CSE 4502 COMPUTER AUDITING

GROUP ASSIGNMENT
GROUP 7
“COMPUTER AUDITING IN A GLANCE”
Name Matric No
Muhammad Esyraf Syahir Bin S48268
Edham Lutfe
Siti Hajar Binti Mohd Rafie S47848
Rathnaa Preyaa Thayalan S48870
Nurul Hanim Binti Ab Khalib S48030
Megat Abdul Wafiy Bin Abd S48084
Halim

BACHELOR’S DEGREE IN COMPUTER SCIENCE

(SOFTWARE ENGINEERING)

LECTURER:
DR. ZURIANA BT ABU BAKAR
 Introduction

What is computer auditing and how the tool is works? Computer auditing is the tool
that facilities the business regarding data processing while putting a special concern to
some targeted operations. The tool merges or review the data by the programmers or
the accountants and the analysts and extract the data in the summarize form. These
computer auditing tools save the time, money and the frustration. These auditing tools
also serve for monitoring any individual activity, the tool automatically picks the data
from the linked PC that is being used by another employee who are usually the
accountants and analysts.

The extracted and the summarize form of the data generated by the computer auditing
tools will help the management for decision making and in keeping under veil the
business secrets. What else could be more practical than using these high performance
and greater efficiency tools?

Many companies’ law emphasizes to safeguard the assets of the business and make a
string hold among all such things. They make some rules or policies that make strong
the internal environment of the business. Hence, such tool safeguards the assets and
provides the complete monitor to its users.
 Content

1. Akim is the IT auditor at Lynx Technology Sdn Bhd. One day, Stacy, an
external auditor from an audit firm appointed needs to review the IT controls of
their company. How will both of them cooperate with each other to achieve an
effective IT audit?

To provide for long-term effectiveness, the IT organization must have some sort of
strategy regarding where it plans to go, as opposed to being in reactive mode
constantly, where day-to-day issues and crises are the only considerations. The IT
organization must be aware of upcoming business needs and changes in the
environment so that it can plan and react accordingly. It is important that IT priorities
align with business priorities. Too many IT organizations lose sight of the fact that
their only reason for existence is to support the company in meeting its business
objectives. Instead, these IT organizations focus on becoming a “world-class IT
shop,” even when this goal doesn’t directly support the overall company objectives. It
is critical for IT organizations to stay grounded by tying their objectives to the
company’s objectives.

There are multiple differences between the internal audit and external audit functions,
which are as follows:

Internal Audit External Audit

Company employees Work for an outside audit firm

Hired by the company Appointed by a shareholder vote

Do not have to be CPAs A CPA has to guide their activities

Responsible to management Responsible to the shareholders

Can issue their findings in any type of Must use specific formats to their audit
report format opinions and management letters
Reports are used by management Reports are used by stakeholder
(Investors, Creditors, Lenders)

Can be used to provide advice and other Constrained from supporting an audit
consulting assistance to employees client too closely

Examine issues related to company Examine the financial records and issue
business practices and risks an opinion regarding the financial
statements of the company

Conducted throughout the year Conduct a single annual audit

In short, the two functions share one word in their names, but are otherwise quite
different. Larger organizations typically have both functions, thereby ensuring that
their records, processes, and financial statements are closely examined at regular
intervals.

2. Among the audits that Stacy will need to perform is the IT Project Auditing,
she founds out that there are purchases of software in the project, what actions
are taken by her?

Purchasing a product from an outside vendor is usually a significant investment and

represents a commitment to that vendor’s product. If the process for selecting the
vendor is inadequate or the contract does not provide the company with adequate
protection, it can lead to the purchase of products that do not meet the requirements of
the project and a lack of legal recourse. Review the vendor selection process for
elements such as these:

 Ensure that products from multiple vendors are evaluated as to their ability to
meet all project requirements and their compatibility with the company’s IT
environment. This not only helps you select the best product for your
requirements, but it provides for competitive bidding and lower prices.
 Ensure that a cost analysis has been performed on the products being evaluated.
This analysis should include all relevant costs, including product costs, one-time
startup costs, hardware costs, licensing fees, and maintenance costs.

 Determine whether the vendors’ financial stability was investigated as part of the
evaluation process. Failure to do so may result in your company signing up with a
vendor that goes out of business, causing significant disruption to your operations
as you attempt to move them to another vendor.

 Determine whether the vendors’ experience with providing support for the
product for similar companies in the industry was evaluated. This may include
obtaining and interviewing references from companies that currently use the
product. You generally want to use vendors that have already demonstrated that
they can perform the types of services you require at a scale similar to yours.

 Determine whether there was appropriate involvement of procurement personnel

to help negotiate the contract, of operations personnel to provide expert
evaluations as to the vendor’s ability to meet requirements, and of legal personnel
to provide guidance on potential regulatory and other legal ramifications.

3. The next audit is on an application developed by the company. It is important

to ensure the integrity of data before entered into system and database. What are
the data input controls that needs to be taken measure of?

As much as possible, online transactions should perform upfront validation and

editing to ensure the integrity of data before it is entered into the system’s files and
data bases. Invalid data in the system can result in costly errors. It is preferable and
much more cost-effective to catch a data entry error prior to that data being entered
into and processed by the application. Otherwise, the error may not be caught at all,
may only be caught after it results in system disruption, or after time-consuming
manual reconciliation procedures, and so on.
Verify that invalid data is rejected or edited on entry. You will need to understand the
business function being supported by the system and the purpose and use of its
various data elements. This likely will require discussion not only with the developers
but also with the end users. Once you understand the purpose of the system and its
data, you can think through the various data-integrity risks associated with the
application. In some cases, a code review may be appropriate if the developers are
available and the auditor is a knowledgeable coder. Poorly written, commented, or
formatted code is often a red flag that suggests that a deeper review is needed. If
possible, obtain access to a test version of the system that mirrors the production
environment and attempt to “break” the system by entering invalid data to see
whether it is accepted by the application. Following are some basic examples of good
data input controls:

 Fields that are used to report such things as dates and hours should be set up
either to require input in the correct format (such as MMDDYY or HHMM) or
transform input into the correct format.

 Where applicable, transactions should perform “reasonableness” and “logic”

checks on inputs. An example would be preventing users from reporting labor of
more than 24 hours in a day or more than 60 minutes in an hour. Another
example would be disallowing entry for time, costs, and so on, for an employee
who has been terminated or who is on leave. Or consider a transaction used by
ticket agents to record how many seats were sold on a flight and the number of
no-shows. The transaction should not allow the agent to input numbers indicating
that there were more no-shows than seats sold.

 When a finite number of valid entries are available for a field, entries that are
invalid should not be allowed. In other words, input screens should validate such
things as cost centers, account numbers, product codes, employee numbers, and
so on, against the appropriate database(s) or file(s).

 Duplicate entries should not be allowed for data that is intended to be unique. For
example, the transaction should not allow a product code to be added to the
product database if that code already exists on the database.
 Where applicable, transactions should perform “calculation” checks on inputs.
For example, the system should ensure that journal-entry credits and debits
balance to zero before processing a transaction. Another example would be a
labor-entry system where hours charged for the week need to add up to at least
40.
 Conclusion

Computer auditing tools also do the safety measuring job for your business. This tool
makes the backup of the data which is stored in the auditors or the accountant’s
computer. Computer memory is the volatile memory, any sort of virus can do serious
damage to company’s data which have obtained after a long hard work. The computer
auditing tools automatically gather the data from the linked-up server pcs and make a
backup of it’s on a weekly or daily basis, here the user will set the priority. Even these
tools make the hard copy of the documents. It’s now become very much essential to
use these computer auditing tools, these are real time saving tools and reliable too.
 References

Books

Davis, C., Schiller, M., & Wheeler, K. IT Auditing: Using Controls to Protect
Information Assets, 2011 McGraw-Hill. Osborne ISBN: 9780071742382.

Weber, R. A. (1998). Information systems control and audit. Pearson Education.

Websites

The difference between internal and external audits — AccountingTools. (2019, July 9).
AccountingTools. https://www.accountingtools.com/articles/the-difference-between-i
nternal-and-external-audits.html

Computer auditing. (n.d.).

ReadyRatios.com. https://www.readyratios.com/reference/audit/computer_auditing.ht
ml
 Appendix

Meeting no. Date Subject

1. April 26th 2020 Topic selection and discussion. Construction of

video strategy and presentation of content.

2. May 4th 2020 Topic discussion and elaboration of content.

Division of work among group members

3. May 6th 2020 Video construction

4. May 8th 2020 Video construction and editing, report draft

5. May 12th 2020 Video compilation, report checking

6. May 13th 2020 Video final draft, report final draft

Member Task

Esyraf Report construction

Rathnaa Report construction

Hanim Video and content creator

Hajar Video and content creator

Megat Discussion