Monday, 30 December 2019

Unit 8: Auditing in Computerized Environment


Unit 8: Auditing in Computerized Environment

Information Technology (IT) has a deep impact on society in general and accounting and auditing in particular.

After miracle advent of IT, the process of business operations (including Accounting) are changing so fast that even experts in the field are finding it difficult to keep pace with the changes.

The hardware and software are becoming obsolete in no time.

Even before, you become acquaintance with one software, that become obsolete, in no time and another version or new software taken its place.

Advanced Auditing Notes   In this scenario, it is very important for accounting as well as auditing professionals to know what the current IT trends are and how they would influence accounting and auditing world.

As dependence on computer system for carrying out business increases, maintaining computer systems for their all-round availability for business becomes important, as their non-availability can cause serious damage to organization’s interests and reputation.

For electronically processing data, auditors depend on certain audit software tools, among which, most important are General Audit Software (like ACL or IDEA).

Many auditors also use high-level languages like SQL (Structured Query Language) and industry specific or embedded audit software tools developed for a particular application.

Due to the increased dependence and consequent vulnerability of organizations on IT, there is a need to keep efficient controls over Computer Systems.

The two basic principles on which internal controls are established are the principle of least privilege and that of maker and checker.

Management needs a framework for generally accepted IT security and control practices to benchmark existing and planned IT environment.

Operating System is an interface between user and computer.

It manages memory, devices, peripherals and various tasks; controls computer’s resources and provides base for writing application programmes.

The operating systems fall into categories of single user and multi-user (network) environment.

The most common type of single user operating system is DOS (Disk Operating System).

Windows NT identifies users and knows what each user is allowed to do.

It can compare the list of permissions of each user with its user id and determine what access is allowed to each user.

Relational database systems such as Oracle and Sybase provide for different types of controls, the integrity of these is dependent on controls in any application programs that process transactions against database.

In RDBMS, database is distributed and may be accessed by different users simultaneously.

General Audit Software (GAS) can also be used to accomplish following audit tasks: Examine quality of data, Examine quality of system processes, Examine the existence of the entities the data purports to represent, Undertake analytical review.

Many auditing departments use technical specialists to locate and evaluate data sources.

These specialists provide the software tools to extract data, converting them into a form that can be used by audit analytical tools.

In some companies, information is stored according to specified standards that do not change frequently and multiple audits may be performed on information in a common format.

Audit effectiveness is a partnership between regulators, audit firms, and the accounting and auditing experts that lead and work for these firms.

That is, audit effectiveness is a function of both standards and performance.

Through an audit, an organization can identify a system’s ineffectiveness, take corrective action, and ultimately support continuous improvement.

Unfortunately, a poorly deployed auditing system can lead to increased, non-value-added costs, many hours of wasted resources, and an eventual, inevitable QMS breakdown.

Benchmark: A standard or point of reference against which things may be compared or assessed.

Database Management: A collection of programs that enables you to store, modify, and extract information from a database.

Electronic Data Processing (EDP): Automatic data processing by electronic means without the use of tabulating cards or punched tapes.

Embedded training: Embedded training is defined as training provided by capabilities built into or added onto operational systems, subsystems, or equipment, to enhance and maintain the skill proficiency of personnel.

External auditor: An external auditor is an audit professional who performs an audit in accordance with specific laws or rules on the financial statements of a company, government entity, other legal entity or organization, and who is independent of the entity being audited.

Framework: A basic structure underlying a system, concept, or text.

General Audit Software (GAS): Generalized audit software is software designed to read, process and write data with the help of functions performing specific audit routines and with self-made macros.

Information Retrieval: The tracing and recovery of specific information from stored data.

Plastic Cards: The generic name for the range of payment-related cards.

Simulation: Imitation or representation, as of a potential situation or in experimental testing.

No comments:

Post a comment