Page 139 - DCOM204_AUDITING_THEORY
P. 139
Unit 8: Auditing in an EDP Environment
Objectives Notes
After studying this unit, you will be able to:
State audit process in an EDP environment;
Evaluate problems in an EDP environment;
Know about control in an EDP environment;
Discuss planning an Internal Audit in an Electronic Data Processing Environment;
Know about problems encountered in an Electronic Data Processing Environment;
Discuss about internal audit practices in relation to computerized system;
Know about different Computer Assisted Audit Techniques (CAATs).
Introduction
Now-a-days, the corporate world is getting more and more inclined towards the use of
Information Technology (IT) and Computer Information System (CIS) in their daily operations.
This has changed the manner in which the organizations’ carry out their operations and various
business processes. This has further led to change in the nature of audit evidences generated by
each financial transaction. The method of collection and evaluation of audit evidences has also
changed. This requires auditors to possess reasonable knowledge about EDI, SDLC, CASE tools
and various hardware & software used in the organization.
8.1 Scope of Audit in CIS Environment/Impact of CIS on Auditing
The use of CIS in various organizations has caused drastic impact on audit approaches, techniques,
risk involved and internal control methods. Following factors (risks) must be given due
consideration while framing an audit plan for an organization:
1. High speed and automatic initiation/execution of transactions: In CIS environment,
transactions are processed instantly. Once the transaction is fed into the system, it might
get executed automatically without requiring for authorization of the same. Similarly,
reports (even complex one’s also) can be generated at a very high speed and can be viewed
by multiple users at a time. Thus giving rise to many security issues.
2. Uniform processing of transaction, hence low clerical error: While feeding input, processing
transactions and generating outputs, computer system performs multiple checks on data
at each at each point of time. Moreover, the processing of transaction is in a uniform
manner. Hence the clerical errors generated are minimized. However, there is a shift of
errors from human generated errors towards system generated errors.
3. Unintentional or system generated errors: As discussed earlier, there is a shift in nature of
errors from human generated to system generated. Errors occur due to lack of experienced
personnel. And errors are mainly related to development, maintenance and execution of
CIS.
4. Inexperienced personnel: Now-a-days, the technological advancement is occurring at a
very fast pace. It has created a deficit of expertise staff to understand the current technology,
both at client end as well as auditor end.
5. Concentration of duties: Under CIS environment, more than one kind of task/function
can be performed by an individual. This leads to difficulty in segregation of duties among
individual. Consequently, it gives rise to a number of security issues also.
LOVELY PROFESSIONAL UNIVERSITY 133
