Audit In Automated Environment Flashcards
Explain the meaning of automated environment. Also discuss the key features of an automated environment.
An automated environment basically refers to a business environment where the processes, operations, accounting
and even decisions are carried out by using computer systems – also known as Information Systems (IS) or
Information Technology (IT) systems. Nowadays, it is very common to see computer systems being used in almost
every type of business.
Key features of an Automated Environment:
● Accuracy in data processing and computation
● Ability to process large volumes of transactions
● Enables faster business operations
● Integration between business operations
● Provides latest information
● Connectivity and Network Capability
● Better security and control
● Less prone to Human Errors
When a business operates in a more automated environment it is likely that we will see several business
functions and activities happening within the systems. Explain stating the points that an auditor should
consider to substantiate the above.
When a business operates in a more automated environment it is likely that we will see several business
functions and activities happening within the systems. Consider the following aspects,
● Computation and Calculations are automatically carried out (for example, bank interest computation and
inventory valuation)
● Accounting entries are posted automatically (for example, sub-ledger to GL postings are automatic)
● Business policies and procedures, including internal controls, are applied automatically (for example,
delegation of authority for journal approvals, customer credit limit checks are performed automatically)
● Reports used in business are produced from systems. Management and other stakeholders rely on these reports
and information produced (for example, debtors ageing report)
● User access and security are controlled by assigning system roles to users (for example, segregation of duties
can be enforced effectively)
Understanding the entity and its automated environment involves understanding how IT department is
organised, IT activities, the IT dependencies, relevant risks and controls. Explain stating the points that an
auditor should consider to obtain an understanding of the company’s automated environment
Understanding and Documenting Automated Environment: Understanding the entity and its automated
environment involves understanding how IT department is organised, IT activities, the IT dependencies, relevant risks
and controls.
Given below are some of the points that an auditor should consider to obtain an understanding of the company’s
automated environment
● Information systems being used (one or more application systems and what they are)
● their purpose (financial and non-financial)
● Location of IT systems - local vs global
● Architecture (desktop based, client-server, web application, cloud based)
● Version (functions and risks could vary in different versions of the same application)
● Interfaces within systems (in case multiple systems exist)
● In-house vs Packaged
● Outsourced activities (IT maintenance and support)
● Key persons (CIO, CISO, Administrators)
The auditor should understand and consider the risks that may arise from the use of Information Technology
(IT) Systems.
Having obtained an understanding of the IT systems and the automated environment of a company, the auditor should
now understand the risks that arise from the use of IT systems.
Given below are some such risks that should be considered,
● Inaccurate processing of data, processing inaccurate data, or both
● Unauthorized access to data
● Direct data changes (backend changes)
● Excessive access / Privileged access (super users)
● Lack of adequate segregation of duties
● Unauthorized changes to systems or programs
● Failure to make necessary changes to systems or programs
● Loss of data
Discuss the impact of IT related risks on Substantive Audit, Controls and Reporting.
Impact of IT related risks i.e. on Substantive Audit, Controls and Reporting: The above risks, if not mitigated, could
have an impact on audit in different ways. Let us understand how:
● First, we may not be able to rely on the data obtained from systems where such risks exist. This means, all forms
of data, information or reports that we obtain from systems for the purpose of audit has to be thoroughly tested
and corroborated for completeness and accuracy.
● Second, we will not be able to rely on automated controls, calculations, accounting procedures that are built into
the applications. Additional audit work may be required in this case.
● Third, due to the regulatory requirement of auditors to report on internal financial controls of a company, the
audit report also may have to be modified in some instances.
In all the above scenarios, it is likely that the auditor will be required to obtain more audit evidence and perform
additional audit work. The auditor should also be able to demonstrate how the risks were identified and what audit
evidence was obtained and validated to address these IT risks.
Here, we should remember that as the complexity, automation and dependence of business operations on IT
systems increases, the severity and impact of IT risks too increases accordingly. The auditor should apply
professional judgement in determining and assessing such risks and plan the audit response appropriately
Data analytics can be used in testing of electronic records and data residing in IT systems
using spreadsheets and specialised audit tools viz., IDEA and ACL to perform check
completeness of data and population that is used in either test of controls or substantive
audit tests. Explain in detail stating all the relevant points.
Data analytics can be used in testing of electronic records and data residing in IT systems
using spreadsheets and specialised audit tools viz., IDEA and ACL to perform the
following:
Check completeness of data and population that is used in either test of controls or
substantive audit tests.
Selection of audit samples – random sampling, systematic sampling.
Re-computation of balances – reconstruction of trial balance from transaction data.
Reperformance of mathematical calculations – depreciation, bank interest
calculation.
Analysis of journal entries as required by SA 240.
Fraud investigation.
Evaluating impact of control deficiencies.
Explain some of the commonly used methods for testing in an automated environment.
When testing in an automated environment, some of the more common methods
are as follows:
♦ Obtain an understanding of how an automated transaction is processed by
doing a walkthrough of one end-to-end transaction using a combination of
inquiry, observation and inspection.
♦ Observe how a user processes transactions under different scenarios.
♦ Inspect the configuration defined in an application.
♦ Inspect the system logs to determine any changes made since last audit
testing.
♦ Inspect technical manual / user manual of systems and applications.
♦ Carry out a test check (negative testing) and observe the error message
displayed by the application.
