CPA firms are already embracing a broader concept of the attest function that is being referred to as the assurance function, which includes providing assurance on a broad variety of types of financial or non-financial information. Through this post, I am going to overview the use of technology and techniques to perform audits. Techniques used by auditors in assessing control risk on a financial data and report based on computer program.
If you just landed on this page with expectation that it is a discussion about information technology IT Auditing, it is not. But, if you are looking for information about technology used by auditor in financial auditing, then yes, stay, keep reading…. Also, audit procedures may include computerized and manual procedures for considering internal control and for performing substantive tests. As is the case for all controls, the auditor needs to test operating effectiveness only when control risk is to be assessed below the maximum.
General application controls may be tested through inquiry, observation, and inspection techniques. In addition, application controls may be tested using re-performance techniques outlined in the following section. Tests of controls divided into the following categories of techniques: a program analysis, b program testing, c continuous testing, and d review of operating systems and other systems software. I am going to describe these techniques further on the next paragraphs.
Read on…. Because these techniques ordinarily are relatively time-consuming and require a high level of computer expertise, they are infrequently used in financial statement audits. Here are techniques commonly incorporated by auditor to analyze computer—programmed—based—financial reports:. The primary advantage is that the auditor obtains a detailed understanding of the program. Difficulties with the approach include the fact that it is extremely time-consuming, it requires a very high level of computer expertise, and difficulties involved with making certain that the program being verified is in fact the program in use throughout the accounting period.
Comparison programs — These programs allow the auditor to compare computerized files. For example, they can be used in a program analysis to determine that the auditor has the same version of the program that the client is using. A difficulty involved is that the flowcharts of large programs become extremely involved. Program tracing and mapping — Program tracing is a technique in which each instruction executed is listed along with control information affecting that instruction.
These techniques allow an auditor to recognize logic sequences or dormant section of code that may be a potential source of abuse. The techniques are infrequently used because they are extremely time consuming. This technique helps an auditor to analyze the processing logic of specific programs. Program testing involves the use of auditor-controlled actual or simulated data. The approach provides direct evidence about the operation of programs and programmed controls.
Historically, knowledge of these techniques has been tested relatively frequently. Some of these dummy transactions may include errors to test effectiveness of programmed controls and to determine how transactions are handled e. When using test data, each control generally need only be tested once.
Several possible problems include :. Integrated test facility ITF — This method introduces dummy transactions into a system in the midst of live transactions and is usually built into the system during the original design.
One way to accomplish this is to incorporate a simulated or subsidiary into the accounting system with the sole purpose of running test data through it. The test data approach is similar and therefore its limitations are also similar, although the test data approach does not run simultaneously through the live system.
One such challenge applies to auditors and their work. Auditors deal with information in many different forms. Whether that information relates to accounting, assurance, compliance, or consulting, the form has become digital. Therefore, auditors need to adapt their system to incorporate this information. In the audit field, auditors can use computer assisted audit techniques to make the process simplistic. Computer assisted audit techniques CAATs includes tools used by auditors during their work.
These tools allow auditors to receive data in any form and analyze it better. CAATs includes various methods that can help auditors in many ways. For example, auditors can use them to identify trends or single out anomalies in the provided information.
These tools are available for both external and internal audit uses. In essence, computer-assisted audit techniques refer to the use of technology in auditing. Using these tools, auditors can assess several aspects of their audit engagement. While some people assume CAATs apply to large audits only, these tools are beneficial in any size audits. Computer-assisted audit techniques have become beneficial in all audit fields.
For example, these tools are common in forensic audits for complex analysis. CAATs can boost the productivity and efficiency of auditors. Traditionally, auditors spend most of their time analyzing data.
Instead, they can focus on other more prominent audit matters. The level of knowledge required depends on the complexity and nature of the CAAT and of the entity's information system. The auditors consider the availability of CAATs, suitable computer facilities controlled as described in paragraphs and the necessary computer-based information systems and data. The auditors may plan to use other computer facilities when the use of CAATs on an entity's computer is uneconomical or impractical, for example, because of an incompatibility between the auditors' package program and the entity's computer.
Additionally, the auditors may elect to use their own facilities, such as PCs or laptops. The cooperation of the entity's personnel may be required to provide processing facilities at a convenient time, to assist with activities such as loading and running of the CAATs on the entity's system, and to provide copies of data files in the format required by the auditors.
Some audit procedures may not be possible to perform manually because they rely on complex processing for example, advanced statistical analysis or involve amounts of data that would overwhelm any manual procedure. In addition, many computer information systems perform tasks for which no hard copy evidence is available and, therefore, it may be impracticable for the auditors to perform tests manually.
The lack of hard copy evidence may occur at different stages in the business cycle. Source information may be initiated electronically, such as by voice activation, electronic data imaging, or point of sale electronic funds transfer. In addition, some transactions, such as discounts and interest calculations, may be generated directly by computer programs with no specific authorization of individual transactions.
A system may not produce a visible audit trail providing assurance as to the completeness and accuracy of transactions processed. For example, a computer program might match delivery notes and suppliers' invoices. In addition, programmed control procedures, such as checking customer credit limits, may provide hard copy evidence only on an exception basis. A system may not produce hard copy reports. In addition, a printed report may contain only summary totals while computer files retain the supporting details.
The effectiveness and efficiency of auditing procedures may be improved by using CAATs to obtain and evaluate audit evidence.
CAATs are often an efficient means of testing a large number of transactions or controls over large populations by:. The initial planning, design and development of a CAAT will usually benefit audits in subsequent periods. Certain data, such as transaction details, are often kept for only a short time, and may not be available in machine-readable form by the time the auditors want them.
Thus, the auditors will need to make arrangements for the retention of data required, or may need to alter the timing of the work that requires such data. Where the time available to perform an audit is limited, the auditors may plan to use a CAAT because its use will meet the auditors' time requirement better than other possible procedures. The major steps to be undertaken by the auditors in the application of a CAAT are to:.
The specific procedures necessary to control the use of a CAAT depend on the particular application. In establishing control, the auditors consider the need to:. When such controls cannot be relied on to ensure the integrity of the CAAT, the auditors may consider processing the CAAT application at another suitable computer facility; and. Procedures carried out by the auditors to control CAAT applications may include:. When the auditors intend to perform audit procedures concurrently with on-line processing, the auditors review those procedures with appropriate client personnel and obtain approval before conducting the tests to help avoid the inadvertent corruption of client records.
To ensure appropriate control procedures, the presence of the auditors is not necessarily required at the computer facility during the running of a CAAT. It may, however, provide practical advantages, such as being able to control distribution of the output and ensuring the timely correction of errors, for example, if the wrong input file were to be used.
0コメント