Page 152 - DCOM204_AUDITING_THEORY
P. 152
Auditing Theory
Notes expose whether the processing done by the enterprise is correct. However, employees
operating the electronic data processing system in the enterprise should know nothing
about this exercise.
(c) Audit software: The auditor may use audit software specially developed for a particular
audit or, more often, Generalized Audit Software (GAS) Design of audit program
created for a particular audit will serve the needs of testing the audit programs of
the client. On the other hand, generalized audit software will perform certain common
data processing functions, like checking calculations, examining the correctness of
records, comparing client records with the data obtained through other procedures,
summarize or rearrange data, selecting samples, etc.
Documentation
As evidence of proper planning and organization of his examination, the auditor should document
the following:
1. His audit plan;
2. Nature, timing and extent of audit procedures performed by him;
3. Conclusion drawn from the evidence obtained; and
4. Safe storage of the evidence in electronic form.
8.4.6 Audit Planning
Planning the audit for an electronic data processing environment client is not expected to be the
same as planning the audit for the manual data processing client. The auditor is required to
measure the usefulness and existence of reliable controls in the system before he or she start
auditing. In electronic data processing environment an IT environment check list will have to be
used together with interrogating the client main IT executives.
Important issues to be assessed regarding the whole of information technology field which
comprises data processing systems are listed and elaborated in the schedule below:
1. Procedure: Find out the process to register new users to the system.
Inherent risk: Illegal access to components.
2 Procedure: Examine the reliability of the procedures taken when a previous user is required
to leave or stop using the machine.
Inherent risk: Previous user still has access to the system.
3. Procedure: Find out whether access to the computer room is free to any person.
Inherent risk: Unauthorized personnel and visitors may enter the computer room for
malicious motives.
4. Procedure: Investigate whether there is any rotation of staff (segregation of duties) in
system operations.
Inherent risk: There may be fraud attempts by non changed staff.
5. Procedure: Using the organizational chart verify the existence of job description in IT
positions in the entity.
Inherent risk: Staff may be performing other people’s duties involuntarily.
146 LOVELY PROFESSIONAL UNIVERSITY
