Page 151 - DCOM204_AUDITING_THEORY
P. 151
Unit 8: Auditing in an EDP Environment
8.4.5 Audit Techniques Notes
1. Audit objectives remain the same whether processing of data is manual or computerized.
While designing audit procedures in electronic data processing environment, the auditor
should keep in mind two things:
(a) Ensure that there is adequate compliance and substantive procedures and transmitted
data are correct and complete
(b) Apply professional skepticism by cross verification of records, reconciliation
between primary and subsidiary ledgers, questioning and critical assessment of
audit evidence. The procedures adopted for the purpose may be manual, by way of
computer-assisted audit techniques, or on combination of both.
Auditing “around” or “through” computers
In an electronic data processing environment, an auditor may carry out compliance
procedures and substantive tests of transactions with the help of computers, or without it.
If he conducts the audit in a traditional manner by examining the data and information
generated by computer system of the client it will be auditing around the computer. In
this case, the auditor only relies on the data and information printouts given to him by the
client.
On the other hand, if the auditor himself uses computer system to carry out compliance
and substantive test procedures, it will be auditing through the computer. However, this
will require the auditor and/or his staff to possess adequate knowledge of electronic data
processing.
2. Computer-assisted audit techniques: These may be as follows:
(a) Test data: They represented a set of test data prepared by the auditor himself, or by
using any such data prepared by the internal auditor of the client. Test data comprise
transactions of all kinds prepared specifically to test a program or a set of programs
of the client. To evaluate the effectiveness of the client’s program (s), the auditor
may run his test data on the client’s computer using the programs of the client
himself.
Use of test data serves as an assurance about the correct functioning of tested
programs. However, its limitation is that preparation of the test data requires care
and expertise on the part of auditor. For example, it will involve selection of the
type of master files or records (ledger like records where there is continuous updating
through transaction records), e.g. processing of a test transaction showing receipt of
payment from a debtor will reflect in the file that contains records of sundry debtors.
Moreover, the test data should cover all types and variations, whether they are
actual data used by the client, or certain modifications, to ascertain that the client’s
program includes necessary controls.
For control purposes, the auditor should maintain proper working papers regarding
the use of test data. Working papers should show the programs put to test, and the
results-both expected and actual. He should also ensure that the programs tested are
those actually used by the client, and that actual records remain unaffected by the
tests used by him.
(b) Modified test data facility: It is a simulated form of a test data technique. Under it, the
auditor creates artificial transactions, processes them along with normal processing
of actual transactions of the enterprise, and compares the results of the two. This will
LOVELY PROFESSIONAL UNIVERSITY 145
