Auditing by testing the input and output of an EDP system instead of the computer program
Abstract The primary objective of this paper is to review the extant literature concerning auditing and EDP systems. We trace the flow of EDP-auditing development, note salient points of similarity and difference in techniques and relate these issues to the auditors' professional responsibilities. We hope that this will contribute to efficient consideration of the past literature by those developing an interest in auditing-EDP systems. We also hope that it will encourage efficient progress in the effort to develop new EDP-auditing research. With this in mind, we have included a short section on new approaches to EDP-auditing which presents information on systems design involvement, software standardization and formal system assertions. Show
Journal Information The Accounting Review is the premier journal for publishing articles reporting the results of accounting research and explaining and illustrating related research methodology. The scope of acceptable articles embraces any research methodology and any accounting-related subject. The primary criterion for publication in The Accounting Review is the significance of the contribution an article makes to the literature. Publisher Information The American Accounting Association is the world's largest association of accounting and business educators, researchers, and interested practitioners. A worldwide organization, the AAA promotes education, research, service, and interaction between education and practice. Formed in 1916 as the American Association of University Instructors in Accounting, the association began publishing the first of its ten journals, The Accounting Review, in 1925. Ten years later, in 1935, the association changed its name to become the American Accounting Association. The AAA now extends far beyond accounting, with 14 Sections addressing such issues as Information Systems, Artificial Intelligence/Expert Systems, Public Interest, Auditing, taxation (the American Taxation Association is a Section of the AAA), International Accounting, and Teaching and Curriculum. About 30% of AAA members live and work outside the United States. Rights & Usage
This item is part of a JSTOR Collection. Recommended textbook solutionsChemical Reaction Engineering3rd EditionOctave Levenspiel 228 solutions Fundamentals of Engineering Economic Analysis1st EditionDavid Besanko, Mark Shanley, Scott Schaefer 215 solutions
Chemistry for Engineering Students2nd EditionLawrence S. Brown, Thomas A. Holme 945 solutions
Advanced Engineering Mathematics10th EditionErwin Kreyszig 4,134 solutions Relevant to Foundation level Paper FAU and ACCA Qualification Papers F8 and P7 Specific aspects of auditing in a computer-based environmentInformation technology (IT) is integral to modern accounting and management information systems. It is, therefore, imperative that auditors should be fully aware of the impact of IT on the audit of a client’s financial statements, both in the context of how it is used by a client to gather, process and report financial information in its financial statements, and how the auditor can use IT in the process of auditing the financial statements. The purpose of this article is to provide guidance on following aspects of auditing in a computer-based accounting environment:
Exam questions on each of the aspects identified above are often answered to an inadequate standard by a significant number of students – hence the reason for this article. Dealing with application controls and CAATs in turn: Application controlsApplication controls are those controls (manual and computerised) that relate to the transaction and standing data pertaining to a computer-based accounting system. They are specific to a given application and their objectives are to ensure the completeness and accuracy of the accounting records and the validity of entries made in those records. An effective computer-based system will ensure that there are adequate controls existing at the point of input, processing and output stages of the computer processing cycle and over standing data contained in master files. Application controls need to be ascertained, recorded and evaluated by the auditor as part of the process of determining the risk of material misstatement in the audit client’s financial statements. Input controlsControl activities designed to ensure that input is authorised, complete, accurate and timely are referred to as input controls. Dependent on the complexity of the application program in question, such controls will vary in terms of quantity and sophistication. Factors to be considered in determining these variables include cost considerations, and confidentiality requirements with regard to the data input. Input controls common to most effective application programs include on-screen prompt facilities (for example, a request for an authorised user to ‘log-in’) and a facility to produce an audit trail allowing a user to trace a transaction from its origin to disposition in the system. Specific input validation checks may include: Format
checks Range checks Compatibility checks Validity checks Exception checks Sequence checks Control totals Check digit
verification Processing controlsProcessing controls exist to ensure that all data input is processed correctly and that data files are appropriately updated accurately in a timely manner. The processing
controls for a specified application program should be designed and then tested prior to ‘live’ running with real data. These may typically include the use of run-to-run controls, which ensure the integrity of cumulative totals contained in the accounting records is maintained from one data processing run to the next. For example, the balance carried forward on the bank account in a company’s general (nominal) ledger. Other processing controls should include the subsequent processing of data
rejected at the point of input, for example:
Output controlsOutput controls exist to en sure that all data is processed and that
output is distributed only to prescribed authorised users. While the degree of output controls will vary from one organisation to another (dependent on the confidentiality of the information and size of the organisation), common controls comprise:
Master file controlsThe purpose of master file controls is to ensure the ongoing integrity of the standing data contained in the master files. It is vitally important that stringent ‘security’ controls should be exercised over all master files. These include:
Computer Assisted Audit Techniques (CAATs)The nature of computer-based accounting systems is such that auditors may use the audit client company’s computer, or their own, as an audit tool, to assist them in their audit procedures. The extent to which an auditor may choose
between using CAATs and manual techniques on a specific audit engagement depends on the following factors:
There are three classifications of CAATs – namely:
Dealing with each of the above in turn: Audit softwareAudit software is a generic term used to describe computer programs designed to carry out tests of control and/or substantive procedures. Such programs may be classified as: Packaged programs Purpose written programs Enquiry programs Test dataAudit test data Integrated test facilities Other techniques Other CAATs include: Embedded audit facilities (EAFs) Application program examination SummaryThe key objectives of an audit do not change irrespective of whether the audit engagement is carried out in a manual or a computer-based environment. The audit approach, planning considerations and techniques used to obtain sufficient appropriate audit evidence do of course change. Students are encouraged to read further to augment their knowledge of auditing in a computer-based environment and to practise their ability to answer exam questions on the topic by attempting questions set in previous ACCA exam papers. Written by a member of the audit exam team What is auditing in EDP environment?Auditing through the computer means making use of computer in auditing. Under this approach the auditor evaluates the internal control relating to EDP and on the basis of evaluation , he determines the nature , timing , and extent of his sustentative procedures. INTERNAL CONTROL UNDER AN EDP ENVIRONMENT.
What are the different techniques for auditing in an EDP environment?EDP means (Electronic Data Processing) for the audit or a computer-based systems.. Posting checking.. Casting checking.. Physical examination and count.. Confirmation.. Inquiry.. Year-end scrutiny.. Re-computation.. Tracing in subsequent period bank reconciliation.. Which type of audit is involved in auditing to evaluate the efficiency of computer operations of an entity?Computer-assisted audit techniques (CAATs) that may be employed by auditors to test and conclude on the integrity of a client's computer-based accounting system.
What is meant by auditing around the computer versus auditing through the computer Why is this so important?Auditing around the computer is one of the methods of evaluating a client's computer controls. It picks source documents randomly and verifies the outputs with the inputs. This method can only exist when controls over the computer system are non-existent.
|