Page 155 - DCOM204_AUDITING_THEORY
P. 155
Unit 8: Auditing in an EDP Environment
non disputed fact that electronic data processing has today gained popularity among the majority Notes
of business organizations. However, some challenges need to be addressed before and after the
organization have decided to turn from manual to electronic data processing. The first thing to
be done by the organization is to ensure that it has its own Information technology policy which
caters for Administration, replacement and maintenance of computers and peripherals and
lastly but more significant Facilities and Access policy which will deal with Access codes and
passwords. This is the remedy or answer to the challenge of security risks that I wanted to talk
about. Yes, Security is a great or giant enemy of the electronic data processing systems. As some
people may enter harmful programs known as viruses into the electronic data processing system
and destroy important files or even running programs; likewise other unfaithful employee may
access records and delete or change records to suit their interest and henceforth cause loss to the
company. There are many risks but let me stop here.
For many years auditing have been performed in computer free environments, and as a result
auditing have been done in manual accounting tools such as working sheets that the auditor
uses to record his or her work. Control risk in manual processing and electronic processing are
not the same this have necessitated the use of modern risk assessment techniques and audit. Also
the use of computer assisted techniques has been brought into use as a result of the introduction
of the electronic data processing in many organizations.
Task Visit a company of your choice which maintains its accounts on computers. Discuss
with system manager and prepare a note on controls instituted by the management for
carrying out auditing process.
8.6 Problems Encountered in an Electronic Data Processing
Environment
Among the problems encountered in an EDP environment, the following are important:
1. The usual controls based on proper segregation of incompatible functions may be absent
or may be less effective in an EDP environment. This is because the number of persons
involved in the processing of financial information in an EDP environment is comparatively
small. Moreover, the need for a centralized data processing function means that certain
data processing personnel may be the only ones with a detailed knowledge of the source
of the data, how it is used and the distribution and the use of output. This may also mean
that they are familiar with the internal controls operating and hence may be in a position
to alter the programs or data during processing or while stored. These factors increase the
possibilities for manipulation.
2. Poor security for master files – they may be tempered with or lost.
3. Transactions and master file data are often concentrated either in one computer installation
located centrally or in a number of installations distributed throughout the enterprise.
Computer programs which provide the ability to obtain access to and alter such data are
likely to be stored at the same location as the data. This increases the possibilities for
unauthorized access to, and alteration of, programs and data.
4. Vulnerability of data and program storage media – magnetic discs or tapes on which large
volume of data are stored while using EDP methods are vulnerable to theft, loss or
intentional or accidental destruction.
5. Poor facilities in case of misfortunes e.g. fire, breakdowns etc.
6. Lack of control over computer service personnel.
LOVELY PROFESSIONAL UNIVERSITY 149
