Page 137 - DCOM509_ADVANCED_AUDITING
P. 137

Advanced Auditing




                    Notes          As already indicated above auditors cannot depend on hard-copy for data, as printed outputs
                                   need not necessarily show all the information from underlying records. Further, it may not
                                   readily allow totalling, sorting,  classifying, summarization, analysis, extraction, sa mpling or
                                   comparison of records of financial importance. On the contrary, data in electronic form can be
                                   independently examined and processed using what is called as audit software. For electronically
                                   processing data, auditors depend on certain audit software tools, among which, most important
                                   are General Audit Software (like ACL or IDEA). Many auditors also use high-level languages
                                   like SQL (Structured Query Language) and industry specific or embedded audit software tools
                                   developed for a particular application. Audit software can also be used to accomplish following
                                   audit tasks:

                                      Examine quality of data.
                                      Examine quality of system processes.
                                      Examine the existence of the entities the data purports to represent.
                                      Undertake analytical review.
                                   In a computerized environment there are traditionally two ways of auditing. The first method,
                                   which is easier to operate, is called  “Auditing around the computer”.  Auditing around the
                                   computer involves gathering of evidence  and expression of opinion on the  basis of internal
                                   control system for the computerized information system and input and output. This method is
                                   performed typically in batch processing environment, which is simple in operation and where
                                   not much changes take place from one batch to another and detail reports are generated. This
                                   method is used for generalized software package or a tailor made package.

                                   The other method is known as “Auditing with the Computer”. Auditors are increasingly using
                                   computers in planning  and performing audit work. In some cases, they  use computers for
                                   preparation of audit plans, audit budget, maintenance of information of departments, scheduling
                                   of audit work, etc. They also use computers as a tool for collection and evaluation of evidence.

                                   Self Assessment

                                   State whether the following statements are True or False:
                                   3.  Auditors are increasingly using computers in planning and performing audit work.

                                   4.  Audit software can not be used to examine quality of data.
                                   5.  Present day organizations have a different security system for various risks to computer
                                       systems.


                                   8.3 Controls in Computer Systems

                                   Present-day organizations have made large-scale investments in Information Technology (IT);
                                   although the cost of investment is high the investment creates new opportunities for organizations
                                   and reduces variable cost drastically. However, due to this increased dependence and consequent
                                   vulnerability of organizations on IT, there is a need to keep efficient controls over Computer
                                   Systems. The vulnerabilities in IT arise as creation and authentication of financial transactions
                                   on computer systems is done electronically and if sufficient controls and security features are
                                   not incorporated in computer systems, fraudulent transactions can enter the system. In short,
                                   although use of technology brings efficiency, it also brings along with it certain risks, which
                                   need to be taken care of to safeguard the organizations from consequent financial risks.
                                   The two basic principles on which such controls are established are the principle of least privilege
                                   and that of maker and checker. The principle of least privilege means that every individual is



          132                               LOVELY PROFESSIONAL UNIVERSITY
   132   133   134   135   136   137   138   139   140   141   142