How will you review EDP Application Controls in an audit?

Auditing and Assurance Revision Questions and Answers

Control over input, processing, data files and output may be carried out EDP personnel, users of the system, a separate control group, or may be programmed into application software, EDP application controls which the auditor may wish to test include:

i. Manual controls exercised the user-if manual controls exercised the user of the application system are capable of providing reasonable assurance that the systems’ output is complete, accurate and authorized, the auditor may decide to limit tests of control to these manual controls (e.g. the manual controls exercised the user over a computerized payroll system for salaried employees could include an anticipatory input control total for gross pay, the test checking of net salary output computations, the approval of the payments and transfer of funds, comparison to payroll register amounts, and prompt bank reconciliation). In this case, the auditor may wish to test only the manual controls exercised the user.

ii. Controls over system output-if, in addition to manual controls exercised the user, the controls to be tested use information produced the computer or are contained within computer programs; it may be possible to test such controls examining the system’s output using either manual or computer-assisted audit techniques. Such output may be in the form of magnetic media, microfilm or printouts (e.g. the auditor may test controls exercised the entity over the reconciliation of report totals to the general ledger controls accounts and may perform manual tests of those reconciliations). Alternatively, where the reconciliation is performed computer, the auditor may wish to test the reconciliation reperforming the control with the use of computer-assisted audit techniques.

ii. Programmed control procedures – in the case of certain computer systems, the auditor may find that it is not possible or, in some cases, not practical to test controls examining only user controls or the system’s output (e.g. in an application that does not provide printout of critical approvals or override to normal policies, the auditor may want to test control procedures contained within the application program). The auditor may consider performing tests of control using computer assisted audit techniques, such as test data, reprocessing transactions data or in unusual situations, examining the coding of the application program.

(Visited 5 times, 1 visits today)
Share this on:

Leave a Reply

Your email address will not be published. Required fields are marked *