Professional Documents
Culture Documents
Auditing in Computer Environment
Auditing in Computer Environment
What is
audit in a
computer
environme
nt?
Approaches
Auditing around the computer
Application controls
General controls
Definition
Techniques in that the auditors are
afforded opportunities to use either the
enterprises or another computer to assist
them in performance of audit work.
CAATs, are ways in which the auditor may
use the computer in a computerized
information system to gather, or assist in
gathering, audit evidence.
Audit software
Test data
Other techniques
Mwakalobo@apt financial APT FINANCIAL CONSULTANTS
consultants
CATEGORIES OF CAAT
Audit software:
generalized audit software
specialized audit software or
Interrogation softwares
utility programs and
existing entity programs.
Regardless of the source of the
programs, the auditor should
substantiate their validity for audit
purposes prior to use.
Mwakalobo@apt financial APT FINANCIAL CONSULTANTS
consultants
CATEGORIES OF CAAT
Other techniques
embedded audit facilities
Integrated test facility
System Review and control file
( SCARF)
Application program examination
Internal control evaluation via; Flowchart
verification (Logical Path analysis ) ,Program
code verification (Code Comparison
Programs), Printout examination.
Limits of CAATs
Evaluation of general controls
Use ICQ or the ICE approach.
Use of CAATS
The pattern cost associated with CAATs,
The extent of tests of controls or substantive
procedures achieved by both alternatives,
Ability to incorporate within the use of CAAT a number
of different audit tests.
Time of reporting
In using CAAT,
computer facilities, computer files
and programs are available;
the auditors should plan the use of
CAAT in good time so that these copies
are retained for their use.
Internal auditor CAATs , consider ISA
Availability of computer facilities
Audit trail.
As the complexity of computer systems has
increased there has been a corresponding loss
of audit trail. Most systems have searching
facilities that are much quicker to use than
searching through print outs by hand.
This offsets the so- called loss of “audit
trail” to a significant extent. The trail is still
there, although it may have to be followed
through in electronic form.
Physical controls;
Operating system; Use passwords( or lockwords)
or special badges or key; Restriction by the
operating system of a certain users to certain
files .eg wages dept can be given access to only
wages file; Logging of all attempted violation of
the above controls .eg Automatic shut down of
the PC or terminal used; All violations should be
speedily and thoroughly investigated
Application controls; Validity checks on input;
Reporting of unusual transactions; Passwords
Inputfraud :
Processing fraud;
Fraudulent use of computer
system;
Output fraud;
General Controls:
The purpose of General controls is to
establish a framework of overall control
over the CIS activities and to provide a
reasonable level of assurance that the
overall objectives of IC are achieved.
Advantages of CAATS:
Helps to test larger number of data hence increase
confidence in their opinion; Help’s to test Accounting
Systems its records (Tables & Disk files) rather than
relying on testing printout; Are cost effective once set
up for obtaining audit evidence; Comparison can
easily be made from clerical audit work hence
increase confidence.