a) The computerization of business operations has posed many challenges to the auditor.
Explain the difficulties experienced an auditor in each of the following situations:
i) In the use of test packs. (4 marks)
ii) In on-line systems. (4 marks)
iii) When auditing the output of a complex computerized system. (6 marks)
b) Briefly explain how an auditor verifies the following items in a computerized system.
i) Standing data in a master file (3 marks)
ii) Alterations made in the computer programs. (3 marks) (Total: 20 marks
a) The computerization of business operations has posed many challenges to the auditor. I. Difficulties experienced the auditor in the use of test packs
Audit test data consists of data submitted the auditor for processing the client‘s computer based accounting system. It may be processed during a normal production run (running test data live) or during a special run at a point in time outside normal cycle (running test data dead). Approaches to test data are;
Using live data
Using dummy data in a normal production run
Using dummy data in a special run Difficulties
There may be considerable costs involved in ascertaining the relevant controls and in constructing test data from scratch
ii) Objectives of the set
Test data is likely to be confined to tests of controls and may therefore be less valuable in audit terms than using audit software.
iii) Dangers of using live testing
Careful planning and control is needed to check test data from records
iv) Dangers of testing during a special run
If special test runs are used, an artificial testing environment is created. Assurance is needed that the normal program and files have been used.
Use of test packs does not necessarily provide visible evidence of the audit work performed. Working papers should therefore include details of the controls to be tested, an explanation of how they are tested, details of the transactions and files used, details of predicted results, actual results and evidence of the predicted and actual results having been compared.
II. Difficulties experienced auditor in on-line system
Online computer systems are those that enable users to access data and programs directly through terminal devices. The risks in using real time systems is increased where terminal devices are dispersed and particularly where public as opposed to private telecommunication links are used. Unauthorised access may be deterred use of protocols, encryption and call back procedures. Where on-line processing is interrupted, where telecommunication links are used, there is increased loss or corruption of data
The auditor must ensure that he understands the operation of such systems. He should test the operation of access controls such as passwords. He should test transaction logs where they exist for authorisation, completeness and accuracy.
The auditor may also reprocess transactions either as a test of control or as substantive procedure.
III. Difficulties experienced auditor when auditing complex computerized system
Due to a complex computerized environment, account balances are likely to be susceptible to material misstatement irrespective of related internal controls. This may lead to auditor expressing an inappropriate opinion on the financial statements.
It is the risk that material misstatement could occur in an accrual balance which would not be detected or prevented the accounting and internal control systems. This occurs in a complex computer environment which will increase audit risk
In a complex computerized environment, the auditor‘s substantive procedures may not detect material misstatement in account balances
A computerized environment will result to auditor applying Computer Audit Assisted Techniques which may be costly.
Need for technical skills
The auditor has to empty competent, skilled and experienced staff in information technology. This will be costly and will lead to an increase in audit fees.
Effect in audit planning
In planning the positions of the audit which may be affected the client‘s environment. The auditor should obtain an understanding of the significance and complexity of the computer information system activities and the availability of data for use in the audit
A complex computer system is likely to have security threats due to unauthorised access to information through hacking. This will have an effect of the application programs and audit software used.
b) How the auditor verifies the following;
i) Standing data in a master file
– Check that all codes match those on master files e.g. employees number matches on employee number on the personnel file. The objective is to ensure that data is processed against the correct master file.
– Check on completeness to ensure that all transactions are recorded
– For validity check to ensure that only actual transactions have been properly authorized and recorded
iii) Alterations made in computer programs
– Check for authorisation to ensure that the staff who altered the program is different from the one who authorized.
– Check whether strict controls have been instituted to the changes
– Check whether a written request for an application program change has been made use department
– Check whether the alterations have been authorized a designated manager or committee
– Check whether documentation has been revised once the program has been redesigned.
– Check whether the changes in the program has been tested the user and a systems employees who was not involved in designing the change
– Check whether approval of documented changes and results of testing should be given a systems manager
– Check if the proposed changes have been tested with incorrect or incomplete data as well as actual data to determine if controls have been properly implemented in the program