Auditing in An EDP Environment: Organisational Review

Tutorial Notes
Class: B.Com (Hons.) Semester III (CC-5)

Subject: Auditing and corporate Governance
Topic: Auditing in an EDP Environment, General Approach, Special Techniques for an EDP-
Based Audit, CAATs introduction, Need, Considerations and Types.
Prepared by: Dr. Aftab Alam
Faculty of Commerce, Karim City College, Jsr.
Auditing in an EDP Environment

INTRODUCTION
In recent years there has been a rapid development in the use of computers as a means of
producing financial information. This development has created certain problems for the
auditor in that although general auditing principles have not been affected, it is sometimes
necessary to use specialised auditing procedures and techniques.
As a result of this, there has emerged from within the accounting profession a group of
electronic data processing (EDP) audit specialists, equipped with sufficient technical
expertise to make an intelligent analysis of complex computer audit situations.
General Approach to an EDP-Based Audit
It is normal for the auditor to base his approach to an EDP-based audit upon two completely
separate types of review:
Organisational Review
Organisational review is the review of the organisational controls within the computer
installation itself. This review seeks to examine the internal control within the computer
installation, to ensure the following:
1. An acceptable standard of discipline and efficiency is maintained.
2. An adequate division of duties exists, thus preventing any undue concentration of
functions.
Serious weaknesses in internal control within the EDP department itself can throw doubt on
the validity of all the data it produces.
System Review
System review is a detailed review of the controls operating within each computer-based
accounting system. This review seeks to establish that controls operate within each individual
system which, inter alia, ensure the following:
1. All data is completely and accurately processed
2. Permanent data is adequately protected
3. A satisfactory ‘audit trial’ exists
Both types of review are carried out by the use of questionnaires and these questionnaires are
based on the ‘key question’ principle. It is necessary to evaluate both the general and
computer questionnaires together to obtain a proper understanding of the system and to
access the significance of individual controls.
Special Techniques for Auditing in an EDP Environment

As in the case of manual systems, auditing in an EDP environment is done for the following
purposes:
1. To study and evaluate the system through which the information under audit is
generated, including the various internal controls in the system.
2. To carry out appropriate substantive procedures.
Due to the special characteristics of an EDP environment, auditors often use the computer for
performing several compliance procedures as well as substantive procedures. The techniques,
which involve the use of the computer for audit purposes, are known as ‘Computer assisted
audit techniques’ (CAATs).
CAATs
Computer assisted audit techniques involve the use of computers in the process of an audit
rather than limiting it to an entirely manual approach. CAATs are defined as computer based
tools and techniques, which facilitate auditors to increase their personal productivity as well
as that of audit function. CAATs are software tools for auditors to access, analyse and
interpret data and to draw an opinion for an audit objective.
Need for CAATs

Statement on AAS-16 states that effectiveness and efficiency of audit procedures may be
improved through use of CAATs. CAATs may be used in performing various auditing
procedures, including the following:
 Tests of details of transactions and balances
 Analytical procedures
 Tests for general controls
 Sampling programmes to extract data for audit testing
 Tests of application controls
 Re-performing calculations performed by the entity’s accounting system
Guidance note on CAAT issued by the Institute of Chartered Accountants of India describes
CAATs as important tools for the auditor in performing audits. During the course of audit,
the auditor has to obtain sufficient, relevant and useful evidence to achieve the audit
objectives effectively. Audit findings and conclusions are to be supported by appropriate
analysis and interpretation of the evidence.
In auditing a computerised environment where all significant operations are computerised, it

may be impractical to perform audit completely and with assurance unless the auditor uses
CAATs for collection and evaluation of audit evidence by performing both compliance and
substantive tests. By using CAATs, it is possible for the auditor to perform audit more
effectively and efficiently and also have greater assurance on the audit process.
Considerations in the use of CAATs

When planning an audit, the auditor may consider an appropriate combination of manual and
computer assisted audit techniques. In determining whether to use CAATs, the factors to be
considered include the following:
 The IT knowledge, expertise and experience of the audit team
 The availability of CAATs and suitable computer facilities and data
 The impracticability of manual tests
 Effectiveness and efficiency and
 Time constraints
Before using CAATs the auditor considers the controls incorporated in the design of the
entity’s computer system to which CAAT would be applied in order to determine whether,
and if so, CAAT should be used.
Types of CAATs
CAATs can be broadly categorised into the following three types:
1. Generalised audit software (GAS) these are also referred as Package
Programmes. GAS refers to generalised computer programmes designed to perform
data processing functions such as reading data, selecting and analysing information,
performing calculations, creating data files and reporting in a format specified by
the auditor. GAS is standard off-the-shelf audit software, which can be used across
enterprises and platforms.
2. Specialised audit software (SAS) These are also referred to as Purpose-Written

programmes. They perform audit tasks in specific circumstances. These are
specifically written for performing audit tests for specific type of applications.
These programmes may be developed by the auditor, the entity being audited or an
outside programmer hired by the auditor. In some cases, the auditor may use an
entity’s existing programmes in their original or modified state because it may be
more efficient than developing independent programmes.
3. Utility software These are used by an entity to perform common data processing
functions, such as sorting, creating and printing files. Utility software also includes
utility programmes available in system programmes for performing debugging or
analysis of various aspects of usage/access. These programmes are generally not
designed for audit purposes but can be used for performing specific tests.

Auditing in An EDP Environment: Organisational Review

Uploaded by

Copyright:

Available Formats

Auditing in An EDP Environment: Organisational Review

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Auditing in An EDP Environment: Organisational Review

Uploaded by

Copyright:

Available Formats

Tutorial Notes

Class: B.Com (Hons.) Semester III (CC-5)

Auditing in an EDP Environment

General Approach to an EDP-Based Audit

Special Techniques for Auditing in an EDP Environment

Need for CAATs

In auditing a computerised environment where all significant operations are computerised, it

Considerations in the use of CAATs

2. Specialised audit software (SAS) These are also referred to as Purpose-Written

You might also like

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.