AUDITING (PART-18) (UNIT-III) INTERNAL CONTROL (PART 4)

Transcription

1 1. INTRODUCTION AUDITING (PART-18) (UNIT-III) INTERNAL CONTROL (PART 4) Hello students welcome to the lecture series of auditing. Today we shall be taking up unit 3 rd and under unit 3 rd we shall continue our discussion on internal control in our previous three lectures we have already learned in length about the internal controls and also about the computer information system that how under CIS involvement internal controls are being taking care of. Today we shall continue our discussion on the EDP environment and we shall learn about audit trial and miscellaneous topics in relation to internal control. Among it the first one is the meaning of audit trial then we will learn about the advantages and disadvantages of using CAAT, CAAT means Computer Assisted Audit Techniques. They are being used in a controlled environment where computerized systems are there. Then organized structure in CIS Environment that how the organizational structure would be there, how the data will flow, what s the flow of the information in a CIS environment that means how internal control are being in place under such environment. We shall also learn about the nature of Processing under a controlled environment where everything is computerized and we will learn about the meaning of internal check and we shall try to differentiate between internal check and internal audit. We shall also learn in detail about the requirement of internal control system at service Bureau. So first of all let us take up the meaning of audit trial and how it is being useful. 2. AUDIT TRIAL It refers to a situation where it is possible to relate one-to-one basis. the original input along with the final output. That means in relation to the output we should have the trail of the input there

2 should be one to one co relation among input and output. Thus, audit trial can be defined as those documents, records, journals, ledgers, master files etc that enables an auditor to trace the transaction from the source document to the summarized total in accounting reports or vice versa. So in a way audit trail is a documentation of data entry which has been passed and it s a detail transaction record we will record it in journal we will have the ledgers of it so overall one to one basis can be established for any transaction which is been recorded in a computerized system take for example Sequentially numbered sales invoice copies would normally be listed in register for day book and subsequently filed either in numerical or chronological sequence. So where ever we have a summary obviously they would be some where being posted or they being generalized so the serial number can be cross referred with the original input data so the chronological data which we have in hand is the output and its one to one relation can be established with the input by the reference number which we have in the summarized sheet If it would be possible to trace a particular invoice from the daybook to the original file or vice-versa, by reference to the number or the date of invoice as we already discussed. By date of invoice also we can trace out the transaction or by the cross reference which is being written over both the documents that is input and the output summarized form so that s what we call the audit trail which is useful for auditor while conducting the audit. 3. ROLE OF COMPUTER ASSISTED AUDIT TECHNIQUES Now we understand a very important concept in relation to CIS environment that how Computer Assisted Audit Techniques would we useful for conducting audit where audit is done through the computer that means there is complete computerized process and what auditor is required to do is that he has to use certain techniques to do the audit so CAATs which is commonly know as Computer Assisted Audit

3 Techniques refers to those auditing techniques that takes assistance of a computer for being applied to an audit in a computer environment. So they are auditing techniques only and certain programs are being drafted in such a manner that audit techniques can be applied to conduct audit on a particular procedure The use of computer-assisted audit techniques may be required because there is complete absence of input documents because every thing is being computerized and lack of a visible audit trail and lack of visible output so where there is no visible input or output there are all entries which are being present in computerized system only the backups are again taken up in computerized format the hardware and software s are so prepared that its not possible to trace out the audit trials under that scenario what happens that certain audit programs are being drafted in such a manner that they can be used as auditing techniques to carry out the audit under CIS environment CAATs enable the auditor to save time by examination of data stored on computer media so here media has changed rather than manual medias what happens that computer media are there so on such medias what happens that with the use of CAATs techniques their can be better examination of data s being stored and it will save the time of auditor that s why we say that CAATs enable auditor to save time by examination of data s stored on computer media rather than on print-outs or other documents and in some cases, to conduct tests which cannot be done manually because there is no visible evidence or audit trial. CAATs can be used for both compliance and substantive testing. So a question comes to mind of students that are CAATs techniques useful for only the substantive test? No they are being useful under compliance test also so where ever we have to put reliance on the internal control system CAATs techniques can be used where ever the testing of documentation and transaction is to be done again we go for CAATs techniques substantive test here means that the testing of transaction and data s we will go for

4 vouching and verification these aspects can also be covered by CAATs techniques and internal control testing can possible with the help of CAATs techniques So overall it is such a technique which is being used by the auditor where he can go for complete audit with the help of CAATs techniques being assigned to carry on the audit work CAATs may be used in performing various auditing procedures including (a) tests of details of transactions which is commonly known as substantive test and balances for example the use of audit software to test all ( or a sample) of the transactions in a computer file. So under test of details of transaction we can go for CAATs techniques and (b) Analytical review procedure Analytical review procedure as we have already discussed in or lecture one on basis concepts of audit where we said that analytical review procedure are those procedure where trends and ratios are being checked and they are being audited by the auditor so using CAATs techniques again we can go for analytical review procedures and the use of such software would be useful to indentify the unusual fluctuation in items so again under CAATs different features or a peculiar feature of analytical review procedure is that unusual transaction can be identified. CAATs may be used in performing various auditing procedures including these two also c. Compliance test of general EDP controls general EDP controls we have already learnt in our previous lecture they are overall control of internal control which are being placed under CIS system so Compliance test can be conducted under general EDP controls using CAATs techniques for example, the use of data to test access procedures to the program libraries. d. Compliance tests of EDP application controls EDP application controls means that how accounting procedures are being applied in a CIS environment or computerized environment so compliance tests

5 under EDP application controls can be conducted using audit techniques which are knows as CAATs under it how we will go for the CATTS techniques the use of test data to test the functioning of a program procedure can be there so all these would be forming the part of the use of the computer assisted audit techniques to carry out the audit in computerized environment. 4. CAATs used in Audit Now let us understand certain CAATs which are being used in audits:- Audit Software: Audit software consists of computer program used by the auditor as a part of his audit procedure to process data of audit significance. Now under audit software again there can be different types of audit software s when we are talking about audit software s it is one of the type of the CAATs which is being used so under audit software s again we have different sort of programs there can be utility programs, package programs so first a fall let us understand what do we mean by the package programs which are being used while conducting audit of business entity a. Package programs: These are computer programs designed to perform data processing which includes reading computer files, selecting information, performing calculation, creating data files and printing reports in a format as specified by the auditor. So under package software every thing would be designed so as to perform the audit in the manner it is being useful for the auditor that means from the selection of the information till the generation of report and being used as a printout so under package program everything would be design as per the need of the auditor b. Purpose written Programs, these are computer programs designed to perform audit tasks in specific circumstances. The previous one i.e. the package program one of the general use while Purpose written Programs are used for specific circumstances these programs may be

6 prepared by the auditor, by the organization or by an outside programmer engaged by the auditor. In some cases, the programs existing in the organization may be used by the auditor in their original or in a modified state because it may be more economical and effective than developing independent program. c. Utility Programs, these are used by the organization to perform common data processing functions, such as sorting, creating and printing files. These programs are generally not designed for audit purpose and therefore may not contain such features as automatic record or control totals. So in all there are lot many audit software s which can be used by the auditor depending upon its need and the necessity for doing the audit in the computer aided techniques or in a computerized information system. Now let us understand one more feature that is known as Test Data; Test data techniques is also being used for conducting audit under a computerized environment under it what happens that they are used in conducting audit procedures by entering data into the computer system of the organization and comparing the results obtained with pre-determined results there are certain predetermine results of the organization and when the data is being put in a test data technique we will compare results of both the data s one which is pre generated or which are already being generated and one which are being generated with the use of test data techniques. For example- Test data used to test specific controls in computer programs, such as, on line password and data access control. Test transactions selected from previously processed transactions preferably historical data or data treated by the auditor to test specific processing characteristics of the organization s computer system. Such transactions are generally processed separately from the entity s normal processing.

7 Test transactions used in an integrated test facility where a dummy unit is established and to which test transactions are posted during the normal processing. So either we can take up a historical data or a data which is being specifically used for the test purpose or we can go for a dummy unit to do the test transactions of the data s. 5. DISADVANTAGES OF USING CAATS Now what s the benefit of using CAAT techniques; Increase in the effectiveness and efficiency of auditing procedures because we are having computer assessed audit techniques so obviously there is saving of time and the procedure would be procedural, there will be lesser chances of any error as the system is prewritten and is being modulated with the help of the auditor only. Saving in time the auditor can save time by reviewing the CIS control through CAAT than through other audit procedure. So again there is saving in conducting of the compliance procedures and in turn it will help us to conduct the substantive test in a much faster manner. Effective test checking can be there. A sample can be taken up which will represent the population and such sample would be a sample which will be effective to test the entire mechanism and it will be useful for the auditor to carry out the test on such samples. Now what s the disadvantage of using CAAT? Wherever there are advantages there are again chances that every technique would be having there own disadvantages so with the CAAT techniques Lack of Audit Trial and documentation. So this problem we need to face while conducting the audit using CAAT so let s highlight certain important disadvantages associated with the CAAT techniques Audit Trial disappears-we have already discussed that input and output would be in computerized format so it s not possible to do documentation in physical form.

8 Lack of visual observation because everything is automated and backups would also be there in computer media, so again it will be a problem where auditing is done around the computer, audit techniques would fail and wherever there is lack of knowledge of computers by the auditors again it will not be possible to use CAAT techniques. Internal storage: it is difficult to determine procedure followed. However with the passage of time there are chances that the entities would define there backups programs and they would take up the storage in a much better fashion and data storage would be given equal importance as that of data security. Change in programs could be there which will result in the stake of security of data and the CAAT techniques would not be so useful to trace out any modification which would be made up and any change which is being done if proper internal control and security checks are not present in the computer programmes System Jargon: that s the major problem which is being faced by the CAAT techniques; there are certain source codes which are being assigned while doing the input of the data so it is very difficult to decipher what s the code and how it is being given as an input into the system. So let us understand what do we mean by System Jargon. The source code listed to the auditor may not agree with the object code used by system. So wherever there is discrepancy or there is disagreement between the source code or the object code of the auditor and the system then these techniques will be utter failure Now let us understand one more concept that is organized structure in CIS environment. In a CIS environment an entity will establish an organizational structure and procedure to manage the CIS activities. So overall the structure would be same however with the change in environment wherever the computers are being used as a source of the information system there will be a change in organizational

9 structure so let us understand the characteristics of a CIS organizational structure, what does they include, they include: Concentration of functions and knowledge, Concentration of programs and data usually in machine readable form either in one computer installation located centrally or in a number of distributed locations. Now what s the nature of processing under a CIS environment? 1. Absence of input documents that is order entry in on-line systems is there so there is lack of input documents or the generation of the accounting transactions by computer programs that is automatic calculation of discounts can be there so again they will create the absence of input documents. 2. Lack of visible audit trail which we have already discussed in length which preclude the auditor from visually following transactions through the computerized accounting system. Lack of feasible output may necessitate access to data retained on files readable only by the computer because output is again is stored in computer media so there is lack of visible output. Hence it becomes a problem under such processing and ease of access to data and computer programs may increase the potential for unauthorized access. so data security is again a question to be dealt with precisely and in a very secure manner 6. INTERNAL CHECK Now students we will deal with another topic which is known as internal check. It is very much related to internal control so rather than getting confused with internal check internal control and internal audit we shall go with the meaning of internal check and learn it in detail. Internal check is a method of organizing the system of book-keeping and arrangement of staff duties in such a way that the work of one person automatically checked by another and the possibility of error is minimized unless there is a collision between the clerks. So here we can say that internal checks is quite lesser in its

10 scope than an internal control where internal control is a involvement where the control are being in place, internal check is again a method where by we check or organize the system of book keeping, that how internal control in relation to bookkeeping and the segregation of duties of this chapter is being managed. So what are the essential elements of a good system of internal check? Let us understand them. Existence of check on the day to day transaction, Which operate continuously as a part of the routine system that means the internal check would be there continuously as a part of routine system everyday such check are to be there into the system and Whereby the work of each person is either proved independently or is made complementary to the work of another. Let us understand the general considerations which are to be kept in mind in framing a system of internal check Important aspects of the business controlled by employee come under the review of another Duties of staff should be changed from time to time without previous notice so that there are lesser chances of committing fraud or any misappropriation of the data. Every member should be encouraged to go on leave once in a year so that there will be a satisfied employee and there should not be any chaos or collision in the employees and better internal check can be performed. The custody and accounting function of the assets must be the responsibility of two separate persons so that there is internal control check over both of the persons who are responsible for the custody and accounting function of the asset of the organization. Then there is need to prevent the misappropriation of cash, some mechanical instrument must be used in the business organization where by the misappropriation of the cash can be controlled and the triggering position will be there which will show us that certain chances are there or a misappropriation has taken place and it could be very easily detected out. There must be physical verification of

11 assets at regular intervals so there should be a internal check system that with the regular interval the assets would be physically verify, there should not be a chances of damage of the assets or the loss of the assets. The budgetary control and standard costing should be used in the business organization where by the cost can be under control and proper standards of the cost can be determined and variances can be analysed. Procedure should be laid down for periodical verification and testing of different sections of the accounting records and lastly the established accounting procedures should be reviewed periodically. 7. SUMMARY Now students we are summing us the lecture of today under today s lecture we have learned the importance of audit trial and how it is useful then we have learned about the CIS environment where there are certain computer assisted audit techniques are being used by the auditor to conduct the audit in a computerized environment. Under it we have learned in detail about the audit programs which are being used by the auditor as well as the test data. Again under the audit programs we have discussed abut the package programs and the prewritten programs as well as the utility programs and test data are being used either with the historical data or the business entity or with the use of the dummy units. We have also learned the importance of the internal check and general considerations to be kept in mind while applying any internal check. With this we are ending up our lecture of today. Thank you!