Page 140 - DCOM204_AUDITING_THEORY
P. 140
Auditing Theory
Notes 6. Lack of audit trail: In computerized system, the processing of a transaction takes place
instantly. This leads to loss of audit trail. Thus, auditor needs to apply some alternate
procedure to compensate the loss of audit trial.
Did u know? Audit Trail: It can be defined as a step-by-step record by which a transaction
can be traced. The auditor may apply one of the following methods to compensate the loss
of audit trail:
1. Special/Exceptional Reports: The auditor may ask the client to arrange special reports
and printouts.
Example: Sales orders for the month of December & March; purchase orders that have
been short-closed by the purchase department.
2. Tagging and Tracing:
(a) It is a method of compensating the audit trail.
(b) It involves tagging the clients input data such that only relevant data is
highlighted on the screen, which needs to be verified by the auditor.
Example: Cash payments of more than ` 20,000/-; debtors outstanding for more than 3
months; purchase order pending for more than 30 days from expected delivery date; etc.
3. Alternative Review Procedures (ARP): It means to include a number of methods to
compensate audit trial, such as:
(a) Auditors’ judgement: budgeting the figures and comparing them with actual
figures.
(b) Ratio analysis/checking critical ratios: This implies calculating certain ratios on
the basis of budgeted data or previous period’s data or data from similar
industries and comparing them with the actual data of the client organization.
(c) Testing on total basis: if individual items can’t be checked in detail then auditor
may take totals of reasonable chunks of data and check accordingly.
(d) Clerical recreation: Auditor may manually generate certain figures that have
been generated by the system (automatically).
4. Use of CAAT: The auditor may take the help of white-box audit approach or CAATs.
7. Auditor’s participation in SDLC and dependence on other (manual) controls: We know
that there is a constraint of audit trail in CIS environment. Thus, a computerized information
system lacks manual reasonableness. An information system of an organization can only
be effective if it has reasonable level of audit facilities integrated into it. Hence participation
of auditor is highly important in SDLC. Moreover, auditor may use certain manual methods
also while performing the audit.
8. Internal Control Environment & management supervision: The success of CIS highly
depends upon the involvement of management in development and maintenance of CIS.
Under CIS environment, the risk of fraud & error is relatively high. Thus higher
management supervision and better internal control environment is required.
134 LOVELY PROFESSIONAL UNIVERSITY
