Auditing in an EDP Environment

27/07/2021 0 By indiafreenotes

There are two terms ‘Procedure and techniques’, which are often used interchangeably, in fact, however a distinction does exist. “Procedure may comprise a number of techniques and represents the broad frame of the manner of handling the audit work. Techniques stands for the methods employed for carrying out the procedure.” For example procedure Known as vouching which would involve techniques of inspection and checking computation of documentary evidence.

Audit Procedures:

As per AAS-1 on basic principles governing an audit states, the auditor should obtain sufficient appropriate audit evidence through the performance of compliance and substantive procedure to enable him to draw reasonable conclusions there from on which to base his opinion on the financial information. Therefore, audit procedure is broadly classified in two categories compliance; procedure and substantive procedure.

1) Compliance procedure are tests designed to obtain reasonable assurance that those internal controls on which audit reliance is to be placed are in effect. In obtaining audit evidence from compliance. Procedures, the auditor is concerned with assertions that the control exists, the control is operating effectively and the control has so operated through the period of intended reliance. So the auditor is concerned with the existence effective and continuity of the control system.

2) Substantive procedure are tests designed to obtain evidence as to the competences, accuracy and validity of the data produced by accounting system. They are of two types:

a) Tests of details of transactions and balances.

b) Analysis of significant ratios and trends including the resulting investigation of unusual fluctuations and items.

Audit Techniques:

Audit techniques on the other hand refers to collection and accumulation of audit evidence some of the techniques commonly adopted by the auditors are the following:

  • Posting checking
  • Casting checking
  • Physical examination and count
  • Confirmation
  • Inquiry
  • Year-end scrutiny
  • Re-computation
  • Tracing in subsequent period bank reconciliation.

Special Audit Techniques:

In an absence of audit trail, the auditor needs the assurance that the programmes are functioning correctly in respect of specific items by using special audit techniques. The absence of input documents or the lack of visible audit trail may require the use of computer assisted audit techniques (CAATs) i.e. using the computers an audit tool. The auditor can use the computer to test.

  • The logic and controls existing within the system.
  • The records produced by the system.

Depending upon the complexity of the application system being audited, the approach may be fairly simple or require extensive technical competence on the part of the auditor. The effectiveness and efficiency of auditing. Procedure may be enhanced through the use of CAATs. Properly two common types of CAATs are in vogue, viz, test pack or test data and audit software or computer audit programmes.

EDP means (Electronic Data Processing) for the audit or a computer-based systems. For audit process of enterprise.

General EDP Controls: The purpose of general EDP controls is to establish a framework of overall control over the EDP activities and to provide a reasonable level of assurance that the overall objectives of internal control are achieved.

Organization and management control are designed to establish an organizational framework over EDP activities, including:

  • Policies and procedures relating to control functional.
  • Appropriate segregation of incompatible functions.

Application systems development and maintenance controls are designed to establish control over:

  • Testing, conversion, implementation and documentation of new or revised system.
  • Changes to application systems.
  • Access to system documentation
  • Acquisition of application systems from third parties

Computer operation controls are designed to control the operation of the systems and to provide reasonable assurance that:

  • The systems are used for authorized purposes only
  • Access to computer operations is restricted to authorized personnel.
  • Only authorized programs are used.
  • Processing errors are detected and corrected.

Systems Software Controls include:

  • Authorization, approval, testing, implementation and documentation of new systems software and systems software modifications.
  • Restrictions of access to systems software and documentation to authorize.

Data entry and program controls are designed to provide reasonable assurance that:

  • An authorization structure is established over transactions being entered into the system.
  • Access to data and programmes is restricted to authorized personal.
  • Offsite back-up of data and computer programmes.
  • Recovery procedures for use in the event of theft, loss or international or accidental destruction.
  • Provision for offsite forecasting in the event of disaster.