NO CHANGE IN OBJECTIVE
The objective of auditing, do not undergo a sea change in a CIS environment. Auditor must provide a competent, independent opinion as to whether the financial statements records and report a true and fair view of the state of affairs of an entity. However, computer systems have affected how auditors need to collect and evaluate evidence. These aspects are discussed below:
CHANGE IN COLLECTING EVIDENCE FOR TEST OF CONTROLS
(Complexity has increased, Eg Inspecting Voucher I simpler than writing query to extract info)
Collecting evidence on the reliability of a computer system is often more complex than collecting evidence on the reliability of a manual system. Auditors have to face a diverse and complex range of internal control technology that did not exist in manual system, like:
(a) accurate and complete operations of a disk drive may require a set of hardware controls not required in manual system, (Like slider on memory card, floppy disk or bio matrix)
(b)system development control includes procedures for testing programs that again are not necessary in manual control. (Eg Authorisations to change programming)
(Not easy to understand because of rapid changes)
Since, Hardware and Software develop quite rapidly, understanding the control technology is not easy. With increasing use of data communication for data transfer, research is focused on cryptographic controls to protect the privacy of data. Unless auditor’s keep up with these developments, it will become difficult to evaluate the reliability of communication network competently.
The continuing and rapid development of control technology also makes it more difficult for auditors to collect evidence on the reliability of controls. Even collection of audit evidence through manual means is not possible. Hence, auditors have to run through computer system themselves if they are to collect the necessary evidence. Though generalized audit software’s are available the development of these tools cannot be relied upon due to lack of information. Often auditors are forced to compromise in some way when performing the evidence collection.
EVALUATION OF EVIDENCE OBTAINED FOR TEST OF CONTROLS
With increasing complexity of computer systems and control technology, it is becoming more and more difficult for the auditors to evaluate the consequences of strength and weaknesses of control mechanism for placing overall reliability on the system.
Auditors need to understand:
(a) whether a control is functioning reliably or multi functioning, (For example whether system records edit history for all entries and they are shown to auditor, or MD has master password to delete edit history)
(b) traceability of control strength and weakness through the system.
(One input multiple effects, hence one error may lead to multiple errors, difficult to understand consequences)
In a shared data environment, a single input transaction may update multiple data item used by diverse, physically disparate user, which may be difficult to understand. Consequences of errors in a computer system are a serious matter as errors in computer system tend to be deterministic, i.e., an erroneous program will always execute data incorrectly. Moreover, the errors are generated at high speed and the cost and effort to correct and rerun program may be high. Errors in computer program can involve extensive redesign and reprogramming. Thus, internal controls that ensure high quality computer systems should be designed implemented and operated upon. The auditors must ensure that these controls are sufficient to maintain assets safeguarding, data integrity, system effectiveness and system efficiency and that they are in position and functioning.