Module - 7
Module - 7
CHENNAI – 600113
PRACTICAL AUDITING
Module VII
By
Dr. S. THIRUMAL
Assistant Professor
Chennai – 600113
Mobile: 9443978290
Email: drthirumal20@gmail.com
2
Module VII
EDP IN AUDITING
EDP – Electronic Data Processing, also known as EDP, is a frequently used term for automatic
information processing. It uses the computers to manipulate, record, classification and to
summarize data. If someone asks what is electronic data processing, then EPD meaning can be
described as the processing of data using electronic means such as computers, calculators,
servers and other similar electronic equipments. A computer is the best example of an electronic
data processing machine.
There are various methods of data processing but there are some very popular methods
when it comes to “electronic data processing”. These methods are widely adopted in almost
every industry. Depending on the nature of requirement of data processing, some of the most
popular methods of electronic data processing are explained below:
Time-sharing
Real-time processing
Online processing
Multiprocessing
Multitasking
Interactive processing
Batch processing
Distributed processing
data processing. In the software section, accounting software, data entry, scheduling software,
analytics, and software are the elements of electronic data processing. In the procedure section,
sorting, analysis, reporting, conversion, data collection, aggregation be the elements of EDP.
In personnel, the programmer uses the electronic data processing to create the
components and spreadsheets. The data entry specialists use to scan the barcodes.
The importance of data processing is now understood by all the fields. Each industry now
focuses on what works best for them and how to achieve greater profits.
a. A collection is the first stage of electronic data processing. It is a very crucial part. In an
EDP system, this process ensures that accurate data gathering. Census, sample survey, and
administrative by-product are some types of data collection.
b. Preparation is the second stage of electronic data processing. Preparation is used to analyze
the data processing.
c. Input is the third stage in electronic data processing. Data entry is done by the use of a
scanner, keyboard, and digitizer.
e. The last stage is storage. Every computer has the use to store the file.
a. The system of electronic data processing is once created then the cost of the managing
data will be reduced. Documents can be protected as an extreme data sensitive. Because
4
of the documents should be treated as a primary asset. When all the information is
collected by the papers are the challenging one.
b. The management of document is costly. So, electronic data processing reduces the cost of
the paperwork. The electronic data processing provides the documentation controls.
With the help of electronic data processing, you can easily automate the PDF publishing
process.
c. In electronic data processing, there is a facility to search a document in the system. It will
reduce the time loss. The electronic data processing has the benefit to improve the
internal and external collaboration. The electronic data processing helps to improve the
better submissions. The electronic data processing also fast up the complete structure to
make the generation of documents.
d. The famous software product such as Ms. Office is using the electronic data processing
concept. The EDP has the facility to reduce the duplication of effort and repeated entries.
The EDP has the capability to make the decisions. An electronic data processing has the
ability to store the enormous amounts of data and this data can then be further utilized
for data presentation and analysis.
a. When the computer hackers make the strike on the computer, then the processing of data
will make the insecurity. Then the data will be the loss. The fault in a equipment will
harm all the equipment in the office. The security of the computer would be the big
problem. In a coding process, a computer not recognizes the same individuals.
b. When a small number of digit codes are compared with a large number code then, it
occupies the computer storage less. The alphabetic codes can be descriptive.
The process of examining and evaluating the financial records, books and internal
controls in an electronic data processing (EDP) system by using computers as live and dynamic
device to conduct the audit is known as Audit in EDP/CIS environment.
5
Different design and procedural aspects of EDP systems – The different design and
procedural aspects of EDP systems are:
The internal controls over computer processing, which help to achieve the overall
objectives of internal control, include both manual procedures and procedure designed into
computer porgrammes. Such manual and computer controls affect the EDP environment
(General EDP Control) and the specific controls over the accounting applications (EDP
Application Controls). EDP means (Electronic Data processing) for the audit or a computer
based systems. For audit process of enterprise
The purpose of general EDP controls is to establish a framework of overall control over
the EDP activities and to provide a reasonable level of assurance that the overall objectives
of internal control are achieved. These controls may include.
c. Computer operation controls are designed to control the operation of the systems and to
provide reasonable assurance that
e. Data entry and program controls are designed to provide reasonable assurance that
iv. Recovery procedures for use in the event of theft, loss or international or accidental
destruction.
The purpose of EDP application controls is to establish specific control procedures over
the accounting applications to provide reasonable assurance that all transactions are authorized
and recorded; and are processed completely, accurately and on a timely basis. These include
Transactions are properly authorized before being processed by the computer. Transactions are
accurately converted into machine, readable from and recorded in the computer data files.
Transactions are not lost, added, duplicated or improperly changed. Incorrect transactions are
rejected, corrected and if necessary, re submitted on a timely basis.
b) Controls over processing and computer data files are designed to provide
reasonable assurance that
Results of processing are accurate. Access to output is restricted to authorized personnel. Output
is provided to appropriate authorized personnel on a timely basis.
The nature of computer-based accounting systems is such that auditors may use the audit
client company’s computer, or their own, as an audit tool, to assist them in their audit
procedures. The extent to which an auditor may choose between using CAATs and manual
techniques on a specific audit engagement depends on the following factors:
Advantages of CAATs
Audit effectiveness and efficiency of auditing procedures will be improved through the
use of CAAT in obtaining and evaluating audit evidence for example
CLASSIFICATIONS OF CAATs
1. Audit software:
Audit software is a generic term used to describe computer programs designed to carry out
tests of control and/or substantive procedures. Such programs may be classified as:
10
b. Purpose written programs: These programs are usually ‘client specific’ and may be
used to carry out tests of control or substantive procedures. Audit software may be
bought or developed, but in any event the audit firm’s audit plan should ensure that
provision is made to ensure that specified programs are appropriate for a client’s
system and the needs of the audit. Typically, they may be used to re-perform
computerized control procedures (for example, cost of sales calculations) or perhaps to
carry out an aged analysis of trade receivable (debtor) balances.
c. Enquiry programs: These programs are integral to the client’s accounting system;
however they may be adapted for audit purposes. For example, where a system
provides for the routine reporting on a ‘monthly’ basis of employee starters and
leavers, this facility may be utilized by the auditor when auditing salaries and wages in
the client’s financial statements. Similarly, a facility to report trade payable (creditor)
long outstanding balances could be used by an auditor when verifying the reported
value of creditors.
2. Test data
a. Audit test data: Audit test data is used to test the existence and effectiveness of
controls built into an application program used by an audit client. As such, dummy
transactions are processed through the client’s computerized system. The results of
processing are then compared to the auditor’s expected results to determine whether
controls are operating efficiently and systems’ objectiveness are being achieved. For
example, two dummy bank payment transactions (one inside and one outside
authorized parameters) may be processed with the expectation that only the transaction
processed within the parameters is ‘accepted’ by the system. Clearly, if dummy
11
transactions processed do not produce the expected results in output, the auditor will
need to consider the need for increased substantive procedures in the area being
reviewed.
b. Integrated test facilities: To avoid the risk of corrupting a client’s account system, by
processing test data with the client’s other ‘live’ data, auditors may instigate special
‘test data only’ processing runs for audit test data. The major disadvantage of this is
that the auditor does not have total assurance that the test data is being processed in a
similar fashion to the client’s live data. To address this issue, the auditor may therefore
seek permission from the client to establish an integrated test facility within the
accounting system. This entails the establishment of a dummy unit, for example, a
dummy supplier account against which the auditor’s test data is processed during
normal processing runs.
3. Other techniques: This section contains useful background information to enhance your
overall understanding.
a. Embedded audit facilities (EAFs): This technique requires the auditor’s own program
code to be embedded (incorporated) into the client’s application software, such that
verification procedures can be carried out as required on data being processed. For
example, tests of control may include the re performance of specific input validation
checks (see input controls above) – selected transactions may be ‘tagged’ and followed
through the system to ascertain whether stated controls and processes have been
applied to those transactions by the computer system. The EAFs should ensure that the
results of testing are recorded in a special secure file for subsequent review by the
auditor, who should be able to conclude on the integrity of the processing controls
generally, from the results of testing. A further EAF, often overlooked by students, is
that of an analytical review program enabling concurrent performance of analytical
review procedures on client data as it is being processed through the automated
system.
12
b. Application program examination: When determining the extent to which they may
rely on application controls, auditors need to consider the extent to which specified
controls have been implemented correctly. For example, where system amendments
have occurred during an accounting period, the auditor would need assurance as to the
existence of necessary controls both before and after the amendment. The auditor may
seek to obtain such assurance by using a software program to compare the controls in
place prior to, and subsequent to, the amendment date.
COMPUTER AUDITING
Computer auditing is the tool that facilitates the business in regard to data processing
while putting a special concern to some targeted operations. The tool merges or reviews the data
by the programmers or the accountants and the analysts and extract the data in the summarize
form. These computer auditing tools save the time, money and the frustration. These auditing
tools also serve for the purpose of monitoring any individual activity; the tool automatically
picks the data from the linked PC that is being used by another employee who is usually the
accountants and the analysts.
The extracted and the summarize form of the data generated by the computer auditing
tools will help the management for the purpose of decision making and also in keeping under
veil the business secrets. What else could be more practical than using these high performance
and greater efficiency tools?
Many companies' law emphasizes to safeguard the assets of the business and make a
strong hold among all such things. They make some rules or policies that make strong the
internal environment of the business. Such tool definitely safeguards the assets and provides the
complete monitor to its users.
Computer auditing tools also do the safety measuring job for your business. This tool
makes the backup of the data which is stored in the auditors or the accountant’s computer.
Computer memory is considered to be the volatile memory; any sort of virus can do serious
damage to your company’s data which you have obtained after a long hard work. The computer
auditing tools automatically gather the data from the linked up server PCs and make a backup of
it on a weekly or daily basis; here the user will set the priority. Even these tools make the hard
13
copy of the documents. It’s now become very much essential to use these computer auditing
tools, these are real time saving tools and reliable too.
a. Online/real time: Online/real time systems are the classic online systems where
transactions update the master file immediately.
b. Online batch: Online batch systems are those with online data capture but batch updates.
c. Online memo update: Online memo update is defined as “On-line input with memo update
processing, also known as shadow update, combines on-line/real time processing with on-line
batch processing. Individual transactions immediately update a memo file containing information
that has been extracted from the most recent version of the master file. Inquiries are made from
this memo file. These same transactions are added to a transaction file for subsequent validation
and updating of a master file on a batch mode.” According to this description, the transactions
only update a copy of the master file, without affecting the actual master file. The master file is
affected only when the transactions are posted later. For all intents and purposes, this form of
online system is really a batch system.
d. Online inquiry: Online inquiry systems restrict the user to perform queries only.
e. Online download/upload: By the description in the exposure draft, online
download/upload sounds like another variation of the online memo update system where
the memo file is a copy of the master file downloaded to the terminal. After it is updated
locally, it is then uploaded back to the original master file for updating.
Factors influencing an organization toward control and audit of computers and the impact of
the information systems audit function on organizations are depicted below:
1. Organizational cost of data loss: Data is a critical resource of an organization for its
present and future process and its ability to adapt and survive in a changing environment.
14
To cope up with the new technology usage in an enterprise, the auditor should be
competent to provide independent evaluation as to whether the business process activities are
recorded and reported according to established standards or criteria.
e. Audit evidence: Certain transactions which are generated automatically may not have
audit evidences.
f. Legal issues: With increase in trading over internet, creates problems with contract like
legal jurisdiction of contract, parties to contract etc.
2. Changes to evidence evaluation:
a. System generated transactions: They do not provide any vision to users when they
are processed. They may lead to new sources of error.
b. Automatic transaction processing: It may cause problem for auditor, e.g. in case of
JIT, if stock level falls below certain units, system automatically generates purchase
order & send it to supplier without authorization from manager.
c. Systemic error: It means if computer program is wrong, it will continuously give
wrong output till it is connected.
d. The Information System Audit: It is the process of assessment of internal controls
within IS environment and attesting following objectives:
e. Asset safeguarding: The information system assets must be safeguarded to provide
confidentiality, integrity and availability.
f. Data integrity: It is a fundamental attribute of IS auditing. The importance to
maintain integrity of data of an organization depends on the value of information.
g. System effectiveness: Effectiveness of a system is evaluated by auditing the
characteristics and objective of the system to meet substantial requirements.
h. System efficiency: To optimize the use of various information system resources along
with the impact on its computing environment.
The purpose of conducting audit in an EDP environment, the auditor should have an
understanding of computer hardware, software and processing system sufficient to plan the
engagement. Auditor should also understand how the EDP affects the study and evaluation of
internal control and the application of auditing procedures.
The auditor should be sufficiently skilled and competent to audit in EDP environment.
a. To determine the degree of reliance he has to place on the EDP controls in his overall
evaluation of internal control.
b. To plan audit procedures using computer assisted audit techniques.
c. To implement the planned audit procedure. The auditor should acquire knowledge of
accounting system to gain an understanding of the overall control of environment.
Computers nowadays play a vital role in the processing of accounting information. Large
numbers of enterprises have switched over to computerized accounting. The computer based
accounting system requires an auditor to act carefully in an EDP environment.
a. Organizational Structure
The use of computers for processing and storing accounting information may affect
the structure of the organization. The organizational structure of an organization should
comprise different jops, knowledge about the system, programmes and date. The EDP
environment should provide for following:
i. Computer system enables users to access data and programme directly through
terminal devices. Programmes and data in an EDP environment should concentrate at
one or few places.
17
j. The EDP environment relevant to the audit plan should concentrate on functions and
knowledge. How the EDP function is organized and the extent of concentration or
distribution of computer processing throughout the entity is important.
b. Nature of Processing
Computer based accounting system is entirely different from conventional based
accounting system. In computer based environment, transactions may be fed into the
computers with no supporting documents like vouchers, invoice, receipt, etc.
c. Design and Procedural Aspects
The design and procedural aspects of the computerized system are very different.
Computer based accounting system is difficult and time consuming to design and
installation. But the computerized information system performs consistently. It can
incorporate automatic checks which identify for more than six months and include the same
in the report which is available for retrieval. To protect data against unauthorized access,
password controls are used.
*****