The computerization of business operations has posed many challenges to the auditor.
I. Difficulties experienced by the auditor in the use of test packs
Audit test data consists of data submitted by the auditor for processing by the client‘s computer based accounting system. It may be processed during a normal production run (running test data live) or during a special run at a point in time outside normal cycle (running test data dead). Approaches to test data are;
- Using live data
- Using dummy data in a normal production run
- Using dummy data in a special run Difficulties
There may be considerable costs involved in ascertaining the relevant controls and in constructing test data from scratch
ii) Objectives of the set
Test data is likely to be confined to tests of controls and may therefore be less valuable in audit terms than using audit software.
iii) Dangers of using live testing
Careful planning and control is needed to check test data from records
iv) Dangers of testing during a special run
If special test runs are used, an artificial testing environment is created. Assurance is needed that the normal program and files have been used.
Use of test packs does not necessarily provide visible evidence of the audit work performed. Working papers should therefore include details of the controls to be tested, an explanation of how they are tested, details of the transactions and files used, details of predicted results, actual results and evidence of the predicted and actual results having been compared.
II. Difficulties experienced by auditor in on-line system
Online computer systems are those that enable users to access data and programs directly through terminal devices. The risks in using real time systems is increased where terminal devices are dispersed and particularly where public as opposed to private telecommunication links are used. Unauthorised access may be deterred by use of protocols, encryption and call back procedures. Where on-line processing is interrupted, where telecommunication links are used, there is increased loss or corruption of data
The auditor must ensure that he understands the operation of such systems. He should test the operation of access controls such as passwords. He should test transaction logs where they exist for authorisation, completeness and accuracy.
The auditor may also reprocess transactions either as a test of control or as substantive procedure.
III. Difficulties experienced by auditor when auditing complex computerized system
Due to a complex computerized environment, account balances are likely to be susceptible to material misstatement irrespective of related internal controls. This may lead to auditor expressing an inappropriate opinion on the financial statements.
It is the risk that material misstatement could occur in an accrual balance which would not be detected or prevented by the accounting and internal control systems. This occurs in a complex computer environment which will increase audit risk
In a complex computerized environment, the auditor‘s substantive procedures may not detect material misstatement in account balances
A computerized environment will result to auditor applying Computer Audit Assisted Techniques which may be costly.
Need for technical skills
The auditor has to empty competent, skilled and experienced staff in information technology. This will be costly and will lead to an increase in audit fees.
Effect in audit planning
In planning the positions of the audit which may be affected by the client‘s environment. The auditor should obtain an understanding of the significance and complexity of the computer information system activities and the availability of data for use in the audit
A complex computer system is likely to have security threats due to unauthorised access to information through hacking. This will have an effect of the application programs and audit software used.