Professional Documents
Culture Documents
Audit of Computerised Environment Bacc 2 - 2019-2020 (Compatibility Mode)
Audit of Computerised Environment Bacc 2 - 2019-2020 (Compatibility Mode)
Audit of Computerised Environment Bacc 2 - 2019-2020 (Compatibility Mode)
ENVIRONMENT
computerized environment
Auditing computer based system of accounting has the same audit objectives
as an auditing client who adopts manual methods of accounting.
The auditor’s choice of strategy and the techniques must be proper to provide the
necessary reassurance and to overcome the problems that he may encounter.
Lack of ‘audit trail’: The term ‘audit trail’ refers to the ability to follow a transaction
from its origin to its completion. In a manual system it is generally easy to follow the
audit trail. If audit trail is lost an auditor may not be able to obtain the necessary
reassurance that all transactions have been completely and accurately processed.
The ability to obtain INDEPENDENT audit evidence. The auditor must exercise
considerable judgment in obtaining relevant reliable and sufficient evidence. The
evidence must be gathered with no limitation in the scope of the audit, i.e., with true
investigative and programming independence.
application controls
Administrative controls
Organization control
Administrative controls: These are controls over the organization of the data
processing function.
A sub-division of duties
Operation controls
File controls
Hardware security
Standardization
Managerial involvement
Documentation
Acceptance
Conversion
Procedural controls: These are controls over day to day running of the system.
These controls may be divided into four areas namely:
Input control
Process control
Output controls
Storage controls
Vetting batches of records from user department in order to ensure that they
are complete and correct;
Scheduling of work in accordance with arranged deadlines;
Checks on data conversion methods.
Processing controls may be divided into two main areas Programmed (i.e.
machine) checks on input validity by the use of a variety of tests:
Check digit verification;
Size of field/record;
Mode of field;
Consistency of field;
Range test on numbers or values;
Feasibility test on quantities;
‘Hash totals for providing batches of data or items;
Control/record total checks.
If the output generated is of the sort that requires some action by the user e.g. a
report of rejected items from a batch process will require amendment and
resubmission;
If the output is in a form which appears to be complete, correct and ready for
distribution.
The data control department is also responsible for ensuring that output is
sorted to the person authorized to receive ti by the relevant deadline data.
Program file security. NO program files should be altered in any way without the
AUTHORITY OF SENIOR OFFICIALS, the change must also be FULLY
DOCUMENTED. Security copies of program files must be kept for security reasons.
Master file maintenance. This itern is used to describe all additions, deletions or
amendments to standing data. In all cases there must be AUTHORITY for the change
which should be fully DOCUMENTED and approved.
Master file security copies. It is vital to preserve copies of master files in order to guard
against damage or corruption. The method of making copies depends on the type of
processing system in force.
Such systems enable both batch processing as well as demand of ‘real time processing’ .
The batch processing is generally achieved by capturing small batches of data as they
arise and processing them at opportune moments. A good example is the automated
bank cash point which processes a customer’s demand for cash by referencing the
relevant account balance but the update is not achieved until the early hours of the next
business day.
Data encryption – to guard against message interception between input point and the
computer, e.g. between a branch of a bank and the bank’s computer center.
Dump routines to preserve the security of disc files which are organized as DIRECT
ACCESS devices. Dr. Mwiga Wiljonsi Mbesi 17
Important things to consider
When testing the system, the auditor will be concerned with:
Reliability of records;
Independent evidence to support Balance Sheet and Profit and Loss Items.
Most computer auditors are generally agreed on the need to use computer assisted
audit techniques in order to obtain reliable relevant and sufficient evidence.
Tracing transactions in dept to follow audit trail Test packs which may be ‘live’ or dead’
These are routines which enable the auditor to test live data by the use of:
‘Embedded Code’: special validation routines built into the client’s program;
These routines are used in those on line systems or data base systems where the
immediacy of results demands that live data be tested.
Method of operation:
Auditor selects a number of transactions containing routine, erroneous or
exceptional data.
Data is converted to computer input and processed with a copy of the client’s
program. Outputs are then compared with predetermined solutions. This
technique enables the auditor to ‘walk through’ the system and test control
parameters.
Disadvantages include:
costing
indirect nature of the evidence
Dr. Mwiga Wiljonsi Mbesi 21
Substantive testing
The most important feature of substantive testing is the use of computer file
interrogation/questioning techniques.
The use of these audit programs enables the auditors to read a computer file
and carry out tests of three in types:
Re-performance tests – these could include proving a control total
stratifying the balances on a stock file by age.
Extractive tests – examining for instance every fixed asset acquisition over
TZS 5 million.