audit in computerised informaton system environment and recent development in audit

05/02/2023 [email protected] 1

Presentation on Developments in auditing and audit under

Computerized information system By

Dr. Sanjay P S Dessai Associate Professor

VVMs Shree Damodar College Margao Goa


UNIT IV: Developments in auditing and audit under Computerized information system

• Tax Audit• Management Audit• Cost Audit• Value added Tax (VAT) Audit• Social audit• Forensic audit (Concepts, objectives and

regulatory requirements)• Peer review - meaning and procedure


• Sarbanes – Oxley Act, (SOX) 2002 with reference to reporting on internal control.

• Code of Ethics with special reference to the relevant provisions of The Chartered Accountants Act, 1949

• Audit under computerized information system (CIS) environment

• Special aspects of CIS Audit Environment, need for review of internal control especially procedure controls and facility controls. Approach to audit in CIS Environment, use of computers for internal and management audit purposes: audit tools, test packs, computerized audit programmes.


Tax Audit • As per section 44AB-• Every person Carrying on business shall, if his total sales, turnover or

gross receipts, as the case may be, in business exceed or exceeds one crore rupees. ; or

• Carrying on profession shall, if his gross receipts in profession exceed twenty-five lakh rupees. ; or

• Get accounts audited by a Chartered Accountant. • The due date for filing the Tax Audit Report u/s 44AB is 30th September of

the Assessment year• Qualification of appointment• Disqualification from appointment• Conduct of tax audit • Filing of tax audit return


Management audit

• Management Audit is an assessment of methods and policies of an organization's management in the administration and the use of resources, tactical and strategic planning, and employee and organizational improvement.

• Process of audit • Importance • Appointment • Audit report


Cost audit • Cost Audit- represents the verification of cost accounts

and check on the adherence to cost accounting plan. Cost Audit ascertain the accuracy of cost accounting records to ensure that they are in conformity with Cost Accounting principles, plans, procedures and objective.

• Applicability • Appointment of auditor • Qualification • Duty • Cost audit report


VAT Audit• Audit of VAT is supportive for checking the correctness of VAT and following

all the latest provisions and amendments of law.• Check accounting system • Purchase invoice • Sales invoice • Input tax • Output tax • Registration • Composition • Levy of VAT • Exempted goods • Tax calculation •


Social audit

• A social audit is a way of measuring, understanding, reporting and ultimately improving an organization's social and ethical performance.

• The process of evaluating a firm's various operating procedures, code of conducts, and other factors to determine its effect on a society.


• The goal is to identify what, if any, actions of the firm have impacted the society in some way.

• A social audit may be initiated by a firm that is seeking to improve its cohesiveness or improve its image within the society.

• For example, if a factory is believed to have a negative impact, the company may have a social audit conducted to identify actions that actually benefit the society.


Forensic audit

• A forensic audit is an examination and evaluation of a firm's or individual's financial information for use as evidence in court.

• A forensic audit can be conducted in order to prosecute a party for fraud, embezzlement or other financial claims

• Recent example • Kingfisher airlines , Satyam computers


Peer review

• Evaluation of scientific, academic, or professional work by others working in the same field.

• The term “peer review” involves review of work done by one person by another person of similar standing (the peer).


Definiton of peer review

• “an examination and review of the systems and procedures to determine whether they have been put in place by the practice unit for ensuring the quality of attestation services as mandated by the Technical Standards.


Sox 2002

• Sarbanes – Oxley Act, (SOX) 2002 with reference to reporting on internal control.

• The Sarbanes-Oxley Act came into force in July 2002 in US and introduced major changes to the regulation of corporate governance and financial practice.

• It is named after Senator Paul Sarbanes and Representative Michael Oxley, who were its main architects


• The Sarbanes-Oxley Act is arranged into eleven 'titles'. As far as compliance is concerned, the most important sections within these eleven titles are usually considered to be 302, 401, 404, 409, 802 and 906.


• Section 302. Corporate Responsibility for financial reports • Section 401- Disclosures in Periodic Reports• Section 402- Management Assessment of Internal

Controls• Section- 409- Real Time Issuer Disclosures• Section 802 - Corporate and Criminal Fraud Accountability• Pertains to 'Criminal Penalties for Altering Documents


Section 404 Management Assessment of Internal Controls

• Issuers are required to publish information in their annual reports concerning the scope and adequacy of the internal control structure and procedures for financial reporting. This statement shall also assess the effectiveness of such internal controls and procedures.

• The registered accounting firm shall, in the same report, attest to and report on the assessment on the effectiveness of the internal control structure and procedures for financial reporting.


Audit under computerized information system (CIS) environment

Special aspects of CIS Audit Environment Need for review of internal control especially

procedure controls and facility controls Approach to audit in CIS Environment Use of computers for internal and

management audit purposes Audit tools, test packs Computerized audit programmes.


EDP audit

• The process of collecting and evaluating evidence to determine whether a computer system safeguards assets, maintains data integrity, achieves organizational goals effectively, and consumes resources efficiently.

• EDP audit need technical expertise • internal control – password , authorization,

copy,


CIS environment

• Computerization impact on organization control• Flow of document information processing. • Not changed the fundamental nature of auditing• Changes in the method of evidence collection and

evaluation.• Auditors knowledge about computer environment

(Hardware, software etc.)• Keep pace with rapidly changing technology• Use of sophisticated Audit software


Internal control in CIS

• For hardware (CPU, Monitor, Printers etc.) • For software (Operating system, application

programs, Data base management system etc.)

• For people (Data entry operator, CIS organisation, end users)

• For transmission media


Internal control in CISAuthenticity Controls Authenticity control are exercised to verify the identify of the individuals or process

involved in a system (e.g. password control, personal identification numbers, digital signatures)

Accuracy ControlAccuracy control ensure the correctness of data and processes in a system (e.g.

program validation cheek that a numeric field contains only numeric, overflow checks, control totals, etc.)

• Completeness Control - Completeness control attempt to ensure that no data is missing and that all processing is carried through to its proper conclusion. (e.g. program validation check, sequence check etc.)

• Redundancy Control - Redundancy controls attempts to ensure that a data is processed only once. (e.g. batch cancellation stamp, circulating error files etc.)


• Privacy Controls - Privacy controls ensure that data is protected from unauthorised

disclosure. (e.g. cryptograph, data compaction, etc.) • Audit Trail Controls - Audit trail control ensure traceability of all events occurred in

a system. This record is needed to answer queries, fulfill statutory requirements, minimize irregularities, detect the consequences of error etc. The accounting audit trail shows the source and nature of data and process that update the database. The operations audit trail maintains a record of attempted or actual resource consumption within a system.

• Existence Controls - Existence controls attempt to ensure the ongoing availability of

all system resources (e.g., database dump and logs for recovery purposes duplicate hardware, preventive maintenance, check point and restart control)


• Asset Safeguarding Controls - Asset safeguarding control attempt to ensure that all resources within a system are protected from destruction or corruption (e.g. physical barriers, libraries etc.)

• Effectiveness Controls - Effectiveness control attempt to ensure

that systems achieve their goals. (e.g. monitoring of user satisfaction, post audits, periodic cost benefit analysis etc.)

• Efficiency Controls - Efficiency controls attempt to ensure that a

system uses minimum resources to achieve its goals.


Internal control in CIS

• Separation of duties• Delegation of authority and responsibility• Competent and trustworthy personnel• System of authorisation• Adequate documents and records• Physical control over assets records• Adequate management supervision• Independent checks on performance• Comparing recorded accountability with assets


Types of EDP Accounting system

• Processing system – Batch processing system – transaction

processed in batches

Real time processing system – transaction entered as they occur and processed simultaneously (online data transfer)


Audit approach in CIS environment

• Audit around computers ( Black box approach )• Audit through computers (White box approach )

• Audit around computers – based on input and putput , ignores data processing

• Clients input – CPU – Clients Output – compare with auditors predetermined output


Audit through computers –( white box approach )Auditors input – CPU - Output – compare with

clients output.


Computer-assisted audit techniques (CAATs)

• Computer-assisted audit techniques (CAATs)• Use of computers to automate the audit

processes.• Basic office software such as spreadsheet,

word processors and text editing programs• Advanced software packages involving use of

statistical analysis and business intelligence tools.


CAATs (Computer assisted audit techniques)

• Audit software Package programme – excelPurpose written programs – used for sorting ,

sampling, documentation System management software's


• Test data – Auditor enters test data in clients computer system and compares the results with pre-determined results

• Test packs – testing a set of date chosen by the auditor from clients system and testing it separately from normal processing procedure


Uses of CAAT

• Detailed and in-depth test of transaction and balances

• Application of complex analytical review procedures

• Statistical sampling techniques • Test EDP control• Testing application control• Pre- performance calculation and processing • Better reporting methods

audit in computerised informaton system environment and recent development in audit

Education