Presentation is loading. Please wait.

Presentation is loading. Please wait.

AUDIT IN COMPUTERIZED ENVIRONMENT

Published byArchibald Boone Modified over 8 years ago

Similar presentations

Presentation on theme: "AUDIT IN COMPUTERIZED ENVIRONMENT"— Presentation transcript:

1 AUDIT IN COMPUTERIZED ENVIRONMENT
Ashok Seth, B.Sc, F.C.A. DISA (ICI) Lucknow Chairman of the session CA Girish C Gupta ji, paper writers of this technical session, fellow brothers and dear students. It is indeed a pleasure to submit key note in the students seminar on the occasion of celeberation of Diamond Jubilee year of our Institute

2 Change in the Environment
Technological Revolution. Increase in Volumes & Complexities of transactions. Time & Information became most sought after. Fall in Prices of Computer Hardware. Availability of user friendly software. Ashok Seth 3rd July 2008

3 Graduate from Tick to Click & Mouse to CAAT Ashok Seth 3rd July 2008

4 No Change in overall objective
To establish reliability & integrity of information To assess compliance with policies, laws & regulations To see that assets are being safeguarded To appraise economical & efficient use of resources Accomplishment of established objectives & goals Ashok Seth 3rd July 2008

5 Effect of EDP Environment
On procedures in obtaining sufficient understanding of accounting & internal control systems On risk assessment method to be followed Designing of tests of control and substantive procedures to meet audit objective Ashok Seth 3rd July 2008

6 EDP Characteristics Uniform Processing of Transactions
Potential for undetected errors & irregularities Transaction Trail may be available for short duration or only in electronic form. Automatic initiation & subsequent execution of transaction by computer Ashok Seth 3rd July 2008

7 Problems with EDP systems
Unauthorized persons may gain access to data or program Transactions may not be completely processed Data may become corrupt giving wrong report Programmers may make unauthorized changes to software Difficult to Trace input errors Lack of Supervisory controls Ashok Seth 3rd July 2008

8 Audit Approach Auditing Around Computers Auditing through Computers
Ashok Seth 3rd July 2008

9 Auditing Around Computers
Involves selection of representative sample of source documents and tracing them to final destination The controls and procedures used in processing the data were considered unimportant Ashok Seth 3rd July 2008

10 Auditing Through Computers
This approach de-emphasizes testing of records and focuses on the examination of the processing system to enhance the probability of system generated records being accurate. Ashok Seth 3rd July 2008

11 Auditing Through Computers- Steps: -
Review and evaluation of systems of controls Verification of record contents and generation of evidential information (Audit Evidence) from database Ashok Seth 3rd July 2008

12 EDP Controls General EDP Controls EDP Application Controls Ashok Seth
The effectiveness or otherwise of these controls will determine the nature and extent of substantive verifications required Ashok Seth 3rd July 2008

13 General EDP Controls Access controls: - to prevent
Unauthorized access to online terminal devices, programs and data Entry of unauthorized transactions Unauthorized changes to data files. Use of programs that have not been authorized. Controls over passwords These include the use of passwords and specialized access control software and also physical controls Ashok Seth 3rd July 2008

14 Contd Programming Controls to prevent or detect improper changes to programs. The access may be restricted through program development libraries. The changes in programs are required to be documented. Transaction Logs- Reports which are designed to create audit trail Transaction Logs often documents the source of transactions also (terminal, Time and user) . Ashok Seth 3rd July 2008

15 EDP Application Controls
Pre Processing Authorization Changes to standing data Data Processing controls, reasonableness and other validation tests. Cut off procedures File Controls procedures- to ensure correct data files are used. Balancing:- process of establishing control totals to ensure accuracy Cut off procedures are important specially where there is continuous flow of transactions in a RTS. Changes to master files are required to be controlled more stringently. Ashok Seth 3rd July 2008

16 Computer Assisted Audit Techniques (CAATs)
Includes: - Test Data Techniques Generalized audit software (GAS) Utility Software Ashok Seth 3rd July 2008

17 Test Data techniques Live Processing with dummy data
Dummy processing with dummy data Integrated test facility On line testing The major problem is design of comprehensive set of transactions. In ITF test transactions are processed through the system in the production mode. The technique is particularly effective in situation where the visibility of the audit trail has been impaired or where the complexity of the system makes it difficult to trace the flow of transactions. On-line testing provides an effective means of testing edit and validation controls. When on line testing is used to test edit and validation controls, satisfactory results obtained from an attempt to enter an appropriate combination of valid and invalid transactions can convince the auditor that only valid transactions are accepted by the system. Ashok Seth 3rd July 2008

18 Why CAATs Absence of input documents or the lack of a visible audit trail Effectiveness and Efficiency of auditing procedures improved Information processing environments pose a stiff challenge to collect sufficient, relevant and useful evidences since the evidence exists on magnetic media and can only be examined using CAATs. With systems having different hardware and software environments, different data structure, record formats, processing functions, etc , it is almost impossible for the auditors to collect evidence without a software tool to collect and analyze the records Ashok Seth 3rd July 2008

19 Functional Capabilities of CAATs
File access: Enables the reading of different record formats and file structures File reorganization: Enables the indexing, sorting, merging and linking with another file Data selection: Enables global filtration conditions and selection criteria Statistical functions: Enables sampling, stratification and frequency analysis. Arithmetical functions: These functions facilitate re- computations and re-performance of results. Ashok Seth 3rd July 2008

20 How to use CAATs? Set the objective of the CAAT application
Determine the content and accessibility of the entity's files Define the transaction types to be tested Define the procedures to be performed on the data Define the output requirements Identify the audit and IT personnel who may participate in the design and use of tests for CAATs. IS Auditor need to have adequate computer knowledge, expertise and experience in using CAATs. They need to formulate appropriate methodology for using CAATs. This includes having a walk- through of the system to identify areas of weakness. Based on the results, IS Auditors will perform compliance tests, evaluate the results and if required, design substantive tests. CAATs can also be used to carry out detailed testing and collect evidences. Based on the results of these tests, IS Auditors would recommend suitable control measures as relevant Ashok Seth 3rd July 2008

21 General Uses and Applications of CAATs- for example
Exception identification Control analysis: Identify whether controls as set have been working as prescribed Error identification: Identify data which is inconsistent or erroneous. Statistical sampling Verification of calculations Completeness of data: Identify whether all fields have valid data. Contd Ashok Seth 3rd July 2008

22 Obsolescence of inventory Undeserved discounts for rapid payment
Duplicates Obsolescence of inventory Undeserved discounts for rapid payment Accounts exceeding authorized limit Overdue invoices Ashok Seth 3rd July 2008

23 Strategies for using CAATs
Identify the goals and objectives of the investigation or audit Identify what information will be required Determine what the sources of the information Identify who is responsible for the information Review documentation to know the type of data in the system Review documentation to know flow of data, understand data, Know what each field in the data set represents and how it might be relevant. Contd Ashok Seth 3rd July 2008

24 Develop a plan for analyzing the data
What - Specific objectives that should be addressed by the analysis When – Define the period of time that will be audited, and secure the data for that period Where – Define the sources of the data to be analyzed (Accounts payable, payroll) Why – Reason for performing the tests and analysis (general review, fraud audit) How – The types of analysis planned to be carried out by the audit Ashok Seth 3rd July 2008

25 Precautions in using CAATs
Identify correctly data to be audited Collecting the relevant and correct data files Identify all the important fields that need to be accessed from the system State in advance the format the data can be downloaded and define the fields correctly Ensure the data represent the audit universe correctly & completely. Ensure the data analysis is relevant and complete. Contd Ashok Seth 3rd July 2008

26 Perform substantive testing as required.
Information provided by CAATs could be only indicators of problems as relevant and perform detailed testing as required. Ashok Seth 3rd July 2008

27 THANK YOU Ashok Seth 3rd July 2008

Download ppt "AUDIT IN COMPUTERIZED ENVIRONMENT"

Similar presentations

Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.
Audit of Autonomous District Councils (in an IT environment using FAAM)

Audit of Autonomous District Councils (in an IT environment using FAAM)
Presented to the Tallahassee ISACA Chapter

Presented to the Tallahassee ISACA Chapter
Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
ITAuditing Using GAS & CAATs

ITAuditing Using GAS & CAATs
Auditing Concepts.

Auditing Concepts.
Information Technology Control Day IV Afternoon Sessions.

Information Technology Control Day IV Afternoon Sessions.
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
Learning Objectives LO5 Document an accounting system to identify key controls and weaknesses in order to assess control risk. LO6 Write key control tests.

Learning Objectives LO5 Document an accounting system to identify key controls and weaknesses in order to assess control risk. LO6 Write key control tests.
Auditing Computer Systems

Auditing Computer Systems
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
The Islamic University of Gaza

The Islamic University of Gaza
The Islamic University of Gaza

The Islamic University of Gaza
Internal Control Concepts Knowledge. Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance.

Internal Control Concepts Knowledge. Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance.
THE AUDITING OF INFORMATION SYSTEMS

THE AUDITING OF INFORMATION SYSTEMS
1 Output Controls Ensure that system output is not lost, misdirected, or corrupted and that privacy is not violated. Exposures of this sort can cause serious.

1 Output Controls Ensure that system output is not lost, misdirected, or corrupted and that privacy is not violated. Exposures of this sort can cause serious.
Pertemuan 7-8 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

Pertemuan 7-8 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
The Information Systems Audit Process

The Information Systems Audit Process
Auditing 81.3550 Auditing & Automated Systems Chapter 22 Auditing & Automated Systems Chapter 22.

Auditing Auditing & Automated Systems Chapter 22 Auditing & Automated Systems Chapter 22.
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley 11 - 1 The Impact of Information Technology on the Audit.

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley The Impact of Information Technology on the Audit.

Similar presentations

Ads by Google