Page 167 - DCOM204_AUDITING_THEORY
P. 167
Unit 8: Auditing in an EDP Environment
and reports) for such short audit period. Thus the auditor is required to make arrangement Notes
for retention and retrieval of data.
6. Detection of fraud and error: The CAAT allows the auditor to plan and execute the audit
work more effectively with the help of sophisticated audit software. But, under CIS
environment, frauds are intentional and generally deep-laid. Moreover, there are chances
that some frauds are highlighted, but there is no concrete evidence to prove the same.
Thus it cannot be said that the auditing through the computer will increase the probability
of detection of fraud.
7. Use of CAAT in small organisations: In small business organisation, use of CAAT might
not be a cost-effective and viable alternative. This is because of two reasons, first the
revenue per assignment is not very huge, and second the client entity might not have the
appropriate technical infrastructure to run CAAT.
8.9.6 Testing CAAT
Before applying or completely relying CAAT, the auditor must first obtain reasonable assurance
of the integrity, reliability, usefulness, and security of CAAT through appropriate planning,
design, testing, processing and review of documentation. There are many testing methods;
some of them are listed below:
1. Test Data: The auditor enters the test data into the entity’s computer system and compares
the result with predetermined results.
2. Test Packs: It involves testing a set of data, chosen by the auditor from the entity’s system
and testing it separately from the normal processing procedure.
3. Integrated Test Facility: In this approach, auditor establishes a dummy unit, into which
test transactions are posted during the normal processing cycle of the entity. However,
these dummy entries are eliminated later on.
8.9.7 Measures to Exercise Control over CAAT Applications
Since, most of the audit procedures performed using CAAT are highly automated and machine
driven. Moreover, many-a-times, a situation may occur, where the auditor also requires the
cooperation of client entity’s IT staff for extensive knowledge of computer installation. In such
circumstances, the chances of inappropriately influencing the CAAT results by the client’s staff.
Thus, while applying CAAT in audit procedure, due care and control must be exercised. Following
points are important to consider:
1. The kind of audit procedure that needs to be performed by CAAT;
2. Review the entity’s general controls that may affect the integrity of CAAT, for example,
controls over program changes and access to computer files. When such controls cannot be
relied on to ensure the integrity of CAAT, the auditor may consider processing CAAT
application at another suitable computer facility; and
3. Ensure appropriate integration of the output by the auditor into the audit process, and
later on in drawing audit conclusions and reporting.
The success or failure of auditing with CAAT highly depends upon the degree of control exercised
on the overall application of CAAT. The control over the CAAT applications can be:
1. Control over Software Application:
(a) Participation in design and testing of CAAT: The success of CAAT significantly depends
upon the participation of the principal auditor in the designing and testing of CAAT.
LOVELY PROFESSIONAL UNIVERSITY 161
