EDP AUDIT
1. Current IT Trends :
(i) End user computing
(ii) Declining Hardware prices, increase in micro user
(iii) RDBM extensive use
(iv) System development and CASE tools adopted by many users..
(v) Shift from DOS to UNIX & C language.
(vi) Knowledge based and decision support systems.
(vii) Increased data communication and networking
(viii) Use of EDI (Electronic data interchange)
(ix) Scanners and voice recognition system for input.
2. Impact on Auditing :
(i) Unintentional Errors (inexperienced persons)
(ii) Program modification can take place with a view to fraud.
(iii) Improper use of DSS.
(iv) Auditors participation in SDLC is necessary.
(v) Use of sophisticated audit software.
(vi) Data communication and networking – new risk.
(vii) Data security problems.
(viii) Move towards EDI (Elimination of much of traditional audit trail).
(ix) Change in nature of audit evidence.
TYPES OF EDP ACCOUNT SYSTEMS
Batch Processing Processing systems
OLRT System Time Sh. & Service Buseu
Batch (group) of transaction, tr. File, master file, batch totals, simple rarely found Ready updation inquiry processing complex, no audit trail. TS – one computer and more than one use. S.B. – an entity processing for others.
File Systems
Flat File Systems Integrated data base systems
User own their data, data redundancy. For same transaction, updation to be made at many place. Set of inter related master file, easy updation, data warehousing, immense volume, cross indexing.
EDP Organization Structure
1. EDP Manager.
2. System analyst.
3. Programmers
4. Computer Operators.
5. Input Preparation Group.
6. Librarian.
7. Data Control Group.
Prerequisites auditing in CIS Environment.
1. Skill & Competence :To determine over all audit risk, understanding I.C. to perform tests and to evaluate results thereof.
2. Knowledge of Business : Entity’s attitude towards I.T., usage compared with industry, recent and planned charges.
3. Planning : To plan understanding about organization structure, significance of comp. Processing, complexity, availability of data source documents, files, etc.
4. Assessment of Risk : Risk may be due to deficiencies in CIS environment and they may increase potential for errors of fraudulent activities.
He should consider the following for risk assessment
1. Own application / packages.
2. Industrial environment.
3. Pervasive CIS controls.
4. Access to sp. function / data.
5. Ability to change and develop the report.
6. Documentation.
7. Factors affecting quality of evidence (paperless).
8. Sp. risk (Electronic funds trf.).
9. End-user computing.
10. Lack of time, discipline or knowledge to monitor results of processing.
Compensating for loss of audit trail :
1. Arranging for sp. print-outs of additional informal.
2. Programmed interrogation facility.
3. Clerical recreation.
4. Testing on total basis.
5. Relying on alternative tests.
6. Special Audit Technique.
INTERNAL CONTROLS IN COMPUTER BASED SYSTEM
These controls include both manual procedures and procedures designed into the computer system. The controls can be broadly classified into general controls and application controls.
IT General Controls
General controls relate to the environment within which computer based accounting systems are developed, maintained and operated. They apply to all individual applications. General IT controls include:
1. Organization and management controls
These controls provide organizational framework to IT activities.
2. Application system development and maintenance controls
Designed to provide reasonable assurance that systems are developed and maintained in an efficient and authorized manner.
3. Computer operation controls
These controls ensure that authorized persons only who perform authorized programs and that all errors are prevented and detected by the systems access the system.
4. System software controls
These controls are designed to ensure that acquisition and development of system software is properly authorized and documented.
5. Data Entry and programs controls
These controls provide reasonable assurance that all transactions are properly authorized and access to data and programs are to restricted persons.
IT application controls
Application controls are controls over the thoroughness, accuracy and validity of accounting information. These controls include:
1. Controls over inputs
These controls are designed to provide reasonable assurance that,
(a) All transactions are authorized.
(b) Transactions are not lost or improperly added or modified.
(c) The system detects and reports incorrect transactions.
2. Controls over processing and computer data files
The objective of these controls is to provide assurance that,
(a) All transactions are properly processed.
(b) Processing errors are identified and corrected on a timely basis.
3. Controls over output
These controls are designed to provide the accurate outputs are timely provided to authorised persons.
Computer Assisted Audit Techniques (CAAT) (Used in Auditing through the computer)
1. Audit Software: It is a set of computer programs used by the Auditor, as part of his Auditing Procedures, to process data of audit significance from the entity’s accounting system. The Auditor should use such programs only after he proves their validity for Audit purposes. Audit Software may consist of:
(a) Package Programs – These are generalised Computer Programs, that perform data processing like reading computer files, selecting information, performing calculations, creating data files and printing reports in a format specified by the Auditor. May be used at many clients site.
(b) Purpose Written Programs – These are Computer Programs, designed by the Auditor / entity / outside programmer, to perform Audit tasks in specific circumstances. The Auditor may sometimes use the programs of the entity in the same or in a modified form. But it may not be used at many clients site thus cost consideration should taken care of.
(c) Utility Programs – These are programs of the entity, designed for non-audit purposes, but for performing common data processing functions like sorting, creating and printing files. These are not designed specifically for audit purpose.
(d) System management software – These are enhanced productivity tool that require specialised knowledge on part of auditor. However these are not specifically meant for audit purposes. Thus used with much skill and care. For example flow chart review systems. It may be used for comparing source code with object code.
2. Test Data: The Auditor enters a set of test data into the entity’s computer system and compares the results with predetermined results. Test data are used to test specific controls / specific processing characteristics in computer programs like online password and data access controls. The test data are chosen by the Auditor. They may be of the following types –
(a) Testing a set of data selected from previously processed transactions, in the entity’s system, separately from the normal processing procedure.
(b) Establishing a dummy unit to which test transactions are posted during the normal processing cycle of the entity. (Called integrated Test Facility). However, the dummy entries should subsequently be eliminated from the entity’s accounting records. These are used mainly on line real time systems.
Bookmark this post: | 
|
Save And Share :
0 comments:
Post a Comment