The audit approach in computerized information systems

The actual approach adopted by the auditor will depend on:

  • The auditor‘s experience with the client.
  • The control environment.
  • The complexity of the computerized information system.
  • The risk profile of the client.
  • The risk of misstatements in the financial statements.

The approach taken by the auditor when examining computerized records takes either of the two main forms.

  1.  Auditing round the computer.
  2. Auditing through the computer.

1. Auditing round the computer.
This means examining evidence for all items in the financial statements without getting immersed in the details of the computerized information system. The benefits of this approach are that it saves time and its justification is that computers are 100% accurate in
processing transactions and therefore material processing errors simply do not occur. The drawback of this approach is that once an application is programmed to process an item incorrectly, then it processes exactly as programmed indefinitely. However, major frauds and error or system failures should be picked up in the assets and liabilities verification e.g. if processing of sales is incorrect, verification of debtors can uncover the error. Also an analysis of gross profit margins will help discover any errors in sales. This approach is suitable for small businesses but largely unsuitable for large scale entities.

2. Auditing through the computer.
There are two basic techniques available to the auditor for auditing through the computer. These are use of test data and use of computer audit programs which are also called CAATs (computer assisted audit techniques).

Test data
These are designed to test the performance of client’s programs. What it involves is for the auditor either using dummy data or live data for processing to manually work out the expected result using the logic of the program. This is then run on the computer using the program and the results are compared. A satisfactory outcome gives the auditor a degree of assurance that if that program is used continuously throughout the year, then it will perform as required. This technique of test data falls under compliance testing.

Live data testing has the following disadvantages

  • If the data is included with normal, separate test data totals cannot be obtained. This can sometimes be resolved by use of dummy branches or separate codes to report the programs effects on the test data.
  • Side effects can occur. It has been known for an auditor‘s dummy product to be included in a catalogue.

Client‘s files and totals are corrupted although this may be immaterial. If the auditor is testing procedures such as debt follow up, then the testing has to be over fairly a long time. This can be difficult to organize.

Dummy testing has the following disadvantages

  • Difficulties will be encountered in simulating the whole system or part of it.
  • A more detailed knowledge of the system is required than with use of live files.
  • There is often uncertainty as to whether operational programs are really being used for the test.
  • The time span problem is still difficult but more capable of resolution than live testing.

Computer programs or audit software
These consist of computer programs used by the auditor to read magnetic files and to extract specified information from the files. They are also used to carry out audit work on the contents of the files. These programs are sometimes called enquiry or interrogation programs. They can be written by an audit firm or they can be bought from software houses. They have the advantage that they can be used to train unskilled staff.

(Visited 183 times, 3 visits today)
Share this:

Written by