Please enable JavaScript.
Coggle requires JavaScript to display documents.
Part II Sec C1, 4) Sources of Evidence, 3) Computerized Audit Tools and…
Part II Sec C1
4) Sources of Evidence
a) Types of Evidence
Audit Evidence
Physical (compelling evi)
observation -> coll with other
Documentary
could be false statement
-> IT controls, obtain external doc
Representations
weakest -> with doc support
Analytical
show relationship, ratio, discrepancy
-> must be further assessed for its
relevance, sign and root causes
Legal Evidence
Best (primary) - org
Secondary - copy
Direct - fact
Conclusive - only one conclusion
Circumstance - from primary fact - intermediate facts
Hearsay - secondhand
b) Other Concerns
Sources
Availability
Confidentiality
Access
c) Evaluating Sources of Evidence
Sufficient - factual, adequate, convincing
Reliable - from a credible source
Relevant - consistent with engagement obj
Useful - helps the org meet its goals
d) Gathering Audit Evi
IA should
select
the procedure
most
appropriate
for the evi to be gathered
(e.g. inquiry, observation, inspection,
confirmation, re-perf, vouching,
tracing, and AP)
3) Computerized Audit Tools and Techniques
a) Embedded Audit Modules
Works by:
Internal - check incoming data against
specific criteria -> discrepancies
External - firewalls, flag incoming viruses
+ve:
mgr can react in time
Continuous monitoring (mgt responsibility)
under COSO - monitoring control
Continuous auditing (IA responsibility)
to analyze and assess effectiveness of ctrl
by script development, data mining and extraction software
-ve:
diff to install within/ conjunction
with existing software
b) Generalized Audit
Software (GAS)
(for data extract)
Reading digital files
Examining particular records according to criteria the auditor defines (i.e. sensitive, exception, key word)
Performing tests of cal/ making independent cal.
Analyzing, summarizing, or re-sequencing data
Testing the effectiveness of controls (sub testing)
+ve:
100% scrutiny of suspect transactions
target transactions of interest
reduction of audit duration
uniform interface for all tasks
Facilitation of reviews (test logs)
Obstacles:
staff reluctance to adopt new system
difficulty in obtaining access
(within the scope/ specified time period)
blocked by mgt
issues with getting usable data (format, storage)
additional costs for training and new software
c) Automated Workpapers
(e.g. software templates,
stored on servers, transmitted
through electronic networks)
5) Process Mapping Techniques
a) Flowcharts
+ve
easy to understand and therefore
practical to review with the audit client
eliminates abstractions about how
work flows through a system
effective - to construct a flowchart is to
gather all stakeholders in the process
together to identify the steps.
IA +ve, assess
which steps are crucial,
can be omitted,
should be sequenced diff,
new steps should be added.
developing, refining, and auditing processes:
depict the current state and/or the
desired future state of a process
discover points of weakness in controls
find that in fact it does not reflect
what actually happens
Flowchart Formats
Horizontal chart
Vertical flowchart emphasizing
flow through departments
Vertical flowchart emphasizing
process flow
+ve - useful approaches to mapping
Much more complex processes,
much more information
provide a clear picture
provide a common ref pt and std language
b) Other Methods
Narratives
step-by-step picture of a process
-> to identify the key controls
doc methodology
describe processes activities performed
to achieve process obj
often used to augment a flowchart and
provide context and nuance
no inherent discipline or std
-> missing key issues/
control weaknesses
-> diff for IA to follow
Block Diagrams
pictorial representation
of a process/ activity
+ve
Quick and simple
high-lv representations
-ve
are not app
for detailed analysis.
Spaghetti Maps
scope to a particular area
track the flow
RACI Charts
lists various stakeholders of a process or area
Responsible
Accountable
Consulted
Informed
compares info gathered during an engagement
to the expectations regarding that info
programs - run along with the
software that performs functions
-> looking for errors, irregularities, and fraud
facts used to support audit opinions, conclusions, and recommendations
actual or ideal path
illustrates the relationships
identifies what the process
does or should do