Page 148 - DCOM204_AUDITING_THEORY
P. 148
Auditing Theory
Notes and consistently than the manual system. In the manual system, the auditor may undertake
detailed checking of a number of transactions, yet certain errors and fraud may remain
undiscovered. Not so in the case of electronic data processing systems. He has only to see
whether there is effective internal control on programs and, if so, checking of certain
significant or unusual transactions will assure accuracy in accounting.
2. EDP system may have in-built control procedures: With built-in automatic control
procedures, the electronic data processing systems will themselves indicate certain unusual
or significant transactions such as, overdue payments, falling of inventory levels below
the prescribed levels, etc. In manual system, the auditor will have to make extra efforts for
the purpose. Prescription of “password” control in electronic data processing systems will
secure the data against access by unauthorized persons. In manual system, there is always
possibility of unauthorized access to accounts.
3. Automatic updating of all relevant computer files by a single transaction: Feeding of a
single transaction in the computer will update the relevant records in all files. For example,
purchase of raw materials from a single supplier will update the accounts of the supplier,
purchases, and inventory. In manual system, different individuals will need to update the
relevant files under their charge. Likewise, with proper programming, electronic data
processing systems can perform certain tasks without human intervention.
Example: Generation of monthly accounts in case of credit customers will remove the
need for manual preparation of accounts in individual cases.
8.4.3 Audit Procedures in EDP/CIS Environment
1. Traditional approach to audit of computer-processed information: While processing the
information processed on computers, The auditor may adopt a traditional approach,
assuming that the processing of information has been under the manual system, and not
through computers. The only difference he notices is that the object of his audit examination
is computer printouts; and not the handwritten books of account. The result is that he does
not suitably modify his audit program, and carries on work as before. However this
approach has certain inherent flaws. Firstly, it does not involve evaluation of internal
control system relating to computers, which may result in more errors and fraud than
under the manual system. Secondly, the auditor may devote unduly long time on certain
audit procedures, such as checking and posting of transaction which he can avoid if an
effective internal control is in place. Thirdly, it ignores the benefits of costs and risks that
would be available to the auditor if he adopts techniques suitable to auditing through
computers.
2. Auditing in EDP environment: In this case the auditor should evaluate the internal control
relating to electronic data processing and other controls, and accordingly make extensive
use of computer(s) to determine the nature, timing and extent of compliance or substantive
audit procedures. However, this requires him to have adequate knowledge of computer
systems to plan, direct, supervise and review the work performed by others. For this, he
may himself acquire the necessary specialized skills, or hire persons suited for the job.
8.4.4 How Auditors should Approach Auditing in EDP Environment?
Electronic data processing environment is an area that requires special techniques in approaching,
as it is apparently risky and more technological skills is needed to the Auditor before real audit
is performed. However the professional guides issued by the International Auditing Standards
have disclosed several methods that have to be followed by Auditors when doing audit in
142 LOVELY PROFESSIONAL UNIVERSITY
