Computer Based Information System Audit

Computer Based Information System Audit

Audit is an activity that conducts checks to evaluate and evaluate an activity or object such as the implementation
of internal controls in accounting information systems whose work is determined by management or the
accounting function process that requires improvement.

Information System Audit is a systematic process in collecting and evaluating evidence to determine that a
computer-based information system used by the organization has been able to achieve its goals.
where the Definition of Audit is itself, namely:
A systematic process to obtain and evaluate evidence objectively about statements about economic activities and
events.

INFORMATION SYSTEM AUDIT

It is a process of gathering and evaluating the evidence carried out by an independent and competent party to
find out whether an information system and related resources can adequately be used to:

a. protect assets.
b. maintains system integrity and data and availability.
c. provides relevant and reliable information.
d. achieves organizational goals effectively.
e. use resources efficiently.
f. The purpose of the SIA audit is to review and evaluate internal controls that protect the system.
g. When carrying out information system audits, auditors must ensure the following objectives are met:
• Security equipment protects computer equipment, programs, communications and data from unauthorized
access, modification or destruction.
• The development and acquisition of the program is carried out in accordance with special and general
authorization from the management.
• Modification of the program is carried out with the authorization and approval of the management.
• Processing of transactions, files, reports and other computer records is accurate and complete.
• Inaccurate source data or those that do not have the right authorization are identified and handled in
accordance with established managerial policies.
• Computer data files are accurate, complete and kept confidential.

Nature of Audit
American accounting associations define auditing as follows:
a. Auditing is a systematic process for objectively obtaining and evaluating evidence regarding statements of
actions and economic value transactions, to ensure the level of conformity between the statement and the criteria
set, and communicating the results to interested users.
b. Auditing requires a step-by-step approach that is formed by careful planning and careful selection and
implementation of appropriate techniques.
c. The involvement of the audit is to collect, review, and document audit evidence.

Computer Auditing
This approach uses computers (auditing with the computer) for the purpose of carrying out detailed audit program
stages. This approach is also used to automate certain aspects of the auditing process. Computers are
transformed into scene audits as long as they can work on the number of audit functions, such as testing controls
and substantive tests. Auditors can use excel spreadsheet packages, to create spreadsheets containing financial
statements from audited companies. Other developments are templates, program effects and format on screen
using a spreadsheet software package. This template allows the auditor to work on tasks that were previously
done manually.

Computer Software
Software Audit, the use of software in conducting computer audits can assist in substantive testing of company
records and files
The main type of audit software is GAS (Generalized Audi Software), which consists of one or more programs
that are applicable to various audit situations in a company.
ACL (Audit Comand Language) is interactive, which connects users with computers. ACL helps auditors to
analyze client data with several functions, such as sampling attributes, histogram generation, aging records, file
comparation, duplicate checking, and printing files. That is relatively powerful, flexible and easy to learn. So that
the auditor can modify the program for special situations.

Typical audit function available in the GAS package:

a. Extracting data from files, GAS must have the ability to extract and retrieve data from various structures,
media, and file records when used to audit various companies. After being distilled, the data is edited and then
transferred to the audit work file, data storage is available for use with other programs in the GAS
b. Calculating With data, several steps in the audit consist of addition, subtraction, multiplication and division
operation. For example, a journal correction is done by reprinting.
c. Performing comparisons with data, comparisons may be made to select data elements to be tested to ensure
consistency between data elements and to verify whether certain conditions have been obtained. GAS should
provide logical operators such as equal, less than, and greater than.
d. Sumarizing data, data elements must often be summarized to provide a basis for comparison. Example: a list
of salary details must be summarized to be compared with payroll reports.
e. Analyzing data, various data must be analyzed to provide a basis for reviewing the company's trends. For
example, accounts receivable must be estimated to determine the possibility of the receivables being collected.
f. Reorganizing data, data elements need to be sorted or combined. For example: various products sold by a
company may be re-sorted ascending based on the total sales to help analyze sales.
g. Select sample for testing. In the audit, not all data can be tested. The sample must be taken randomly. For
example, customer samples can be chosen randomly from accounts receivable.
h. Gathering statistical data, an auditor often requires statistical data. Examples: mean and median of product
sales.
i. Printing Confirmation Request, analyzer, and other output

Benefits of GAS:
a. Allows auditors to access readable computer records for a variety of applications and organizations.
b. Allows the auditor to examine more data than if the auditor still uses manual processes.
c. Can perform various kinds of audit functions quickly and accurately, including statistical sample selection.
d. Reducing dependence on nonauditing personnel to summarize data, thus auditors can better manage audit
controls.
e. Auditors only need enough (not very deep) knowledge about computers.

GAS Limitations:
GAS does not check application programs and programmed checks directly so that it cannot replace audit-
through-the-computer-techniques.

And now there are lots of audit software in the market such as:
1. IDEA (Interactive Data Analysis Software)
An audit software that can be used to make reconciliation, fraud investigations, internal / operational audits, file
transfers, prepare management reports and other analyzes, including tracking security logs.
IDEA is a powerful and easy-to-operate software to help accounting and financial professionals improve auditing
skills, detect fraud, and fulfill standard documents. This software allows us to import data quickly, include,
analyze, sample and extract data from various sources, including reports printed from a file.
Designed by Accountants for Accountants, IDEA offers an intuitive interface display including point and click
functions, help menus, toturial and multi display. With unlimited file size capabilities, IDEA can access and
analyze large data in just a few seconds, freeing you to encourage management in additional projects and
provide in-depth analysis.

2. APG (Audit Program Generator)

The APG allows the audit team to prepare their audit planning list. The APG allows the audit team to add, delete
or modify individual items in the audit planning list to adjust the work of the auditor to the needs of their clients.
The list of audit plans from APG includes items to determine:
• Approval of acceptance of assignments
• Approval of audit personnel on audit agreements
• Level of independence
• Knowledge of business entities
• Estimated audit capabilities
• Engagement Letter
• Estimated audit risk and materiality level
• Estimated control risk
• Acts that violate the law
• Level of errors and non-compliance
• Analytical procedures
• Audit strategies and audit programs

APG can assist in meeting auditing standards, considering the internal control structure in an audited financial
report. Auditing standards require that the auditor get an understanding of the three elements of the control
structure and whether the relevant policies, procedures and basic records have been applied to the audited
company.

3. Microsoft Excel
Microsoft Excel is a fairly popular application program, which can be ascertained on every PC, regardless of
whether the software is genuine or pirated.
The workings of computer-assisted audits with Microsoft Excel are actually almost the same as other software,
that is after the data files are imported or copied, then further processing / manipulation of data can be done
according to the audit needs, of course by inputting the formulas needed.
Even so, it remains to be recognized that the use of Microsoft Excel for audits still has disadvantages compared
to software packages that are specifically for auditing. This is because files that have been imported or copied
are not read-only file types, so they are very vulnerable to errors caused by typing and editing errors. Another
limitation is the limitations in recognizing and reading data source files, when compared to programs such as ACL
and IDEA which have the ability to read files in many files / extensions.

4. AUDIT-Easy
Is software used to develop and conduct internal and external compliance audits.

5. EZ-R Stats
Is an audit software with several uses as follows:
a. Identify duplications, differences, population numbers, classification and stratification of data, univariate
statistics, determine sample size, percentile / quartile, histogram, and others.
b. Determine procedures such as Benford's Law test (Benford's Law) the amount of cumulative monetary
sampling value, sampling interval, cross tabulation,

c. Can be used to do some statistical tests such as Chi Square, check credit card numbers, arrange numbers up
and down.
d. Produce charts - histograms, trend lines, pareto charts, and so on

6. QSAQ
This software is used to schedule, manage analysis and hold internal audits, assessments, tests and
checks. This software is designed to organize, hold, document, and report on internal audits and external audits.

7. Random Audit Assistant

Is software to get a valid sample audit from a predetermined audit limit.

8. RAT-STATS
Is a statistical software package designed to help auditors in setting sample audits at random and evaluating the
results

9. Auto Audit
This software is an integrated audit information system. This software allows the audit department to complete
their work in one database. With facilities for estimating risk, planning, scheduling, working papers, etc., using
this software is the right choice for managing an audit department.

10. GRC on Demand

Is software with uses for financial control management, audit automation, risk management, government
information technology.

Operational Audit on A SIA

The various techniques and procedures used in operational audits are almost the same as those applied in
information and financial system audits.
a. The main difference is that the scope of information system auditing is limited to internal control, while the
scope of financial auditing is limited to system output.
b. In contrast, the scope of operational audits is broader, traversing all aspects of information system
management.
c. The objectives of the operational audit include factors such as: effectiveness, efficiency, and achievement of
goals.
d. The collection of evidence includes the following activities:
- Review operational documentation policies
- Confirming procedures with management and operational personnel
e. Evidence collection procedure, for example:
- Observe functions and operational activities
- Check financial and operational plans and reports
- Test the accuracy of operational information
- Test control