1. CHAPTER 6
AUDITING IN COMPUTERISED
INFORMATION SYSTEM ENVIRONMENT
NOR AMALIA BINTI AHAD
10DAT11F2027
NORMASTURA BINTI AHMAD
10DAT11F2039
SITI NABILAH BINTI ABDULLAH
10DAT11F2042
NUR SYUHADA BINTI RUSLAN
10DAT11F2048
2. 6.1.1 Describe The Changing
Information Of Technology and
Implication For Auditing
People are constantly looking for online activities and expect
faster delivery. In accounting as well as auditing, IT plays a
vital role in producing reliable and timely financial statements
and reports.
Most companies use IT to improve company internal control
system through the addition of new control procedure through
computer and replacing the manual control due to the
likelihood of possible human error.
5. Electronic Data Processing (EDP)
The basic financial reporting :
Statement of financial position (balance
sheet)
Profit and Loss account
Statement of cash flows
Statement of changes in equity
6. Advantages and Disadvantages of Using
IT Systems
Advantages Disadvantages
• Easier to have instant data
processing compared to manual
data processing.
• The use of electronic data
processing has resulted in
decreased vacancies for job
searchers like accountant
• More accurate and effective
time of transactions.
• High cost for companies as
effective electronic data
processing software tends to be
expensive.
• Increase performances
especially in manufacturing
industries and related industries
due to improved the inventory
automated systems.
• Additional cost for support
and backup systems in the
event of power failure.
7. Implication
From manual control to electronic environment :
Traditional paperwork in which the auditor can see and
feel the printed marks evidencing transaction are carried
out online and most cases in ‘real time’.
Generally looks for the authorizing signatures on the
papers evidencing the transactions and Electronic.
It processing environment such authority is evidenced by
the user of identification codes and passwords which are
all physically invisible.
The level of complexity can be classified into 2
level that is low and high.
8. 6.1.2 Determine the level of
complexity in computerized
information system environment
1. EDP systems can be defined by their technical
complexity and the extent to which they are used in an
organization.
2. Technical complexity :
Online-line processing
- An online system allows direct access
into the computer. Transactions can be put directly into the
system so that master files are updated at time the entry is
made.
9. Communication systems
- Communication channels can connect the computer
directly to users anywhere in the world.
Distributed processing
-When the computing function is apportioned among
CPUs spread geographically and connected by a
communication system.
Data Base Management
- As the volume and uses of computer-processed data
expand, data on different files are often redundant.
-The effect is inefficient use of file space and the need
to update files continually.
10. 6.1.3 General Control CIS
Control Descriptions
The it control
environment
• The IT government structure
• How IT risk are identified, mitigated
and managed
• The information system, strategic plan
and budget
• The organizational structure and
segregation of duties
Day-to-day computer
operations
• Acquisition, installations,
configuration, integration and
maintenance of the IT infrastructure
• Delivery of information service to user
• Management of third-party provider
11. Access to program and data • Security of passwords
• Internet firewalls and remote access
controls
• Data encryption and cryptographic
keys
Program development and
program changes
• Acquisition and implementation of
new applications
• System development and quality
assurance methodology
Monitoring of IT operations • Policies and procedures regarding
the information system and reporting
that ensure that user comply with IT
general control.
12. Application Control On CIS
1. Application control is controls within a computer application
to ensure- completeness, accuracy of input, processing and
validity of the resulting accounting entries.
2. The main aim is to ensure Validity, completeness and
accuracy of accounting data.
3. Application controls classified into:
a) Input controls
b) Processing controls
c) Output controls
13. a) Input controls
The main aim of input controls is to reduce errors in the data
entered in the system for processing. Input controls include
checking and ensuring that :
- Input data are authorized by the appropriate official.
- Data represent valid record of actual transaction
- Correctly classified for the purpose of accounting.
Example : - Sequence checks
- Batch control
14. b) Processing controls
There are divided into mechanical and programmed
controls.
Programmed control are done during the system
development to ensure that only data related to a particular
transaction is processed and not otherwise.
c) Output Controls
Controls relating to input and processing itself with the final
objective.
Relates precisely to the original input.
Represents the outcome of a valid and tested program of
instructions.
15. 6.1.4 The Plan An Audit Strategic
1) Ensure that these is adequate compliance and substantive
procedures and transmitted date are correct and completed.
2) Apply professional scepticism by cross verification of
record, reconciliation between primary and subsidiary
ledger, questioning and critical assessment of audit
evidence.
3) The audit which may be affected by the client CIS
environment.
16. An application may be considered to be complex when:
a) The volume of transactions is such that users would find
it difficult to identify and correct error processing.
b) The computer automatically generate material
transactions or entries directly to another application.
c) The computer perform complicated computations of
financial information and automatically generates
material transaction.
17. 6.2 .1 The Concept Of Computer
Assisted Audit Techniques
(CAAT)
CAAT’s are computer programs and data that the auditor
uses as part of the audit procedures to process data of audit
significance contained in a client computer information
system (CIS).
Auditor's use of a computer-assisted audit technique is
something special- normally the techniques used by an
auditor are not computer assisted.
18. The term CAAT refers to the use of certain software that
can be used by the auditor to perform audits and to achieve
the goals of auditing.
CAATs offer much needed help a the audit technology
tools facilitate more granular analysis of data and help to
determine the accuracy of the information.
19. 6.2.2 Types Of CAATs
I. Generalized Audit Software (GAS)
Comprises computer programs used for audit purposes to
process data audit significance from the client accounting
system.
It is used by the auditor to examine the entity computer
files and may be used during both test of control and
substantive testing of transactions and balances.
II. Test Data
Test data is data submitted by the auditor for processing
by the clients computer based accounting system.
The review of an application system will provide
information about internal controls built in the system.
20. III. Utility Software
Utility software is the subset of software, such as database
management systems report generators, that provides
evidence to the auditors about system control effectiveness.
IV. The audit-expert system
The audit expert system will give direction and valuable
information to all levels of auditors while carrying out the
audit because the-based system knowledge-base of the senior
auditors and managers.
21. The Advantages Of CAAT
Independently access the data stored on a computer system
without dependence on the client
Test the reliability of client software, for example the IT
application controls
Increase the accuracy of audit tests
Perform audit tests more efficiently, which in the long-term
will result in a more cost effective audit.
22. 6.2.3 Method Audit Computerized
Information System (CIS)
1) Auditing around the computer
This approach, the auditor is not using computer control to
reduce assessed control risk.
Instead, the auditor uses manual controls to support reduced
control risk assessment.
Often, smaller companies lack dedicated IT personnel, or
they rely on periodic involvement of IT consultants to assist
in installing and maintaining hardware and software.
Auditing around the computer is effective because these
system often produce sufficient audit trails to permit auditor
to compare source documents.
23. 2) Auditing through the computer
as organisations expand their use of IT, internal controls are
often embedded in applications that are visible only in
electronic form.
24. Example Of Auditing Around And Through The
Computer
Internal Control Auditing Around the
Computer Approach
Auditing Through
the Computer
Approach
1. Credit is approved
for sales on account
Select a sample of
sales transaction from
the journal and obtain
the related customer
sales order
Obtain a copy of the
client sales
applications program
and related credit limit
master file
2. Payroll is processed
only
Select a sample of
payroll disbursements
from the payroll
journal
Create a test data file
of valid and invalid
employee ID number