Auditing & Ethics Issues
Tutorial 28
___________________________________________________________________________________
Tutorial 28:
EDP Audit II
Review the lecture notes and reading materials, ask in the tutorial if you do not
understand.
Part I
1.
Multiple Choice and Short questions
The primary purpose of a generalized computer audit program is to allow the
auditor to
a. Use the client's employees to perform routine audit checks of the electronic
data processing records that otherwise would be done by the auditor's staff
accountants.
b. Test the logic of computer programs used in the client's electronic data
processing systems.
c. Select larger samples from the client's electronic data processing records than
would otherwise be selected without the generalized program.
d. Independently process client electronic data processing records.
2.
A primary advantage of using generalized audit packages in the audit of an
advanced IT system is that it enables the auditor to
a. Substantiate the accuracy of data through self-checking digits and hash totals.
b. Utilize the speed and accuracy of the computer.
c. Verify the performance of machine operations which leave visible evidence
of occurrence.
d. Gather and store large quantities of supportive evidential matter in
machine-readable form.
3.
Which of the following is true of generalized audit software packages?
a. They can be used only in auditing on-line computer systems.
b. They can be used on any computer without modification.
c. They each have their own characteristics which the auditor must carefully
consider before using in a given audit situation.
d. They enable the auditor to perform all manual test procedures less
expensively.
_______________________________________________________________________________
AEI-TE-L28- 2003
Page 1 of 7
Auditing & Ethics Issues
Tutorial 28
___________________________________________________________________________________
4.
The most important function of generalized audit software is the capability to
a. Access information stored on computer files.
b. Select a sample of items for testing.
c. Evaluate sample test results.
d. Test the accuracy of the client's calculations.
5.
Which of the following audit procedures would an auditor is least likely to
perform using a generalized computer audit program?
a.
b.
c.
d.
6.
Searching records of accounts receivable balances for credit balances.
Investigating inventory balances for possible obsolescence.
Selecting accounts receivable for positive and negative confirmation.
Listing of unusually large inventory balances.
An auditor will use the IT test data method in order to gain certain assurances
with respect to the
a. Input data.
b. Machine capacity.
c. Procedures contained within the program.
d. Degree of keypunching accuracy.
7.
When auditing "around" the computer, the independent auditor focuses solely
upon the source documents and
a. Test data.
b. IT processing.
c. Compliance techniques.
d. IT output.
_______________________________________________________________________________
AEI-TE-L28- 2003
Page 2 of 7
Auditing & Ethics Issues
Tutorial 28
___________________________________________________________________________________
Short Questions
8. What kind of technique involved in the processing simulated file data provides the
auditor with information about the reliability of controls from evidence that exists
in simulated files?
9. What is the limitation of using the test data technique?
Part II
Long Questions
10. What are the advantages and disadvantages of using the generalized audit
software programs (GASPs)?
11. Auditing in a computer environment:
I.
II.
III.
IV.
Computer systems give rise to ‘such possibilities as a lack of
visible evidence and systematic errors’.
The nature of computer-based accounting systems is such that
the auditor is afforded opportunities to use the enterprise’s
computer … to assist him in the performance of his audit
work’.
‘In choosing the appropriate combination of computer assisted
audit techniques and manual procedures, the auditor will
need … to take (a number of factors) into account…’
‘In performing tests on CIS application or general CIS controls,
the auditor should obtain evidence which is relevant to the
control being tested’.
Required:
(a) Explain each of the phrases ‘lack of visible evidence’ and ‘systematic errors’
refereed to in (i) above and state in respect of each THREE ways in which the
auditor might attempt to overcome the problems arising from these two
possibilities. You should illustrate your answer by referenc3e to an inventory
control system.
(b) State briefly TWO computer assisted audit techniques (CAATs) which the
auditor can use in the enterprise’s audit. (Refer to (ii) above).
_______________________________________________________________________________
AEI-TE-L28- 2003
Page 3 of 7
Auditing & Ethics Issues
Tutorial 28
___________________________________________________________________________________
(c) State and explain FIVE factors which the auditor will need to take into account in
choosing the appropriate combination of computer assisted audit techniques and
manual procedures. (Refer to (iii) above).
(d) Explain the phrases ‘CIS application control’ and ‘general CIS control’ in the
computer audit context. Illustrate your answer with one example for each type
of control. (Refer to (iv) above).
Part III Revision Questions
Case study 1, page 360 Chapter 32, Alan Millichamp
Case study 3,page 361 of Chapter 32, Alan Millichamp
Question 1, page 361 of Chapter22, Teresa Ho
Question 2, page 362 of Chapter22, Teresa Ho
_______________________________________________________________________________
AEI-TE-L28- 2003
Page 4 of 7
Auditing & Ethics Issues
Tutorial 28
___________________________________________________________________________________
Tutorial Exercise – Answer
Tutorial 28
1.
2.
3.
4.
5.
6.
D
B
C
A
B
C
7.
D
8.
Integrated test facility (ITF)
9.
The limitation of using test data techniques are:
I
Timing of Testing It is impossible that the programme will function differently during the
period not tested by the auditor
II.
Feasibility
It may difficult to perform testing in complex computer systems
10. The advantages of GASPs include:
a. Permit access to a wide variety of client records and application
b. Takes the tedious work out of auditing
c. Easy to use
d. Allows the auditor a high degree of independence by reducing auditor’s
reliance on client computer personnel
The disadvantages of GASPs include:
a.
b.
c.
Audit software may not compatible with all systems
They are designed for ease of use, utilizing standardized routines
which may disregard efficiency considerations
It has processing limitations regarding the number of files which can
be accessed simultaneously, input file formatting, the size of files that
can be manipulated
_______________________________________________________________________________
AEI-TE-L28- 2003
Page 5 of 7
Auditing & Ethics Issues
Tutorial 28
___________________________________________________________________________________
d.
It may not be able to access and retrieve data from complex data
structures
11. (a) ‘Lack of visible evidence’ refers to the fact that in a computerized system the
intermediate stages between input and output are not evidenced by hard copies.
In an inventory control system, there may be no detailed breakdown of individual
transactions thus causing problems with cut-off at period ends.
The problems may be overcome by:
(i) arranging with the client for special purpose audit print-outs to be
(ii)
(iii)
provided;
clerical re-creation of the data;
performance of alternative audit tests.
‘Systematic errors’ are programmed, and therefore recur consistently.
In an inventory control system, a systematic error may be the failure to
restrict access to authorized personnel (by means of passwords), thus
enabling the data to be tampered with.
The auditor can attempt to detect systematic errors by:
(i) checking that systems development and testing procedures are fully
(ii)
(iii)
documented;
testing the general CIS controls which operate within the computer
department;
using CAATs to test the processing of data.
(b) The two most common types of CAAT are:
(i)
(ii)
audit software – programs used to examine the enterprise’s
computer files;
test data – data submitted by the auditor for processing by the
enterprise’s computer-based accounting system.
(c) In choosing the appropriate combination of CAATs and manual procedures, the
auditor will need to take the following into account:
_______________________________________________________________________________
AEI-TE-L28- 2003
Page 6 of 7
Auditing & Ethics Issues
Tutorial 28
___________________________________________________________________________________
(i)
(ii)
(iii)
(iv)
(v)
if the computer program performs functions for which no visible
evidence is available, then it may not be practicable for the auditor
to perform tests manually;
the efficiency of the alternatives, taking into account the extent of
testing achieved, the pattern of costs, and the ability to use the
CAAT for a number of different audit tests;
the reporting time scale (CAATs tend to be quicker to apply);
availability of computer time, files and programs;
CAATs performed by internal audit staff may be relied upon,
depending upon the auditor’s assessment of that department’s
effectiveness.
(d) ‘CIS Application controls’ relate to the transactions and standing data of each
application they ensure the completeness and accuracy of the accounting records.
An audit test appropriate to an application control would be the use of test data
with documents missing to ensure a sequence check control was operating
correctly.
The purpose of general CIS controls is to establish a framework of overall
control over the CIS activities and to provide a reasonable level of assurance that
the overall objectives of internal controls are achieved.
_______________________________________________________________________________
AEI-TE-L28- 2003
Page 7 of 7