Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
5 views13 pages

Testing and Evaluating Systems - Session 6 Part 2

The document discusses various approaches to auditing computer systems, including methods that focus on inputs and outputs, system processing and controls, and utilizing IT for analysis. It highlights the strengths and weaknesses of each approach, emphasizing the importance of planning and expertise in the auditing process. Additionally, it covers specific tests of control, continuous review mechanisms, and the evaluation of systems to determine their efficacy.

Uploaded by

kimisim2004
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
5 views13 pages

Testing and Evaluating Systems - Session 6 Part 2

The document discusses various approaches to auditing computer systems, including methods that focus on inputs and outputs, system processing and controls, and utilizing IT for analysis. It highlights the strengths and weaknesses of each approach, emphasizing the importance of planning and expertise in the auditing process. Additionally, it covers specific tests of control, continuous review mechanisms, and the evaluation of systems to determine their efficacy.

Uploaded by

kimisim2004
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 13

Testing and evaluation of systems

(Part 2 – Auditing round, through


and with the computer)

Slides have generally been produced with reference to


the core text book, namely: The Audit Process
(seventh edition) Gray, Manson, Crawford

Chapter 10
Auditing Computer Systems

There are various ways that auditors approach


auditing computer systems:
(a) round the computer;

(b) through the computer;

(c) with the computer (using it as a tool).


Auditing Computer Systems

Approach Focus Area Strengths Weaknesses


Ignores system
Round the Simple, cost-
Inputs & Outputs controls, may miss
Computer effective
errors
Ensures accuracy Requires IT
Through the System Processing
of automated expertise, time-
Computer & Controls
processes consuming
Requires audit
With the Using IT for Efficient, handles
software and
Computer Analysis large data volumes
training

With reference from The Audit Process (sixth edition) Gray, Manson, Crawford
Figure 10.6 Auditing round and through the computer
Auditing Round the Computer

Computer seen as a black box

-audit activity concentrates on


comparing inputs and outputs
and using techniques such as
analytical reviews
Auditor Points:
• Is it dangerous to ignore the computer?
• What about “value added” service?
• Is substantive (direct testing) approach cost effective
(discard systems app.)
Auditing Through the Computer

Often refer to as CAATs. (Computer Assisted Audit


Techniques).
May be used for
(i) testing the system (tests of control)
(ii) testing data (transactions and balances)

BUT: the audit planning stage becomes more


important.
- specialists, timing ,cost, understanding..
Specific Tests of Control in Computer Systems

Need to check controls operating at all times

a) Code review of programs


- designed to determine if there are defects in
programs that will cause incorrect processing
of data
• tend to be costly in time
• need expert knowledge (auditor reliance)
so are only used in critical areas.
Specific Tests of Control in Computer Systems

b) Test Data
Assembled by the auditor and passed through the
system to see if the data are processed as expected.
•must be representative of real data
- Some auditors use computer-generated test data.

* Live Test Data (normal processing run)


* Dead Test Data (outside normal run)
Issues: Corruption of files (Live); Artificial (Dead)
Specific Tests of Control in Computer Systems

c) Program code comparison


Used to compare the program being tested with a
program known to be the authorised version.

BUT: Interpreting the results needs considerable


expertise. Are the discrepancies critical or not?
The discrepancies might reveal that unauthorized
changes have been made to programs, but do not
detect defective programs.
Continuous Review of Data

Problem: How to monitor throughout the year?

Embedded Audit Facilities?

Integrated Test Systems Control and


Facility (ITF) Review File (SCARF)

Embedding audit facilities allow for continuous review of data


and their processing. Programs created by the auditor flag
critical events as they occur for immediate or delayed review.
They can be useful in tracing the information/audit trail.
Integrated Test Facility (ITF)

Creates simulated transactions (with special code)


and then processed with client data
Issues: • Need detailed review
• Have to be reversed correctly
• Can be random throughout year
• Client can identify data and
process differently to real data
E.g. Sales order – see if despatch notes and invoices
are raised…..
System Control and Review File

Continuous Monitoring and selects transactions


based on pre-defined criteria:
Issues: • Costly so used in critical areas
• Can report on transactions and logic
(puts data into a separate file)

E.g. Sales orders over £100,000


Automatic purchase orders have been raised appropriately
Evaluation of Systems

Once evaluated and tested auditor needs to conclude on


efficacy of system (high, medium, low?).

When forming conclusions on systems, the auditor states the


consequences of particular strengths or weaknesses in the
system and may suggest changes in scope in respect of them.

E.g. If some goods sold at less than cost will need to review
stock valuation

Auditor points: Impact on substantive testing?


What if system is inadequate late on in testing?

You might also like