FREE ELECTRONIC LIBRARY - Books, dissertations, abstract

Pages:   || 2 |

«SPECIFIC ASPECTS OF AUDITING IN A COMPUTER-BASED ENVIRONMENT Information technology (IT) is integral to modern accounting and management information ...»

-- [ Page 1 ] --





Information technology (IT) is integral to modern accounting and management

information systems. It is, therefore, imperative that auditors should be fully

aware of the impact of IT on the audit of a client’s financial statements, both in

the context of how it is used by a client to gather, process and report financial information in its financial statements, and how the auditor can use IT in the process of auditing the financial statements.

The purpose of this article is to provide guidance on following aspects of

auditing in a computer-based accounting environment:

• Application controls, comprising input, processing, output and master file controls established by an audit client, over its computer-based accounting system and

• Computer-assisted audit techniques (CAATs) that may be employed by auditors to test and conclude on the integrity of a client’s computer-based accounting system.

Exam questions on each of the aspects identified above are often answered to an inadequate standard by a significant number of students – hence the reason for this article.

Dealing with application controls and CAATs in turn:


Application controls are those controls (manual and computerised) that relate to the transaction and standing data pertaining to a computer-based accounting system. They are specific to a given application and their objectives are to ensure the completeness and accuracy of the accounting records and the validity of entries made in those records. An effective computer-based system will ensure that there are adequate controls existing at the point of input, processing and output stages of the computer processing cycle and over standing data contained in master files. Application controls need to be ascertained, recorded and evaluated by the auditor as part of the process of determining the risk of material misstatement in the audit client’s financial statements.

Input controls Control activities designed to ensure that input is authorised, complete, accurate and timely are referred to as input controls. Dependent on the complexity of the application program in question, such controls will vary in terms of quantity and sophistication. Factors to be considered in determining these variables include cost considerations, and confidentiality requirements with regard to the data input. Input controls common to most effective application programs include on-screen prompt facilities (for example, a request for an authorised user to ‘log-in’) and a facility to produce an audit © 2011 ACCA



JANUARY 2011 trail allowing a user to trace a transaction from its origin to disposition in the system.

Specific input validation checks may include:

Format checks These ensure that information is input in the correct form. For example, the requirement that the date of a sales invoice be input in numeric format only – not numeric and alphanumeric.

Range checks These ensure that information input is reasonable in line with expectations. For example, where an entity rarely, if ever, makes bulk-buy purchases with a value in excess of $50,000, a purchase invoice with an input value in excess of $50,000 is rejected for review and follow-up.

Compatibility checks These ensure that data input from two or more fields is compatible. For example, a sales invoice value should be compatible with the amount of sales tax charged on the invoice.

Validity checks These ensure that the data input is valid. For example, where an entity operates a job costing system – costs input to a previously completed job should be rejected as invalid.

Exception checks These ensure that an exception report is produced highlighting unusual situations that have arisen following the input of a specific item. For example, the carry forward of a negative value for inventory held.

Sequence checks These facilitate completeness of processing by ensuring that documents processed out of sequence are rejected. For example, where pre-numbered goods received notes are issued to acknowledge the receipt of goods into physical inventory, any input of notes out of sequence should be rejected.

Control totals These also facilitate completeness of processing by ensure that pre-input, manually prepared control totals are compared to control totals input. For example, non-matching totals of a ‘batch’ of purchase invoices should result in an on-screen user prompt, or the production of an exception report for follow-up. The use of control totals in this way are also commonly referred to as output controls (see below).

Check digit verification This process uses algorithms to ensure that data input is accurate. For example, internally generated valid supplier numerical reference codes, should © 2011 ACCA



JANUARY 2011 be formatted in such a way that any purchase invoices input with an incorrect code will be automatically rejected.

Processing controls Processing controls exist to ensure that all data input is processed correctly and that data files are appropriately updated accurately in a timely manner.

The processing controls for a specified application program should be designed and then tested prior to ‘live’ running with real data. These may typically include the use of run-to-run controls, which ensure the integrity of cumulative totals contained in the accounting records is maintained from one data processing run to the next. For example, the balance carried forward on the bank account in a company’s general (nominal) ledger. Other processing controls should include the subsequent processing of data rejected at the point

of input, for example:

A computer produced print-out of rejected items.

• Formal written instructions notifying data processing personnel of the • procedures to follow with regard to rejected items.

Appropriate investigation/follow up with regard to rejected items.

• Evidence that rejected errors have been corrected and re-input.

• Output controls Output controls exist to ensure that all data is processed and that output is distributed only to prescribed authorised users. While the degree of output controls will vary from one organisation to another (dependent on the confidentiality of the information and size of the organisation), common

controls comprise:

Use of batch control totals, as described above (see ‘input controls’).

• Appropriate review and follow up of exception report information to • ensure that there are no permanently outstanding exception items.

Careful scheduling of the processing of data to help facilitate the • distribution of information to end users on a timely basis.

Formal written instructions notifying data processing personnel of • prescribed distribution procedures.

Ongoing monitoring by a responsible official, of the distribution of output, • to ensure it is distributed in accordance with authorised policy.

Master file controls The purpose of master file controls is to ensure the ongoing integrity of the standing data contained in the master files. It is vitally important that stringent ‘security’ controls should be exercised over all master files.

These include:

appropriate use of passwords, to restrict access to master file data • the establishment of adequate procedures over the amendment of data, • comprising appropriate segregation of duties, and authority to amend being restricted to appropriate responsible individuals regular checking of master file data to authorised data, by an • independent responsible official © 2011 ACCA



JANUARY 2011 processing controls over the updating of master files, including the use of • record counts and control totals.


The nature of computer-based accounting systems is such that auditors may use the audit client company’s computer, or their own, as an audit tool, to assist them in their audit procedures. The extent to which an auditor may choose between using CAATs and manual techniques on a specific audit

engagement depends on the following factors:

the practicality of carrying out manual testing • the cost effectiveness of using CAATs • the availability of audit time • the availability of the audit client’s computer facility • the level of audit experience and expertise in using a specified CAAT • the level of CAATs carried out by the audit client’s internal audit function • and the extent to which the external auditor can rely on this work

There are three classifications of CAATs – namely:

Audit software • Test data • Other techniques •

Dealing with each of the above in turn:

Audit software Audit software is a generic term used to describe computer programs designed to carry out tests of control and/or substantive procedures. Such programs

may be classified as:

Packaged programs These consist of pre-prepared generalised programs used by auditors and are not ‘client specific’. They may be used to carry out numerous audit tasks, for example, to select a sample, either statistically or judgementally, during arithmetic calculations and checking for gaps in the processing of sequences.

Purpose written programs These programs are usually ‘client specific’ and may be used to carry out tests of control or substantive procedures. Audit software may be bought or developed, but in any event the audit firm’s audit plan should ensure that provision is made to ensure that specified programs are appropriate for a client’s system and the needs of the audit. Typically, they may be used to re-perform computerised control procedures (for example, cost of sales calculations) or perhaps to carry out an aged analysis of trade receivable (debtor) balances.

Enquiry programs These programs are integral to the client’s accounting system; however they may be adapted for audit purposes. For example, where a system provides for the routine reporting on a ‘monthly’ basis of employee starters and leavers, © 2011 ACCA



JANUARY 2011 this facility may be utilised by the auditor when auditing salaries and wages in the client’s financial statements. Similarly, a facility to report trade payable (creditor) long outstanding balances could be used by an auditor when verifying the reported value of creditors.

Test data Audit test data Audit test data is used to test the existence and effectiveness of controls built into an application program used by an audit client. As such, dummy transactions are processed through the client’s computerised system. The results of processing are then compared to the auditor’s expected results to determine whether controls are operating efficiently and systems’ objectiveness are being achieved. For example, two dummy bank payment transactions (one inside and one outside authorised parameters) may be processed with the expectation that only the transaction processed within the parameters is ‘accepted’ by the system. Clearly, if dummy transactions processed do not produce the expected results in output, the auditor will need to consider the need for increased substantive procedures in the area being reviewed.

Pages:   || 2 |

Similar works:

«Das elektrische Betriebsverhalten eines PEMBrennstoffzellensystems DIPLOMARBEIT Institut für Elektrische Anlagen und Hochspannungstechnik Abteilung Elektrische Anlagen an der Technischen Universität Graz Leiter der Abteilung: Univ.-Prof. Dipl.-Ing. Dr.techn. Lothar Fickert Begutachter: Ao. Univ. Prof. Dipl.-Ing. Dr. techn. Manfred Sakulin Betreuung: Ass. Prof. Dipl.-Ing. Dr. techn. Herwig Renner Vorgelegt von: Christian Kitz Graz, im Dezember 2002 Danksagung Dieses Projekt wurde in einer...»

«Research Publication Date: 10 August 2011 ID Number: G00213049 Data Center Redesign Yields an 80%-Plus Reduction in Energy Usage Jay E. Pultz The National Renewable Energy Laboratory's (NREL's) data center is a showcase of energy efficiency and confirms many of Gartner's best practices in data center design. Most of what NREL has done can be replicated by clients; however, two design approaches are climate-dependent: near-full reliance on outside air for cooling, and photovoltaic arrays for...»

«DEPARTMENT OF THE TREASURY Office of the Comptroller of the Currency 12 CFR Part 25 Docket ID OCC-2009-0019 RIN 1557-AD29 FEDERAL RESERVE SYSTEM 12 CFR Part 228 [Regulation BB; Docket No. R-1380] FEDERAL DEPOSIT INSURANCE CORPORATION 12 CFR Part 345 RIN 3064-AD54 DEPARTMENT OF TREASURY Office of Thrift Supervision 12 CFR Part 563e Docket ID OTS-2009-0022 RIN: 1550-AC37 Community Reinvestment Act Regulations AGENCIES: Office of the Comptroller of the Currency, Treasury (OCC); Board of Governors...»

«Dynamics of oscillating piezoelectric micro resonators: Hydrodynamic loading effect and intrinsic damping Dissertation zur Erlangung des Grades des Doktors der Ingenieurwissenschaften der NaturwissenschaftlichTechnischen Fakultät II Physik und Mechatronik der Universität des Saarlandes von Huacheng Qiu Saarbrücken Tag des Kolloquiums: 12.03.2015 Univ.-Prof. Dr.-Ing. Georg Frey Dekan: Mitglieder des Prüfungsausschusses Univ.-Prof. Dr.-Ing. Chihao Xu Vorsitzender: 1. Gutachter: Univ.-Prof....»

«Project Number: ME-KZS-0602 Design of a Roof Inspection Robot A Major Qualifying Project Report Submitted to the Faculty of the WORCESTER POLYTECHNIC INSTITUTE in partial fulfillment of the requirements for the Degree of Bachelor of Science in Mechanical Engineering by Nicholas McMahon Samuel Feller Nathan Malatesta April 26th, 2007 Approved: _ Prof. Kenneth Stafford, Advisor Acknowledgements We would like to thank the following people for their help and support throughout the course of this...»

«Technische Universität München WACKER-Lehrstuhl für Makromolekulare Chemie Novel developments in Hydrogen Storage, Hydrogen Activation and Ionic Liquids Amir Doroodian Vollständiger Abdruck der von der Fakultät für Chemie der Technischen Universität München zur Erlangung des akademischen Grades eines Doktors der Naturwissenschaften genehmigten Dissertation. Vorsitzender: Univ.-Prof. Dr. K. O. Hinrichsen Prüfer der Dissertation: 1. Univ.-Prof. Dr. Dr. h. c. B. Rieger 2. apl. Prof. Dr....»

«BEFESTIGUNGSTECHNIK BEWEHRUNGSTECHNIK VERBINDUNGSTECHNIK FASSADENBEFESTIGUNG MONTAGETECHNIK Ankerschienen JORDAHL® Ankerschienen JTA ETA-09/0338 Gültig bis 17. Juni 2018 Ermächtigt und notifiziert g em äß A rti kel 1 0 de r Richtlinie des Rates vom 21. Dezember 1988 zur Angleichung der Rechtsund Verwaltung svorschriften d e r M it g l i e d s t a a t e n über B aup rodukte (89/106/EWG) Europäische Technische Zulassung ETA-09/0338 Handelsbezeichnung Jordahl-Ankerschiene JTA Trade name...»

«Secondary/Emerging Constituents Report Southern California Regional Brine-Concentrate Management Study – Phase I Lower Colorado Region U.S. Department of the Interior Bureau of Reclamation October 2009 Contents Page Abbreviations and Acronyms 1  Introduction and Study Objectives 1.1  Introduction 1.2  Study Objectives 1.3  Study Components 1.4  Report Objectives 2  Compounds of Emerging Concern 2.1  Background Information on CECs 2.2  Categories and Description of CECs 2.2.1 ...»

«Technische Universit¨ t Munchen a ¨ ¨ Institut fur Informatik ¨ Lehrstuhl fur Rechnertechnik und Rechnerorganisation Automatic Performance Engineering Workflows for High Performance Computing Ventsislav Petkov a¨ ¨ Vollst¨ ndiger Abdruck der von der Fakult¨ t fur Informatik der Technischen Universit¨ t Munchen a a zur Erlangung des akademischen Grades eines Doktors der Naturwissenschaften (Dr. rer. nat.) genehmigten Dissertation. Vorsitzende(r): Univ.-Prof. Dr. Helmut Krcmar ¨ Prufer...»

«SWAHILI FORUM 15 (2008): 15-23 WHAT'S WRONG WITH THE MARINE AND THE BEAUTY? ELENA BERTONCINI-ZÚBKOVÁ Instead of discussing an outstanding literary work by a well-known Swahili writer, this time I would like to present a secondor third-rate book by a renownless author (at least to my knowledge), Gilbert Gicaru Githere.2 Its title is Mwana Maji na Mrembo (The Marine and the beauty). It was published in 1990 by an otherwise unknown publishing house, Merengo Publishers, and printed in Hawaii. I...»

<<  HOME   |    CONTACTS
2016 www.book.dislib.info - Free e-library - Books, dissertations, abstract

Materials of this site are available for review, all rights belong to their respective owners.
If you do not agree with the fact that your material is placed on this site, please, email us, we will within 1-2 business days delete him.