Page 159 - DCOM204_AUDITING_THEORY
P. 159
Unit 8: Auditing in an EDP Environment
2. The significance of computer processing in each significant accounting application. For Notes
this purpose significance relates to materiality of the financial report assertions affected
by the computer processing.
3. The complexity of computer processing in each significant accounting application.
Applications may be considered complex when, for example:
(a) The volume of transactions is such that users would find it difficult to identify and
correct errors in processing;
(b) The computer automatically generates material transaction or entries directly to
another application (integrated systems);
(c) The computer performs complicated computations of financial information and/or
automatically generates material transactions or entries that may not be (or are not)
validated independently; and
(d) Transaction are exchanged electronically with other organizations as in Electronic
Data Interchange (EDI) systems;
4. Plans by the entity to replace or significantly change the EDP Environment, where these
changes will affect the internal control structure.
5. The availability of data, source documents, certain computer files, and other evidential
matter that may be required by the auditor may exist for only a short period or only in
machine readable form. An entity’s system may generate internal reports that may be
useful in performing substantive tests (particularly analytical procedures). The potential
for use of computer assisted audit techniques may permit increased efficiency in the
performance of audit procedures, or may enable the auditor to economically apply certain
procedures to an entire population of accounts or transactions.
In planning the internal audit, the auditor designs audit procedures that will provide sufficient
appropriate audit evidence. During the initial planning, phase of the audit, the auditor needs to
assess whether to use computer assisted audit techniques. The need to process and analyze large
quantities of data using computers may provide the auditor with opportunities to apply general
or specialized computer assisted audit techniques may be used as tests of control or substantive
procedures to obtain sufficient appropriate audit evidence.
Assessment of Risk: The internal auditor should make an assessment of inherent and control
risks for material financial report assertions. The inherent and control risks in an EDP environment
may have both a pervasive and an account specific effect on the likelihood of material
misstatement. The risks may result from deficiencies in persuasive EDP activities such as program
development and maintenance, systems software support, operations etc. Once proper plans are
laid out, the issues of concern during the execution stage are as follows:
1. The user requirements must be clearly understood and as far as possible, the specifications
must be signed off formally prior to starting the system design.
2. If standard packages are to be used, their limitations and the scope of customization must
be clearly understood.
3. Staff at all levels must be appropriately trained and the entire organization slowly molded
into the computer culture. Properly designed training programs for top management and
users are every essential.
4. Reliability of hardware and software is of utmost importance, since users would lose
confidence otherwise.
5. The organization must be service oriented and not view itself as being in an ivory tower,
which tends to happen at times.
LOVELY PROFESSIONAL UNIVERSITY 153
