Test of Controls

Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 3

TEST OF CONTROLS IN A COMPUTERIZED ENVIRONMENT

Overview
The growth of information technology has greatly influenced the way business activities are
conducted today. This also has major impacts on the organization controls over information processing.
Accordingly, auditing in a computerized environment is substantially affected by the use of these
technologies in terms of evidence collection and evaluation. Regardless of the processing method used
by the entity, an auditor needs to consider the internal controls of the client in order to know the extent
of auditing procedure to be performed. For this reason, auditors are required to have sufficient
knowledge on how these technologies operate to enable them to audit their clients and issue an audit
report in accordance with the quality control standards and specific auditing standards.
Considering the effects of computer information system on the way auditing is performed,
different auditing approaches are developed to facilitate an auditor to obtain an understanding of the
entity's internal control system. It is important to note that auditing in a computer environment does not
change the scope and objective of auditing, however, the method employed by the auditor in evidence
gathering procedure may change. Two approaches in testing of controls in a computer information
system environment are the black box approach and white box approach.
Based on the knowledge and expertise of the auditor in handling computerized data, the audit
approach in a computerized environment could be either:
Auditing around the computer
Auditing through the computer
However, an auditor may use the combination of both approaches to obtain sufficient evidential
matter.
Auditing Around the Computer
Auditing around the computer is also known as black box approach. It can be used only if
there are visible input documents and detailed output that will enable the auditor to trace individual
transactions back and forth.

Page 1

Audit in a Computerized Environment

In auditing around the computer, the auditor determines the reliability of the entity's computer
information system by examining the documents and the reports. It focuses solely on the input
documents and the CIS output, and ignores the specifics of how the computer processes the data. If
input matches the output, the auditor assumes that the processing of the data must have been correct
and that the entity's computer information system is reliable.
For instance, in testing the entity's payroll system, the auditor considers only the client's input
which may consist of time cards for hours worked and employee earnings card for rates and then
compare hours, rates and extensions as reflected in the payroll summary output.
Obviously, the auditing around the computer approach has the advantage of simplicity and ease
of comprehension. It also allows the auditor to make more comparisons. However, the auditor, not
having directly tested the control system, cannot make assertions about the underlying process.
Moreover, as the computer systems become more fully integrated, and the volume of transactions
increased, it is becoming more difficult to audit around the computer.
Auditing Through the Computer
Auditing through the computer, also known as white box approach, must be used when there
are no visible input documents. This approach is specially applicable when the entity uses advanced
computer information system.

Page 2

Audit in a Computerized Environment

Since there are no visible evidences, it is impractical to test manually. Consequently, the auditor
will have to audit directly the client's computer program. Not only the processes and controls
surrounding the subject matter are considered but also the controls operating over the processing of the
data. This can be done with the used of computer assisted auditing techniques or CAATS. To be able to
conduct an audit using this approach, the auditor needs to have sufficient knowledge of computer to
plan, and review the work performed.

Page 3

Audit in a Computerized Environment

You might also like