Audit in CIS Environment#

Manual Accounting
Receipt >

1. Meaning
*Columnar Journal, worksheet vs Quickbooks
*Practice Set

2. Recording
*You cannot record a transaction without the books at hand vs Quickbooks (mobile
app/laptop)

3. Calculation
*Prone to error vs more accurate information
*Sample (Quickbooks Journal Entry and Sales Invoice)

Almost all entities employ computerized accounting system as compared to manual

*Quickbooks/Xero/SAP others
*Accountants work made easy but auditors are challenged

CIS vs Manual Accounting

Receipt >

1. Meaning
*Columnar Journal, worksheet vs Quickbooks
*Practice Set

2. Recording
*You cannot record a transaction without the books at hand vs Quickbooks (mobile
app/laptop)

3. Calculation
*Prone to error vs more accurate information
*Sample (Quickbooks Journal Entry and Sales Invoice)

Almost all entities employ computerized accounting system as compared to manual

*Quickbooks/Xero/SAP others
*Accountants work made easy but auditors are challenged

Computerized Accounting
Receipt >
1. Meaning
*Columnar Journal, worksheet vs Quickbooks
*Practice Set

2. Recording
*You cannot record a transaction without the books at hand vs Quickbooks (mobile
app/laptop)

3. Calculation
*Prone to error vs more accurate information
*Sample (Quickbooks Journal Entry and Sales Invoice)

Almost all entities employ computerized accounting system as compared to manual

*Quickbooks/Xero/SAP others
*Accountants work made easy but auditors are challenged

Characteristics of Computerized Accounting Systems

Lack of Visible Transaction Trail
Consistency of Performance
Ease of Access to Data and Computer Program
Concentration of Duties
System Generated Transactions
Vulnerability of Data and program storage media

Both advantage and disadvantage

Lack of Visible Transaction Trail - one of the reason why auditors having a hard
time
Manual (physical paper) vs CIS virtual documents ( pdf invoice)- cannot be read
without a computer.
Auditors need pdf reader and other software to read the documents)

2. Sample Sale Transactions via quickbooks

Consistency of Performance
Programmed (AI technology)- Uniform manner (less clerical errors)
If programmed incorrectly, errors are also consistent (controls)

Ease of Access to data and computer Program

Data can be altered without evidence (in paper there is a trace)
Controls : Passwords and audit trails (history)

Concentration of Duties
Recording/Disbursement in Manual Accounting (Lapping/Fraud) vs Automated (Bill Pay
and recording) -
Incompatible duties can be combined in a CIS environment, cost benefit
AI has no motivation to commit fraud

System Generated Transactions

Automated transactions - depreciation, recurring expenses (Utilities etc)/Late
fees
Journal Entries automation

Vulnerability of Data and program storage media

Manual – info are destroyed by fire or deterioration but there are much more safer
and not easy to alter
CIS - Easy deletion, Virus or corrupt (BDO)

Internal Control in a CIS Environment

Internal controls are the mechanisms, rules, and procedures implemented by a
company to ensure the integrity of financial and accounting information, promote
accountability, and prevent fraud.

- Prevent something from happening (safeguard) frauds, errors (factory :quality

control)
*authorization
*segregation of duties
*recalculation/checking

Application Controls
General Controls
Internal Control in a CIS Environment
7
- Relates to the overall CIS

General Controls
Organizational Controls
Systems Development and Documentation Control
Access Controls
Data Recovery Controls
Monitoring Controls
8

General Controls
1. Organizational Controls

a. Segregation of duties between the CIS department and the user department.

b. Segregation of duties within the CIS department

9
General Controls
These relates to the overall computer information system
Segregation between the CIS department and the users
- CIS/IT dept separated to users and all departments (sales, purchasing
department, etc)
- To avoid fraud – user want to commit fraud , he can do it if he has duties as
well in the CIS Dept

b. Segregation of duties within the CIS department

Input data - salaries, collections, billings

Segregation of duties within the CIS department

CIS Director - governs all CIS operation

SYSTEMS DEVELOPMENT TEAM

Systems Analyst - design and develop software and computer systems. They also
improves existing systems. (Formulation and thinking)

Programmer – guided by the specification of system analysts responsible for

implementing designs by writing computer programs. (Execution of the program)
While systems analysts design and develop software and computer systems,
Computer Programmers are responsible for implementing designs by writing computer
programs.

Architect and Engineer

10

Segregation of duties within the CIS department

COMPUTER OPERATIONS TEAM

Data Entry Operator - prepares and verify input data for processing

Computer Operator- operates the computer to process transactions

Computer Operator - processor (from the initiation of a user department)

Data Entry Operator - (automated)

11

Segregation of duties within the CIS department

OTHER FUNCTIONS

Librarian - maintains custody of systems documentation , programs, and files

Control Group- review input procedures, monitor computer processing, follows up

data processing error etc. (Audit)
OTHER FUNCTIONS

Librarian – cloud (today)

Control Group- internal auditor of the CIS department

Drawbacks = very costly

In today’s time these are replaced by machines
12

General Controls
2. Systems Development and Documentation Control

The accounting software developed by the systems development team must be tested,
modified and approved by the appropriate level of management

There should be proper system documentation

13
2. Systems Development and Documentation Control

For Old system:

- any changes in the system should be approved by the users and management

For new systems:

PILOT TESTING is defined as a type of Software Testing that verifies a component of
the system or the entire system under a real-time operating condition.
see the error before implementing
CIS and user are involved
- User’ Manual
- Flowchart

Documentation Control

The collection of documents that describes the requirements, capabilities,

limitations, design, operation, and maintenance of a system, such as a
communications, computing, or information processing system

- Important in case of termination or audit of control group

General Controls
3. Access Control

Systems should have adequate security controls The computer should only be accessed
by authorized individuals

14
3. Access Control

Password (Show QB log in)

Pass on files (MS Security)
General Controls
4. Data Recovery Control

Data recovery is the process of restoring data that has been lost, accidentally
deleted, corrupted or made inaccessible. In enterprise IT, data recovery typically
refers to the restoration of data to a desktop, laptop, server or external storage
system from a backup

15

3. Data Recovery Control – back up files and off site storage procedures

- Computer files are copied Daily and store them OFF SITE (USB disket)
- Cloudbased technology (online) google drive , dropbox , built in system
(quickbooks online)
- Grandfather – father son

Grandfather – monthly (Offsite or cloud)

Father - more frequent (weekly) stored locally easily accessed
Son - daily back up stored locally

In the traditional GFS approach, a full backup is completed on the same day of each
month (for example, the last day of each month or the fourth Friday of each month—
however you want to define it). This is the “grandfather” cycle. It’s best practice
to store this backup off-site or in the cloud. This also helps satisfy the off-site
requirement of a 3-2-1 strategy.
Next, another full backup is set to run on a more frequent basis, like weekly.
Again, you can define when exactly this full backup should take place, keeping in
mind your business’s bandwidth requirements. (Because full backups will most
definitely tie up your network for a while!) This is the “father” cycle, and,
ideally, your backup should be stored locally and/or in hot cloud storage,
like Backblaze B2 Cloud Storage, where it can be quickly and easily accessed if
needed.
Last, plan to cover your bases with daily incremental backups. These are the “son”
backups, and they should be stored in the same location as your “father” backups.

General Controls
5. Monitoring Controls

Ensures that CIS Controls are working effectively as planned .

16
5. Monitoring Controls

Periodic Evaluation and assessment – may conducted by an external IT Auditor

Application Controls
General Controls
Internal Control in a CIS Environment
17
Application control – specific use of a system or software
- all transactions are authorized, complete,
accurate and timely
Transaction Processing in CIS Environment
Input
(User)
Process
(Computer/Program)
Output
18
Processing of Transactions in CIS Environment

Input - capturing/entering of transactions in the system (conversion of human

readable information to computer readable)
- In CIS, typing of transactions (raw data/ details of it)
- Crucial because this is the raw material, prone to error,
(manual)

b. Process – conversion of raw data to useful information

- Automatic posting to the journal ,ledger, sub ledger (as
programmed by the system analyst)

c. Output – preparation of different kind of reports (IS, BS, Aging)

You should have “controls” – safeguards in of these 3 processes. (completeness and

accuracy , timeliness)

Application Controls
Input Controls
Processing Control
Output Control
19
Specific app, or program you are using (Xero Quickbooks)
- goal : completeness and accuracy of the records/validity of the entries
made,

Input Control
- data should be properly authorized and approved
- human readable data to computer readable data
- prone to error – that is why we need control

- reasonable assurance that the data submitted for processing are complete,
authorized accurate

Preventive control/Origination controls

Application Controls
1. Input Controls
Key Verification
Field Check
Integrity test/ Validity Check
Self Checking Digit/Check Digit
Limit Check
Control Totals /Batch Input Totals
Financial Totals
Hash Totals
Record Counts

20
Key Verification
 - Data are entered twice (usually by different person) to secure that there are
no key entry committed.

2. Field Check - a certain field is designed to contain only specific data

(numbers /letters/alphanumeric)
- (QTY = Number, Price = Number, invoices (invoice number, customer number)
- error will be detected and error message will appear
- missing data check
- duplicates are also avoided
- field size

3. Validity Check – Comparison with valid information in the master file to

determine “authenticity” of the input.
- There is already a predetermined or file that
contains the “ valid information”
- Inputting payroll expenses for current employees
(not ghost employee)
- look up check

4. Self Checking Digit - mathematically calculated Digit which is usually added to

a document number to detect error
- secret formula. No one knows bout this only
the programmers

letter/digit errors, such as l → 1 or O → 0

transposition errors, such as 12 → 21
twin errors, such as 11 → 22
jump transpositions errors, such as 132 → 231
phonetic errors, such as 60 → 16
Transplacement 1,234 > 123.40

5. Limit Check - data do not exceed predetermined amount/limit or reasonable

amount/number of characters (sample) - quantitative in nature
- Invoice numbers have 4 digits, SSS number have 8 digits

6. Control Totals - totals are automatically calculated by the system to ensure

completeness

Financial Totals – limit or to avoid overage or deficit

Hash Totals - A method for ensuring that data have not been altered (manually
comparison), sum of document number/meaningless for financial purposes
Record Counts - number of document processed in a batch, before the information on
the documents is entered the user counts how many documents there are. Then
manually compare to the computer generated batch total

Batch Total Input Control – The sum of a particular field in a collection of items
used as a control total to ensure that all data has been entered into the computer
(completeness)

Batch Processing vs Real time processing

21

Batch Processing vs Real time processing

22

Application Controls
2. Processing Controls
Integrity test/ Validity Check (input control)
Sequence Test
Input Control totals verification (Input control)
Label Check
Limit and Reasonable checks (input control)
Matching Control

23
Why do we need processing controls? if input controls fails or not detected errors,
hoping it be caught on the processing controls
Error/Report or Exception Report:

Where these processing controls embedded in the system, during the development
stage of the system (programmer)/incorporated in the system

Processing Controls – provide reasonable assurance that the input data are
processed accurately , and that the data are not lost , excluded , duplicated, or
improperly changed. Almost all Input controls are also processing controls

All input controls are processing controls as well.

Integrity test/ Validity Check (input control) - is the transaction appropriate to

process? (is this employee existing?)
Sequence test – Transactions are in a correct and complete sequence (check #)\
Input Control totals verification - Has a built in software that recalculates
totals in the in input phase
Label Checks – prevent processing the wrong file
Must be properly programmed in the system
Limit and Reasonable checks – if the amount is unreasonable or beyond the
predetermined limit. The application will not process
Matching control – they system will not process unless all documents are in the
system (3 way matching . PO + Rec Report + Vendor Invoice)

Application Controls
3. Output Controls
Visual review of the output
Output comparison to original documents
Output distribution control (authorized people only)

24
Output Controls – provide reasonable assurance that the results of processing (FS
or other reports) are complete, accurate and MUST BE DISTRIBUTED ONLY TO AUTHORIZED
USERS

If we did not caught the errors in the input and processing controls
- post processing step
- reviewer somehow knowledgeable at the output

Visual Review - PL monthly (trends)/ recalculation

Output comparison to original documents - random comparison (sales invoices vs
sales in PL), number of docs processed vs submitted for processing (sampling, no
error should be seen)
Output distribution control (salary report confidential)

Methods for Audit Computerized Information System (CIS)

Auditing around the computer (Blackbox Approach)

Auditing through the computer (White Box Approach/CAATS)

25
Test of Control = Intro (Consideration of Internal Control)

*Consideration of Internal Control

*Understanding and Assessment of Internal Control
*Test of Control - has an effect on NTE of substantive testing

Application controls - since these pertain to the program only

General Controls - Physical Observation, systems documentation checks, checking
access controls etc.

Auditing around the computer (testing from the outside) – Used in Less Complex IT
Environment/Simple IT (not reliant to IT)
3 main phases (Input , Process, Output)
FOCUS - INPUT and OUTPUT (PROCESS - ignore)
Process (blinded) - that is why it is called black box approach
- Data – client/auditee, Processing – client/auditee

• Input data are simply reconciled with the computer output to verify the accuracy
of processing. (Data (Input) > System > Output)
• Assumption: If the input reconciles with the output, then the computer program
must have processed the transaction accurately. (without testing the actual system)
• Blackbox approach/testing – visible input documents (paper) and detailed output
that will enable the auditor to trace individual transactions back and forth.

Example : Invoice (QB)

Auditing through the computer (CAATS)

- More Complex Environment (everything is electronic)
- Focus : If the Input and Process is good you assume that the output is good
- has visibility (white box approach)

Auditing through the computer

CAATs - Computer-Assisted Auditing Techniques

Program Testing
a. Historical Audit Techniques
b. Continuous Audit techniques

II. Program Analysis

26
- computer assisted (use of a computer)

Program Testing
- literally testing the program

Program Analysis
- more complex, IT language, scripts etc.

Historical Audit Techniques VS. Continuous Audit Techniques

- Auditors are contracted ANYTIME during the year (beg or after)
- More likely , FS audit (historical- already done)
- Possible (beginning), Continuous audit techniques, real time audit (every
transaction are audited AS IT HAPPENS) by the use of embedded softwares

Auditing through the computer

Program Testing
Historical Audit Techniques

Test Data Approach

Integrated Test Facility
Parallel Simulation
Controlled Reprocessing

27

Test Data Approach

28
Test Data Approach
- Testing data in the system

Questions :
Whose Data to be used? Auditor
Whose system/software you using? – Client/Auditee
are
Data = valid and invalid > fictitious data (dummy/has intentional errors) created
by the auditors (Expectation/Behavior on the output already) (NO REAL CLIENT DATA
Involved)
Process/System = Program by the auditee client

Data:
Expectation vs Reality

- Auditors has Expectation to accept or reject certain transactions

- Auditor should think scenarios a (realistic) like fraud or error based on his
understanding of the business

Example:
(employee number , sales over credit limit, excess hours) –
80 hours a week

Valid: 80 hours, 78 hours

Invalid: 81 hours, 82 Hours (if processed, weak internal system, extensive testing)

- If not caught , the processing is wrong

 - Is it the same with Blackbox approach?? No because we are using Auditors data
own data.

Advantages:
Simple to operateRequires limited technical knowledge
Helps the auditor learn how the system operates

Disadvantages:
1. Live testing is dangerous as it may contaminate client files/ Do not forget to
ELIMINATE or REVERSE the data
2. Confirms the operation of the program at the time it is tested.

Test Data Approach

29

Integrated Test Facility (Embedded Audit Module Approach)

30
Integrated test facility is a variation of test data technique. The main difference
is that instead of checking the system is not in use, simulated data are added to
client's real data and processed simultaneously during the actual processing.

This is automated and ongoing technique that enables the auditor to test an
applications logic and controls during normal operations

Similar with test data but this time integrated in the program (embedded)
- (Unlike Test data = separate, run independently)

Data = both auditor and client (sabay) (valid and invalid fictitious transactions)
System = The actual system by the auditee/client

Advantages:
Continuous monitoring of controls
Testing without interrupting the client operations and without the intervention of
client personnel
Testing can be scheduled and unknown to other staff

Disadvantages
1. Contamination of client data

Parallel Simulation
31
Parallel Simulation

Not really auditing through a computer (parallel lines)

Data = Actual Client’s Data

System = Auditor system (work the same based on logic - develop by the auditor
or a programmer)

Separate Processing (do separate things)

Expectation = same results

Auditor’s system:
Purpose Written Programs / Generalized Audit Software

Data Client > Auditor’s Program (GAS/PWP) > Output

Data Client > Client’s Program (GAS/PWP) > Output

Output vs. Output

How does GAS and PWP works

GAS/PWP (insert > Extract Client Data > Reprocess/Recalculate)

Excel

Extract the data from the computer system

Sort, Age, Analyze
Recalculating amounts

Reconcile your findings to their actual result (since you know what it should look
like)

Parallel Simulation
32
Parallel Simulation

Not really auditing through a computer (parallel lines)

Data = Actual Client’s Data

System = Auditor system (work the same based on logic - develop by the auditor
or a programmer)

Separate Processing (do separate things)

Expectation = same results

Auditor’s system:

Purpose Written Programs / Generalized Audit Software

Data Client > Auditor’s Program (GAS/PWP) > Output

Data Client > Client’s Program (GAS/PWP) > Output

Output vs. Output

Advantages
The size of the sample can be expanded
The auditor can independently run the test
Helps the auditor to focus on items where there are differences

Disadvantages
Time Consuming
Incopatibility of auditor and client software
Cost of audit programming
Technical or the auditor needs special training
Parallel Simulation
33

Parallel Simulation
34

Controlled Reprocessing

A variation of parallel simulation, it involves processing of actual client data

through a copy of the client’s application program

35
Controlled Reprocessing

Difference

PS - own by Auditor GAS/PWP

CR - copy of client’s program

- But the processing is still separate

Controlled Reprocessing
Client’s Program
Copy
CONTROLLED REPROCESSING
36
Controlled Reprocessing

Difference

PS - own by Auditor GAS/PWP

CR - copy of client’s program

- But the processing is still separate

Auditing through the computer

Program Testing
b. Continuous audit techniques (Concurrent Auditing)

Audit Modules
Systems control audit review files (SCARFs)
Audit Hooks
Transaction tagging
Extended records

37
Continuous audit techniques (Concurrent Auditing)

- Tasked to Audit at the beginning or near of the year.

- Before year end, you can plant audit softwares in the system or use the current
audit features (auditors are hired during the systems development)
- Embedded at the beginning of the year, because you are hired at the beggining

Audit Modules

Audit modules – an audit system that is inserted into the client's system so that
it can apply audit procedures to data as it is being processed
38
Audit modules
- Real Time
- Programmed audit routines incorporated into an application program that are
designed to perform an audit function such as a recalculation, or logging activity
- Does the system make an error? No! That is why we test the control.

- Meaning this should be planted at the beginning of the year or the period being
audited.

System Control Audit Review Files - SCARF

It involves embedding audit software modules within a host application system

(client’s program) to provide continuous monitoring of the system’s transactions
(logs)

log that collects transaction information for subsequent review and analysis by the
auditor

39
System Control Audit Review Files

Best Audit Tool - Embedded during the design phase of the program, or embedded by
the auditor

Automated - all exceptions, System errors recorded, are written/collected into a

special file which an auditor can examine (SCARF Master file)

Types of Errors
Profiling Data = Data profiling is the process of examining, analyzing, and
creating useful summaries of data
Sales Dept > Data regarding sales,(customer sales etc. No payroll info)
IT Dept > Data Regarding Sales

2. Application system errors - how many times the system crashed

3. System exception - how often do we override the internal controls (wrong

password attempts)

All of these are recorded to the SCARF Master file (folder)

You can do interim audit or continuous audit (real time)

Audit Hooks

Audit hooks are embedded in application system to capture exceptions or suspicious

transactions

The software tags transactions reports (list) are immediately generated and sent to
the auditors

40
Audit hooks are embedded in application system to capture exceptions or suspicious
transactions

The auditor can set different criteria to capture the exceptions or suspicious
transactions (depending on materiality, audit planning)

Criteria (Sales Audit)

Sales Exceeding P100,000 or above, hook these transactions (based on the
preliminary level of materiality)
Whenever similar transactions recur, reports are immediately generated and sent to
the auditors
Accumulated on a list Only

Transaction Tagging

Transaction tagging is where a transaction record is "tagged" and then traced

through critical points in the information system

41
Similarity with Audit Hook - both are to capture exceptions and suspicious
transactions
- PLUS List plus audit trail (how it was processed in the system)
- auditor uses to electronically mark (or "tag") specific transactions and follow
them through the client's system

Trail/Path of the transactions: Document > journal > Ledger > SL > FS (Output)

Extended Records

This technique attaches additional audit data which would not otherwise be saved to
regular historic records and thereby helps to provide a more complete audit trail

42
Support for tagging and Audit Hooks

For a transaction that was hooked - the system attaches all the supporting/records
files related to it

Sales transactions P100,000 - Copy of the invoices auto attach, sales contract,
shipping documents

Hooked > all records/ data are attached to the transaction (saved in a folder)

Auditing through the computer

II. Program Analysis

Code Review
Program Tracing and Mapping
Flowcharting software
Snapshot

43
-techniques that allow the auditor to gain an understanding of the client’s program
-not detailed discussion (sorry)

Code Review

This involves actual analysis of the logic of the program’s processing routines.

44
- The source code review involves the examination of program source code as it has
been written by the programmers.

- Impractical to do if only a small business, need for the investigator/auditor

to have the appropriate information technology (IT) skills (Auditor’s Expert)

- But if the auditor wishes to evaluate the appropriateness of controls built

into computer systems, examination of the program that includes the antifraud tests
and controls may be appropriate.

- Bank Industry: involves Cash

- Drawback : Costly and time consuming

Program tracing and mapping

Tracing is a technique in which each instruction executed is listed along with

control information impacting that instruction.
Mapping identifies sections of code that can be “entered” and thus are executable.
45
In computing, source code is any collection of code, with or without comments,
written using a human-readable programming language, usually as plain text. ...
The source code is often transformed by an assembler or compiler into binary
machine code that can be executed by the computer.

Code Review - reviewing the codes NOT testing it

Program Tracing and Mapping: testing the program

Flowcharting software

Used to produce a flowchart of a program’s logic and may be used both in mainframe
and microcomputer environments.

46
inserted in the systems and to produce a flowchart based on the logic of the
program and is compared to the flow chart of the CIS dept

remember : part of systems documentations

Why not get the system flowchart from the IT department? We are testing or
verifying

help in the analysis of programs and can somewhat reduce the need for specific
knowledge of programming languages
Mainframe – big database in large companies (centralized/complex IT)
Microcomputer – small business (simple IT)

Snapshots

Snaps (pictures) are taken when a transaction moves through the various stages in
the application system

47
- This technique involves the installation of a snapshot software at that capture
photos at critical processing points of an application or a system.
- The software proceeds to capture images of the transaction as it flows through
the application
- Similar to transaction tagging but the difference is it produces pictures

- Sample: Sale Transactions

Process: Sales Invoices > Journal > Ledger > Subsidiary Ledgers > FS

Picture :Code

Auditing through the computer

III. Review of operating system and other system software

Job Accounting Data/ Operating Systems Logs

Library Management Software
Access Control and Security Software

48
Operating System – other than the data processing of the software
Communication tools, libraries and
storage(internal and external), system logs.

Job Accounting Data/ Operating Systems Logs

These logs that track particular functions (job). The auditor may be able to use
them to review the work processed, to determine whether unauthorized applications
were processed and to determine that authorized applications were processed
properly

49
- Provide record of activity on how the job is done, communications logs –
activity logs
- For example, the auditor could use job accounting data to determine whether
production programs were run at the correct time and the expected number of times
according to the schedule set up in the client’s control procedures.

Example - Daily Payrun

Library Management Software

This creates logs of activities occurring in the data library. These library logs
contain information on the programs, data files accessed, changes made to programs.
This also provide other security or access control functions, which could include
encryption or, more frequently, the use of passwords to restrict access to programs
in the library.
50
- can replace the librarian
- reviewing these logs, where volume permits, can keep the auditor informed of
access and manipulation of the libraries
- it also

Access Control and Security Software

This restricts access to computers to authorized personnel through techniques such
as only allowing certain users with “read-only” access or through use of an
encryption
51
- Access control and security software is designed to restrict access to systems
resources to authorized personnel.
- Most programmed access/security provisions depend on some form of password or
user identification,
- some users will be allowed read-only access, whereas other users may both access
and change data

Computerized Audit Tools

Generalized audit software
Automated workpaper software
Electronic spreadsheets
Database management systems
Text retrieval systems
Word processing software
52
Generalized Audit Software

Discussed in parallel simulation -Package programs (generalized audit software)

Reading computer files
Selecting samples
Performing calculations
Creating data files
Printing reports in an auditor-specified format

Generalized audit software

Package programs (generalized audit software)

Reading and extracting computer files

Selecting samples (criteria)
Performing calculations (recalculations)
Creating data files
Printing reports in an auditor-specified format
53

Automated workpaper software

Designed to generate a trial balance, lead schedules, and other reports useful for
the audit. The schedules and reports can be created once the auditor has either
manually entered or electronically imported through using the client’s account
balance information into the system
54
- Report Generator (Reportex) (Import data, mapping, FS and schedules)
- Might be included in the GAS
 - These packages are usually menu-driven, easy to use, and require no programming
experience

Contain a variety of predefined mathematical operations and functions that can be

applied to data entered into the cells of a spreadsheet
Electronic Spreadsheets
55
Microsoft Excel

Database management software manages the creation, maintenance, and processing of

information. The data are organized in the form of predefined records, and the
database software is used to select, update, sort, display, or print these records
Database management systems
56
- Database used by the auditor NOT of the client
- Once you extracted the data from the customer, sort , filter , etc

Text retrieval systems allow the user to view any text that is available in an
electronic format.
Text Retrieval Systems
57
- Find Function
- The software programs allow the user to browse through text files much as a user
would through books, only faster

Word processing is the use o f computer software to produce a text manuscript.

Word Processing Software
58
Microsoft Word

What are Computerized Information Systems?

Computerized Information Systems (CIS) is the application of technology in managing
the needs of businesses

It is a system that is composed of people and computers that processes or

interprets information.
What is a computerized information system?
*Information system - collection, processing, storing,
and distributing information
*Example: MQC (grades -> teacher process grades -> store (registrar) -> online
portal)
MQC (cash collected from students->finance/accounting-> store
(computer) -> FS (cash)

59