Scribd
Upload
18 views

Around and through

Auditing

Uploaded by

jacobngala777
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
18 views

Around and through

Auditing

Uploaded by

jacobngala777
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

Auditing Around the Computer

Auditing around the computer is one of the two methods that auditors use to evaluate the
electronic data processing (EDP) system. It involves inputting data and instructions into the
client’s computer system and compares the inputs with the predetermined outputs. For example,
the computer may be instructed to deduct a discount of 10% from all January sales that totals
TZS 24,500,000. If the computer’s output shows that the computed amount is 22,050,000then the
auditor will conclude that the computer processes the data and instructions appropriately.

Generally, if the auditor finds that inputs matches with the expected output, he or she will
assume that the processing of data have been correct and therefore, the application controls are
effective.In this approach the auditor concentrates on the inputs and outputs and ignores how
data are processed by the computer. This approach is more often known as “black box audit
approach” because the auditors do not assess the existence of the EDP controls. They expect that
sufficient appropriate audit evidence can be obtained by reconciling inputs with outputs.

This approach is used in situations when auditor is of the opinion that computer system is
reliable and often comparison of inputs to outputs is enough. In other words, the auditor will not
assess whether the required controls are in place and are operating effectively while inputs are
processed.For the same reason, relying too much on this approach is not recommended for
important aspects of the audit especially where assessed risk is high as this may result in
ineffective audit and ultimately inappropriate audit opinion being expressed by the auditor.
1
Most often this approach is used either because:

 processing done by the computer is too simple e.g. casting, sorting etc
 The auditor believes that the software used by the client is reliable. This is the case with
most of off-the-shelf software used by client without any in-house alteration and thus
need not to be checked.
 auditor has no mean to gain understanding of the computer system and thus resorts with
this approach. This situation can arise out of circumstances including:

o lack of appropriate system documentation


o auditor lacks expertise or skills to understand or use the computer system
for auditing purposes.
o auditor is not given access to computer system at the level required

Advantages of Auditing Around the Computer


i. Simple and straight forward approach which can be easily understood by anyone.
ii. Extensive knowledge of the computer and data processing is not required for the auditor
iii. Cost of audit resources is generally low.

Disadvantages of Auditing Around the Computer


i. Ignores the system of controls and hence fails to recognize potential weakness with the system
ii. The auditor fails to utilize the full potential of the computer to assist him or her
iii. Increasing of printing expenses because of enormous print-out requirements of the auditor.

2
2: The White Box (through the computer) Approach
In this approach the processes and controls surrounding the application are also subject to audit
 In order to help the auditor to gain access to these processes computer audit software may
be used. The technique is referred to as computer assisted audit technique (CAATS).
 It is obvious that to follow this approach the auditor needs to have sufficient knowledge
of computer plans, direct supervise and review the work performed.
 The areas covered in the audit will concentrate on the following controls: Input control;
processing control; storage control; output control; and data transition controls
 The auditor would also need to satisfy himself / herself that there are adequate general
controls, such as, the prevention of unauthorized access to the computer and the computer
database
Auditing around the computer means that processing done by the computer system needs not to
be audited as auditor expects that sufficient appropriate audit evidence can be obtained by
reconciling inputs with outputs.

Auditing through the computer__


Auditing through the computer describes the various steps taken by auditors to evaluate client’s
software and hardware to determine the reliability of operations that is hard for human eyes to
view and also test the operating effectiveness of related computer controls, e.g., access control.

Auditing through the computer is common in practice today as many companies/ businesses
make use of computerized information systems and these in turn have significant controls
embedded in them. Ignoring these computer controls will make auditors not to have the required
insight into the effectiveness and reasonableness of the client’s internal control. And will not be
reporting in compliance with the relevant laws and regulations that govern auditing as a
profession.

Though, external auditors most times uses this technique to test the controls in simple
applications, but, internal auditors more frequently uses auditing through the computer technique
to ensure that errors that may not be easily detected from the output are discovered and
corrected.

You might also like