123

AUDITING AND EDP

My spouse and i. AUDITOR'S CONCERN OF INSIDE CONTROLS WITHIN AN EDP ENVIRONMENT

The second standard of discipline work requires that we get a sufficient comprehension of the patient's internal settings (I/C) to plan the audit and assess control risk. We hope that our assessment of control risk displays it to become low to ensure that we can reduce substantive assessment, thereby reducing audit costs. When EDP is used in significant accounting applications, then you definitely must consider the effects the pc has the moment evaluating the interior controls. The auditor's way of considering I/C is the same in a computerized environment such as a manual environment:

--Obtain and doc understanding of the interior controls

--Assess control risk

--Perform checks of handles

--Reassess control risk

A. Obtain and document an understanding of the I/C

1 . The extent that the auditor needs to be familiar with computer system relies on the preliminary audit strategy selected:

a. Primarily hypostatic approach--treat computer as a dark-colored number crunching box and simply audit the inputs and outputs (auditing around the computer)

b. Reduce assessment of control risk--you rely on the computer's settings (audit throughout the computer)

N. Assess Control Risk

1 ) The auditor needs to measure the risk the internal regulates (including EDP controls) will not prevent or detect material errors or irregularities that will effect the financial transactions.

a. CONSIDER THE STRENGTHS AND WEAKNESSES IN THE GENERAL SETTINGS FIRST

Example of this in the payables cycle--one of the software (programmed) settings requires the fact that computer match the voucher with appropriate supporting records before the is released. However , if the general controls over changes to programs can not be relied about, then the payables program could be modified allowing an unauthorized check. Thus, the application control could not be relied on either.

n. Identify the typical controls on what you plan to rely.

c. Consider the strongest and weakest points of app controls and user regulates next.

g. Identify the application and consumer controls which you plan to rely.

At this point make an initial assessment of whether the EDP controls look reliable. You may:

1 . Determine that the EDP controls will not, after comprehensive review, look reliable--you should achieve the audit targets by various other means (AUDIT AROUND THE COMPUTER SYSTEM if possible) OR

2 . Determine EDP controls show up reliable & move to checks of handles

C. Tests of Controls (TCs) in Laptop Environment

1 . Recall that the purpose of TCs is to obtain reasonable assurance that the interior controls are functioning correctly. The general handles are examined first, then your application and user regulates. Also, call to mind that TCs are done on a cycle by cycle basis. So the accounts receivable app will be analyzed separately from the payroll program (and thus on). We do this for the reason that controls in each pattern are different and independent.

The tables on following web pages give instances of TCs which may be manually performed. In addition EDP controls could be tested through use of the computer as explained in the following section in EDP Examine Techniques.

G. Reassess control risk based upon results of TCs

1 . High control risk might necessitate greater dependence on substantive testing and low reliability on pc controls. 2 . Low control risk means the computer regulates can be depended on to produce better #s & thus substantive testing could be reduced. 3. No matter how very good controls will you be MUST do a few substantive assessment. TABLE one particular

CONTROL RISK ASSESSMENT/ CHECKS OF HANDLES

FOR EDP GENERAL SETTINGS

Potential

Misstatements

Necessary

Controls

Conceivable Tests

of Controls

PROCEDURE CONTROLS

1) Errors could possibly be made in

punching in or control

data or perhaps distributing

result.

2) EDP personnel may

initiate and...