The impact of information technology on the audit process.
All nowadays companies operate in a computerized environment, some of them being almost 100% computerized, and some making use of applications needed for bookkeeping and reporting financial statements. A computerized environment comes bundled along with the obvious advantages, i.e. new systems, additional rules regarding safety and acceptable errors.
The role of information technology control and audit continues to be a critical mechanism for ensuring the integrity of information systems and the reporting of organization finances to avoid and prevent future financial crises (Senft et al., 2012: 3).
The increasing complexity of the system, including computerized accounting systems and the high volume of transactions recorded have led to an accelerated rate in replacement of standard/classic audit techniques with modern computer techniques, known as CAATs (Computer Assisted Audit Techniques).
The IS Auditing Guideline issued by the Standards Board of ISACA on the use of computer-assisted audit techniques (CAATs) relates the guideline to Standard 060.020 (Evidence), Standard 050.010 (Audit Planning) and Standard 030.020 (Due Professional Care). The use of CAATs becomes very useful, if not imperative, to comply with standard 060.020, which states, "During the course of the audit, the Information Systems Auditor is to obtain sufficient, reliable, relevant and useful evidence to achieve the audit objectives effectively. The audit findings and conclusions are to be supported by appropriate analysis and interpretation of this evidence." The guideline also provides useful information on planning for use of CAATs, security of data and CAATs, performance of audit work and CAATs documentation and reporting (Sayana, 2003: 23).
2. Why Using CAATss
Computer-assisted audit techniques (CAATs) or computer-assisted audit tools and techniques (CAATTs) refer to the practice of using computers in order to automate the audit processes (Coderre, 2008).
CAATs include basic office software (spreadsheet, word processors and text editing programs) and some advanced software packages involving use of statistical analysis and business intelligence tools.
These modern tools and techniques may assist the auditor in any phase of its mission, being used for:
* Correctness of accounting processing;
* Testing of the system's security;
* Analysis and control of computer applications;
* Risk identification and evaluation of an organization;
* Assessment of internal control;
* Checking integrity of files;
* Analysis of customer information using complex database queries, sample selection, stratification, aggregation etc.
Advantages of using CAAT's include:
* The ability to test large volumes of data;
* The opportunity to provide greater assurance regarding the completeness of the population (audit risk);
* Ability to provide more flexible and more complete analytical information (and complex repetitive calculations);
* A strictly control over the selection of samples by applying statistical techniques;
* Issues ready to print materials/documentation for each test available in the software that can be used as documentation in the auditor's work files;
* Is independent of the system audited, using a read-only copy of the files in order to avoid corruption of company's data;
* Substantial reduction of audit working time.
As a key process and whether it involves a large or a small number of employees, audit is a complex process, which requires multidisciplinary knowledge and important documentation. Like any other process, audit process can be improved (Daneci-Patrau et al., 2014: 165).
The auditor must document his work/ opinion, recommendation, idea. In order to sustain his opinions, specific documentary evidence is needed and so the auditor's work is directed towards the preparation of tests and worksheets that take a lot of time. Thus, a redefinition of general audit documents and the use of specialized software will prove auspicious, making the auditor's work easier, giving him enough time to implement its audit tests. In these circumstances, a computer-assisted audit is considered a huge improvement of an audit.
3. Traditional Audit versus CAATs
The traditional method of auditing allows auditors to build conclusions based on a limited sample of a population, rather than an examination of all available or a large sample of data. A well designed CAATs audit will assure a complete review of all transactions. Using CAATs the auditor will be able to extract every transaction performed during the period reviewed and then test it to determine if there are any problems in the data. (Obulord, 2014: 1053)
Audit specialized software may perform the following functions with a large range of facilities:
* Automatic calculations such as addition, subtraction, multiplication, division, calculation of percentages;
* Retrievals and reformatting. Extracting and printing data in the format required by the auditor (i.e. Print confirmation letters);
* Data Analysis--identification of certain information required: negative stocks, old debtors, etc.;
* Selection of samples;
* Statistical sampling: selection of samples based on various algorithms;
* Aggregation: calculation of one or more levels of subtotal for specified fields;
* Stratification: determination of distribution records of a file (the value and number of records) in different categories;
* Sort: rearrange records as requested by the auditor;
* Comparison fields: comparing fields of a record to determine inconsistencies or identify logical errors;
* Comparing files: comparing files related to records to determine inconsistencies or identify logical errors;
* Re-processing; restoration of computational processes (recovery calculations) for audit purposes;
* Creating files: creating a file to be processed later;
* Updating files; creating and recalculation of files that contain information that can be updated;
* Statistical analysis: techniques used to generate histograms, graphs, charts, trends, linear trend lines, correlation and regression analysis;
* Saving corporate data on a central computer system for consideration and further processing.
Practice experience has imposed separation of CAAT in two different areas of operation as shown below.
1. Techniques for the analysis and testing of computer system--defined as a set of tests performed over preventive and corrective control, the processing and system security, allowing auditors to examine the data flow through the system, data integrity checking and verifying files and controls implemented within the system;
2. Analysis techniques of data- subject to audit--represented by generalized audit software, applications developed on SQL query tools, elements of artificial intelligence and expert systems. Their study outlines the existence of common data analysis techniques such as:
* sampling--enables the auditor to extract a set of representative transactions from a file in order to achieve audit tests;
* aggregation--used to prove completeness and compliance with the state of an account;
* stratification--provides a more complete picture when population or mass data is not homogeneous;
* checking duplicate records--allows identification of errors in transactions or possible fraudulent activities;
* analysis of "age" payments--shows a "pattern" of payments over a period, through monitoring period between receipt and payment transactions;
* reporting exceptions--involves selecting and extracting data records that comply or, conversely, infringed the criteria specified for future analysis. In this regard, the auditor using specialized commands can analyze:
--unused stocks for a period exceeding a certain period of time;
--depreciated fixed assets with a remaining value much higher than the actual value;
4. Auditing around the Computer and Auditing by Computer
Most of the companies use information technology to process operations and design their systems in order for the documents to be returned in legible form, easy to track. Accounting software generates ready to print versions of journals and books that allow the auditor to redraw the route of operations and compare those ready to print documents with the ones on paper.
In these situations, the use of information technology does not have such a significant impact on the audit trail. The auditor obtains an understanding of the internal control, performs tests of controls and tests of operations and verification procedures as if the accounting system was entirely based on manual methods. The auditor ordinarily does not perform tests of controls carried out by computer. This method of auditing is often called auditing around the computer because the auditor does not use computerized controls to reduce the estimated control risk. (Arens, 2006: 395) Instead, the auditor uses control mechanisms that are outside the information technology function in order to justify the risk control.
As the use of information technologies spreads in the company, internal control mechanisms are often integrated into applications and become visible only in an electronic format. When traditional documents, such as invoices, purchase orders, billing records, and records accounting journals such as sales, inventory lists of stocks and registries are only available in electronic format and not on paper, the auditor should change the method of auditing. This method is often called the computer auditing by computer and uses three types of test strategies: the method of test data, parallel simulation method and the integrated audit method (Arens, 2006: 396).
In the following table we present some examples that can be considered to be used within a computerized audit (Table 1. CAATs application examples).
As it is shown, there are various tests easy to apply in audit using a computerized system. Each auditor can implement and develop a set of tests in accordance to his/her missions and his/her client's activity.
6. Conclusion, Limitations and Future Research
Today, since globalization and with the development of various information systems, most companies are making use of computers. The use of information technology is something common in all economic entities, so every department would adapt to using them. So, when all the information needed for doing an audit is on computer systems is understandable that it would be easier for the auditor to conduct a computer-assisted audit. Computerization requires a fast and easy access to audit files, meaning that the auditor's work is carried out in optimum conditions and increased efficiency.
Spiru Haret University
Arens, Alvin A., and Elder, Randal J. (2010), Auditing and Assurance Services: An Integrated Approach. Upper Saddle River, NJ: Prentice-Hall.
Coderre, D. (2008), Internal Audit: Efficiency through Automation. 1st edn. Hoboken, NJ: John Wiley & Sons.
Daneci-Patrau D., Badea, G., and Spineanu-Georgescu, L. (2014), "Growth of Managerial Performance by Improving Auditing Activity," SEA--Practical Application of Science 2(2): 164-170.
Obulord, F.O. (2014), "Computer Technology: An Innovative Tool in Stock Auditing: A Study of Nigeria Engineering Works," Journal of International Scientific Publications 8: 1048-1061.
Sayana, S.A. (2003), "Using CAATs to Support IS Audit," Information Systems Control Journal 1: 21-23.
Senft, S., Gallegos, F., Manson, D.P., and Gonzales, C. (2012), Information Technology Control and Audit. 4th edn. London: CRC Press Company.
Table 1 CAATs application examples 0 1 2 Balance Clients * Comparison of customer accounts, approvals sheet for suspicious accounts and reports with the accounts information for a previous comparable period; * Sorting and aggregation by number of client or account type, collateral type, category or terms of credit sale; * Preparing a special lists for debt analysis; * Preparation and analysis of classification seniority and calculation of approvals for suspicious accounts based on seniority classification; * Any other operation considered significant by the auditor. Cash * Reconciliation between cash inflows and outflows; * Comparing proceeds with deposits; * Preparing of a list containing returned check, post-dated checks; * Comparison of individual documents such as receipts and invoices with official records of customers or suppliers on an open file; * Selection of samples for compliance testing and detail; * Preparing document for monitoring bank confirmation / bank reconciliation; * Listing outstanding payments by check. Prepaid * Prepare a categories report with the expenses incurred expenses but not made; * Calculate costs (taxes, interest, intellectual property rights, etc.) and compare with balances for prior period. Profit Sales * Summarizing sales for each account and loss allocation and reconciliation with customer account accounts; * Check correspondence between the accounts of customers and clients register; * Listing unusual sales transactions; * Testing sales invoice numbers to identify missing or duplicate numbers; * Compare data delivery with data recording and registration; * Check the sales invoices; * Analyzing sales market segments, product line, costs, fees; * Calculate the gross profit on product and compare the available information about prior comparable periods. Acquisitions * Recalculate total purchases journal; * Procure totals for each account and reconcile with the chart of accounts; * Prepare a summary of purchases per supplier sorted by value acquisition; * Stratification of purchase orders; * Selecting a sample for detailed tests; * Comparison of data reception from the reception department with the deposit documents to evaluate the efficiency of movement of materials. Source: data processing in a personal manner
|Printer friendly Cite/link Email Feedback|
|Author:||Elefterie, Liana; Badea, Georgiana|
|Publication:||Economics, Management, and Financial Markets|
|Date:||Mar 1, 2016|
|Previous Article:||The role of accounting information systems in preventing the financial crises experienced in businesses.|
|Next Article:||General considerations on the meaning and interest of performance measurement.|