The effect of IT on the Audit

Differences b/w manual and IT environments:

 Combination of functions that are usually separated in a manual environment

 Paper trails are disappearing → audit tests must be performed on a continuous basis
 Difficult to indentify nonstandard and unusual transactions
 Clerical errors are virtually eliminated
 Increased risk of systematic error (error in programming logic)
 Transactions are not subject to the same types of authorizations and not well-documented
 Unauthorized interventions may not be evident

Negatives/Disadvantages

Opportunity for remote access → increase likelihood of unauthorized access

Concentration of information: security is breached → a greater damaged than in manual environment

Decrease of human involvement → decrease in observation

Error of Fraud may occur in design or maintenance of application programs

Computer disruptions → errors or delay in transaction recording

Positives/ Advantages

More opportunities for data analysis and reviews

Access to the entity’s raw data and managements report → greater opportunity to perform analytical
procedures

IT Benefits

 The ability to process large volume of transactions

 Improved timeliness and availability of info
 Facilitation of data analysis
 Enhanced segregation of duties through implementation of security controls
 Enhanced ability to monitor entities activities, policies and procedures

IT Risks

 Potential reliance on inaccurate systems

 Unauthorized access to data
 Unauthorized changes to data, programs, or systems
 Failure to make required changes to systems or programs
  Potential data loss
Auditor can use:
o manual audit procedures → AUDIT AROUND THE COMPUTER
o CAAT→ AUDIT WITH THE COMPUTER
o combination of both

Factors to be considered when choosing audit procedure:

o Extent of computer utilization

o Structure of it department
o Complexity of computer operations
o Use of CAAT
o Availability of an audit trail

Use of IT Professional

1. The auditor should have enough knowledge to:

a. Communicate audit objectives to the IT specialist
b. Evaluate the sufficiency of the procedures performed
c. Evaluate the results of the procedures
2. The auditor is responsible to guide the IT professionals
3. The auditor is not required to have the set of IT skills

Audit around the computer

Auditor tests input data, processes data independently, and then compare the system results with the
independently calculated results. Emphasis: input and output stages of transaction processing.

Good for simple batch systems

Negatives: insufficient paper-based evidence and insufficient audit procedures

Audit through the computer

Emphasis: input and processing stages

Transaction Tagging → electronically tag or mark the specific transaction and follow it though the
client’s system.
→ Allows to test both computerized and manual handling of transactions

Embedded Audit Modules → a part of an application system that is designed to indentify and
report specific transactions or other information on a predetermined criteria

Example: all transactions affecting a specific account code greater than $500

Embedded audit models are usually built into the application system when the program is developed
to assure controls are operating effectively
Test Data → use the application program to process a set of test data, the results of which are already
known.
 Performed off-line and under auditor’s control
 Contains the types of invalid info the auditor is interested in
 Live computer files are not affected at any way

Integrated Test Facility (ITF) → very similar to the test data approach except that the auditor’s test
data is commingled with the live data.
 Performed on-line
 The client’s personal is not aware of test performed

Parallel Simulation (reperformance test) → the auditor reprocesses some or all of the client’s live
data using the auditor’s software and then compares the results with the client’s files

Use of the auditor’s software to process client’s data

With controlled processing → observe an actual processing run and compares the actual result with
the expected results

With controlled re-processing → use an archived copy of the program in question (auditor’s control
copy) and the program in place → differences indentify any changes to the transaction program

Parallel Simulation can be achieved though the use of a package program or utility or produced by
GASPs

→ Generalized Audit Software Packages (GASPs) allow the auditor to perform test of controls and
substantive test of details directly on the client’s system
→ The auditor is required to define the client’s system to the GASPs and then specify tests and
selections

Tasks performed by GASPS

a. Examine transactions for control compliance
b. Selecting items meeting specific criteria
c. Recalculating amounts and totals
d. Reconciling data from two different files
e. Performing statistical analyses on transactions

Advantages of using GASPs

a. Sample and test much higher % of transactions; more reliable audit
b. Little technical knowledge
c. Reduce audit time without sacrificing quality
Auditing with a computer

Advantages

a. Reduce mathematical errors

b. Automatic cross-referencing
c. Automatic preparation of FS, tax return schedules, consolidation
d. Reduction in the required supervisory time
e. Automatic performance of certain analytical review procedures
f. Year one to the next year
g. Enhanced client service
h. Improved moral and productivity of the audit team; less time spent on tedious clerical tasks

Disadvantages

a. Audit documentation may not contain readily observable calculations

Evaluating Audit Findings

Analytical procedures are required at the review stage → must be performed by a partner of
manager who has a comprehensive knowledge of the client’s industry and business
Purpose: to evaluate the overall FS presentation and to assess the conclusions reached
→ the auditor might discover unusual balances → should consider additional audit procedures