The principal object of an audit is to ensure that the accounts on which the auditor is reporting to show a true and fair view of the state of affairs at a given date and of the results for the period ended on that date. The essential features of an audit, appropriate for medium or large sized concern, are :
- an evaluation of the system of accounting and internal control to ascertain whether they are appropriate for the business and properly record all transactions;
- the making of such tests and enquiries as are considered necessary to determine whether the systems are being operated correctly;
- an examination of the accounts in order to verify :
- the title, existence and value of the assets appearing in the balance sheet and to verify that all liabilities are correctly included therein;
- that the results shown by the profit and loss account are fairly stated; and to ensure that such accounts are in accordance with the underlying records and comply with the appropriate statutory requirements.
The overall objective and scope of an audit does not change in an CIS environment. However, the use of a computer changes the processing and storage of financial information and may affect the organization and procedures employed by the entity to achieve adequate internal control. Accordingly, the procedures followed by the auditor in his study and evaluation of the accounting system and related internal controls and nature, timing and extent of his other audit procedures may be affected by an EDP environment.
Skills and Competence : When auditing in an CIS environment, the auditor should have an understanding of computer hardware, software and processing systems sufficient to plan the engagement and to understand how CIS affects the study and evaluation of internal control and application of auditing procedures including computer-assisted audit techniques. The auditor should also have sufficient knowledge of CIS to implement the auditing procedures, depending on the particular audit approach adopted.
Work Performed by Others : The auditor is never able to delegate his responsibility for forming important audit conclusions or for forming and expressing his opinion on the financial information. Accordingly, when he delegates work to assistants or uses work performed by other auditors or experts, the auditor should have sufficient knowledge of CIS to direct, supervise and review the work of
assistants with CIS skills or to obtain reasonable assurance that the work performed by other auditors or experts with CIS skills is adequate for his purpose, as applicable.
Planning : The auditor should gather information about the CIS environment that is relevant to the audit plan, including information as to:
- How the CIS function is organized and the extent of concentration or distribution of computer processing throughout the entity.
- The computer hardware and software used by the entity.
- Each significant application processed by the computer, the nature of the processing (e.g. batch, on-line), and data retention policies.
- Planned implementation of new applications or revisions to existing applications.
- When considering his overall plan the auditor should consider matters, such as:
- Determining the degree of reliance, if any, he expects to be able to place on the CIS controls in his overall evaluation of internal control.
- Planning how, where and when the CIS function will be reviewed including scheduling the works of CIS experts, as applicable.
- Planning auditing procedures using computer-assisted audit techniques.
Accounting System and Internal Control : During the review and preliminary evaluation of internal control, the auditor should acquire knowledge of the accounting system to gain an understanding of the overall control environment and the flow of transactions. If the auditor plans to rely on internal controls in conducting his audit, he should consider the manual and computer controls affecting the CIS function (general CIS controls) and the specific controls over the relevant accounting applications (CIS application controls).
Audit Evidence : An CIS environment may affect the application of compliance and substantive procedures in several ways.
The use of computer assisted audit techniques may be required because:
- The absence of input documents (e.g. order entry in on-line systems) or the generation of accounting transactions by computer programs (e.g. automatic calculation of discounts) may preclude the auditor from examining documentary evidence.
- The lack of a visible audit trail will preclude the auditor from visually following transactions through the computerized accounting system.
- The lack of visible output may necessitate access to data retained on files readable only by the computer.
The timing of auditing procedures may be affected because data may not be retained in computer files for a sufficient length of time for audit use, and the auditor may have to make specific arrangements to have it retained or copied.
The effectiveness and efficiency of auditing procedures may be improved through the use of computer assisted audit techniques in obtaining and evaluating audit evidence, for example:
- Some transactions may be tested more effectively for a similar level of cost by using the computer to examine all or a greater number of transactions than would otherwise be selected.
- In applying analytical review procedures, transactions or balance details may be reviewed and reports printed of unusual items more efficiently by using the computer than by manual methods.