AUDIT IN A

COMPUTERISED
ENVIRONMENT
AUTOMATED ENVIRONMENT
 Itrefers to a business environment where the
processes, operations, accounting and
decisions are carried out by using the
computer systems.
FEATURES OF AUTOMATED
ENVIRONMENT
EXAMPLES OF AUTOMATION
 Online shopping
 Internet banking/ debit credit cards

 Booking--- travel train/flight/bus

 Admission process

 Online examinations/evaluation

 Video-conferencing / online meetings

 List of accounting softwares—
 Quickbooks, Turbocash, ZOHO, Tally, Vyapar,
BUSY, profitbooks,
 List of ERPs--- SAP
RELEVANCE OF IT IN AUDIT
TYPES OF CONTROLS IN IT
GENERAL CONTROLS
GENERAL CONTROLS
GENERAL CONTROLS
GENERAL CONTROLS
CONTROLS
APPLICATION CONTROLS -INPUT CONTROLS
 Control activities designed to ensure that input is authorised, complete, accurate and timely are referred to as
input controls. Dependent on the complexity of the application program in question, such controls will vary in
terms of quantity and sophistication.
Specific input validation checks may include:
 Format checks : These ensure that information is input in the correct form. For example, the requirement that
the date of a sales in voice be input in numeric format only – not numeric and alphanumeric.
 Range checks: These ensure that information input is reasonable in line with expectations. For example,
where an entity rarely, if ever, makes bulk-buy purchases with a value in excess of $50,000, a purchase
invoice with an input value in excess of $50,000 is rejected for review and follow-up.
 Compatibility checks: These ensure that data input from two or more fields is compatible. For example, a sales
invoice value should be compatible with the amount of sales tax charged on the invoice.
 Validity checks: These ensure that the data input is valid. For example, where an entity operates a job costing
system – costs input to a previously completed job should be rejected as invalid.
 Exception checks: These ensure that an exception report is produced highlighting unusual situations that have
arisen following the input of a specific item. For example, the carry forward of a negative value for inventory
held.
 Sequence checks: These facilitate completeness of processing by ensuring that documents processed out of
sequence are reject ed. For example, where pre-numbered goods received notes are issued to ac knowledge the
receipt of goods into physical inventory, any input of notes out of sequence should be rejected.
 Control totals: These also facilitate completeness of processing by ensure that pre-input, manually prepared
control totals are compared to control totals input. For example, non-matching totals of a ‘batch’ of purchase
invoices should result in an on-screen user prompt, or the production of an exception report for follow-up. The
use of control totals in this way are also commonly referred to as output controls (see below).
 Check digit verification: This process uses algorithms to ensure that data input is accurate. For example,
internally generated valid supplier numerical reference codes, should be formatted in such a way that any
purchase invoices input with an incorrect code will be automatically rejected.
APPLICATION CONTROLS-PROCESSING CONTROLS
 Processing controls exist to ensure that all data input is
processed correctly and that data files are appropriately updated
accurately in a timely manner. The processing controls for a
specified application program should be designed and then tested
prior to ‘live’ running with real data.
 These may typically include the use of run-to-run controls, which
ensure the integrity of cumulative totals contained in the
accounting records is maintained from one data processing run to
the next. For example, the balance carried forward on the bank
account in a company’s general (nominal) ledger. Other
processing controls should include the subsequent processing of
data rejected at the point of input, for example:
 A computer produced print-out of rejected items.
 Formal written instructions notifying data processing personnel of
the procedures to follow with regard to rejected items.
 Appropriate investigation/follow up with regard to rejected
items.
 Evidence that rejected errors have been corrected and re-input.
APPLICATION CONTROLS OUTPUT CONTROLS
 Output controls exist to ensure that all data is processed
and that output is distributed only to prescribed
authorised users. While the degree of output controls will
vary from one organisation to another (dependent on the
confidentiality of the information and size of the
organisation), common controls comprise:
 Use of batch control totals, as described above (see ‘input
controls’).
 Appropriate review and follow up of exception report
information to ensure that there are no permanently
outstanding exception items.
 Careful scheduling of the processing of data to help
facilitate the distribution of information to end users on a
timely basis.
 Formal written instructions notifying data processing
personnel of prescribed distribution procedures.
 Ongoing monitoring by a responsible official, of the
distribution of output, to ensure it is distributed in
accordance with authorised policy.
TESTING METHODS
 There are four types of audit test to be used.
 They are inquiry, observation, inspection and
reperformance.
 Inquiry is one of the effective audit tests but
it cannot be used in isolation. It has to be
combined with observation, inspection &
reperformance.
 Reperformance gives the best audit
evidence. However, it may be time-
consuming at times.
TESTING METHODS

 The common methods of testing in an IT

environment are:
 Obtain an understanding of how the transaction
is carried out in a system by using a combination
of inquiry, observation & inspection.
 Observe how a user processes transactions under
different scenarios
 Inspect the configuration of the application
 Inspect changes to system logs
 Go through the user manual
 Carry out test check (ie insert errors) and check
if the error message is properly displayed.
CAAT
CAAT- CONT...
 The nature of computer-based accounting systems is
such that auditors may use the audit client
company’s computer, or their own, as an audit tool,
to assist them in their audit procedures. The extent
to which an auditor may choose between using CAATs
and manual techniques on a specific audit
engagement depends on the following factors:
 the practicality of carrying out manual testing
 the cost effectiveness of using CAATs
 the availability of audit time
 the availability of the audit client’s computer facility
 the level of audit experience and expertise in using a
specified CAAT
 the level of CAATs carried out by the audit client’s
internal audit function and the extent to which the
extern al auditor can rely on this work.
CAAT … CONT
 Data analytics can be used intesting of electronic
records and data residing in the IT systems using
MS-Excel or specialised audit tools viz. IDEA, ACL
etc.
 The following steps to be performed

 A) Check completeness of data and population

 B) select audit samples based on

random/systematic sampling
 C) Re-computation of balance

 D) Re-performance of mathematical calculation

 E) Analysis of journal entries

 F ) Fraud Investigation

 G) Evaluate impact of control deficiencies

CAAT
IMPORTANT TERMS
SOURCES
 ICAI Intermediate Study Material
 https://www.youtube.com/watch?v=CBtmxx
Lwusg&list=PLjrXzkmqZGHJeeBy6JuGcS3MYW
XgGcOZY
 https://www.youtube.com/watch?v=EpkfKVv
-uvE
 MS Excel - Auditing Tools - YouTube