ACCTG 3220: AUDITING IN CIS ENVIRONMENT

AUDITING IN A COMPUTERIZED ENVIRONMENT o Ex. In a manual environment, normally, the

person in-charge on recording the cash
Auditing in CIS Environment vs. Auditing in a manual
disbursements is different from the person in
environment
charge of reconciling the disbursement at the end
- Pretty much the same
of the month to verify or check the transactions
- The difference lies in the use of a computer
to be closed more accurately. But on the other
application or software for auditing while the latter
hand, for the CIS environment, since the system
uses manual techniques to audit
are all computerized, one person in charge would
- Another difference would be on how the control risk
be sufficient enough to do both of the job
would be measured and evaluated
efficiently.
- But the rest on how to plan, to consider the internal
 Systems generated transactions
control would be the same between the two,
o Certain transactions may be initiated by the CIS
however slight changes like additional process
itself without the need for an input document –
should be expected
interest may be calculated and charged
Characteristics of Computerized Information System automatically.
 Lack of visible transaction trails  Vulnerability of data and program storage media
o In a manual system, it is normally possible to o Cloud-based drive backup for important files for
follow a transaction through the system by CIS environment to prevent loss of information
examining source documents. since even though files are computerized it is
o In a CIS Environment, data can be entered directly subject to vulnerability of the files but unlike in
into the computer system without supporting the manual system, in the CIS environment
documents. (but of course, for authorization backup files could be done on important files.
purposes letter of authorization should be And backing-up files and documents should be
provided as supporting document) done consistently.
 Consistency of performance
o Low clerical error Internal Control in a CIS Environment
o CIS performs functions exactly as programmed  Classified into General and Application Controls
 Ease of access to data and computer programs General Controls
o Data and computer programs may be accessed
and altered by unauthorized persons leaving no
visible evidence. (hackers) It is important,
Test of Control in CIS Environment
therefore, that appropriate controls are
incorporated to the system to limit the access to Auditing Around the Computer
data files and programs only to authorized
personnel. Computer Assisted Audit Techniques (CAATs)
 Concentration of duties
o Proper segregation of duties is an essential
characteristic of a sound internal control system.
However, because of the ability of the computer
to process data efficiently, there are functions
that are normally segregated in manual
processing that are combined in a CIS
environment