Computer systems which process financial data for a company should be audited to evaluate the reliability of information and also the efficiency and effectiveness of the system. The main problem with auditing a computer system is that processing operations are invisible.
a) State five systems checks and controls that should be built in the system at the design stage to reduce the problem and weaknesses that auditors frequently detect.
b) Discuss the audit trail in computerized accounting information systems.
c) Explain each of the following computer auditing approaches and techniques:
(i.) Auditing around the computer;
(ii.) Auditing through the computer;
(iii.) Auditing packages.
a) System checks and controls that should be built into the system:
o Input authorization- where particular people are allowed to handle certain information.
o Batch controls and balancing-which reduces the auditor‘s work.
o Data validation and editing facilities.
o Error identification facilities.
o A program to keep track of audit trails.
b) Audit trail
Audit trails can be defined as a record of file updating that takes place during a specific transaction. It enables a trace to be kept on all operations on files i.e. audit trail refers to the ability to trace output back to the inputs. The loss of audit trail has an implication in auditing of computer based systems e.g. the auditor will have to be concerned whether the controls within the system have always been operating.
c) (i) Auditing around the computer
Here, one is not concerned about the accuracy only but should be concerned if there is any weakness being abused i.e. check the process being undertaken. In this approach,
the system is assumed to be a black box and the concerned will be whether one given input will give rise to the right outputs. This type of audit does not check for weaknesses in the system as one is only concerned with the correctness of output.
(ii) Auditing through the computer
It involves an examination of processing procedures or routines within the system and also the controls incorporated within the system in order to ensure that the system is capable of providing complete and accurate processing of all data.
(iii) Auditing packages
These are computer programs that can be used for audit purposes to examine the content of business computer files. These audit programs can be: –
o Generalized packages.
o Specific packages- written packages (tailored packages).
These are programs written auditors/specialists that can be used in different types of systems. Given that there are general programs, they can therefore be applied in different organizations. This means that these programs can be tailored designing the format of the files to be interrogated and specifying the parameters of output data that is required.
Specifically written packages
These are specific software that is written so that they can interrogate or be used in a given organization.