Auditing & Ethics Issues

Tutorial 28

______

Tutorial 28:EDP Audit II

Review the lecture notes and reading materials, ask in the tutorial if you do not understand.

Part IMultiple Choice and Short questions

1.The primary purpose of a generalized computer audit program is to allow the auditor to

a.Use the client's employees to perform routine audit checks of the electronic data processing records that otherwise would be done by the auditor's staff accountants.

b.Test the logic of computer programs used in the client's electronic data processing systems.

c.Select larger samples from the client's electronic data processing records than would otherwise be selected without the generalized program.

d.Independently process client electronic data processing records.

2.A primary advantage of using generalized audit packages in the audit of an advanced IT system is that it enables the auditor to

a.Substantiate the accuracy of data through self-checking digits and hash totals.

b.Utilize the speed and accuracy of the computer.

c.Verify the performance of machine operations which leave visible evidence of occurrence.

  1. Gather and store large quantities of supportive evidential matter in machine-readable form.

3.Which of the following is true of generalized audit software packages?

a.They can be used only in auditing on-line computer systems.

b.They can be used on any computer without modification.

c.They each have their own characteristics which the auditor must carefully consider before using in a given audit situation.

d.They enable the auditor to perform all manual test procedures less expensively.

4.The most important function of generalized audit software is the capability to

a.Access information stored on computer files.

b.Select a sample of items for testing.

c.Evaluate sample test results.

d.Test the accuracy of the client's calculations.

5.Which of the following audit procedures would an auditor is least likely to perform using a generalized computer audit program?

a.Searching records of accounts receivable balances for credit balances.

b.Investigating inventory balances for possible obsolescence.

c.Selecting accounts receivable for positive and negative confirmation.

d.Listing of unusually large inventory balances.

6.An auditor will use the IT test data method in order to gain certain assurances with respect to the

a.Input data.

b.Machine capacity.

c.Procedures contained within the program.

d.Degree of keypunching accuracy.

7.When auditing "around" the computer, the independent auditor focuses solely upon the source documents and

a.Test data.

b.IT processing.

c.Compliance techniques.

d.IT output.

Short Questions

  1. What kind of technique involved in the processing simulated file data provides the auditor with information about the reliability of controls from evidence that exists in simulated files?
  1. What is the limitation of using the test data technique?

Part IILong Questions

  1. What are the advantages and disadvantages of using the generalized audit software programs (GASPs)?
  1. Auditing in a computer environment:
  1. Computer systems give rise to ‘such possibilities as a lack of visible evidence and systematic errors’.
  2. The nature of computer-based accounting systems is such that the auditor is afforded opportunities to use the enterprise’s computer … to assist him in the performance of his audit work’.
  3. ‘In choosing the appropriate combination of computer assisted audit techniques and manual procedures, the auditor will need … to take (a number of factors) into account…’
  4. ‘In performing tests on CIS application or general CIS controls, the auditor should obtain evidence which is relevant to the control being tested’.

Required:

(a)Explain each of the phrases ‘lack of visible evidence’ and ‘systematic errors’ refereed to in (i) above and state in respect of each THREE ways in which the auditor might attempt to overcome the problems arising from these two possibilities. You should illustrate your answer by referenc3e to an inventory control system.

(b)State briefly TWO computer assisted audit techniques (CAATs) which the auditor can use in the enterprise’s audit. (Refer to (ii) above).

(c)State and explain FIVE factors which the auditor will need to take into account in choosing the appropriate combination of computer assisted audit techniques and manual procedures. (Refer to (iii) above).

(d)Explain the phrases ‘CIS application control’ and ‘general CIS control’ in the computer audit context. Illustrate your answer with one example for each type of control. (Refer to (iv) above).

Part IIIRevision Questions

Case study 1, page 360 Chapter 32, Alan Millichamp

Case study 3,page 361 of Chapter 32, Alan Millichamp

Question 1, page 361 of Chapter22, Teresa Ho

Question 2, page 362 of Chapter22, Teresa Ho
Tutorial Exercise – Answer

Tutorial 28

  1. D
  2. B
  3. C
  4. A
  5. B
  6. C
  7. D
  1. Integrated test facility (ITF)
  1. The limitation of using test data techniques are:

ITiming of Testing-

It is impossible that the programme will function differently during the period not tested by the auditor

II.Feasibility

It may difficult to perform testing in complex computer systems

  1. The advantages of GASPs include:
  2. Permit access to a wide variety of client records and application
  3. Takes the tedious work out of auditing
  4. Easy to use
  5. Allows the auditor a high degree of independence by reducing auditor’s reliance on client computer personnel

The disadvantages of GASPs include:

  1. Audit software may not compatible with all systems
  2. They are designed for ease of use, utilizing standardized routines which may disregard efficiency considerations
  3. It has processing limitations regarding the number of files which can be accessed simultaneously, input file formatting, the size of files that can be manipulated
  4. It may not be able to access and retrieve data from complex data structures

11.(a)‘Lack of visible evidence’ refers to the fact that in a computerized system the intermediate stages between input and output are not evidenced by hard copies. In an inventory control system, there may be no detailed breakdown of individual transactions thus causing problems with cut-off at period ends.

The problems may be overcome by:

(i)arranging with the client for special purpose audit print-outs to be provided;

(ii)clerical re-creation of the data;

(iii)performance of alternative audit tests.

‘Systematic errors’ are programmed, and therefore recur consistently.

In an inventory control system, a systematic error may be the failure to restrict access to authorized personnel (by means of passwords), thus enabling the data to be tampered with.

The auditor can attempt to detect systematic errors by:

(i)checking that systems development and testing procedures are fully documented;

(ii)testing the general CIS controls which operate within the computer department;

(iii)using CAATs to test the processing of data.

(b)The two most common types of CAAT are:

(i) audit software – programs used to examine the enterprise’s computer files;

(ii)test data – data submitted by the auditor for processing by the enterprise’s computer-based accounting system.

(c)In choosing the appropriate combination of CAATs and manual procedures, the auditor will need to take the following into account:

(i) if the computer program performs functions for which no visible evidence is available, then it may not be practicable for the auditor to perform tests manually;

(ii)the efficiency of the alternatives, taking into account the extent of testing achieved, the pattern of costs, and the ability to use the CAAT for a number of different audit tests;

(iii)the reporting time scale (CAATs tend to be quicker to apply);

(iv)availability of computer time, files and programs;

(v)CAATs performed by internal audit staff may be relied upon, depending upon the auditor’s assessment of that department’s effectiveness.

(d)‘CIS Application controls’ relate to the transactions and standing data of each application they ensure the completeness and accuracy of the accounting records. An audit test appropriate to an application control would be the use of test data with documents missing to ensure a sequence check control was operating correctly.

The purpose of general CIS controls is to establish a framework of overall control over the CIS activities and to provide a reasonable level of assurance that the overall objectives of internal controls are achieved.

______

AEI-TE-L28- 2003 Page 1 of 7