Page 149 - DCOM204_AUDITING_THEORY
P. 149
Unit 8: Auditing in an EDP Environment
specialized areas this does not exclude auditing in an electronic data processing environment. In Notes
actual fact the auditor should approach auditing in electronic data processing environment as
follows:
1. Evaluate reliability of accounting and internal control system: The auditor should ascertain
how far the accounting and internal control system of the business is reliable. To this end,
he should check the following:
(a) Are there restrictions on access to electronic data processing?
The restriction should be in respect of access to hardware, program and data files.
Computer room should be under the custody of a responsible official. He alone
should handle program and data files. Further, he should make these available only
to the persons authorized for the purpose, and keep a record of issue of program and
data files. Other restriction can be by way giving password (a secret code) to
authorized computers users. Yet another restriction can be through giving different
rights different users, for example, some can only read data files, others may both
read and alter data files, yet others may even alter program files.
The auditor should also see whether there are adequate methods of hardware control.
For example, almost every computer once started itself checks the proper functioning
of its various components and devices. If not it shows a message on the computer
screen. If the computer system has parity check; it will show whether, due to cause
such as dirty or humidity level, there is improper functioning in the transfer of data
between the input-output devices. Such a flaw may cause loss or corruption of data,
which the computer system itself will rectify by retrying the transfer. Computer
system having a check by way of double reading of data, i.e. on a hard disc and that
written to strong media, will show errors in the process.
(b) Is there provision for timely detection and correction of errors?
Errors may arise during the feeding of data, processing, or due to any fault in the
computer system. Here, the auditor should ensure that transactions processed by
the computer have due authority, their recording in the computer data files is accurate,
there is no loss, addition, duplication or improper change in them, and there is
correction and resubmission of incorrect transactions. He should also see that there
is correct use of master files, transaction files and program files.
!
Caution The Auditor should review the error – correction procedure, as it will show
proper functioning of the internal control system.
(c) Is there arrangement for resumption of system, if interrupted?
In case of electronic data processing systems due to power failure or any mechanical
fault, there should be proper arrangement for resuming the system without loosing
the entries or records.
(d) Is electronic data processing – generated output accurate and complete?
Accuracy and completeness of output will depend on the accuracy and completeness
of the data fed into the computer and its processing. This calls for proper input and
controls. Recalculation of figures and comparing the output with manual records
are other methods for the purpose. The auditor should see that there is restriction on
access to processing of data such that accurate and complete output is produced, and
that only authorized persons get it on time.
LOVELY PROFESSIONAL UNIVERSITY 143
