Page 144 - DCOM204_AUDITING_THEORY
P. 144
Auditing Theory
Notes 8.2 Prerequisites while Auditing in CIS Environment
Audit Approach in CIS Environment
There have been drastic changes in audit approaches and methodologies as a result of emergence
of CIS environment. The selection of one of the approaches depends upon the knowledge base
expertise of Auditors. There are mainly two approaches for auditing in CIS environment that
are explained as follows:
Black-box Approach (Auditing around the computer): In this approach, the auditor is mainly
concerned about the Inputs fed-in by the client and the output generated by the system. The
auditor completely ignores the internal processing of the Information System.
For example, while testing payroll of a company, under black-box approach, the auditor may
first find out the total monthly hours worked by selected employees from their respective time
cards and then he may check the salary/wage rate from the rate card to find out the salary/wage
payable to each employee. On the basis of above, the auditor ascertains his own output by
comparing hours, rates, extensions, overtime & leaves. Finally, the auditor compares his own
results with the system generated results.
This approach may be enumerated with the help of the following flowchart:
CIS Client’s Output Compare with Client’s output Client’s Input
Auditor’s predetermined output Compare with Client’s output Auditor’s Input
Client’s CIS & use of CAAT
Notes The biggest advantage of auditing around the computer is the ease and simplicity,
since the auditor does not require in-depth knowledge of system application program in
order to perform his duties. On the contrary, a major disadvantage is that, under this
approach, the auditor is completely ignorant about the internal processes of the system.
Moreover, in order to generate certain complex reports, printouts cannot be arranged to
apply the audit procedures.
White-box Approach (Auditing through the computer): Under this approach, the auditor is not
only concerned with the subject matter of the audit (i.e. inputs and outputs), but also with the
internal processing of the computer system. This means to include various auditing with the
help of Audit software and Computer-aided Audit Techniques (CAAT).
8.3 Audit Process in an EDP Environment
In an EDP (Electronic Data Processing) audit the auditor may not vouch each and every transaction
but he must perform overall analytical checking to ensure that the financial records show true
and fair view of the business entity.
Audit process in such a system may involve following steps:
1. Evaluation of the internal control system: Auditor should carefully evaluate the internal
control system. He should check the system existing in the entity, as well its actual use by
the business. It is possible that whereas a well designed system is present but it is not put
to use by the management. Based upon the evaluation of such a system, the auditor should
decide the degree of reliance that can be placed on it.
138 LOVELY PROFESSIONAL UNIVERSITY
