computerized information system
Contents :

  • Meaning of Computerized Information System Audit Environment.
  • Features of Computer Information System Audit Environment.
  • Uses of Computer for Auditing Purposes.
  • Computer Assisted Audit Techniques and Tools.
  • Need for Review of Internal Control.

What is meant by Computerised Information System (CIS) ?

Introduction :

Nowadays, there is growing use of computers in business organisations for storage and processing of accounting records and other information. This has revolutionized the functioning of the organisation, its accounting and administrative controls, flow of information and preparation of financial statements. As a result, the auditor has to acquire adequate knowledge of computer-based accounting system to perform his job.

Meaning of Computerised Information System (CIS) Audit Environment :

According to AAs (SAP) 2g, Auditing in Computer Information System (CIS), environment, the CIS or EDP exists when any organisation uses one or more computer(s) of any type or size for preparation of financial statements. A client has Computer Information System (CIS) or Electronic Data Processing (EDP), when there is computerization of his accounts. It is immaterial whether the staff of the client himself does the processing and generation of financial statements on computers or an outside agency.
The Computer Information System (CIS) does not change the objective and scope of an audit, but it certainly changes the way of processing, storage, retrieval and communication of financial information.

Features of Computer Information System (CIS) Audit Environment :

The features of Computer Information System (CIS) Audit environment are explained below:

1) Computer Information System (CIS) Infrastructure
Computer Information System (CIS) infrastructure includes hardware like CPU, monitor, printer and keyboard. It also includes operating systems. These may be Windows, Microsoft (MS) Office, Disc Operating System (DOS). LINUX, etc. They oversee the communication of data between the computer processor and its magnetic discs, as well as the management of files and programmes on the discs. Application software is a set of all computer programmes such as Tally, which is a specially developed Accounting Software, including operating system, compilers, packages and user programmes which enable a particular computer centre to operate.

2) Lack of Documents and Transaction Trail:
In manual accounting, there is a transaction trail. First, a document originates a transaction. Then, there is entry of the transaction in the original books of account. Thereafter, there is posting of the transaction in the principal books. Lastly, the net effect of transactions reflects in financial statements.
In Computer Information System (CIS), on the other hand, there are often no transaction creating documents and no visible transaction trail. For example if there is direct feeding of data into the computer, there may not be any physical input documents e.g. voucher, invoice, receipt, etc. and no transaction trail. Therefore, to assess how Computer Information System (ClS) may influence the audit examination process, he should consider the availability of data (a) entered in computer (b) retained in data files and (c) generated for outputs. The data may be available only in machine-readable form and accessible only for a brief period. In such a case, the auditor needs to request the client to retain particular data for examination. This is because invisibility of information is likely to increase the possibility of hidden errors as compared to manual system where such errors are visible.

3) Uniform Processing
Under computer processing,. there is uniform processing of similar transactions with same processing instructions or programme. This decreases the risk of human errors like calculation mistakes but programming error may result in incorrect processing of all transactions.

4) Concentration of Processing of Information:
In Computer Information System (CIS) environment, only a small number of persons process the entire information. As against this, in the manual system, there is division of the same work among several persons. As a result, customary controls based on segregation of diverse functions may be absent or ineffective. Further, persons operating the Computer Information System (CIS) systems achieve expertise as regards the sources of data, manner of processing, and generation and distribution of output.

5) Automatic Execution of Transactions
Under Computer Information System (CIS), there is automatic execution of certain transactions. As a result, there may not be generation of any documents for such transaction.

6) Analytical Tools
Computer Information System (CIS) generates a variety of analytical tools. These may be useful in reviewing and supervising the operations of the client. These will also go to improve the internal control structure.

7) Effective Supervision
Computer Information System (CIS) enables management to enforce effective supervision over operations. Analytical tools of Computer Information System (CIS) only go to make this easier. The Auditor can apply computerised auditing tools to ensure audit efficiency. EDP systems contain built-in software and hardware controls that are more effective than manual controls.

Uses of Computers for Auditing Purposes :

Computer is used in auditing procedure. They work to the advantage of auditing in the following ways:

1) More Reliable
A computer works as programmed. If the programming has taken into account all possible circumstances, the computer will work more reliably and consistently than the manual system. In manual system, the auditor may undertake detailed checking of a number of transactions, yet certain errors and fraud may remain undiscovered. It is not so in the Computer Information System (CIS) environment. The auditor has only to see whether there is effective international control on programme and, if so, checking of certain significant or unusual transactions will ensure accuracy in accounting.

2) In-built Control Procedure
With built-in automatic control procedures, the EDP systems will themselves indicate certain unusual or significant transactions such as, overdue payments, falling of inventory levels below the prescribed levels, etc. In manual system, the auditor will have to make extra efforts for the purpose. Prescription of 'password' control in computer will secure the data against access by unauthorized persons. In manual system, there is always possibility of unauthorized access to accounts.

3) Automatic Updating:
Computers facilitate automatic updating of all relevant computer files by a single transaction. For example, purchase of raw materials from a single supplier will update the accounts of the supplier, purchases and inventory. In manual system, different individuals will need to update the relevant files under their charge. Likewise, with proper programming, certain tasks can be performed without human intervention. For example generation of monthly accounts in case of customers will remove the need for manual preparation of accounts in individual cases.

Computer-assisted Audit Tools / Techniques :

Introduction :

Computer-assisted audit techniques or tools are nothing but computer programmes and data. They may consist of test packs or test data, and computerised audit programmes. The auditor uses them as part of the audit procedures to process data of audit significance contained in an entity's information systems. They enable the auditor to use the computer as an audit tool for enhancing the effectiveness and efficiency of audit procedures. Before using these programmes for audit purposes, auditor should substantiate their appropriateness and validity. Some commonly used computer-assisted audit techniques / tools are given below.

1) Test Packs / Test Data :
Test packs or test data represent a set of test data prepared by the auditor himself, or by using any such data prepared by the internal auditor of the client. They comprise transactions of all kinds, prepared specially to test a programme or a set of programmes of the client. To evaluate the effectiveness of the client's programmes, the auditor may run his test data on the client's computer using the programmes of the client himself. Use of test packs serves as an assurance about the correct functioning of tested programmes. However, its limitation is that preparation of the test data requires care and expertise on the part of the auditor. For example, it will involve selection of the type of master files or records such as ledger where there is continuous updating through transaction records, e.g. processing of a test transaction showing receipt of payment from a debtor will reflect in the master file that contains records of sundry debtors. Moreover the test data should cover all types and variations to ascertain that the client's programme includes all necessary controls.
For control purposes, the auditor should maintain proper working papers regarding the use of test packs. Working papers should show the programmes put to test and the results - both expected and actual. He should also ensure that the programmes tested are those actually used by the client and that actual records remain unaffected by the tests used by him.

2) Computerized Audit Programmers :
Computers are used in auditing to provide auditing information required by the auditor for making judgement and drawing conclusions. The use of computers in planning, conducting and concluding audit will be of great help to the auditor. Use of computers in audit saves time. It reduces monotony of work and enhances reliability and lowers audit cost in appropriate cases. However, to use computers in auditing requires expert knowledge of the system. It is also necessary to note that the computerized auditing assistance is only to provide help to the auditor and not to substitute his professional judgement.

Areas of Use of Computer in Auditing :

The following are certain areas where the use of computer in auditing may be relevant :
  • 1) Preparing detailed audit programming.
  • 2) Preparing audit planning, scheduling and assignment of available manpower to different assignments in hand.
  • 3) Retrieving requires key information from the files for making comparison with the set of standard information.
  • 4) Doing arithmetical computations and checking the arithmetical computations.
  • 5) Doing analytical review of the data by way of comparison, ratio analysis, trend analysis, tests of reasonableness and so on.
  • 6) Checking of validity, consistency and reasonableness of entries.
  • 7) Reviewing the internal control of the system.
  • 8) Selecting representatives for vouching, verification-debtors accounts may be planned to be listed if they comply with certain predetermined criteria.
  • 9) Flow- charting
  • 10) Preparation of audit reports, documenting working papers and writing other communication, etc.

The use of these techniques tools is of great help to the auditor. However, the adoption of such tools / techniques should be appropriate to handle the audit. The auditor should weigh the audit demands before he decides on the contents of computer assisted audit tools he would make use of, Its use requires computer knowledge and experience. The auditor should be familiar with the system in vogue in the client's place. Appropriateness and relevance must be established with the client's system and the auditor's test pack. He should also ascertain whether his test pack can be accommodated in the facility offered by his client and whether required co-operation would be forthcoming without any inconvenience to the client in regard to offering of expert personnel for assistance and making available the system for checking.

Need for Review of Internal Control :

The auditor has to decide whether he can place reliance on the internal control. If internal control is adequate, he can restrict nature, timing and extent of his checking accordingly. For this purpose he has to review the internal control system of an organisation. The need for such review is explained below :

1) To Check Reliability
The auditor has to review the system of internal control to check reliability of the system and data generated in accounting system. He has to ensure that the internal control system is reliable enough to ensure that transactions are executed in accordance with management's general or specific authorization.

2) To Check Operations
The auditor seeks to find out whether there exists good internal control system and whether such a system has operated with continuity throughout the period covered under audit. He evaluates the actual operation of the system against certain control criteria that must exist.

3) To Find Adequacy of System
The internal control system is reviewed to see whether the design of the system is adequate or not. Here, the auditor is concerned whether the system actually works out without break. He tests the completeness, accuracy and validity of data generated in the accounting system of the entity by adopting substantive procedure.

4) To Ensure Prompt Record
There is need to review internal control system to know that it ensures that all transactions are promptly recorded in the correct amount in the appropriate accounts and in the accounting period in which they are executed.

5) To Ensure Safety of Assets
It is reviewed to ensure that assets are safeguarded from unauthorized access, use or disposition.

The auditor has to check all this to find out the reliability of the system. If it is not so, he is left with no alternative but to resort to detailed checking. In case the internal control system is found to be strong, only a limited number of audit tests will be necessary to confirm the initial evaluation and then the auditor can safely rely on it for the purpose of expressing his opinion on the authenticity of the financial statements of the enterprise.