What is the audit approach in computerized information systems?

The approach taken by the auditor when examining computerized records takes either of the two main forms.

a. Auditing round the computer.
This means examining evidence for all items in the financial statements without getting immersed
in the details of the computerized information system. The benefits of this approach are that it
saves time and its justification is that computers are 100% accurate in processing transactions
and therefore material processing errors simply do not occur.
The draw back of this approach is that once an application is programmed to process an item
incorrectly, then it processes exactly as programmed indefinitely. However, major frauds and error
or system failures should be picked up in the assets and liabilities verification e.g. if processing
of sales is incorrect, verification of debtors can uncover the error. Also an analysis of gross profit
margins will help discover any errors in sales. This approach is suitable for small businesses but
largely unsuitable for large scale entities.

b. Auditing through the computer.
There are two basic techniques available to the auditor for auditing through the computer. These
are use of test data and use of computer audit programs which are also called CAATs (computer
assisted audit techniques).
i) Test data
These are designed to test the performance of client’s programs. What it involves is for the
auditor either using dummy data or live data for processing to manually work out the expected
result using the logic of the program. This is then run on the computer using the program and the
results are compared. A satisfactory outcome gives the auditor a degree of assurance that if that
program is used continuously throughout the year, then it will perform as required. This technique
of test data falls under compliance testing.
Live data testing has the following disadvantages
i. I f the data is included with normal, separate test data totals cannot be obtained. This
can sometimes be resolved by use of dummy branches or separate codes to report the
programs effects on the test data.
ii. Side effects can occur. It has been known for an auditor’s dummy product to be included in a catalogue.
Client’s files and totals are corrupted although this may be immaterial.
If the auditor is testing procedures such as debt follow up, then the testing has to be over fairly a
long time. This can be difficult to organize.
-Dummy testing has the following disadvantages
i. Difficulties will be encountered in simulating the whole system or part of it.
ii. A more detailed knowledge of the system is required than with use of live files.
iii. There is often uncertainty as to whether operational programs are really being used for the test.
iv. The time span problem is still difficult but more capable of resolution than live testing.
ii) Computer programs or audit software
These consist of computer programs used by the auditor to read magnetic files and to extract specified information from the files. They are also used to carry out audit work on the contents of the files. These programs are sometimes called enquiry or interrogation programs. They can be written by an audit firm or they can be bought from software houses. They have the advantage that they can be used to train unskilled staff.

---

Wilfykil answered the question on April 12, 2019 at 07:01