SPECIFIC ASPECTS OF AUDITING IN A COMPUTER-BASED

　　ENVIRONMENT

　　JANUARY 2011

　　this facility may be utilised by the auditor when auditing salaries and wages in

　　the client’s financial statements. Similarly, a facility to report trade payable

　　(creditor) long outstanding balances could be used by an auditor when

　　verifying the reported value of creditors.

　　Test data

　　Audit test data

　　Audit test data is used to test the existence and effectiveness of controls built

　　into an application program used by an audit client. As such, dummy

　　transactions are processed through the client’s computerised system. The

　　results of processing are then compared to the auditor’s expected results to

　　determine whether controls are operating efficiently and systems’

　　objectiveness are being achieved. For example, two dummy bank payment

　　transactions (one inside and one outside authorised parameters) may be

　　processed with the expectation that only the transaction processed within the

　　parameters is ‘accepted’ by the system. Clearly, if dummy transactions

　　processed do not produce the expected results in output, the auditor will need

　　to consider the need for increased substantive procedures in the area being

　　reviewed.

　　Integrated test facilities

　　To avoid the risk of corrupting a client’s account system, by processing test

　　data with the client’s other ‘live’ data, auditors may instigate special ‘test data

　　only’ processing runs for audit test data. The major disadvantage of this is that

　　the auditor does not have total assurance that the test data is being processed

　　in a similar fashion to the client’s live data. To address this issue, the auditor

　　may therefore seek permission from the client to establish an integrated test

　　facility within the accounting system. This entails the establishment of a

　　dummy unit, for example, a dummy supplier account against which the

　　auditor’s test data is processed during normal processing runs.

　　Other techniques

　　This section contains useful background information to enhance your overall

　　understanding.

　　Other CAATs include:

　　Embedded audit facilities (EAFs)

　　This technique requires the auditor’s own program code to be embedded

　　(incorporated) into the client’s application software, such that verification

　　procedures can be carried out as required on data being processed. For

　　example, tests of control may include the reperformance of specific input

　　validation checks (see input controls above) – selected transactions may be

　　‘tagged’ and followed through the system to ascertain whether stated controls

　　and processes have been applied to those transactions by the computer

　　system. The EAFs should ensure that the results of testing are recorded in a

　　special secure file for subsequent review by the auditor, who should be able to

　　conclude on the integrity of the processing controls generally, from the results

　　of testing. A further EAF, often overlooked by students, is that of an analytical

　　6

　　SPECIFIC ASPECTS OF AUDITING IN A COMPUTER-BASED

　　ENVIRONMENT

　　JANUARY 2011

　　review program enabling concurrent performance of analytical review

　　procedures on client data as it is being processed through the automated

　　system.

　　Application program examination

　　When determining the extent to which they may rely on application controls,

　　auditors need to consider the extent to which specified controls have been

　　implemented correctly. For example, where system amendments have

　　occurred during an accounting period, the auditor would need assurance as to

　　the existence of necessary controls both before and after the amendment. The

　　auditor may seek to obtain such assurance by using a software program to

　　compare the controls in place prior to, and subsequent to, the amendment