Introduction
Auditing refers to the process where an administrator or someone else keeps track of the activities of the organization so that the users and groups can use the financial statements. It is also a means of ensuring that the financial statements are kept in an orderly, accurate and correct manner. Information systems are systems of personal data records and activities that process the data and information in a given organization using the manual or the automated processes so that they can be useful to the organization that is using the information systems.
Types of audit
Management or operational audit
This is an audit that is used to determine whether an organization’s operations are being carried out in an efficient manner as well as determining whether the constructive recommendations for the improvement of the operations of an organization can be made in an efficient and effective manner.
The management of an organization analysis includes the following operations of an organization ;the appraisal of structures, control, processes and the procedures that use the operational audit so that they enable the organization to achieve its goals effectively.
The internal control audit
This is an auditing technique that deals with reviewing practices, transactions and processes that can be used to control the financial transactions. It is used to protect a company or an organization’s properties and assets from being poorly managed, damaged or stolen hence it is very useful in the future of an organization.
Compliance audit
Compliance audit is an auditing technique that is used by employers to test the strength of a company’s management systems with the objective of establishing whether they relate to key responsibilities under the legislation and policies of a company. It ensures that the activities of an organization are carried out effectively.
Additionally it is also used in checking the implementation of written manuals, procedures and work instructions for an organization or a company so that the employees and the other staff of a company carry them out effectively to facilitate the achievement of the company’s goals and objectives. The application of the compliance audit gives the assurance that the rules and regulations of an organization or a company are being followed effectively and efficiently as stated by the company’s rules and regulations.
Management audit
This is an auditing technique that is used to focus on the results, evaluation of effectiveness and the suitability of control by challenging the underlying rules, procedures and methods. This kind of audit is also performed continuously within an organization.
The overview of the auditing process
The auditing process is carried out by an auditor. The auditor prepares a plan on how to carry out his tasks of ensuring that the books of accounts are kept in an orderly, accurate and correct manner. He also ensures that there is no audit risk that occurs as a result of making incorrect decisions based on the auditing findings.
The various ways in which an auditor can eliminate the possibility of audit risk are; obtaining an understanding of the organization and its environments so that he can be able to understand the risk’s misstatements and to set the scope of the audit so that necessary measures are taken to overcome incorrect reporting of the auditors report.
The auditor should also identify the risks that may result from the material misstatements, the risk may be in terms of the organizations inability to achieve their goals and objectives due to threats, the other risks are the changes that occur due to the introduction of new personnel into an organization, new or restructured information systems and the corporate restructuring.
The other step is for the auditor to evaluate the organizations response to the risks and also to obtain the management actions towards those risks so that a comprehensive conclusion can be obtained so as to overcome the risks. The auditor should also assess the risk of the material misstatement that are based on the knowledge of the evaluations of the organizations to business risks so as to determine the specific audit procedures that are necessary to deal with the risks misstatements.
The other step is to evaluate and to issue the audit report so that the auditor can determine if the assessments of risks are appropriate and whether they are sufficient evidence to prove that an auditor can issue an unqualified or qualified audit report as derived from the auditing process carried out by the auditor.
The auditing process is broken down into the following phases
The Establishment of the terms of engagement
This process is used by an auditor to determine the scope and objectives of the auditing tasks and also to establish the relationship that exists between the auditor and the organization such that necessary action can be carried out with an aim of determining how the auditing tasks are to be carried out.
The engagement letter that is written should address the responsibility (scope, dependence, deliverables)and authority as regards the auditors assignment, the right to access information, the accountability that states the auditor’s rights with regard to his assignment and the completion date of the auditing task so that necessary measures can be taken by the auditor and the organization concerning how to carry out their tasks.
Preliminary Review
In this phase the auditor gathers organizational information so that he can be in a position to create an audit plan of an organization. The auditor can provide at this phase an in-depth overview of an organization accounting system so that he can establish the applications that are suitable for an organization. The phase also involves obtaining the general data about a company identifying the financial application areas and then preparing an audit plan so as to carry out his tasks effectively.
Establishing materiality and assessing the risk
This phase involves the preliminary judgment about the materiality and the assessment of the client’s business risks in the auditing plan. This enables him to determine the scope of an audit that is to be carried out within an organization.
Planning the Audit
The planning of an audit enables an auditor to conduct his tasks efficiently and effectively. The auditor can prepare a good audit plan by conducting his audit through understanding the organization and the results that are obtained from the risk assessment processes.
Internal control
It is a system that is designed and operated to provide a reasonable assurance that an organization’s objective are achieved efficiently and effectively financial reports are reliable compliance with applicable laws and regulations.
The factors that are taken into account when developing an internal control system are auditor’s information about the previous audits of an organization, the assessment of inherent risks, judgments about materiality and the complexity of the organization’s operations and systems. The development of an internal control system helps an auditor to assess the level of their control risk ,that is ,the risk of material weaknesses that cannot be prevented or detected by the internal control auditors and systems.
Performing of the audit procedures
The auditing procedures are developed according to the auditor’s understanding of the organization that needs to be audited as well as the environment in which the auditing task is to be carried out. The substantive auditing approach is an example of an auditing technique that can be used in an organization’s information system to detect errors within an organization.
The Issuance of the Audit Report
The auditor issues an audit plan on the basis of his understanding of the results that have been received within an organization. The auditor’s reports can be classified as either qualified or unqualified reports.A qualified report states that the auditor has not satisfactorily obtained the necessary information to qualify that the financial statements are properly kept, while unqualified report states that the financial statements are properly kept. The auditor can state that the financial statements are properly kept.
The issues unique to auditing the Accounting Information Systems
Businesses nowadays are being conducted using the internet since the net removes physical barriers of conducting business and it is used for utilizing the uneconomical market that generate revenue to an economy. There have been reported threats due to the use of the Internet these are theft of sensitive financial data, there are hackers who access the user’s passwords thus leading to the disclosure of private and confidential information to the public which is illegal because it can lead to diminished competitive advantage and low profits for an organization.
The unauthorized or the inappropriate access of the accounting information system and failure to establish and to maintain the separation of duties as part of the internal control objective may result to the accountant’s inability to provide valid and accurate recording, reporting and processing of the financial transactions of an organization.
Activities by ‘hackers’ that can have an effect on the valid data collection are, masquerading or pretending to be an authorized user of information while in actual sense one is not and piggybacking which refers to the tapping of information from the telecommunications lines in order to access information with the intention of destroying the reputation of an organization. Due to these risks, control measures should be taken by the management of the organizations so as to prevent them from affecting the performance of a company in the future.
The Financial Statement Audits
The financial statement audits are the auditing techniques that are used to examine the financial statements of a company and as a result provide a publication of an independent opinion on whether or not the financial statements of a company are relevant, accurate, and complete.
They are fairly presented according to the company’s Act. They are performed by the practicing accountants of firms due to their specialist knowledge of the financial reporting technique that is applied within an organization. The organization hires internal controls auditors whose role is to carry out the auditing within an organization. The audit is used to reduce the possibility of material misstatement or false and missing information in an organization.
The audit is used to reduce the possibility of material misstatement or false or missing information within an organization’s book of accounts. They are also used to evaluate the cause of the errors or fraud within an organization. The independent audit of the financial statements facilitate the effective functioning of the capital markets since it enables keeping of the proper books of account that help investors evaluate the performance of companies in a country.
Initial audit planning
This is a planning process that is carried out by the auditor before the detailed auditing work begins. The auditor prepares plans for the specific audit assignment so that he may adopt strategies that are as per the nature, timing and the extent of the audit work that is to be carried out in an organization.
The objectives of the initial plan are to ensure that appropriate attention is paid for the different areas of the auditing process. They are also used in identifying any potential problem that exists within an organization and the plan is used to ensure the audit plans are properly kept so that the auditing work is carried out effectively.
The detailed audit work is carried out by group in the audit team that has different degrees of skill and knowledge so that they can provide an opinion of the company’s performance. The audit plan is developed by the auditors through considering factors such as knowledge of the entity’s business, risk and uncertainty, nature, timing or the extent of the audit procedure and finally the coordination, direction, supervision and the review of the audit procedures.
The Auditing Standards affecting the computer auditing under the SAS No 48 and SAS No 55
Under the auditing standards (SAS 48 and 55) that were related to the SAS 94, the auditors assessed the control risk by carrying out substantive tests on the account balances and the classes of transactions that gave evidence about the financial statements assertions. According to the SAS 94 it stated that the assertions were not accurate because it was favorable for the Information Technology environments.
It stated that where the evidence of a firm’s initiation recording and the processing of transactions existed in electronic form, the auditors would not be assured of the effectiveness of the firms control systems. The SAS 94 auditing standards stated that although the substantive testing was necessary in carrying out auditing of controls, its application was not desirable in the Information Technology environments.
The SAS 94 otherwise recommended the use of the Computer Assisted Audit Technique (CAATS) such as auditing through the computer to test the automated information technology, the computer programs technology controls that are embedded in the computer programs so that they can be used to reduce the risks that are detected within an organization’s financial statements to an acceptable level that is required by the management of the organizations.
The sophisticated automated information technology can be tested through using the auditing-through-the computer approach since it focuses on the processing steps, edit routines and the program checks that are incorporated into the application programs. The approach also assumes that the application program are properly developed it incorporates adequate checks that reduce errors and irregularities that may go undetected using other techniques.
Computer audit process per SAS No 55
This is a process that explains the importance of assigning tasks such as recording of transactions, preparation of independent reconciliation and maintaining of custody assets to different people in the organization. It serves to avoid fraud and manipulation of records. It is also useful for the proper recording of the resources of an organization.
Under SAS No55 it stipulates that it is important for an organization to provide general and application controls that provide assurance of the accuracy, completeness and the authorization of the transactions of an organization. The general controls are the control for the data center operation system software, acquisition and maintenance, access to security and the application of the system development and maintenance system. The controls are used to determine the impact that occurs due to lack of separation of duties between the programming and the systems development process.
The application controls are controls that are applied to the processing of the individuals applications such as the preparation of transactions within an organization.
The substantive testing of transactions and balances
The substantive tests are used to test the account balance so as to verify the amounts of transactions of an organization. There are three forms of substantive tests which are tests of transactions that are conducted together with the compliance tests, tests of balances and the analytical review procedures. The test of transactions and balances are used to gather evidence of the validity of the accounting treatment of the transactions and their balances
.They also identify errors and irregularities in the financial statements and it is conducted throughout the audit year or at the end of the balance sheet date. The analytical review procedures are used to examine the reasonableness of the relationships of the financial statements items and the detection of the variation from the trends. The procedures may be applied to the overall financial information.
Evaluation of evidence and audit conclusion
The audit evidence is the process that is used for gathering evidence for measuring and evaluating information. It is obtained through observing conditions, interviewing people and examining records of the financial statements of an organization. It is also used to provide the ground framework whereby one is made to discover whether a particular thing is true or not by providing an auditor with the persuasive support that something is in fact or a point that needs to be put into question.
The evidence gathering process is the process whereby the audit procedures or tests are designed so that audit procedures or tests are carried out to obtain evidence that is useful in carrying out the auditing task of an organization. The audit evidence also involves analyzing the evidence and the drawn conclusion as well as evaluating the performance of an organization.
For the auditor to give the necessary and sufficient observations to support the conclusions of the audit objective reached, he should assess the significance of the observations of the evidence in relation to the audit objections. The audit report may contain ungratified (positive) conclusion or an adverse conclusion.
The adverse conclusion is derived when the significance and the extent of deviations from the satisfactory performance of a company are persuasive while the qualified conclusions are derived where the deviations from the satisfactory performance of one or more aspects of the subject matter in the auditing process are unpersuasive. The qualified conclusion may contain an excerpt for statement either stated explicitly or implicitly so as to disclose the deviations of the financial statements so that they can be as per the audit objectives
The audit evaluation is a questionnaire that is used to help an auditor to ensure that the quality systems audit are carried out in a fair and reasonable manner that helps the internal audit team to do their jobs as required which then helps to improve the performance of an organization.
Communicating the audit results
Good audit work can be achieved through full communication of conditions as they are found so as to ensure mutual understanding the agreement of the facts and solutions of organization’s financial statements. The written audit report is used to communicate the conditions and the planned improvements of an organization to a larger extent using evidence from the immediate audit customers who are responsible for reporting the audit conditions. The organizations consist of multiple internal auditors who are used to communicate the audit work of an organization to the public.
The audit Process for internal auditors
The internal auditing process is carried out when an independent, objective assurance and consulting activities are designed to ensure that the organizations operations are carried out effectively. The internal auditors are auditors who are appointed within an organization so that they can carry out the management activities and they facilitate the accomplishment of goals and objectives of an organization as well as strengthening the internal controls of the corporate governance of an organization.
The objectives of internal auditing
The objectives of the internal auditing are to determine the reliability and the integrity of information to determine whether compliance of the accounting policies, procedures, laws and regulations within an organization are achieved. The other objective of internal auditing is to determine whether the assets have been properly safeguarded and to verify their existence within an organization.
The other objective is to appraise the economy and to check the efficiency of the utilization of the resources. They are also used to assist members of an organization in ensuring that they effectively and successfully perform their responsibilities by providing them with the analyses recommendation and other pertinent information that concerns the activities that are to be reviewed within an organization
Audit approaches and the computer audit techniques
Auditing around the computer
It is a test data technique that is used to test the automated program controls of information technology environment. It is easy to use it as it does not require a lot of computer expertise for its application in an organization. Auditing through the computer is a technique that is used to provide an audit opinion through the examination of the inputs and the outputs of applications that are treated as black boxes.
Auditing through the computer
It is an auditing technique that is used to form an audit opinion of the audited work through examining the logic and the controls that are used by an application and by using the limited testing techniques of inputs and control measures.
Computer auditing Techniques
Test data
It’s an audit technique that uses a set of hypothetical transactions to audit the edit checks and the program logic of the computer program. The advantage of the technique is that it can be employed in almost any audit work to test the segments that constitute the significant risks in a computer program so that the auditor can detect any incorrect missing information within an organization.
The embedded audit module
This is a module that is inserted into an application program so as to monitor and to collect data that is based on transactions that have been processed using the online computer based system. The auditor uses the data to test the controls and also to evaluate the control risks that may exist within organization’s books of accounts.
Integrated test facility (ITF)
It is a computer auditing technique that enables the test data to evaluate the transactions that are being processed using the online system. The auditor performs a wider variety of tests as compared to the test data approach with an aim of determining the fictitious situations such as the bogus department completion ,purchase requisitions or the purchase of orders that are sent by bogus vendors so as to overcome the risks that may occur within an organization.
Parallel simulation
It is a technique that is used to simulate the firm’s actual processing results. The technique involves writing a computer program using an audit software program. The purpose of the software is to input the firm’s actual data for a past period and to generate the same output as the live production programs so that the management of the organization can be in a position to carry out the auditing tasks effectively.
Mapping
It is a computer auditing technique that is used by an auditor to list the unused program instructions. The purpose of mapping is to identify program codes that are intended to carry out fraudulent activities within an organization so as to prevent the company from financial difficulties due to ineffective program codes that in an organization.
Auditing with the computer
It is a computer auditing technique that embraces a variety of techniques that are referred to as the computer-assisted audit techniques (CAATS) that involve the use of a computer for example the microcomputers so as to enable the auditor to carry out their activities effectively. The general audit software is used to perform the substantive tests and they are also used to test the internal controls of the financial statements.
Utility Software
These are computer programs that are provided by a computer hardware manufacturer or a software vendor and whose purpose is to facilitate the running of the systems. They are used to test programs, examine the processing activities and the operational procedures. Additionally it is used to analyze the job accounting data so that it can be used to ensure that the unplanned interventions do not take place during the processing of transactions of an organization
The generalized Audit software
It is a computer program that is designed to perform the automated functions such as the reading of the computer files, selecting data, manipulating data, summarizing data and printing reports using formats that are specified by the auditor for a specific organization in which he is carrying out the auditing tasks.
Implications of the Recent Information Technology
When the computer audit software as well as the information technology is applied into a system for example a school it helps the instructors to prepare lesson plans for the students so that they can apply the new technologies that facilitate the carrying out of activities in an effective way. They also enable the students to understand and to interpret the environment as they are taught by their teachers in the classroom.
The use of computer facilities has brought about different ways of processing, recording and controlling information about the activities that are carried out within an organization. There have been cases of errors which have been identified through carrying out auditing tasks. Companies have been using the information technology systems, making it important for the organization to carry out their activities effectively.
Incorporating the computer technology into the audit practice
Expert systems
They are computer programs that resemble the human like features since they have human thinking processes in the problem solving situations. The objective of this system is to derive the same results as those of the computer program so as to carry out the activities of an organization effectively. It also contains a knowledge base that contains facts and rules that are used when one is carrying out the decision making process and also enable the solving of problems within an organization.
Audit Program Generator
It is used to in carrying out the auditing tasks of an organization, it is simple to use and the users can use it to access information within an organization while using the techniques.
Micro Computer Technology
It is a technique that is used by the management of an organization to perform tasks within an organization since it is easy to use and it generates reports of an organization effectively leading to the implementation of the policies and regulations of an organization effectively.
Works Cited
Dennis R. Arter. Management Auditing. Web.
Brian Pine. Audit Planning. Web.
M. Virginia C. and Michael J. C. How the New Standards and Regulations Affect an Auditor’s Assessment of Compliance with Internal Controls. Web.
Glenn L. Helms and Fred L. Lilly. Case study on auditing in an electronic environment. Web.
Business Definition for: substantive test. Dictionary of Accounting Terms 2005. Web.
Public Service Commission. Audit Evidence. Web.
Didis, Stephen K. Communicating audit results Publication: Internal Auditor. 1997. Web.