• High Cost–A computerized environment will result to auditor applying Computer Audit Assisted Techniques which may be costly.
• Need for technical skills – The auditor has to be competent, skilled and experienced staff in information technology. This will be costly and will lead to an increase in audit fees.
• Security threats-procurement system is vulnerable to security threats such as virus that may destroy information. This will have an effect of the application programs and audit software used.
• Loss of audit trail-audit trail refers to the ability to trace transactions through the system by examining the source of procurement documents or records. In procurement system data and information is maintained in magnetic files which are written off over time. This leads in loss of visible audit trail.
• Consistency issues- If the procurement system has a programming error this will affect all transactions processed
• Concentration of function and controls- due to the use of procurement systems few individuals are involved in the processing of procurement information. This results in weak internal control which in turn increases audit risk
• Lack of visible supporting document- in a computerized environment, employees usually enter data directly without supporting documents for example when purchasing goods, a sale invoice is processed online without a physical one being processed this increases auditors work since the supporting document cannot be readily found.
• Ease of access of data and computer programs-due to ease of data access there are high chance of frauds in the system. This leads to deviation of audits responsibility to performing management responsibility of detecting fraud.
Information Technology Risks
The auditor should be aware that information technology poses specific risks to
an entity’s internal control including:
• Reliance on systems or programs that are inaccurately processing data, processing inaccurate data, or both.
• Unauthorized access to data that may result in destruction of data or improper changes to data, including the recording of unauthorized or non- existent transactions or inaccurate recording of transactions.
• Unauthorized changes to data in master files.
• Unauthorized changes to systems or programs.
• Failure to make necessary changes to systems or programs.
• Inappropriate manual intervention.
• Potential loss of data or inability to access data as required