Page 137 - DCOM509_ADVANCED_AUDITING
P. 137
Advanced Auditing
Notes As already indicated above auditors cannot depend on hard-copy for data, as printed outputs
need not necessarily show all the information from underlying records. Further, it may not
readily allow totalling, sorting, classifying, summarization, analysis, extraction, sa mpling or
comparison of records of financial importance. On the contrary, data in electronic form can be
independently examined and processed using what is called as audit software. For electronically
processing data, auditors depend on certain audit software tools, among which, most important
are General Audit Software (like ACL or IDEA). Many auditors also use high-level languages
like SQL (Structured Query Language) and industry specific or embedded audit software tools
developed for a particular application. Audit software can also be used to accomplish following
audit tasks:
Examine quality of data.
Examine quality of system processes.
Examine the existence of the entities the data purports to represent.
Undertake analytical review.
In a computerized environment there are traditionally two ways of auditing. The first method,
which is easier to operate, is called “Auditing around the computer”. Auditing around the
computer involves gathering of evidence and expression of opinion on the basis of internal
control system for the computerized information system and input and output. This method is
performed typically in batch processing environment, which is simple in operation and where
not much changes take place from one batch to another and detail reports are generated. This
method is used for generalized software package or a tailor made package.
The other method is known as “Auditing with the Computer”. Auditors are increasingly using
computers in planning and performing audit work. In some cases, they use computers for
preparation of audit plans, audit budget, maintenance of information of departments, scheduling
of audit work, etc. They also use computers as a tool for collection and evaluation of evidence.
Self Assessment
State whether the following statements are True or False:
3. Auditors are increasingly using computers in planning and performing audit work.
4. Audit software can not be used to examine quality of data.
5. Present day organizations have a different security system for various risks to computer
systems.
8.3 Controls in Computer Systems
Present-day organizations have made large-scale investments in Information Technology (IT);
although the cost of investment is high the investment creates new opportunities for organizations
and reduces variable cost drastically. However, due to this increased dependence and consequent
vulnerability of organizations on IT, there is a need to keep efficient controls over Computer
Systems. The vulnerabilities in IT arise as creation and authentication of financial transactions
on computer systems is done electronically and if sufficient controls and security features are
not incorporated in computer systems, fraudulent transactions can enter the system. In short,
although use of technology brings efficiency, it also brings along with it certain risks, which
need to be taken care of to safeguard the organizations from consequent financial risks.
The two basic principles on which such controls are established are the principle of least privilege
and that of maker and checker. The principle of least privilege means that every individual is
132 LOVELY PROFESSIONAL UNIVERSITY