Chapter 9

Computer Auditing

COMPUTER CONTROLS
General controls General Controls cover the computer environment as a whole. There is no point having complicated computer software controls if nobody has thought about the more basic issues such as:
= Making regular back-ups of data and storing them off-site = Having an IT Helpdesk and training = Keeping all computers in locked rooms = Having a disaster recovery plan = All computers having log-in codes = Programmers are not users (segregation of duties) = Anti-virus software = Firewall.

2
Application controls Application Controls are the controls over the data in the system. Controls need to cover Input, Processing and Output, as well as the standing data on the system:
= Batch Control Totals = Sequence Tests = Range / Field Limits = Check Digits = Exception Reports = Checks of amendments to Standing Data = Passwords!

COMPUTER ASSISTED AUDIT TECHNIQUES (CAATS)

Auditors can use computers and computer software to assist the audit process. Test data When clients have computer systems, there are likely to be controls programmed in to the software. To test whether the system is working as it should, often the easiest technique is to put some fake data into the system to see whether it is correctly dealt with. For example:
= Transactions that are deliberately too high or too low to see if the system rejects them = Transactions out of sequence = Trying to amend date using an unauthorised password.

Test Data has some problems:

= Must remember to remove it afterwards = Client may not be willing to have false transactions entered onto their system.

2
Audit software As its name suggests, audit software is a general term for computer programs that are designed to assist the audit process, for example:
= Reorganising data into a more useful format for the auditor (e.g. customer balances by age) = Can handle large quantities of data very quickly = Detailed analytical procedures (e.g. receivables days by customer, inventory turnover by product) = Checking the arithmetic that things that should add up, do add up. With very large computer files, this is very helpful! = Re-performance of calculations = Checking accuracy of client computer files (e.g. that they add up, and that aged analysis is correct) = Selecting samples of particular items (e.g. all items entered under a particular password, all items entered on a Tuesday etc.) = Sequence completeness checks = True random samples.

3
Problems with audit software
= May not be compatible with client system = May corrupt client data = Cost and time of use, and staff training = Will client allow full access to their computer systems?

Other ways IT can assist audit process

= Ensuring all audit documents are cross-referenced automatically = Creating standard paperwork that can become the start for the net year audit = Word processing of audit plans and working papers into a common style = Standardised packages available to record accounting systems of client in many different forms (e.g. flowcharts) = Can email computerised working papers to office during audit, for quicker review process. Can also upload to intranet, to allow review whilst audit continues = Computer system can auto-record how audit staff are spending their time, to allow for more accurate billing.