Focus on: Auditing with Technology—Module 8

RESPONSIBILITIES IN AN INFORMATION TECHNOLOGY ENVIRONMENT

Audit objectives are the same when financial records are manual or developed in an information technology (IT) environment.

In an IT environment, the auditor should consider

• Client use of computers in significant accounting applications
• Complexity of the entity’s computer operations
• Organizational structure of computer processing activities
• Availability of data
• Use of computer assisted audit techniques (CAATS) for audit procedures

Controls in an IT Environment

As a result of limited segregation of duties and a reduced paper audit trail, the auditor will often have to rely more heavily on the ability to reduce control risk rather than detection risk in order to keep audit risk at an acceptably low level.

The objectives of controls in an IT environment are

• Completeness
• Accuracy
• Validity
• Authorization
• Timeliness
• Integrity

Controls will include general controls, application controls, input controls, processing controls, and output controls

Auditing through the Computer

Once the auditor obtains an understanding of internal control, a decision will be made as to the planned assessed level of control risk.

• The auditor may plan to assess control risk at the maximum when the client’s computer system is relatively simple and there is a sufficient audit trail.
• When the client’s computer system is complex, the lack of an audit trail may prevent the auditor from adequately reducing detection ...