved discounts for rapid payment Accounts exceeding authorized limit Overdue invoices Ashok Seth 3rd July 2008
23
Strategies for using CAATs
Identify the goals and objectives of the investigation or audit Identify what information will be required Determine what the sources of the information Identify who is responsible for the information Review documentation to know the type of data in the system Review documentation to know flow of data, understand data, Know what each field in the data set represents and how it might be relevant. Contd Ashok Seth 3rd July 2008
24
Develop a plan for analyzing the data
What - Specific objectives that should be addressed by the analysis When – Define the period of time that will be audited, and secure the data for that period Where – Define the sources of the data to be analyzed (Accounts payable, payroll) Why – Reason for performing the tests and analysis (general review, fraud audit) How – The types of analysis planned to be carried out by the audit Ashok Seth 3rd July 2008
25
Precautions in using CAATs
Identify correctly data to be audited Collecting the relevant and correct data files Identify all the important fields that need to be accessed from the system State in advance the format the data can be downloaded and define the fields correctly Ensure the data represent the audit universe correctly & completely. Ensure the data analysis is relevant and complete. Contd Ashok Seth 3rd July 2008
26
Perform substantive testing as required.
Information provided by CAATs could be only indicators of problems as relevant and perform detailed testing as required. Ashok Seth 3rd July 2008
27
THANK YOU Ashok Seth 3rd July 2008
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.