THE IMPACT OF INFORMATION TECHNOLOGY ON AUDIT
PROCESS
The Audit Process in CIS Environment
CIS may affect the audit process on the followings: (Cont'd)
- Skill and competence
- Knowledge of Business
- Planning
- Risk and assessment
- Audit procedures
Audit Procedures
Auditing around the computer
The auditor’s specific objective do not change whether the accounting data is processed manually or by the computer.
However, method of applying audit procedures to gather evidence may different. Auditor may perform audit procedures manually or use CAAT or combination of both.
Auditor does not examine the computer processing but perform procedures to obtain understanding accounting and internal control:-
Emphasis on ensuring the completeness, accuracy and validity of information by comparing the output reports with the input documents
To ensure the effectiveness of input controls and output controls
To ensure the adequacy of segregation of duties
Auditing through the computer
Auditor performing test of control and substantive test.
For example: “test data” enable the auditor to examine the computer processing, internal control of the client CIS.
Auditor may use CAAT in these procedures.
CAAT – helps auditor in organizing, analyzing and extracting computerized data and re-performing computation and other processing.
Because of the characteristics of a CIS environment, the nature, timing and extent of audit procedures may differ from those audit procedures conducted in a manual environment. For example:
(a) the nature, timing and extent of audit procedures on the performance of computer controls and computer processes can be restricted to cover the key processes.
These tests may be performed using, for example, test data. Their effectiveness is, however, subject to:
(i) conducting audit procedures which provide audit evidence as to the continuing and consistent operation of specific systems throughout the period;
(ii) obtaining an understanding regarding the various alternative processes which contribute to the process or control being tested and clearly defining these; and
(iii) assessing the effect of the key processes being affected by other processes or information;
(b) the auditor may use the results of audit procedures conducted in prior periods when the auditor has obtained sufficient appropriate audit evidence that no changes to the CIS environment have been identified.