SlideShare a Scribd company logo

Auditing in a computer environment copy

Download as PPT, PDF
Saleh Rashid
Saleh Rashid
TechnologyBusiness
1 of 48
AUDIT AND ASSURANCE SERVICES AUDITING IN A COMPUTER ENVIRONMENT.
AUDITING IN A COMPUTER ENVIRONMENT INTRODUCTION. In recent years, there has been development in the use of computers as a means of keeping the accounting records and producing financial information. This trend has brought about significant changes in the way the organisations process, store data, and disseminate information.
AUDITING IN A COMPUTER ENVIRONMENT INTRODUCTION. Hence a significant effect on internal control systems employed by the entity. This International Standard on Auditing (ISA 315) require the auditor to understand the entity and its Environment, including the entity’s internal control in order to assess the Risks of material misstatement in the financial statements.
AUDITING IN A COMPUTER ENVIRONMENT INTRODUCTION. In a Computerized environment it is expected that the auditor should satisfy himself that the controls are adequate enough to produce accurate and complete financial statements.
AUDITING IN A COMPUTER ENVIRONMENT In planning the portions of audit which may be affected by the clients environment the auditor should obtain an understanding of significance and complexity of computerised information system activities and the availability of data for use in the audit.
AUDITING IN A COMPUTER ENVIRONMENT Computerised environment includes the following: • Hardware (i.e. CPU, monitor, printers, zip drive, scanners • Software (Operating systems, database, application software etc. • The transmission media (i.e. wires, optical fiber cables and microwave links) • Network devices (i.e. modems, gateways etc)
AUDITING IN A COMPUTER ENVIRONMENT Risk aspect to consider in Computer Systems. Hardware-The computer may be stolen or damaged Unauthorized access-possibility for unauthorized users to obtain information held on file. System breakdown-there may be a loss of data for example if there is power failure. Corrupt files.
AUDITING IN A COMPUTER ENVIRONMENT Further challenges: 1. Evidence collection - challenge – Collecting evidence on the reliability of a computer system is often more complex than collecting evidence on the reliability of a manual system – Hence Auditors have to run through computer system themselves using Computer Assisted Audit Techniques (CAATS) if they are to collect the necessary evidence
AUDITING IN A COMPUTER ENVIRONMENT 2. Changes to Evidence Evaluation - challenge – Paper documents are inherently more reliable because alterations are generally apparent or may be uncovered by forensic analysis. By comparison, electronic documents in their uncontrolled state are highly vulnerable to forgery and unauthorised change.
AUDITING IN A COMPUTER ENVIRONMENT 3. Skill competence – challenge – The ISA makes it clear that auditors should have sufficient knowledge of the computerised information system to perform such audit effectively. These skills are very limited especially in developing country like Tanzania
AUDITING IN A COMPUTER ENVIRONMENT 4. Risks in a network environment - challenges – Threats to accountability - In a manual system, a person has to be physically present to handle a paper document. It is not the same in a networked computer system. In a network environment, an electronic document may be created, accessed, read, amended, deleted or replaced from anywhere at anytime and the true identity of the person responsible may not be known. – Ease of amendment - Computer software and data are stored and transmitted in an intangible form. They can be amended without any trace.
AUDITING IN A COMPUTER ENVIRONMENT – Ease of duplication - Computer files can be easily copied and made indistinguishable from the original. It is particularly important to prevent and to detect the duplication of electronic records which have financial value.
AUDITING IN A COMPUTER ENVIRONMENT – Internet risks - When an entity uses a private network for e-business, transactions are transmitted between trading partners through a value added network with access only to the network’s trading partners. In contrast if e- business is transacted over the Internet, which is a public network, the information being transmitted is vulnerable to being intercepted, altered, lost, diverted or replaced.
AUDITING IN A COMPUTER ENVIRONMENT Internet Risks. – Due to the open nature of the Internet, an organisation’s network that is connected to the Internet is also vulnerable to unauthorised access, computer viruses and denial-of- service attacks. These vulnerabilities put the authenticity of audit evidence at risk.
AUDITING IN A COMPUTER ENVIRONMENT Other challenges. • Lack of segregation of duties commonly in the past every transaction would probably be reviewed and processed by several people which is not the case in CIS. • The potential for fraud and error as result of system or program faults. Once a fault is in a system, the system processes incorrectly for ever as no human intervention or review may be included in the controls or the fault may simply not be visible as processing is not transparent e.g. use of wrong price for the sale of commodities or using a wrong wage-rate while paying wages and salaries to the employees
AUDITING IN A COMPUTER ENVIRONMENT Internal controls in ICT Environment. They are classified into: • General Control • Application Control
AUDITING IN A COMPUTER ENVIRONMENT General controls. Controls over general environment in which the system is developed, maintained and operated. They include: • Complete review, testing and approval of the system and programs before they become fully operational. • Competence of staff to implement the system
AUDITING IN A COMPUTER ENVIRONMENT • Authorization of any changes in the system by responsible official. • Segregation of duties so that different staffs perform the duties of system development, programming and data entry. • Access control- only authorized personnel should have access of hardware, programs and data files.
AUDITING IN A COMPUTER ENVIRONMENT • Stand by facilities for use in case of a temporary computer failure • Back-up facilities to avoid loss of data.
AUDITING IN A COMPUTER ENVIRONMENT Application controls classified into: a) Input controls b) Processing controls c) Output controls. The main aim is to ensure Validity, completeness and accuracy of accounting data.
AUDITING IN A COMPUTER ENVIRONMENT Application Control. Controls within a computer application to ensure- completeness, accuracy of input, processing and validity of the resulting accounting entries. They can be done foe specific areas of the system for example, control over sales, payroll, control over inventory and etc.
AUDITING IN A COMPUTER ENVIRONMENT Input controls The main aim of input controls is to reduce errors in the data entered in the system for processing. Input controls include checking and ensuring that: • Input data are authorized by the appropriate official. • Data represent valid record of actual transaction • Correctly classified for the purpose of accounting.
AUDITING IN A COMPUTER ENVIRONMENT Input control-examples Sequence checks. Transactions that are serially numbered should be in sequence and checked by the programs If sales invoice are serially numbered for example 010 to 0200; then if invoice numbered 14 recorded before 12 then the system should reject invoice number 14 until number 12 is posted.
AUDITING IN A COMPUTER ENVIRONMENT Batch control Group together the sum of either sales invoice, purchase invoice or whatever, them there totals should be obtained manually then compare with computer own generated totals.Any difference means an error to be traced and corrected.
AUDITING IN A COMPUTER ENVIRONMENT Digits check Ascertaining the validity of number digit. Reasonableness checks Input data should be checked to ensure data items are within pre-defined limits. For example on a payroll system, overtime hours recorded per day should fall within a certain range, let say 2hrs-8hrs.
AUDITING IN A COMPUTER ENVIRONMENT • Checking of data items should be done as the item are entered and users requested to correct mistakes before being allowed to enter further data items. • Transactions should not be allowed to proceed to further stages of processing unless they have been totally verified for accuracy or if key data items are missing.
AUDITING IN A COMPUTER ENVIRONMENT • All transactions should contain a unique reference number to aid tracking. • Sensitive data items should be subjected to independent verification by another user.
AUDITING IN A COMPUTER ENVIRONMENT Processing controls There are divided into mechanical and programmed controls. Programmed control are done during the system development to ensure that only data related to a particular transaction is processed and not otherwise.
AUDITING IN A COMPUTER ENVIRONMENT Output Controls Controls relating to input and processing itself with the final objective of ensuring that the output: • Relates precisely to the original input. • Represents the outcome of a valid and tested program of instructions. (eg, digit check, reasonableness checks)
AUDITING IN A COMPUTER ENVIRONMENT • Output reports are only accessed by the authorized personnel. • Output reports checked by someone as to their reasonableness.
AUDITING IN A COMPUTER ENVIRONMENT Approaches for Computer Audit. The basic approaches for computer audit are: a) Around the computer b) Through the computer
AUDITING IN A COMPUTER ENVIRONMENT Auditing around the computer. Under this approach the computer is treated as a Black Box and only input and output documents are reviewed. The controls and procedures used in processing the data are not considered important and the auditor ignores the programs that causes the transformation of the input data into output data.Instead,the auditor selects and test inputs against appropriate outputs and vice versa.
AUDITING IN A COMPUTER ENVIRONMENT If they matched and proved to be accurate and valid, then it is assumed that the system of control is operating properly.
AUDITING IN A COMPUTER ENVIRONMENT Advantages. i. Simple and straight forward approach which can be easily understood by anyone. ii. Extensive knowledge of the computer and data processing is not required for the auditor iii. Cost of audit resources is generally low.
AUDITING IN A COMPUTER ENVIRONMENT Disadvantages. i. Ignores the system of controls and hence fails to recognize pontential errors or weakness with the system ii. Represents the after-fact rather than preventive auditing iii. Amounts of auditing in nature of post mortem rather than preventive auditing.
AUDITING IN A COMPUTER ENVIRONMENT iv. The auditor fails to utilize the full potential of the computer to assist him. v. Increasing of printing expenses because of enormous print-out requirements (lot of data) of the auditor.
AUDITING IN A COMPUTER ENVIRONMENT Auditing through the computer. In this approach computer is treated as a white box. Auditing through the computer implies that the auditor makes use of the computer in carrying out his audit.Under this approch, auditor can test the processing and control systems.
AUDITING IN A COMPUTER ENVIRONMENT This technique requires two basic tasks: • The review and verification of source documents and • The actual testing of the computer program logic and program controls.
AUDITING IN A COMPUTER ENVIRONMENT Advantages. i. Utilizes the computer as a tool for performing auditing functions. ii. Forces the auditor to get more involved in the system, there by increasing his ability to perform more complex audit. iii. Test results are readily identifiable and can be used as measures of internal processing reliability
AUDITING IN A COMPUTER ENVIRONMENT iv. Increases service to clients because controls and operations are checked by the auditor v. Provide effective test processing logic and program controls.
AUDITING IN A COMPUTER ENVIRONMENT Disadvantages. i. Requires more computer time. ii. It is very expensive. iii. It requires extensive knowledge of computer and data processing by the auditor.
AUDITING IN A COMPUTER ENVIRONMENT Audit Trail. It is the means by which an individual transaction can be traced sequentially through the system from source to completion and its loss will mean that normal audit techniques will break-down. In order that audit trail to be provided, every transaction on a file should contains a unique reference back to the original source of input. Loss of audit trail may be due to lack of trace reference or sudden break down of computer hardware with all information destroyed.
AUDITING IN A COMPUTER ENVIRONMENT Computer assisted Audit Techniques (CAATs) CAATs are any automated audit techniques and they are important tools for the auditor in performing audits in computer environment. There are two main types: 1.Audit software 2.Test packs
AUDITING IN A COMPUTER ENVIRONMENT 1.Audit software. This consist of a set of instructions or programs that an audit uses to extract and examine client’s file. There are two categories • Generalized programs (by manufacturer) • Specialized/Purpose-written programs (by auditor or outside programmer)
AUDITING IN A COMPUTER ENVIRONMENT 2.Test packs. They consist of test data which is processed in the same manner as actual data. The auditor in this case prepares a test data and submits it for processing by the client computer program.The data include both valid and invalid transactions.They are designed to represent realistic operating conditions.
AUDITING IN A COMPUTER ENVIRONMENT The main aim of test packs is to test whether the clients system will be able to detect errors, or invalid transactions included.The resulting of computer processing are compared with predetermined results. It is very important to ensure that the progra being tested is the one which the client is using and has been in use throughout the year.
AUDITING IN A COMPUTER ENVIRONMENT Uses of CAATs. 1.In Substantive testing.Test of details of transactions and balances 2.Analytical review procedures to identify unusual fluctuations or items 3.Compiance test of Electronic data processing-e.g the use of test data to test the functioning of a programme.
AUDITING IN A COMPUTER ENVIRONMENT Considerations in the use of CAATs. 1.Computer knowledge, expertise and experience of the auditor. 2.Availability of CAATs and suitable computer facilities. 3.Timing 4.Impracticability of manual tests.

Recommended

Auditing in Computerized Environment
Auditing in Computerized EnvironmentAuditing in Computerized Environment
Auditing in Computerized Environment
Dr. Sushil Bansode
 
Auditing In Computer Environment Presentation
Auditing In Computer Environment PresentationAuditing In Computer Environment Presentation
Auditing In Computer Environment Presentation
EMAC Consulting Group
 
Audit.planning
Audit.planningAudit.planning
Audit.planning
Khalid Aziz
 
Audit documentation
Audit documentationAudit documentation
Audit documentation
Venkatesan Murali
 
04 Audit documentation
04 Audit documentation 04 Audit documentation
04 Audit documentation
CA. (Dr.) Rajkumar Adukia
 
Auditing in computerized environment.pptx
Auditing in computerized environment.pptxAuditing in computerized environment.pptx
Auditing in computerized environment.pptx
infantemiliya18
 
2. engagement letter
2. engagement letter2. engagement letter
2. engagement letter
Syed Osama Rizvi
 
Planning of audit
Planning of auditPlanning of audit
Planning of audit
Foluwa Amisu
 

Recommended

Auditing in Computerized Environment
Auditing in Computerized EnvironmentAuditing in Computerized Environment
Auditing in Computerized Environment
Dr. Sushil Bansode
 
Auditing In Computer Environment Presentation
Auditing In Computer Environment PresentationAuditing In Computer Environment Presentation
Auditing In Computer Environment Presentation
EMAC Consulting Group
 
Audit.planning
Audit.planningAudit.planning
Audit.planning
Khalid Aziz
 
Audit documentation
Audit documentationAudit documentation
Audit documentation
Venkatesan Murali
 
04 Audit documentation
04 Audit documentation 04 Audit documentation
04 Audit documentation
CA. (Dr.) Rajkumar Adukia
 
Auditing in computerized environment.pptx
Auditing in computerized environment.pptxAuditing in computerized environment.pptx
Auditing in computerized environment.pptx
infantemiliya18
 
2. engagement letter
2. engagement letter2. engagement letter
2. engagement letter
Syed Osama Rizvi
 
Planning of audit
Planning of auditPlanning of audit
Planning of audit
Foluwa Amisu
 
CHAPTER 1 AUDIT DOCUMENTATION
CHAPTER 1 AUDIT DOCUMENTATIONCHAPTER 1 AUDIT DOCUMENTATION
CHAPTER 1 AUDIT DOCUMENTATION
Amalina1234
 
Audit
AuditAudit
Audit
Hadia Sohail
 
COMPUTERIZED ACCOUNTING AND AUDITING TECHNIQUES (CAAT)
COMPUTERIZED ACCOUNTING AND AUDITING TECHNIQUES (CAAT)COMPUTERIZED ACCOUNTING AND AUDITING TECHNIQUES (CAAT)
COMPUTERIZED ACCOUNTING AND AUDITING TECHNIQUES (CAAT)
Rikesh Chaurasia
 
Internal controls in auditing
Internal controls in auditingInternal controls in auditing
Internal controls in auditing
Hardik Shah
 
Chapter 11, Tests of Controls
Chapter 11, Tests of ControlsChapter 11, Tests of Controls
Chapter 11, Tests of Controls
Sazzad Hossain, ITP, MBA, CSCA™
 
Introduction to caat
Introduction to caatIntroduction to caat
Introduction to caat
Arti Parab Academics
 
Verification and valuation of assets and liabilities
Verification and valuation of assets and liabilitiesVerification and valuation of assets and liabilities
Verification and valuation of assets and liabilities
suganyababu14
 
Auditing by CIS . Chapter 6
Auditing by CIS . Chapter 6Auditing by CIS . Chapter 6
Auditing by CIS . Chapter 6
Sharah Ayumi
 
Assertions in the Audit of Financial Statements (Audit)
Assertions in the Audit of Financial Statements (Audit)Assertions in the Audit of Financial Statements (Audit)
Assertions in the Audit of Financial Statements (Audit)
Artless Shakhawat
 
Varificationa & valuation of assets and liabilities
Varificationa & valuation of assets and liabilitiesVarificationa & valuation of assets and liabilities
Varificationa & valuation of assets and liabilities
Ashwitha shetty
 
9. audit evidence
9. audit evidence9. audit evidence
9. audit evidence
Syed Osama Rizvi
 
Audit & Investigation Presentation Module 1.pptx
Audit & Investigation Presentation Module 1.pptxAudit & Investigation Presentation Module 1.pptx
Audit & Investigation Presentation Module 1.pptx
MudugPrimaryandsecon
 
planning process in audit ppt
planning process in audit pptplanning process in audit ppt
planning process in audit ppt
KunalPatel257
 
Chapter 3
Chapter 3Chapter 3
Chapter 3
EasyStudy3
 
Computer aided audit techniques (CAAT) sourav mathur
Computer aided audit techniques (CAAT) sourav mathurComputer aided audit techniques (CAAT) sourav mathur
Computer aided audit techniques (CAAT) sourav mathur
sourav mathur
 
Ch 10. documentation
Ch 10. documentationCh 10. documentation
Ch 10. documentation
Sazzad Hossain, ITP, MBA, CSCA™
 
Unit 1 Introduction to Auditing
Unit 1 Introduction to AuditingUnit 1 Introduction to Auditing
Unit 1 Introduction to Auditing
Radhika Gohel
 
AUDIT PROGRAMME - PPT.pptx
AUDIT PROGRAMME - PPT.pptxAUDIT PROGRAMME - PPT.pptx
AUDIT PROGRAMME - PPT.pptx
HeldaMaryA
 
Unit 1 Introduction to Audit
Unit 1 Introduction to AuditUnit 1 Introduction to Audit
Unit 1 Introduction to Audit
Ajay Nazarene
 
The nature and purpose of auditing
The nature and purpose of auditingThe nature and purpose of auditing
The nature and purpose of auditing
Syed Ali Gohar Shah Shah
 
Audit and Assurance
Audit and AssuranceAudit and Assurance
Audit and Assurance
MuhamadSyawal7
 
Chapter 4 : Auditing and the information technology environment
Chapter 4 : Auditing and the information technology environmentChapter 4 : Auditing and the information technology environment
Chapter 4 : Auditing and the information technology environment
KugendranMani
 

More Related Content

What's hot

COMPUTERIZED ACCOUNTING AND AUDITING TECHNIQUES (CAAT)
COMPUTERIZED ACCOUNTING AND AUDITING TECHNIQUES (CAAT)COMPUTERIZED ACCOUNTING AND AUDITING TECHNIQUES (CAAT)
COMPUTERIZED ACCOUNTING AND AUDITING TECHNIQUES (CAAT)
Rikesh Chaurasia
 
Internal controls in auditing
Internal controls in auditingInternal controls in auditing
Internal controls in auditing
Hardik Shah
 
Auditing by CIS . Chapter 6
Auditing by CIS . Chapter 6Auditing by CIS . Chapter 6
Auditing by CIS . Chapter 6
Sharah Ayumi
 

What's hot (20)

CHAPTER 1 AUDIT DOCUMENTATION
CHAPTER 1 AUDIT DOCUMENTATIONCHAPTER 1 AUDIT DOCUMENTATION
CHAPTER 1 AUDIT DOCUMENTATION
 
Audit
AuditAudit
Audit
 
COMPUTERIZED ACCOUNTING AND AUDITING TECHNIQUES (CAAT)
COMPUTERIZED ACCOUNTING AND AUDITING TECHNIQUES (CAAT)COMPUTERIZED ACCOUNTING AND AUDITING TECHNIQUES (CAAT)
COMPUTERIZED ACCOUNTING AND AUDITING TECHNIQUES (CAAT)
 
Internal controls in auditing
Internal controls in auditingInternal controls in auditing
Internal controls in auditing
 
Chapter 11, Tests of Controls
Chapter 11, Tests of ControlsChapter 11, Tests of Controls
Chapter 11, Tests of Controls
 
Introduction to caat
Introduction to caatIntroduction to caat
Introduction to caat
 
Verification and valuation of assets and liabilities
Verification and valuation of assets and liabilitiesVerification and valuation of assets and liabilities
Verification and valuation of assets and liabilities
 
Auditing by CIS . Chapter 6
Auditing by CIS . Chapter 6Auditing by CIS . Chapter 6
Auditing by CIS . Chapter 6
 
Assertions in the Audit of Financial Statements (Audit)
Assertions in the Audit of Financial Statements (Audit)Assertions in the Audit of Financial Statements (Audit)
Assertions in the Audit of Financial Statements (Audit)
 
Varificationa & valuation of assets and liabilities
Varificationa & valuation of assets and liabilitiesVarificationa & valuation of assets and liabilities
Varificationa & valuation of assets and liabilities
 
9. audit evidence
9. audit evidence9. audit evidence
9. audit evidence
 
Audit & Investigation Presentation Module 1.pptx
Audit & Investigation Presentation Module 1.pptxAudit & Investigation Presentation Module 1.pptx
Audit & Investigation Presentation Module 1.pptx
 
planning process in audit ppt
planning process in audit pptplanning process in audit ppt
planning process in audit ppt
 
Chapter 3
Chapter 3Chapter 3
Chapter 3
 
Computer aided audit techniques (CAAT) sourav mathur
Computer aided audit techniques (CAAT) sourav mathurComputer aided audit techniques (CAAT) sourav mathur
Computer aided audit techniques (CAAT) sourav mathur
 
Ch 10. documentation
Ch 10. documentationCh 10. documentation
Ch 10. documentation
 
Unit 1 Introduction to Auditing
Unit 1 Introduction to AuditingUnit 1 Introduction to Auditing
Unit 1 Introduction to Auditing
 
AUDIT PROGRAMME - PPT.pptx
AUDIT PROGRAMME - PPT.pptxAUDIT PROGRAMME - PPT.pptx
AUDIT PROGRAMME - PPT.pptx
 
Unit 1 Introduction to Audit
Unit 1 Introduction to AuditUnit 1 Introduction to Audit
Unit 1 Introduction to Audit
 
The nature and purpose of auditing
The nature and purpose of auditingThe nature and purpose of auditing
The nature and purpose of auditing
 

Similar to Auditing in a computer environment copy

Sushant edp
Sushant edpSushant edp
Sushant edp
zalak007
 
Core Areas of a CA- Interlinked with computers
Core Areas of a CA- Interlinked with computersCore Areas of a CA- Interlinked with computers
Core Areas of a CA- Interlinked with computers
Shikha Gupta
 

Similar to Auditing in a computer environment copy (20)

Audit and Assurance
Audit and AssuranceAudit and Assurance
Audit and Assurance
 
Chapter 4 : Auditing and the information technology environment
Chapter 4 : Auditing and the information technology environmentChapter 4 : Auditing and the information technology environment
Chapter 4 : Auditing and the information technology environment
 
Chapter 6
Chapter 6Chapter 6
Chapter 6
 
Bankauditin it env
Bankauditin it envBankauditin it env
Bankauditin it env
 
bankauditinITEnv
bankauditinITEnvbankauditinITEnv
bankauditinITEnv
 
bankauditinITEnv
bankauditinITEnvbankauditinITEnv
bankauditinITEnv
 
Bankauditin it env
Bankauditin it envBankauditin it env
Bankauditin it env
 
3.42211- CIS Audit.pdf
3.42211- CIS Audit.pdf3.42211- CIS Audit.pdf
3.42211- CIS Audit.pdf
 
Chapter-2-Control-Audit-Security-ioenotes.pptx
Chapter-2-Control-Audit-Security-ioenotes.pptxChapter-2-Control-Audit-Security-ioenotes.pptx
Chapter-2-Control-Audit-Security-ioenotes.pptx
 
Introduction to computerised accounting
Introduction to computerised accountingIntroduction to computerised accounting
Introduction to computerised accounting
 
CISA_WK_1.pptx
CISA_WK_1.pptxCISA_WK_1.pptx
CISA_WK_1.pptx
 
Information system audit 2
Information system audit 2 Information system audit 2
Information system audit 2
 
Computerized Environment
Computerized EnvironmentComputerized Environment
Computerized Environment
 
Sushant edp
Sushant edpSushant edp
Sushant edp
 
CONTROL AND AUDIT
CONTROL AND AUDITCONTROL AND AUDIT
CONTROL AND AUDIT
 
Core Areas of a CA- Interlinked with computers
Core Areas of a CA- Interlinked with computersCore Areas of a CA- Interlinked with computers
Core Areas of a CA- Interlinked with computers
 
The Importance of Security within the Computer Environment
The Importance of Security within the Computer EnvironmentThe Importance of Security within the Computer Environment
The Importance of Security within the Computer Environment
 
audit_it_250759.pdf
audit_it_250759.pdfaudit_it_250759.pdf
audit_it_250759.pdf
 
3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...
 
IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...
 

Recently uploaded

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 

Recently uploaded (20)

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 

Auditing in a computer environment copy

  • 1. AUDIT AND ASSURANCE SERVICES AUDITING IN A COMPUTER ENVIRONMENT.
  • 2. AUDITING IN A COMPUTER ENVIRONMENT INTRODUCTION. In recent years, there has been development in the use of computers as a means of keeping the accounting records and producing financial information. This trend has brought about significant changes in the way the organisations process, store data, and disseminate information.
  • 3. AUDITING IN A COMPUTER ENVIRONMENT INTRODUCTION. Hence a significant effect on internal control systems employed by the entity. This International Standard on Auditing (ISA 315) require the auditor to understand the entity and its Environment, including the entity’s internal control in order to assess the Risks of material misstatement in the financial statements.
  • 4. AUDITING IN A COMPUTER ENVIRONMENT INTRODUCTION. In a Computerized environment it is expected that the auditor should satisfy himself that the controls are adequate enough to produce accurate and complete financial statements.
  • 5. AUDITING IN A COMPUTER ENVIRONMENT In planning the portions of audit which may be affected by the clients environment the auditor should obtain an understanding of significance and complexity of computerised information system activities and the availability of data for use in the audit.
  • 6. AUDITING IN A COMPUTER ENVIRONMENT Computerised environment includes the following: • Hardware (i.e. CPU, monitor, printers, zip drive, scanners • Software (Operating systems, database, application software etc. • The transmission media (i.e. wires, optical fiber cables and microwave links) • Network devices (i.e. modems, gateways etc)
  • 7. AUDITING IN A COMPUTER ENVIRONMENT Risk aspect to consider in Computer Systems. Hardware-The computer may be stolen or damaged Unauthorized access-possibility for unauthorized users to obtain information held on file. System breakdown-there may be a loss of data for example if there is power failure. Corrupt files.
  • 8. AUDITING IN A COMPUTER ENVIRONMENT Further challenges: 1. Evidence collection - challenge – Collecting evidence on the reliability of a computer system is often more complex than collecting evidence on the reliability of a manual system – Hence Auditors have to run through computer system themselves using Computer Assisted Audit Techniques (CAATS) if they are to collect the necessary evidence
  • 9. AUDITING IN A COMPUTER ENVIRONMENT 2. Changes to Evidence Evaluation - challenge – Paper documents are inherently more reliable because alterations are generally apparent or may be uncovered by forensic analysis. By comparison, electronic documents in their uncontrolled state are highly vulnerable to forgery and unauthorised change.
  • 10. AUDITING IN A COMPUTER ENVIRONMENT 3. Skill competence – challenge – The ISA makes it clear that auditors should have sufficient knowledge of the computerised information system to perform such audit effectively. These skills are very limited especially in developing country like Tanzania
  • 11. AUDITING IN A COMPUTER ENVIRONMENT 4. Risks in a network environment - challenges – Threats to accountability - In a manual system, a person has to be physically present to handle a paper document. It is not the same in a networked computer system. In a network environment, an electronic document may be created, accessed, read, amended, deleted or replaced from anywhere at anytime and the true identity of the person responsible may not be known. – Ease of amendment - Computer software and data are stored and transmitted in an intangible form. They can be amended without any trace.
  • 12. AUDITING IN A COMPUTER ENVIRONMENT – Ease of duplication - Computer files can be easily copied and made indistinguishable from the original. It is particularly important to prevent and to detect the duplication of electronic records which have financial value.
  • 13. AUDITING IN A COMPUTER ENVIRONMENT – Internet risks - When an entity uses a private network for e-business, transactions are transmitted between trading partners through a value added network with access only to the network’s trading partners. In contrast if e- business is transacted over the Internet, which is a public network, the information being transmitted is vulnerable to being intercepted, altered, lost, diverted or replaced.
  • 14. AUDITING IN A COMPUTER ENVIRONMENT Internet Risks. – Due to the open nature of the Internet, an organisation’s network that is connected to the Internet is also vulnerable to unauthorised access, computer viruses and denial-of- service attacks. These vulnerabilities put the authenticity of audit evidence at risk.
  • 15. AUDITING IN A COMPUTER ENVIRONMENT Other challenges. • Lack of segregation of duties commonly in the past every transaction would probably be reviewed and processed by several people which is not the case in CIS. • The potential for fraud and error as result of system or program faults. Once a fault is in a system, the system processes incorrectly for ever as no human intervention or review may be included in the controls or the fault may simply not be visible as processing is not transparent e.g. use of wrong price for the sale of commodities or using a wrong wage-rate while paying wages and salaries to the employees
  • 16. AUDITING IN A COMPUTER ENVIRONMENT Internal controls in ICT Environment. They are classified into: • General Control • Application Control
  • 17. AUDITING IN A COMPUTER ENVIRONMENT General controls. Controls over general environment in which the system is developed, maintained and operated. They include: • Complete review, testing and approval of the system and programs before they become fully operational. • Competence of staff to implement the system
  • 18. AUDITING IN A COMPUTER ENVIRONMENT • Authorization of any changes in the system by responsible official. • Segregation of duties so that different staffs perform the duties of system development, programming and data entry. • Access control- only authorized personnel should have access of hardware, programs and data files.
  • 19. AUDITING IN A COMPUTER ENVIRONMENT • Stand by facilities for use in case of a temporary computer failure • Back-up facilities to avoid loss of data.
  • 20. AUDITING IN A COMPUTER ENVIRONMENT Application controls classified into: a) Input controls b) Processing controls c) Output controls. The main aim is to ensure Validity, completeness and accuracy of accounting data.
  • 21. AUDITING IN A COMPUTER ENVIRONMENT Application Control. Controls within a computer application to ensure- completeness, accuracy of input, processing and validity of the resulting accounting entries. They can be done foe specific areas of the system for example, control over sales, payroll, control over inventory and etc.
  • 22. AUDITING IN A COMPUTER ENVIRONMENT Input controls The main aim of input controls is to reduce errors in the data entered in the system for processing. Input controls include checking and ensuring that: • Input data are authorized by the appropriate official. • Data represent valid record of actual transaction • Correctly classified for the purpose of accounting.
  • 23. AUDITING IN A COMPUTER ENVIRONMENT Input control-examples Sequence checks. Transactions that are serially numbered should be in sequence and checked by the programs If sales invoice are serially numbered for example 010 to 0200; then if invoice numbered 14 recorded before 12 then the system should reject invoice number 14 until number 12 is posted.
  • 24. AUDITING IN A COMPUTER ENVIRONMENT Batch control Group together the sum of either sales invoice, purchase invoice or whatever, them there totals should be obtained manually then compare with computer own generated totals.Any difference means an error to be traced and corrected.
  • 25. AUDITING IN A COMPUTER ENVIRONMENT Digits check Ascertaining the validity of number digit. Reasonableness checks Input data should be checked to ensure data items are within pre-defined limits. For example on a payroll system, overtime hours recorded per day should fall within a certain range, let say 2hrs-8hrs.
  • 26. AUDITING IN A COMPUTER ENVIRONMENT • Checking of data items should be done as the item are entered and users requested to correct mistakes before being allowed to enter further data items. • Transactions should not be allowed to proceed to further stages of processing unless they have been totally verified for accuracy or if key data items are missing.
  • 27. AUDITING IN A COMPUTER ENVIRONMENT • All transactions should contain a unique reference number to aid tracking. • Sensitive data items should be subjected to independent verification by another user.
  • 28. AUDITING IN A COMPUTER ENVIRONMENT Processing controls There are divided into mechanical and programmed controls. Programmed control are done during the system development to ensure that only data related to a particular transaction is processed and not otherwise.
  • 29. AUDITING IN A COMPUTER ENVIRONMENT Output Controls Controls relating to input and processing itself with the final objective of ensuring that the output: • Relates precisely to the original input. • Represents the outcome of a valid and tested program of instructions. (eg, digit check, reasonableness checks)
  • 30. AUDITING IN A COMPUTER ENVIRONMENT • Output reports are only accessed by the authorized personnel. • Output reports checked by someone as to their reasonableness.
  • 31. AUDITING IN A COMPUTER ENVIRONMENT Approaches for Computer Audit. The basic approaches for computer audit are: a) Around the computer b) Through the computer
  • 32. AUDITING IN A COMPUTER ENVIRONMENT Auditing around the computer. Under this approach the computer is treated as a Black Box and only input and output documents are reviewed. The controls and procedures used in processing the data are not considered important and the auditor ignores the programs that causes the transformation of the input data into output data.Instead,the auditor selects and test inputs against appropriate outputs and vice versa.
  • 33. AUDITING IN A COMPUTER ENVIRONMENT If they matched and proved to be accurate and valid, then it is assumed that the system of control is operating properly.
  • 34. AUDITING IN A COMPUTER ENVIRONMENT Advantages. i. Simple and straight forward approach which can be easily understood by anyone. ii. Extensive knowledge of the computer and data processing is not required for the auditor iii. Cost of audit resources is generally low.
  • 35. AUDITING IN A COMPUTER ENVIRONMENT Disadvantages. i. Ignores the system of controls and hence fails to recognize pontential errors or weakness with the system ii. Represents the after-fact rather than preventive auditing iii. Amounts of auditing in nature of post mortem rather than preventive auditing.
  • 36. AUDITING IN A COMPUTER ENVIRONMENT iv. The auditor fails to utilize the full potential of the computer to assist him. v. Increasing of printing expenses because of enormous print-out requirements (lot of data) of the auditor.
  • 37. AUDITING IN A COMPUTER ENVIRONMENT Auditing through the computer. In this approach computer is treated as a white box. Auditing through the computer implies that the auditor makes use of the computer in carrying out his audit.Under this approch, auditor can test the processing and control systems.
  • 38. AUDITING IN A COMPUTER ENVIRONMENT This technique requires two basic tasks: • The review and verification of source documents and • The actual testing of the computer program logic and program controls.
  • 39. AUDITING IN A COMPUTER ENVIRONMENT Advantages. i. Utilizes the computer as a tool for performing auditing functions. ii. Forces the auditor to get more involved in the system, there by increasing his ability to perform more complex audit. iii. Test results are readily identifiable and can be used as measures of internal processing reliability
  • 40. AUDITING IN A COMPUTER ENVIRONMENT iv. Increases service to clients because controls and operations are checked by the auditor v. Provide effective test processing logic and program controls.
  • 41. AUDITING IN A COMPUTER ENVIRONMENT Disadvantages. i. Requires more computer time. ii. It is very expensive. iii. It requires extensive knowledge of computer and data processing by the auditor.
  • 42. AUDITING IN A COMPUTER ENVIRONMENT Audit Trail. It is the means by which an individual transaction can be traced sequentially through the system from source to completion and its loss will mean that normal audit techniques will break-down. In order that audit trail to be provided, every transaction on a file should contains a unique reference back to the original source of input. Loss of audit trail may be due to lack of trace reference or sudden break down of computer hardware with all information destroyed.
  • 43. AUDITING IN A COMPUTER ENVIRONMENT Computer assisted Audit Techniques (CAATs) CAATs are any automated audit techniques and they are important tools for the auditor in performing audits in computer environment. There are two main types: 1.Audit software 2.Test packs
  • 44. AUDITING IN A COMPUTER ENVIRONMENT 1.Audit software. This consist of a set of instructions or programs that an audit uses to extract and examine client’s file. There are two categories • Generalized programs (by manufacturer) • Specialized/Purpose-written programs (by auditor or outside programmer)
  • 45. AUDITING IN A COMPUTER ENVIRONMENT 2.Test packs. They consist of test data which is processed in the same manner as actual data. The auditor in this case prepares a test data and submits it for processing by the client computer program.The data include both valid and invalid transactions.They are designed to represent realistic operating conditions.
  • 46. AUDITING IN A COMPUTER ENVIRONMENT The main aim of test packs is to test whether the clients system will be able to detect errors, or invalid transactions included.The resulting of computer processing are compared with predetermined results. It is very important to ensure that the progra being tested is the one which the client is using and has been in use throughout the year.
  • 47. AUDITING IN A COMPUTER ENVIRONMENT Uses of CAATs. 1.In Substantive testing.Test of details of transactions and balances 2.Analytical review procedures to identify unusual fluctuations or items 3.Compiance test of Electronic data processing-e.g the use of test data to test the functioning of a programme.
  • 48. AUDITING IN A COMPUTER ENVIRONMENT Considerations in the use of CAATs. 1.Computer knowledge, expertise and experience of the auditor. 2.Availability of CAATs and suitable computer facilities. 3.Timing 4.Impracticability of manual tests.