Is any item that must be carried to gain access to a computer or computer facility.
Relevant to Foundation level Paper FAU and ACCA Qualification Papers F8 and P7 Show Specific aspects of auditing in a computer-based environmentInformation technology (IT) is integral to modern accounting and management information systems. It is, therefore, imperative that auditors should be fully aware of the impact of IT on the audit of a client’s financial statements, both in the context of how it is used by a client to gather, process and report financial information in its financial statements, and how the auditor can use IT in the process of auditing the financial statements. The purpose of this article is to provide guidance on following aspects of auditing in a computer-based accounting environment:
Exam questions on each of the aspects identified above are often answered to an inadequate standard by a significant number of students – hence the reason for this article. Dealing with application controls and CAATs in turn: Application controlsApplication controls are those controls (manual and computerised) that relate to the transaction and standing data pertaining to a computer-based accounting system. They are specific to a given application and their objectives are to ensure the completeness and accuracy of the accounting records and the validity of entries made in those records. An effective computer-based system will ensure that there are adequate controls existing at the point of input, processing and output stages of the computer processing cycle and over standing data contained in master files. Application controls need to be ascertained, recorded and evaluated by the auditor as part of the process of determining the risk of material misstatement in the audit client’s financial statements. Input controlsControl activities designed to ensure that input is authorised, complete, accurate and timely are referred to as input controls. Dependent on the complexity of the application program in question, such controls will vary in terms of quantity and sophistication. Factors to be considered in determining these variables include cost considerations, and confidentiality requirements with regard to the data input. Input controls common to most effective application programs include on-screen prompt facilities (for example, a request for an authorised user to ‘log-in’) and a facility to produce an audit trail allowing a user to trace a transaction from its origin to disposition in the system. Specific input validation checks may include: Format
checks Range checks Compatibility checks Validity checks Exception checks Sequence checks Control totals Check digit
verification Processing controlsProcessing controls exist to ensure that all data input is processed correctly and that data files are appropriately updated accurately in a timely manner. The processing
controls for a specified application program should be designed and then tested prior to ‘live’ running with real data. These may typically include the use of run-to-run controls, which ensure the integrity of cumulative totals contained in the accounting records is maintained from one data processing run to the next. For example, the balance carried forward on the bank account in a company’s general (nominal) ledger. Other processing controls should include the subsequent processing of data
rejected at the point of input, for example:
Output controlsOutput controls exist to en sure that all data is processed and that
output is distributed only to prescribed authorised users. While the degree of output controls will vary from one organisation to another (dependent on the confidentiality of the information and size of the organisation), common controls comprise:
Master file controlsThe purpose of master file controls is to ensure the ongoing integrity of the standing data contained in the master files. It is vitally important that stringent ‘security’ controls should be exercised over all master files. These include:
Computer Assisted Audit Techniques (CAATs)The nature of computer-based accounting systems is such that auditors may use the audit client company’s computer, or their own, as an audit tool, to assist them in their audit procedures. The extent to which an auditor may choose
between using CAATs and manual techniques on a specific audit engagement depends on the following factors:
There are three classifications of CAATs – namely:
Dealing with each of the above in turn: Audit softwareAudit software is a generic term used to describe computer programs designed to carry out tests of control and/or substantive procedures. Such programs may be classified as: Packaged programs Purpose written programs Enquiry programs Test dataAudit test data Integrated test facilities Other techniques Other CAATs include: Embedded audit facilities (EAFs) Application program examination SummaryThe key objectives of an audit do not change irrespective of whether the audit engagement is carried out in a manual or a computer-based environment. The audit approach, planning considerations and techniques used to obtain sufficient appropriate audit evidence do of course change. Students are encouraged to read further to augment their knowledge of auditing in a computer-based environment and to practise their ability to answer exam questions on the topic by attempting questions set in previous ACCA exam papers. Written by a member of the audit exam team What is an access control system?Access control systems are electronic systems that facilitate automated approval for authorized personnel to enter through a security portal without the need for a security officer to review and validate the authorization of the person entering the portal, typically by using a credential to present to the system to ...
What is access control in security?Access control is a fundamental component of data security that dictates who's allowed to access and use company information and resources. Through authentication and authorization, access control policies make sure users are who they say they are and that they have appropriate access to company data.
What is a person called when he or she illegally accesses your computer?What is Hacking? Hackers illegally access devices or websites to steal peoples' personal information, which they use to commit the crimes like theft. Many people shop, bank, and pay bills online.
Which allow us to access information on the computer any part of the world?The World Wide Web (WWW), commonly known as the Web, is an information system enabling documents and other web resources to be accessed over the Internet.
|