GENERALIZED AUDIT SOFTWARE



Similar documents
3. Current Auditing Computerized Tools

Control Matters. Computer Auditing. (Relevant to ATE Paper 8 Auditing) David Chow, FCCA, FCPA, CPA (Practising)

Internal Auditing & Controls. Examination phase of the internal audit Module 5. Course Name: Internal Auditing & Controls

Part II. Audit process by phase 3. Testing and evidence

Audit programs. Audit program are lists of audit procedures to be performed by audit staff in order to obtain sufficient appropriate evidence.

[300] Accounting and internal control systems and audit risk assessments

Chapter 15 Auditing the Expenditure Cycle

1 INTRODUCTION TO SYSTEM ANALYSIS AND DESIGN

PERFORMANCE EVALUATION AUDIT CHECKLIST EXAMPLE. EIIP Volume VI

SESSION 3 AUDIT PLANNING

INFORMATION SYSTEM AUDITING AND ASSURANCE

B.Com(Computers) II Year RELATIONAL DATABASE MANAGEMENT SYSTEM Unit- I

Checklist for Operational Risk Management

DATA QUALITY STRATEGY

Executive - Salary Guide

How to gather and evaluate information

Data Analysis: The Cornerstone of Effective Internal Auditing. A CaseWare Analytics Research Report

Fundamentals Level Skills Module, Paper F8 (IRL) 1 (a) Audit procedures procurement and purchases system

10-1. Auditing Business Process. Objectives Understand the Auditing of the Enteties Business. Process

Fundamentals Level Skills Module, Paper F8 (INT)

Performance objectives

INTERNATIONAL STANDARD ON AUDITING 401 AUDITING IN A COMPUTER INFORMATION SYSTEMS ENVIRONMENT CONTENTS

ABSTRACT. would end the use of the hefty 1.5-kg ticket racks carried by KSRTC conductors. It would also end the

Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained

SAMPLE AUDIT REPORT. Sample Credit Union. Report on Operations. As of Audit Date

INTERNATIONAL STANDARD ON AUDITING 330 THE AUDITOR S RESPONSES TO ASSESSED RISKS CONTENTS

INTOSAI. Performance Audit Subcommittee - PAS. Designing performance audits: setting the audit questions and criteria

ACCOUNTING FOR AND AUDIT OF INVENTORIES

On the Setting of the Standards and Practice Standards for. Management Assessment and Audit concerning Internal

Computerisation and Performance Evaluation

Information Systems Development Process (Software Development Life Cycle)

Master Document Audit Program

DATA ANALYSIS: THE CORNERSTONE OF EFFECTIVE INTERNAL AUDITING. A CaseWare IDEA Research Report

Checklist for Market Risk Management

Accounts Receivable System Administration Manual

for Sage 100 ERP Work Order Overview Document

Module 6. Business Application Software Audit

a) To achieve an effective Quality Assurance System complying with International Standard ISO9001 (Quality Systems).

Section 1 Spreadsheet Design

How To Audit A Financial Statement

THE AUDITOR S RESPONSES TO ASSESSED RISKS

Michigan Department of Treasury Tax Compliance Bureau Audit Division. Audit Sampling Manual

INTERNATIONAL STANDARD ON AUDITING 530 AUDIT SAMPLING AND OTHER MEANS OF TESTING CONTENTS

Learning Objective 1. The Impact of Information Technology on the Audit Process. Describe how IT improves internal control.

IT Enabled System : Opportunities & Challenges for Assurance Professionals

AIPM PROFESSIONAL COMPETENCY STANDARDS FOR PROJECT MANAGEMENT PART B CERTIFIED PRACTISING PROJECT PRACTITIONER (CPPP)

Supplementary materials

BS: Bespoke or specialist software

A STUDY OF COMPUTER-AIDED CONSTRUCTION CLAIM MANAGEMENT SYSTEM

Comprehensive Business Budgeting

Checklist for Credit Risk Management

INTERNAL AUDIT FRAMEWORK

MEM11015B Manage warehouse inventory system

REAL-TIME LABOR EVALUATIONS. The views expressed in this presentation are DCAA's views and not necessarily the views of other DoD organizations

Project Management. Systems Analysis and Design, 8e Kendall & Kendall

PROJECT TIME MANAGEMENT. 1 Powered by POeT Solvers Limited

Course Author: Dr. Monica Belcourt, School of Human Resource Management, York University; Ron Alexandrowich and Mark Podolsky

Appendix 1e DIRECTORATE OF AUDIT, RISK AND ASSURANCE INTERNAL AUDIT SERVICE TO THE GLA

TIER II STANDARD FOR FINANCIAL MANAGEMENT SPECIALISTS

INTERNATIONAL STANDARD ON AUDITING (UK AND IRELAND) 520 ANALYTICAL PROCEDURES CONTENTS

Concepts in Enterprise Resource Planning. Chapter 5 Accounting in ERP Systems

Project Scheduling & the PMI-SP Credential

International Standards on Auditing (ISA) and their Use for Second Level Control of European Territorial Cooperation Programmes

The audit of inventories

In search of Excellence Series Research - Study Material No. 18

Audit Quality Thematic Review

1. USING THE AUDIT PRACTICE MANUAL

DATA MINING TECHNOLOGY. Keywords: data mining, data warehouse, knowledge discovery, OLAP, OLAM.

Master of Science in Health Information Technology Degree Curriculum

WEEK 6. Objective 1: Sales Transaction Cycle Risks

Post Award Accounting System Audit at Nonmajor Contractors

Disaster Recovery and Business Continuity Plan

Schedule Compression

Appendix M INFORMATION TECHNOLOGY (IT) YOUTH APPRENTICESHIP

Overall Audit Plan and Audit Program. I. Introduction Chapter is primarily review and integration of the audit framework.

INTERNATIONAL STANDARD ON AUDITING 520 ANALYTICAL PROCEDURES CONTENTS

Board of Commissioners

Audit Manual PART TWO SYSTEM BASED AUDIT

Internal Audit Testing and Sampling Techniques. Chartered Institute of Internal Auditors May 2014

INTERNATIONAL STANDARD ON AUDITING (UK AND IRELAND) 530 AUDIT SAMPLING AND OTHER MEANS OF TESTING CONTENTS

FOREIGN AFFAIRS PROGRAM EVALUATION GLOSSARY CORE TERMS

Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement

Activity Code Material Management and Accounting System (MMAS) Version 9.10, dated September 2015 B-1 Planning Considerations

GCE APPLIED ICT A2 COURSEWORK TIPS

TECHNIQUES FOR AUDITING BALANCE SHEET ITEMS

Integration Technologies Group (ITG) ITIL V3 Service Asset and Configuration Management Assessment Robert R. Vespe Page 1 of 19

Appendix U TRANSPORTATION, DISTRIBUTION AND LOGISTICS YOUTH APPRENTICESHIP

Transcription:

EVIDENCE COLLECTION The auditors problem is not a shortage of evidence collection techniques to use, but it is knowing what technique or set of techniques is best to use for a given system or program. Our focus is on the nature of the tools and techniques, methodologies for using the tools and techniques, and the relative advantage and disadvantages of the tools and techniques. GENERALIZED AUDIT SOFTWARE A major tool available to the auditor for collecting evidence on the quality of an application system is generalized audit software. GAS provides a means to gain access and manipulate data maintained on computer media. MOTIVATION FOR GENERALIZED AUDIT SOFTWARE DEVELOPMENT It is a program providing powerful data retrieval, data manipulation, and reporting capabilities specifically oriented to the needs of auditors. The primary motivation for developing this software is the set of problems caused by the diversity of computerized information processing environments that confront the auditor. With resource constraints, it is often impossible to develop specific programs for every system that will extract, manipulate and report data required for audit purposes. The trade off made is on processing efficiency The other motivation is the need to provide audit capabilities to auditors relatively unskilled in the use of computers. FUNCTIONAL CAPABILITIES File Access It enables files having different record formats and file structures to be read Some packages now provide access to more complex structures such as trees and networks File reorganization it allows data to be sorted into different orders and data from different files to be merged onto one file. Sorting capabilities are necessary for e.g reporting data in a specified order or comparing data on two files. Merging capabilities are needed if data from separate files is to be combined on a separate work file. Selection it provides powerful selection capabilities for extracting data that satisfies certain tests. A query can be (PAY GT 12000 AND(OVERTIME GE 2000 OR ALLOWANCES EQ 6)) Statistical The statistical capabilities of GAS vary from primitive to sophisticated. At a basic level every nth record can be selected. Functions may exist supporting financial analysis; e.g regression and financial ratio analysis. Arithmetic It provides the full set of arithmetic operators enabling work fields to be computed, the arithmetic accuracy of the data to be checked, control totals to be produced etc. for e.g net pay calculations for a payroll file can be recomputed or files can be crossfooted.

Stratification and Frequency Analysis if stratification and frequency analysis capabilities are provided, frequency tables and bar charts can be produced. File Creation and Updating GAS allows work files to be created and updated thus the auditor causes minimum interference to normal application system processing. Reporting GAS can produce reports containing information useful to the auditor. These reports can be formatted in different ways AUDIT TASKS THAT CAN BE ACCOMPLISHED The functional capabilities of GAS can be combined in different ways to accomplish several audit tasks. Examine the Quality of Data GAS can be used to examine the existence, accuracy, completeness, and consistency of data maintained on files. The auditor examines the quality of data because it reflects the quality of the application system that processes the data. e.g if the address field on debtors records contains blanks, the auditor must question the adequacy of the validation processes contained in the system. The quality of the data reflects the quality of the personnel who developed and maintain the application system, and the quality of the personnel who use the system. If the data is low in quality, the application system processing the data may poorly designed, poorly implemented, or poorly maintained. Examine the Quality of System Processes Even though the quality of the system data is high, the quality of system processes may be low from the view point of achieving the objectives of the organisation. e.g upon using GAS to age an accounts receivable file, the auditor may find substantial numbers of overdue accounts. Such an attribute of data reflects adversely on both the computer system and the manual system. GAS provides powerful capabilities for producing mgt reports useful for various kinds of analysis that reflect on the quality of system processes. Through a parallel simulation technique, GAS can be used to compare the master file produced by the parallel simulation program with the master file produced by the application system and generate a report of discrepancies. Examines the Existence of the Entities the data Purports to Represent Data may exist, be accurate, complete and consistent; however, it may have no real world correspondence. It may represent a bogus insurance policy or an inventory item that no longer exists. Thus an auditor may select inventory for observation. Undertake Analytical Review it is the process of obtaining key ratios and totals from an organization's data for comparison with previous years' ratios and totals or industrywide ratios and totals. GAS can be used to extract data required for analytical review and prepare various ratios and totals

FUNCTIONAL LIMITATIONS Ex Post Auditing Only The software examines the quality of the data after it has been processed, thus some time lag exists between an application system error occurring and its identification. In some cases this elapsed time might be substantial if the application system is not audited on a regular basis. Limited Ability to Verify Processing Logic Tests performed by GAS involve live data; I.e; data captured and processed by the application system. The data may not test exceptional conditions that occur while it is important to know whether the application system will handle this condition. To solve this, parallel simulation can be used with test data as input to both the application system and the parallel simulation program. Limited Ability to Determine Propensity for Error Systems can be designed and implemented in a manner that allows the, at least to some extent, to cope with change and some can be designed and implemented so they are inflexible and degenerate quickly when change occurs. The ability of a system to cope with change is a concern for the auditor but no such evidence is gathered by GAS. INSTALLATION/AUDIT GROUP MATURITY Audit needs may not remain constant because the computer installations' life cycle imposses changes on the means of achieving audit objectives for the installetion. Also the internal EDP audit group itself experiences a life cycle throughout which the needs and capabilities of the group change. Impact of the Installation Life Cycle. As systems grow, they stabilize and this motivates the auditor to develop specialized audit software so the overheads incurred by the installation because of the audit function are reduced. Another motivation of using specialized software is that the usefulness of ex post auditing declines in more complex information processing environments. There is greater need for concurrent auditing to identify errors on timely basis. The auditor has increased involvement in the system development life cycle to provide guidance on the design of controls and performing tests on these controls. Impact of the Audit Group Life Cycle The audit group also experiences a life cycle of initiation, expansion and maturity. GAS is most suitable during the early stages of the groups life cycle. GAS provides the means for the audit group to respond quickly to the demands for application system audits. However, when audit groups matures, its tasks, objectives, standards, and expertise have stabilized. The group then seeks to reduce the overhead costs caused by auditing so it develops specialized audit software to take over the functions previously performed by generalized audit software. MANAGING A GENERALIZED AUDIT SOFTWARE APPLICATION Managing a generalized audit software application closely follows the steps needed for properly managing the development of any software project. They are five steps involved in managing an audit software application.

Feasibility Analysis and Planning When there is a potential opportunity for using an audit software, a feasibility analysis should be undertaken. The likely benefit depend on the audit objectives that the audit application software will help achieve. If the internal control system is weak, the value of the substantive test is higher than if the internal control system is strong. Costs may include adequacy of installation documentation, complexity of application system and files, labor costs for auditor, technical and administration advice, computing costs and supplies. A budget and time table can then be drawn. Application Design This stage involves a detailed design of the audit software application. The major steps are: Design Step Obtain detailed understanding of installation application system Design output reports required Prepare file definitions Define the logic of the audit software program Define supplementary data needed Prepare a test plan Explanation This understanding can be obtained through reviewing the application system documentation, flowcharting the application system, preparing decision tables. The output reports constitute some of the working papers for the audit. It is critical to see all the information required for the audit is output in a convenient form The files to be accessed and any work files to be created must be defined The logic should be flowcharted or described in decision tables Reference(look-up) tables for the audit software may have to be designed. Testing may be undertaken using a test deck or live data Once the design has been prepared, it should be reviewed and evaluated against the budget and timetable prepared during the feasibility analysis stage Coding and Testing the auditor undertakes test runs to check the accuracy of the processing logic specified. Operation once the coding and testing stage is complete, the auditor should make a final check to see no changes have been made to the application system that would impact the audit software program; e.g a change of a record format. The processing time schedule then must be confirmed with the operations manager of the installation and the audit software application run. Evaluation and Documentation of Results The output should be reviewed to check for any errors and determine whether audit objectives

have been attained. Respecification and rerunning of the program may be necessary. The documentation and results must be incorporated into the audit work papers along with any suggestions for improvements in future runs. The costs and benefits of the application should be compared with the budget. Finally any files created that may be needed for future use should be secured.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information