2. STAGES OF AN AUDIT
Plan the audit
Understand the entity (Preliminary Review)
Assess risk of material misstatement
Respond to risk
Expect effective controls Expect ineffective controls
Test of Control Unsatisfactory Report significant
deficiencies to those charged
with governance to
management and all
weakness to mgmt.
Satisfactory
Full Substantive tests
Restricted substantive tests
Overall review of Financial Statement
Report to Mgmt.
Auditor’s Report
3. OBJECTIVES AND CONTEXT OF
AUDIT
OBJECTIVE is what we are trying to accomplish.
What goal we want.
CONTEXT is the environment in which we perform
our work. Its background and circumstances in
which we perform our audit.
What works for one organization, may
not work for another, its all due to
objectives and context
4. PRELIMINARY REVIEW
In preliminary review, the auditor will gather general information
and the process and systems under review.
An overall summary or an overview flowchart of the major
applications subsystems and their inter-relationships, including
inputs and outputs
Programming languages, data processing standards, and
procedures manuals used in the computer system
Data control procedures
Procedures and provisions for backup, recovery, and restart of
operations in the event of equipment failure or accidental
destruction of data
Descriptions of physical security control
Method applied in gathering these data are mainly interviews and
review of documentation.
5. SUBSTANTIVE TEST IN IT AUDIT
In an IT audit, substantive testing is used to determine the accuracy
of information being generated by a process or application.
Audit tests are designed and conducted to verify the functional
accuracy, efficiency, and control of the audit subject.
During the audit of an Information System application, the auditor may
build and process test data to verify the processing steps of an
application.
Whether accounting system is manual or computerized , the procedures of
auditing are more or less same except some changes in controls,
documentation, audit techniques, and technical qualifications required by
audit staff members.
6. CONTROLS AND AUDITING IN COMPUTER
ENVIRONMENT
Since accounting system is vulnerable to various mismanagements, frauds,
errors etc, but these type of threats can be coped by adopting/implementing
strong system of internal control
Why internal control in computerized environment
Lack of proper audit trails
Information recorded cannot be read by bare eyes without computer
Financial and business transaction are often generated by system itself
based on data previously entered without further human instruction.
Errors in computerized environment may go undetected as there is less
involvement of human in computerized environment.
There is maximum chances of errors in processing that might be applied
to large number of transaction
With proper controls, computerized system are more reliable than
non-computerized systems.
7. CLASSIFICATION OF CONTROLS
1. General Controls
2. Application Controls
1. General Control
General control is the control governing the environment in which the
computer system is developed, maintained, and operated.
2. Application Control
Its control for both computerized and manual, within the business
application to ensure that data is processed completely, accurately and in
a timely manner.
Application controls are typically specific to the business application and
include
*Input control
*Run to run comtrols
8. INPUT CONTROL
•Field Check (Numeric- Alphabetic)
•Limit Check
•Range Check- Day in a month
•Slab Check – like city
•Existence- data should exist in some field
•Check digit
Record Level Tests
Field’s logical interrelationship with other fields in a record {PF 10%
of Basic Salary}
Reasonableness check 20 hours of overtime in a day
Consistency/Validity check A district must fall in a particular zone
Length PAN No 9 digit, Mobile no. 10 digit
Sign test PF cannot be (-)ve
Sequence Check Country code- Area Code- Phone No
9. GROUP OF RECORDS (BATCH) TESTS
WHETHER THE CHARACTERISTICS OF A BATCH RECORDS ENTERED ARE IN
LINE WITH THE STATED CHARACTERISTICS OF THE BATCH
FOLLOWING TYPES OF BATCH CHECK CAN BE APPLIED
CONTROL TOTALS: IS SUM OF A FIELD ACROSS ALL RECORDS IN A BATCH
TRANSACTION TYPE: ALL DATA IN A PARTICULAR BATCH ARE OF SIMILAR
TYPE
BATCH SERIAL NUMBER: ALL RECORDS MUST HAVE A SERIAL NUMBER
SEQUENCE CHECK: THE INPUT RECORDS MUST FOLLOW A PARTICULAR
ORDER
10. PROCESSING CONTROL
After data are entered (input is given) , transactions enter the processing
stage of the system. Processing control are programmed procedures and
can be divided into 3 categories- namely batch control, run to run control
and audit trail controls
Batch controls used to manage the flow of high volumes of
transactions through batch processing systems - to reconcile
system output with the input
To ensure
All records in the batch are processed.
No records are processed more than once.
An audit trail of transactions is created from input through
processing to the output stage of the system.
11. PROCESSING CONTROL CONTD.
Run-to-run control
use of batch figures to monitor the batch as it moves from one programmed
procedure (run) to another. {Error Handling and Reprocessing}
Hash total
summation of a nonfinancial field to keep track of the records in a batch
Inter table tests
when a new transaction is entered- checks the other related tables for validity
Master reference
where master is present, the data is validated against that master
- customer exists?
Audit trail controls
ensure that every transaction can be traced through each stage of processing
Transaction Logs: successfully processed transactions should be recorded
Log of Automatic Transactions: reorder point, entry scheduling
Transaction Listings: listing of all successful transactions
12. SYSTEM & INTERSYSTEM TEST
Testing of system focus on evaluation of individual modules within a
program.
There are two types of system test- static analysis and dynamic analysis
Static analysis test:- it evaluates the quality of module through direct
examination of source code. Like desk checking , structured walk through,
design and code inspection
Dynamic analysis test:- Dynamic analysis test require the module to be
executed on a machine
Two important dynamic analysis test are
•Black Box
•White Box
Inter system tests
Evaluating groups of program modules
(1) whether their interfaces are defective
(2) overall whether they fail to meet their requirement specifications