Please enable JavaScript.
Coggle requires JavaScript to display documents.
UNIT 6: COMPUTERS - Coggle Diagram
UNIT 6: COMPUTERS
Lesson 4: Computernassisted audit techniques (CAATs)
An auditor’s use of the computer to assist in the performance of audit procedures and the acquisition of audit evidence
System orientated audit software (System CAATs)
:
used to test computerised controls;
concentrate on the accounting system and
related control procedures;
used predominantly to perform tests of controls (although
some substantive evidence may also be produced);
regarded as “auditing through the computer.”
Test data & Integrated test facility
:
The auditor is given access to the client's computer system controls, to perform audit tests on the system by entering "dummy data" to monitor how it progresses through the control cycle.
The test data should be run against a “copy” of the live programme to avoid corrupting the client's data;
The auditor will also need to confirm that the programme tested is the one that is used in
live runs.
Parallel simulation:
This involves running the client’s transaction data and master file information
through a “trusted” system set up by the auditor and the client’s normal system.
The results of the two processing are compared and any discrepancies are followed up.
Embedded audit facility:
, the auditor arranges to have an audit module inserted into the
client’s application programme. The module is designed to either identify transactions which might
be of particular interest to the auditor, or to re-perform certain validation controls and report
thereon, while the client is running the normal application programmes.
Data orientated audit software (Data CAATs)
: used to assist in the performance of substantive audit procedures to access, retrieve and manipulate data from a computerised information system.
Factors that will influence the decision to use CAATs:
Complexity of the clients system
Volume of transactions/output
-Data stored in electronic form,
Availability of skills in the audit team
Potential loss of independence
The attitude of the client
Compatibility of the firm’s hardware and software with the clients hardware and
software
The utilities available at the client
Lesson 1: General controls
System Development and Implementation Controls
Self-developed system
Project authorisation and management
-System specification and user needs
System design and programming standards
Testing of new system
Conversion to new system
Purchased package.
Specification and selection of packages
Implementation and testing of packages
General important information to consider: Package must meet user requirements
Advantage: Tested thoroughly; Less iimplentation time; Lower cost.
Disadvantage: Dependent on vendors for maintenance; Inflexible to cater to needs; Change maintenance difficult.
System maintenance controls
Organisational and management controls
Access controls to data and programs
Computer Operating Controls
System software
Business Continuity Controls
Lesson 2: Application controls
Input controls
The conversion from its original source into computer data, or entry into a computer
application
Validity: Access controls; Segregation of duties; Authorisation by user and computer system;Overrides of system generated info.; Changes in data
Accuracy: Matching by the computer; Review by users or senior staff; Edit Checks (Field presence, Formatting, Screen check, Validity check, Dependency); Staff training; Control over documetns and screens.
Completeness: Stationary controls; Matching by the computer; Sequential testing by the computer; Review of output reports by users; Examining of processing logs; Control totals
Processing controls
Validity: Access controls; Librarian function; . Files labels and version numbers; Overrides; Manual logs; Supervision and review
Accuracy: Operator manuals and instructions; Controls over hardware; Physical checking for accuracy by users; Review & follow up of exception reports; Supervision and review
Completeness: Control totals; Reconciliations of balances and accounts; Sequential testing by the computer; . Processing logs; Breakpoint re-runs; Adequate back up procedures.
Output controls
Validity: Controlled distribution; Distribution list; Distribution schedule; Distribution register; Output logs; Terminal located in secure area
Accuracy: Reconciliations; Review of outputs
Completeness: Reports; Sequence checks; Review of reports by users inspecting numerical sequence, missing items, and follow ups with senior management.
Master file controls
Files which are used to store only standing information (e.g. name, address and credit limits of
debtors) and latest balances (e.g. outstanding balances of debtors)
Lesson 3: Auditing in an IT environment
Auditing around the computer:
-The auditor takes the view that the computer simply replaces manual
records and that there are few, if any, automated routines
This approach is taken where auditors are faced with auditing smaller organisations.
Understanding and interrogating the MIS:
An approach suitable for more complex computerised systems.
Auditors try to use the computer’s ability to process data
to interrogate its operations using computer-assisted audit techniques.
Requires specially trained computer auditors to operate it.