audit in computerized environment n.
Skip this Video
Loading SlideShow in 5 Seconds..
Download Presentation


946 Views Download Presentation
Download Presentation


- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript


  2. Change in the Environment • Technological Revolution. • Increase in Volumes & Complexities of transactions. • Time & Information became most sought after. • Fall in Prices of Computer Hardware. • Availability of user friendly software. Ashok Seth

  3. Graduate from • Tick to Click & • Mouse to CAAT Ashok Seth

  4. No Change in overall objective • To establish reliability & integrity of information • To assess compliance with policies, laws & regulations • To see that assets are being safeguarded • To appraise economical & efficient use of resources • Accomplishment of established objectives & goals Ashok Seth

  5. Effect of EDP Environment • On procedures in obtaining sufficient understanding of accounting & internal control systems • On risk assessment method to be followed • Designing of tests of control and substantive procedures to meet audit objective Ashok Seth

  6. EDP Characteristics • Uniform Processing of Transactions • Potential for undetected errors & irregularities • Transaction Trail may be available for short duration or only in electronic form. • Automatic initiation & subsequent execution of transaction by computer Ashok Seth

  7. Problems with EDP systems • Unauthorized persons may gain access to data or program • Transactions may not be completely processed • Data may become corrupt giving wrong report • Programmers may make unauthorized changes to software • Difficult to Trace input errors • Lack of Supervisory controls Ashok Seth

  8. Audit Approach • Auditing Around Computers • Auditing through Computers Ashok Seth

  9. Auditing Around Computers • Involves selection of representative sample of source documents and tracing them to final destination • The controls and procedures used in processing the data were considered unimportant Ashok Seth

  10. Auditing Through Computers • This approach de-emphasizes testing of records and focuses on the examination of the processing system to enhance the probability of system generated records being accurate. Ashok Seth

  11. Auditing Through Computers- Steps: - • Review and evaluation of systems of controls • Verification of record contents and generation of evidential information (Audit Evidence) from database Ashok Seth

  12. EDP Controls • General EDP Controls • EDP Application Controls Ashok Seth

  13. General EDP Controls • Access controls: - to prevent • Unauthorized access to online terminal devices, programs and data • Entry of unauthorized transactions • Unauthorized changes to data files. • Use of programs that have not been authorized. • Controls over passwords Ashok Seth

  14. Contd • Programming Controls to prevent or detect improper changes to programs. The access may be restricted through program development libraries. The changes in programs are required to be documented. • Transaction Logs- Reports which are designed to create audit trail Ashok Seth

  15. EDP Application Controls • Pre Processing Authorization • Changes to standing data • Data Processing controls, reasonableness and other validation tests. • Cut off procedures • File Controls procedures- to ensure correct data files are used. • Balancing:- process of establishing control totals to ensure accuracy Ashok Seth

  16. Computer Assisted Audit Techniques (CAATs) Includes: - • Test Data Techniques • Generalized audit software (GAS) • Utility Software Ashok Seth

  17. Test Data techniques • Live Processing with dummy data • Dummy processing with dummy data • Integrated test facility • On line testing Ashok Seth

  18. Why CAATs • Absence of input documents or the lack of a visible audit trail • Effectiveness and Efficiency of auditing procedures improved • Information processing environments pose a stiff challenge to collect sufficient, relevant and useful evidences since the evidence exists on magnetic media and can only be examined using CAATs. • With systems having different hardware and software environments, different data structure, record formats, processing functions, etc , it is almost impossible for the auditors to collect evidence without a software tool to collect and analyze the records Ashok Seth

  19. Functional Capabilities of CAATs • File access: Enables the reading of different record formats and file structures • File reorganization: Enables the indexing, sorting, merging and linking with another file • Data selection: Enables global filtration conditions and selection criteria • Statistical functions: Enables sampling, stratification and frequency analysis. • Arithmetical functions: These functions facilitate re-computations and re-performance of results. Ashok Seth

  20. How to use CAATs? • Set the objective of the CAAT application • Determine the content and accessibility of the entity's files • Define the transaction types to be tested • Define the procedures to be performed on the data • Define the output requirements • Identify the audit and IT personnel who may participate in the design and use of tests for CAATs. Ashok Seth

  21. General Uses and Applications of CAATs- for example • Exception identification • Control analysis: Identify whether controls as set have been working as prescribed • Error identification: Identify data which is inconsistent or erroneous. • Statistical sampling • Verification of calculations • Completeness of data: Identify whether all fields have valid data. • Contd Ashok Seth

  22. Duplicates • Obsolescence of inventory • Undeserved discounts for rapid payment • Accounts exceeding authorized limit • Overdue invoices Ashok Seth

  23. Strategies for using CAATs • Identify the goals and objectives of the investigation or audit • Identify what information will be required • Determine what the sources of the information • Identify who is responsible for the information • Review documentation to know the type of data in the system • Review documentation to know flow of data, understand data, Know what each field in the data set represents and how it might be relevant. • Contd Ashok Seth

  24. Develop a plan for analyzing the data • What - Specific objectives that should be addressed by the analysis • When – Define the period of time that will be audited, and secure the data for that period • Where – Define the sources of the data to be analyzed (Accounts payable, payroll) • Why – Reason for performing the tests and analysis (general review, fraud audit) • How – The types of analysis planned to be carried out by the audit Ashok Seth

  25. Precautions in using CAATs • Identify correctly data to be audited • Collecting the relevant and correct data files • Identify all the important fields that need to be accessed from the system • State in advance the format the data can be downloaded and define the fields correctly • Ensure the data represent the audit universe correctly & completely. • Ensure the data analysis is relevant and complete. • Contd Ashok Seth

  26. Perform substantive testing as required. • Information provided by CAATs could be only indicators of problems as relevant and perform detailed testing as required. Ashok Seth

  27. THANK YOU Ashok Seth