AUDIT IN COMPUTERIZED ENVIRONMENT Change in the Environment

to enhance the probability of system generated records being accurate. Auditing Through Computers- Steps: -

Technological Revolution. Increase in Volumes & Complexities of transactions. Time & Information became most sought after. Fall in Prices of Computer Hardware. Availability of user friendly software.

Review and evaluation of systems of controls Verification of record contents and generation of evidential information (Audit Evidence) from database

EDP Controls

No Change in overall objective General EDP Controls To establish reliability & integrity of information To assess compliance with policies, laws & regulations To see that assets are being safeguarded To appraise economical & efficient use of resources Accomplishment of established objectives & goals Access controls: - to prevent Unauthorized access to online terminal devices, programs and data Entry of unauthorized transactions Unauthorized changes to data files. Use of programs that have not been authorized. Controls over passwords Programming Controls to prevent or detect improper changes to programs. The access may be restricted through program development libraries. The changes in programs are required to be documented. Transaction Logs- Reports which are designed to create audit trail

Effect of EDP Environment On procedures in obtaining sufficient understanding of accounting & internal control systems On risk assessment method to be followed Designing of tests of control and substantive procedures to meet audit objective

EDP Characteristics Uniform Processing of Transactions Potential for undetected errors & irregularities Transaction Trail may be available for short duration or only in electronic form. Automatic initiation & subsequent execution of transaction by computer

EDP Application Controls Pre Processing Authorization Changes to standing data Data Processing controls, reasonableness and other validation tests. Cut off procedures File Controls procedures- to ensure correct data files are used. Balancing:- process of establishing control totals to ensure accuracy

Problems with EDP systems Unauthorized persons may gain access to data or program Transactions may not be completely processed Data may become corrupt giving wrong report Programmers may make unauthorized changes to software Difficult to Trace input errors Lack of Supervisory controls

Computer Assisted Audit Techniques (CAATs) Includes: Test Data techniques Live Processing with dummy data Dummy processing with dummy data Integrated test facility On line testing Generalized audit software (GAS) Utility Software

Audit Approach

Auditing Around Computers Involves selection of representative sample of source documents and tracing them to final destination The controls and procedures used in processing the data were considered unimportant

Why CAATs Absence of input documents or the lack of a visible audit trail Effectiveness and Efficiency of auditing procedures improved Information processing environments pose a stiff challenge to collect sufficient, relevant and useful evidences since the evidence exists on magnetic media and can only be examined using CAATs.

Auditing Through Computers This approach de-emphasizes testing of records and focuses on the examination of the processing system

With systems having different hardware and software environments, different data structure, record formats, processing functions, etc , it is almost impossible for the auditors to collect evidence without a software tool to collect and analyze the records

Functional Capabilities of CAATs File access: Enables the reading of different record formats and file structures File reorganization: Enables the indexing, sorting, merging and linking with another file Data selection: Enables global filtration conditions and selection criteria Statistical functions: Enables sampling, stratification and frequency analysis. Arithmetical functions: These functions facilitate recomputations and re-performance of results.

What - Specific objectives that should be addressed by the analysis When Define the period of time that will be audited, and secure the data for that period Where Define the sources of the data to be analyzed (Accounts payable, payroll) Why Reason for performing the tests and analysis (general review, fraud audit) How The types of analysis planned to be carried out by the audit

Precautions in using CAATs Identify correctly data to be audited Collecting the relevant and correct data files Identify all the important fields that need to be accessed from the system State in advance the format the data can be downloaded and define the fields correctly Ensure the data represent the audit universe correctly & completely. Ensure the data analysis is relevant and complete. Perform substantive testing as required. Information provided by CAATs could be only indicators of problems as relevant and perform detailed testing as required.

How to use CAATs? Set the objective of the CAAT application Determine the content and accessibility of the entity's files Define the transaction types to be tested Define the procedures to be performed on the data Define the output requirements Identify the audit and IT personnel who may participate in the design and use of tests for CAATs.

General Uses and Applications of CAATs- for example Exception identification Control analysis: Identify whether controls as set have been working as prescribed Error identification: Identify data which is inconsistent or erroneous. Statistical sampling Verification of calculations Completeness of data: Identify whether all fields have valid data. Duplicates Obsolescence of inventory Undeserved discounts for rapid payment Accounts exceeding authorized limit Overdue invoices

Strategies for using CAATs Identify the goals and objectives of the investigation or audit Identify what information will be required Determine what the sources of the information Identify who is responsible for the information Review documentation to know the type of data in the system Review documentation to know flow of data, understand data, and know what each field in the data set represents and how it might be relevant. Develop a plan for analyzing the data