CHAPTER 3:

AUDITING UNDER COMPUTERISED INFORMATION SYSTEM

ENVIRONMENT: AUDITING APPROACHES
SR. NO TITLE PG. NO.
3.1 INTRODUCTION 108-111
FUNDAMENTALS SHIFTING FROM TRADITIONAL AUDIT
3.2
SYSTEM TO COMPUTERIZED SYSTEM AUDIT 111-113
3.3 RECENT DEVELOPMENT IN AUDIT SYSTEM 113-114
APPROACHES OF AUDIT IN COMPUTERIZED
3.4
ENVIRONMENT 114-137
3.4.1 AUDITING AROUND THE COMPUTER 114-117
3.4.2 AUDITING THROUGH THE COMPUTER 117-124
3.4.3 AUDITING WITH THE COMPUTER 124-137
3.4.3.1 COMPUTER ASSISTED AUDITING TECHNIQUES
(CAAT’S) 124-131
3.4.3.2. TYPES OF CAATs 132-136
3.4.3.3. ICAI’S GUIDANCE NOTES ON IMPORTANCE OF
CAATs 136-137
3.5 DISPARITY BETWEEN THE APPROACHES 138
3.6 SUMMARY 138-139
3.7 REFERENCES 139-141

106
 CHAPTER 3:
AUDITING UNDER COMPUTERISED INFORMATION SYSTEM
ENVIRONMENT: AUDITING APPROACHES

3.1 INTRODUCTION:

The crest of digitalisation in the world has made everyone to be techno savvy. None of the
organization will exist without accepting incredible enlargement and enhancement in IT sector.
Every private and public entity has to adopt it to remain sustain in the global market. Studies have
shown that the incorporation of digitalisation has solutions for many issues in day to day life of an
organisation. As IT systems substitute the long standing manual accounting and auditing processes.
Computerised system overcame the drawback of manual system. The implementation of computer
is an essential to a certain level of assurance in working pattern of entities. IT provides inherent
advantages of technology along with the new vulnerabilities in accounting and auditing system. It
may be a bunch of challenges for non IT user. As IT field is unique of the greatest rapid changing
system than others. Auditor needs to modernize by periodic revisions and supplements in turn with
the emerging trends. Hence, before the auditor commence audit, it is important that auditor must
have a meticulous understanding of CIS environment in bank. Without proper understanding of the
functioning of each items or software, auditor would not be in position to complete the task
effectively and efficiently. The auditor must have adequate knowledge and expertise of accounting
and audit software. One should expect to understand software system adopted by the bank. Auditor
needs to consider the following tasks during audit process.
1. Sufficient understanding of the CIS environment
2. Accounting system adopted by bank
3. Effect of CIS environment on bank audit
4. Audit Trails followed under system
5. Controlling system
6. Test used to evaluate the ICS

From the above discussion, it is understood that auditor should have enough information of CIS
environment and audit approaches available. Hence, the researcher has put an attempt to highlights
the type of CIS audit approaches, their shortcomings and its impact on audit. This topic deals with
objectives of the study number 2 and problem of the study number 2.

107
Electronic data processing is the processing of data or transaction by a computer and its programs
in an electronic communication environment. EDP system is used in an audit process by an
organization instant of manual audit.

EDP audit or Audit under Computerised Information System environment means an examination of
system efficiency, system effectiveness and safeguard of assets of an organization. 1
Chart no: 3.1. (a) EDP audit system

It helps in smooth functioning of audit process. Most of the works of auditor related to manual
system get reduce. The auditor would be able to focus on the excellence of audit. The auditor needs
to take precaution in terms of following aspects:
a. Ensure that data and programme are properly protected
b. Check whether accurate security exists in the system
c. Ascertain whether the processing of the data is proper
d. Ensure that proper design of IT controls is maintained
e. Ensure that proper allocation of obligations and errands of the software engineers

The implementation of CIS provides concurrent access to users due to shared sever system. It helps
to increase the speed of audit process, efficiently and accurately generate report as per need of the
management. As the digitalised process is created and implemented. It helps in reducing the costs
of managing data by an extremely great amount. Due to this reduction in labour also takes place
due to which efforts and duplications are also reduced.

108
The above description shows that CIS environment provides numerous benefits. This attribute is
depends on the scope of audit process such as high speed of CIS audit process, Prevention of
clerical error and concentration of duties in the arrows of specialized personnel.

The transformation from traditional or manual audit process to computerised system brings many
changes or transformation in areas of audit process, mind-set of accounting and auditing staff an
organization. This phase is based on certain aspect such as internal control system, application of
software, use of technology etc.

The change in audit approach of computerised accounts as compared to audit of manual accounts is
causes of difference between Conventional Accounting System and Computerised Accounting
System. Following is the disparity between conventional accounting system and Computerised
Accounting System.
Table: 3.1 (i) Disparity between Conventional Accounting System and Computerised
Accounting System
Sr. No. Particulars Conventional Accounting System Computerised Accounting System
1 Input Transactions are recorded from source or Data is entered “live” in an online
documents input documents example bills, invoices, system during transaction taken place.
receipts and voucher etc. Hence no input documents are used.
2 Design/ Easy to design and less time consuming. Difficult to design hence it requires
Time more time.
required
3 Effect on Accounting and book-keeping functions The activities and responsibilities may
organization are centralised in the finance department. be centralised in the EDP department,
structure unless all departments are fully
computerised and linked by network
e.g. (LAN).
4 Complexity Less complex relationship between sub- More complex and high degree of inter-
systems example: purchases, stores and relationships between different sub-
production etc. systems.
5 Reliability Possibility of collusion in order to override Due to effectiveness of controls, it is
the system cannot be discounted. Hence considered more reliable.
less reliable.
6 Audit trail Fully visible- all ends of the transactions Due to deficit of input documents and
can be neatly and clearly traced. storage of information inside the
system, audit trail is less visible.

109
It shows that both the system has pros and corns but demand of digitalisation and several factors
enforced an organisation to adopt Computerised Audit System.

3.2 FUNDAMENTALS SHIFTING FROM TRADITIONAL AUDIT SYSTEM TO

COMPUTERISED AUDIT SYSTEM

There is no change until and unless it is in great demand. The requisite of such changes is based on
needs of an entity. As in today’s generation everyone seems to be modernized with demand of the
era which is based on certain parameters. If they do not, it may affect their position in the global
market. Similarly, with the development or growth of business, expansion and diversification
demands to transform from one aspect to another. There are numerous reasons for the
transformation from manual to computerise one. The research has enlightened the following major
2
causes of shifting from Traditional Audit System to Computerised Audit System.
1. Application System development control
2. System software control
3. Disappearance of manual reasonableness.
4. Impact of poor system
5. Exception reporting
6. Human- Machine interface

1. Application System Development Control:

Application system used in audit process should be develop and designed to provide rational
assurance regarding authorisation and effectiveness of system. The developmental stage is
dangerous if proper care has not taken. It is difficult to allocate the errors or frauds at during the
installation. The following aspects need to be considered:
i. Testing, conversion, implementation and documentation of new revised system
ii. Changes to application system
iii. Admittance to system documentation
iv. Hire or acquisition of system

2. System Software Control:

System software control is based on assurance regarding development of software system. It is
authorised and efficient. It is followed by endorsement, challenging, accomplishment and

110
certification of new scheme software. This system control, maintain, restriction of access to system
software with proper documentation by authorised personnel.

3. Disappearance of Manual Reasonableness:

The demand of manual system is vanishing day by day due to quick and essay availability of
accounting and auditing process. The detailed analysis of physical system for renovation into a
rational podium is possible with the transformation from traditional to computerised environment.

4. Impact of Poor System:

As manual audit system is based on auditing standards developed by several national and
international boards. Though there is a common standard for both the system but due to poor
planning and execution, it is complicated to accomplish the prime objective of the auditing. Hence,
expected standards do not match with the actual one, than defiantly most of the organization, will
adopt CIS rather than traditional.

5. Exception Reporting:
Audit report severs the purpose of stakeholders. The types of audit report differ from each
stakeholder requirement or demand. It is difficult to get report as per the demand of stakeholder
timely and accurately. Such reports can be generated with electronic system. In the software system
Management Information System (MIS) plays an important role. MIS can serve the purpose of
stakeholders. MIS provides accuracy of data which is equally important. The expected report can be
transform from one end to another which is difficult in conventional system.

6. Man- Machine Interface:

As both the method have two sides of coins, positive as well as negative. The application of
traditional system is acceptable to certain extent. Beyond which none of the system work out in a
better way. The interface of both the systems based on proposal, assessment and application of
communicating computing system for wellbeing of human use. Hence, sense it is “no man without
a machine and no machine without a man.” The researcher conclude with modern system is user
centric cannot achieve purpose of audit in term of man machine interface.

With the above study it is acceptable to transform the manual audit system to computerised system
in order to fulfil the demand of an entity. There are many studies focused on the implication of CIS
environment in digitalised world. LPG is solitary important reasons for extensive demand of
111
technology. It is mandatory for each sector to adopt it, otherwise they may fail to face the
challenges in the competitive world. Hence an auditor should have sufficient knowledge about the
recent changes and development in terms of technology. Auditor should be aware about speedy
changes in IT sector.

3.3 RECENT DEVELOPMENT IN AUDIT SYSTEM:

It has been experienced by every one of us that Information Technology is upgrading tremendously.
At the single stroke of time moment new innovation and invention has been noticed in every sector
respective of nature of business. In such glory atmosphere of IT an auditor should be aware of
upcoming trends in IT sectors. An auditor has to observe that every single changes in this felid
leads to several changes in the auditing. It may affect the prime intention of audit. The rapid growth
in IT field may create obstacles to an auditor. Due to deficiency of competency, knowledge,
information, improper judgement the auditor cannot able to accomplish the task as per the provision
or norms. An auditor may face several issues in their way. Therefore it’s commitment of an auditor
to consider the recent changes and developments in digital era.

CA. Vikas Oswal has focused on some the recent changes in the modern era. Such alteration or up
gradate has to be occupied into contemplation by the auditor before executing his duties.
The following are the recent changes in field of CIS audit process. 3
a. End user computing
b. Diminishing Hardware cost, boost in micro user
c. Extensive use of Relational Data Base Management (RDBM)
d. System development and Computer Aided Software Engineering (CASE) equipment
accepted by numerous users
e. Shift form DOS to UNIX and C language
f. Acquaintance grounded and verdict sustenance system
g. Augmented data communication and schmoosing
h. Use of EDI (Electronic Data Interchange)
i. Scanners and speech recognition system for involvement

The knowledge of recent development or growth in the audit process will help the auditor. Before
commence of audit, the auditor will consideration all the changes and accordingly an auditor will
prepare his plan, select methods and perform.
112
The selection of approaches is set up on the nature, size and system followed by an entity. The
entity must clearly inform about the software system adopted by them. This will help the audit team
in several ways.

3.4 APPROACHES OF AUDIT IN COMPUTERISED ENVIRONMENT:

The audit team must keep into consideration that the computerisation of accounting does not
change the basic aim and scope of auditing. It expresses the same opinion of The True and Fair
view as in traditional audit process. However, the computerisation has brought many changes in an
organization, audit procedures and controlling system. This change in computerised environment
requires certain modifications in conventional testing of compliance test and substantive test.

The auditors should programme their audit functions to appraisal of core rheostat and examination
of records generated by the system. The auditors should perform their duties connected with
compliance and substantive test by using various tools and techniques to arrive on conclusion.
Auditor has to study the audit risk and internal control system in the entity. The auditor view
ensures the accuracy, validity and completeness of data. Accomplishment of such view they have to
follow specified approaches. The auditor followed the approach as per their knowledge and
expertise in handing computerised data.
Following are the types of audit approaches in computerised environment:
3.4.1. Auditing Around the Computer
3.4.2. Auditing Through the Computer
3.4.3. Auditing with the Computer

3.4.1 Auditing Around the Computer

Auditing Around the Computer is oldest method of audit under CIS environment. It is also known
as Black – Box approach. In this approach auditor more or less ignores the fact of use of computers
for processing of information while determining the nature, timing and extent of the substantive
procedures. The auditors mainly concentrate on input - output and ignore the specifics of how
computer process the data or transactions. Accordingly the auditor matches the input with output.
On the foundation of result obtained, it is assumes that the processing of transaction must be
correct. It is similar to a manual system.4

113
Under this method the preference has been given to basis documentation is processed correctly and
the auditor verifies this with the output. The software system of the computer is not documented or
audited.5

In testing Payroll Application the auditor might first examine selected time cards for hours worked
and employee earning cards for rates and then trace these to the payroll summary production and
lastly associate eras, degree and extensions. The contrast of inputs and outputs may be done
physically or with the aid of computer. The auditor is, therefore relying on the controls in user
department.6

After taking into consideration of the above discussion the researcher has listed the positive and
negative aspect of this approach.
The following is positive features i.e. assistance of Auditing Around the Computer:
a. Less audit cost:
As this method is just like the manual audit system hence around is no requirement of high
level of competency in IT. As audit process is done manually hence no need to update or
develop system software.
b. Limited computer knowledge:
Due to excess dependence on traditional trails there is less or basic use of computer. The
basic task can be done by the person having basic knowledge of computer.
c. Effortlessness of comprehension as a tracing of documents:
Unlike computerised system transaction may automatically get transfer to several files as
per the programme set, in manual system every transaction gets recorded step by step and
supported by vouchers. There is negligible use of computer. Hence it is easy to trace the
documents.
d. No demand of in- depth study of application program:
As manual process follow a specify process of recording and execution of accounting and
auditing. There is no concept of development of application programme due to basic use of
computer.
e. Suitable to small scale:
Small scale entity may have less transaction which can be manage with mostly manual
system hence for this kind of organisation Auditing around the computer is suitable.

114
 Auditing around the computer is initial approach which may be used by every organisation
silently. But for the long run and large business unit it may not be possible. It has some
drawback also which curb the organisation not to use. Such hindrances are as follows:
a. Expensive due printed data requirements:
In Semi manual system, auditor works manual in relation to computerised data. Auditors are
more concern about the input and output. They may require both for verifying which add the
cost to this approach as compared to traditional system.
b. Time consuming:
Excess depends on human being may spent more time in several audit task and process.
c. Ignorance of huge potential of computers to help the auditor:
Due to lack of knowledge or competency skills the auditor might not able to comprehend
the potential of computers in terms of use, application and control.
d. No direct control:
Unlike other method, Auditing Around the Computer do not have complete control in the
auditing. The rotation of staff may affect the accuracy and accountability. The system can
be access by any one due lack of system control.
e. No ascertains about the underlying process:
This approach is based on technology cum manual. Mainly everything done manually, only
for few aspects computer is used. Hence it is complicated to depict audit process.
With the above observation it is understand that Auditing Around the Computer can be applicable
only to small scale business unit but by considering the loophole in it. This system may affect
severely due to risk available. Before applying or using this approach the auditor should analysis
the risk factor involvement. Most of author had focused on the factor responsible for audit risk such
as:7
a. No testing of software system
b. No audit generated evidence that the programs are working as documented
c. Impossibility to determine the causes of errors

In order to overcome with several issues auditor should have proper information about the potential
of technology. Auditor should prepare blueprint about what, how, when, where, whom. This will
create console to conduct the audit. One should take precaution in assist of work and collection of
evidences.

115
Applicable:
This approach is suitable when the application controls are difficult to comprehend. The auditor can
test the computer processes by feeding hypothetical data in the computer for which manual solution
is available. Comparison of such a solution can be made with computer generated output and if no
material discrepancies are noted, the auditor can use this approach.
With the emergence of IT sector and to overcome the issues prevailing in system Auditing Around
the Computer the other approach used by many organisation is Auditing through the Computer.
Researcher has tries to give justified reflection based on available resources.

3.4.2 Auditing Through the Computer

Auditing Through the Computer is moving from batch processing to on-line transaction process. It
is budge from mainframe-mini system to LAN, WAN etc. This system has converted the office in
to paperless office. Its contain most of data in electronic form which has made to change the audit
gears and methods in the audit process.

Auditing Through the Computer includes auditor investigates the system of data processing, and if
the scheme is acceptably measured, the auditor follows the system and infer that the information
processed by the system is accurate.8

Under this approach, use of computer is as “live” and “dynamic devices”, which add value to
process of auditing. It is treated as the target of auditing. In the nonstop changing sector audit
through computer is essential. It has shown in several studies that the application of different
approaches is depend on the necessity of an entity. Some of the key aspect are as follows for the
selection of this method such as:9
a. On-Line data entry
b. Elimination or reduction of printouts
c. Real time files updating

a. On-line data entry:

On-line data entry is an essential tasks performed through the computer. Under this system all
the data able to be access on-line due to availability storage in computer. Unlike manual system
the duplication of work can be reducing. It helps to reduce backlogs and duplication of work.

b. Elimination or reduction of printouts:

116
 This system eliminate the hardcopy of output requires for several purpose. Again this one of
positive aspect for Auditing Through the Computer. Most of the analysis or report generation
can be done in system only with the command.

c. Real time files updating

On-line input of data and auto generation of report and analysis helps to completed task on
time. As compare to Auditing Around the Computer, Auditing Through the Computer is faster
and accurate. This approach is consists of both the procedures compliance as well as
substantive. Both the procedures are the indicator of Auditing Through the Computer. This
approach gives importance to all the phases of CIS activities. The phases under CIS
Environment are as follows:

Chart: 3.4.2. (a) The Phases under CIS Environment

Auditing through the computer is also known as the White Box approach. The processes and
controls applied in audit environment are subject to audit, processing controls in operating and
investigating system. In edict to style this process easy Computer Audit Software may be used by
auditor.
Audit Software package may include of the following aspects: 10
i. Interactive enquiry facilities to cross-examine files.
ii. It helps to analyze computer security logs for extraordinary usage of the computer.
117
 iii. It has ability to compare sources and compile program codes in order to locate
dissimilarities.
iv. It facilitates to execute and scrutinize computer treatment of “live transaction” by moving
through the processing as it occurs.
v. It helps in generation of test data.
vi. It helps in actual and higher level control. It leads to evaluate the compliance testing and
substantive testing before an audit report is produced. Such generation of aids shows the
logs of application programs.

Auditing through the Computer is addition to Auditing Around the Computer. In order to execute
audit systematic and accurately, auditor must re-examine the other aspect of CIS system also.
Following are the major aspect under this system which auditor needs to review and test
before commencing the audit. 11

Chart: 3.4.2. (b) Auditor’s reflection on CIS Environment

This will help auditor to analysis the system. It helps to estimate the level of effectiveness in
software system. On the basis of it auditor can draft the audit planning and procedures.
Along with review of system control, auditor must be able to comprehend the level of
organisational structure. This will help auditor to take defensive measure for the smooth execution
of audit process. The five indispensable controls in audit process are as follow:
118
Chart: 3.4.2.(c)The Five essential control under audit process: 12

1. Input control replicate that every data is accurate and authorised by concerned department.

2. Processing Control imitate that the dispensation of facts is carried by responsible personnel
under the control of department.

3. Storage control reflects that the software should have proper coding storage facilities. It
should not modify by anyone else and available for use as when as needed.

4. Output control ensures that no modification or addition without informing the authority and
data provided to auditor should not altered till the task get over.

5. Data transmission control that information forwarded or transferred to other system should
not be edited. Protected coding should be kept secretly.

The above controls are vital for auditor to give their opinions on the financial statement of bank.
The major controls may affect the True and Fair View status of financial statement. Hence, the
rational precaution would helps auditor to maintain control in audit process. The adequate controls
over deterrence of unofficial entrance to computer and computerised database would help in audit
process. Following is the preventive measure undertaken by auditor to control organisational
structure:
i. Auditor has to separate or allocate task between staff into transaction processing and
computerised system functioned.

119
 ii. Auditor has to ensure adequate supervision of personnel administered.
iii. As the process of auditing is not a starlight forward flow of work from start to finish.
iv. Auditor has to check with the standard checklist or with list of questions.

This could be explained in better way, for example vouching of wages and salaries paid, here the
auditor could use various controlling system such as record counts, limit test , check digits,
hardware control etc. in order to maintain accuracy and reliability of transaction. With the above
preventive measure, auditor would able to conduct audit systematically and effectively.

Auditing Through the Computer could be applied in different perspective by an organisation based
on their obligation. The different perspective of Auditing Through the Computer as per the situation
is as following:
Table: 3.4.2. (i) Different Perspective of Auditing Through the Computer
Sr. No. Situation Examples
1 Large Volume of Cash sales in large organizations or
Transaction departmental stores
2 Highly Internal Operational banking system a computer
Control system programme may group connections for separate
tellers to deliver controls totals for settlement at
the culmination of day’s dispensation
3 Efficient Processing EDP system used to scan accounts receivable
System balances for amount exceeding the credit limit
and for confirming receivable accounts random
sampling table can be used.
4 Facilitate Analysis Summarises inventory turnover statistics to
determine slow moving inventory items with
help of software.
5. Cost Benefit Identification of extensive difference in the
noticeable audit trail.

Auditing Through the Computer facilitate different function under computerised system. It is
renounce then Auditing Around the Computer. Functions concern with test data, process
controlling, audit programmes is performed by this method.

120
 Chart: 3.4.2. (d) Functions of Auditing Through the Computer:13

Auditing through the Computer is providing an additional feature in relation to former approach.
Some of the affirmative aspect of Auditing Through the Computer are as follow:
a) Excess internal control
This approach facilitates excess internal control in numerous forms. High level of internal
control in general, application software and other control maintain the accuracy and
effectiveness in an organisation. Excess Internal control systems reduce the worry of
auditor. Audit process would able to compete on time without any meddling or obligation.

b) Compliance and substantive procedures are followed

This approach covered both the procedures. It ensures that the auditor should concern with
both the aspect and accordingly do the necessary precaution.

c) Extensive use of computer

This approach is moving from batch process to on-line process which leads to excess use of
computer for different purpose. It enables to use computer for multiple function in
accounting and auditing system. This makes the test results more conclusive.

121
 d) Sufficient acquaintance of computer required
This approach is extremely use in digital era. The rapid growth and development in IT
sector generate obstacle to user. Hence accountant and auditor must be well equipped with
the recent trend in IT.

e) Advanced skilled are required:

Auditing Through the Computer is requires high level of skill to coup with recent trends in
CIS environment. Lack of comparative skill would affect the eminence of audit. Auditor
should realize the audit process with requisite of IT to avoid the risk factor.

f) Suitable to large scale entities:

It is best approach for large scale business entity. Due to availability of excess funds,
manpower and technology it is feasible to apply this method under audit process.

g) Own design of software:

This approach provides freedom to decide whether to acquire or self design the software as
the need of an entity. Auditor can design his own computer programmes or software for
testing and evaluation of data.

The focused virtues give a transitory impression nearby the utility of Auditing through the
Computer. But along with this positive side it has a negative aspect which has been extracted from
several studies done by authors. Researcher has highlighted few of them. Following is the
obstacles of Auditing thorough the Computer:
a). High audit cost
The application of Software System requires high quality of software, internal control and qualified
and experience staff to execute the system. It may add the cost to an organisation. It is an additional
cost above the other operating cost. Hence, it could be a reason for non acceptance such approach
in may organisation.
b). Over burdens on staff as well as on auditor
The application software is demand of digital era and level of software is depends on the
complexity level. The complexity level in terms of absence of input documents, lack of observable
transaction trail and lack of detectable output etc increased the work of staff and auditor. The staff
should be expert. Preventative measures need to under taken by the auditor.

122
 c). Specialised /Professional course in computer auditing requires
Like manual audit system, audit under CIS environment is also required trained and qualified
person to be carried out the audit. Several legal bodies have laid down the quality, qualification and
expertise required to an auditor. Both the procedures compliance as well substance is needed to
complete tasks correctly and effectually. Such multiple tasks enforce that auditor should have
professional expertise to identify the events of an organisation.

Auditing through the Computer demands excessive involvement. With the incredible growth in
information system several new concept has boosted up under accounting and auditing system.
Auditing with the Computer or Auditing by using the Computer is a most challenging approach in
the area of audit. Researcher has focused on some the aspect of Auditing with the Computer based
on available study in field of audit.

3.4.3 Auditing with the Computer / Auditing by using Computer:

Auditing with the Computer is the process of using CIS system of the client in gathering material
evidence. It is a component of Auditing through the Computer.14

Auditing through the Computer makes use of computer in auditing. Computers are useful tools and
techniques used in performing audit. Many data files are in machine readable form, which cannot
be easily examined by anyone. Hence, auditor need to utilize a computer programmes to examine
those files and perform many of the clerical tasks previously performed by staff. Under this
approach entire accounting and auditing process is based on software system and auditor should
have keen knowledge about it. The techniques which use the computer itself for audit purpose are
known as “Computer Assisted Auditing Techniques” (CAAT’s). It is the techniques which use the
computer itself for audit purpose.

3.4.3.1 Computer Assisted Auditing Techniques (CAAT’s):

CAATs are techniques that utilize the computer as an audit instrument. It comprises computer
programmes and data that can be exercise by auditor in process of information system. Information
Technology based tools and techniques are required to allow the auditor to access, analyse and
evaluate the data stored on the computers. CAATs are nothing but software. The software is either
available off-the-shelf, or is specifically developed. There are various types of CAATs available.
123
CAATs consist of both the procedures compliance as well as substantive. It consists of Test Packs
and Integrated test data approach. Both the approaches have distinguished features. The selection or
application of CAAT’s is based on silent factors. The auditor ought to consider those silent factors
involved in audit approach before applying audit process in an organisation. The selection of
approach in CAAT’s is based on following aspects.
Chart: 3.4.3.1 (a) Factor affect the selection of approaches under CAAT: 15

1. Technology being used:

The auditor should verify type and level of technology used in an origination. Accordingly
audit team will decided their way of functioning.

2. Applications to be reviewed
The application used in an organization has to be evaluated by entity. On the basis of
evaluation report, auditor can come to know about the authenticity and accuracy of data.
3. Level of expertise of staff to use such techniques
Auditing With the Computer itself reflect the optimum requirements of techno savvy
personnel in the audit process. Hence, while selecting the approach the auditor should able
to understand the expertise level of staff. Programme building is done by one person and
implementation done by third person who do not knows about the function. One has to
understand and implement it.

Hence, to safeguard interest of CAAT’s application ICAI has placed the guideline for the same.
ICAI’s guidance note on Computer Assisted Audit Techniques (CAATs) deals with the usage of
CAATs. The guidance note recognizes that CAATs may enhance adeptness and productivity of
audit measures. These guidance notes are based on certain principle recommended by The ICAI.
124
Following are the principal recommended by ICAI 16
I. Availability of sufficient IT knowledge, expertise and experience among the member of
audit team to plan, execute and use of results of the particular CAAT.
II. Availability of CAATs, suitable computer facilities and data in appropriate format.
III. Impracticability of manual test due to lack of evidence
a) Example : authorisation of system generated transactions
b) Operation of programmed control procedures
c) Retention of transaction details in electronic form in summarised form of totalling
d) Printed in hard copy form
IV. Impact on effectiveness and efficiency of application of software than manual system.
V. Time constraints- the auditor requires data. Some time data store for short period of time,
the auditor may need to alter the timing of performing CAATs that requires such data.

With the above discussion it is cleared that CAAT’s overcome of other two approaches in respect
of several aspect. It’s imperative need of digital era to follow the CAAT’s. Hence, the researcher
has tries to explain the Following is the Needs for CAAT.

Chart: 3.4.3.1.(b) Needs for CAAT in CIS environment : 17

125
 1. Absence of input documents:

Under CIS environment, a number of transactions are fed into the system without there being any
source of document. Hence in CIS environment data may be recorded into the computer system
without supporting documents. For example sales transactions may be enter into computer directly
by the salesmen without there being any source document. An individual data entry authorisation
may replace by other procedures in on- line transaction systems. Approval for order entry may be
replaced by some other procedures. In some of the cases it was noticed that source document may
be created for short duration.

2. Lack of visible transaction trails:

Transaction Trails means the consecutive junctures in the footage of the operation in the books of
account through which an auditor may be able to dash the transaction. In a manual system, it is
normally possible to follow a transaction through the system by examining relevant sources
documents, books of account, records etc. In a CIS environment, source documents for many
transactions may not exist. Moreover, the updating of multiple files may be done by a single
transaction. For example, the purchase of a unit of raw material goods may be recorded by
computer, in inventory records, purchase records and creditor records. Because of these
characteristics, it may be difficult to relate the output to individual transactions. The additional
difficulties associated to this that the final output report will be without the detailed data available.
As in a traditional system an auditor can obtain requires document as when required with different
sources of document like books of accounts, records, files and reports etc. The business deal track
may be in machine readable form in EDP environment systems, which are exits only for a
temporary.

3. Lack of visible output:

In traditional system it is feasible to access visually the results of processing. In electronic system a
printed results of processing is not always possible, only in summary data may be admittance facts
recalled on machine readable files.

4. Simplicity of entrance to data and computer programs:

Data and computer programs may be retrieved data. It can be rehabilitated at the computer or
through the use of computer gear at inaccessible locations. The lack of appropriate controls leads to

126
increased in potential for unauthorised access and alteration of data and programmes by internal or
external user of an entity.

5. Difference in nature of output:

Under traditional system, visual examination of records enables an auditor to identify cuttings,
insertions, overwriting etc. As these may designate an attempt to manipulate the records, the auditor
examines these thoroughly. In CIS environment, on the additional indicator, the alteration of
records cannot be identified through their visual examination. The auditor, therefore, has to apply
other appropriate procedures to satisfy them that the records are into altered in an unauthorised
manner.

CAATs allow the auditor to save period by investigating data deposited on computer media rather
than on print-outs or other documents and in some cases, to demeanour tests which cannot be done
physically because there is no noticeable indication or audit trajectory.
Hence the auditor have to take decision regarding testing of electronic data available in system.
Alternatively, auditor could be strained to abandon manual tests because of unavailability of visible
audit trail. In both the case, auditor must use either software or specially prepared audit facts to
evaluate the inner workings of entity.

3.4.3.1. (c) Uses of CAAT in performing various auditing procedures: 18

CAAT is used in test of niceties of transactions and balances. It is applicable to compliance and
substantive testing. It is applied in executing different auditing procedures. Following is the use of
audit software to test entire transaction in a computer file.
a. Analytical review procedures- to recognize extraordinary changing of items
b. Compliance test to general EDP controls- specimen, the use of experiment data to test
access measures to the program libraries
c. Compliance test of EDP application controls- it helps to test the function of the programme
procedures
d. Detection of fraud: it helps emphasize on frauds. There is lack of documentary evidence to
indicate that the application of audit software has unearthed the will concealed frauds

127
 Chart: 3.4.3.1. (c) Use of CAATs- audit process:

Along with above use of CAAT in audit process, it has several uses in different forms. Such
commonly used of CAATs is essential in today’s competitive era. The utility of CAATs are as
follows: 19

128
Audit Software:

It comprises digital system used by the auditor as a fragment of this auditing practice to course data
of audit implication.
a. Package Programme: It is generated to design to perform data processing. It is full compile
of Computer programme.
b. Purpose Written Programme: It is used in to execute audit tasks in definite situation. It is
prepare by auditor, by the organisation or by programmer engaged by auditor.
c. Utility Programme: It is used by an organisation to execute familiar data processing
functions. For example sorting, creating and printing files.

Test Data:
Test data is technique used in audit process in comparing input data with the output data with pre-
determined results. It is applicable to several tests such as:
a. Specific Control: It is used for specific controls in computer programme such as on line
password and data access controls.
b. Test Transactions selected form previously processed transaction: It is based on historical
data or data treated by the examiner to analysis sacrifice processing characteristics of an
organisation.
c. Integrated Test Facility: It is used identify the dummy unit. It is posted through the normal
processing.
The examiner must safeguard that the test connections are afterward eradicated from accounting
records of an organisation.
Many authors have focused on the relevant and usability of CAATs in numbers of way an
organisation. It has numerous features.

Characteristics of CAATs:

CAATs are significant tools and techniques used in CIS environment. In CIS environment there are
possibilities of misappropriation of documents, authorities, duties and responsibilities. An auditor
must insist an availability of visible records irrespective of total processing time. Under this system
internal control is considered reliable and accurate. The thrashing of audit track can generate
obstacles CIS-audit process. Hence to overcome these difficulties Computer Assisted Audit
20
Techniques can be used. Application of CAATs has distinct advantage such as:
129
 a) Audit Effectiveness:
Efficacy and proficiency of auditing can be improved with the adoption of CAAT in obtaining
and evaluating audit evidence -for example:
i. Some transactions may be tested effectively and efficiently by using the computer at
similar level of cost. To examine all or a superior amount of transactions adequate
selection required.
ii. Analytical review procedures help in reviewed and obtained intelligences of
uncommon stuffs in printed form by the computer.

b) Saving of Time:
By using CAAT than other audit procedures, auditor can save period by revising the EDP
controls.

c) Effective Test Checking and Examination in Depth:

CAAT licenses actual inspection in complexity of nominated dealings since the auditor
“constructs” the absent audit path.

d) Ability to Scrutinize Large Volume of Data: 21

CAAT Provides fast and precise scrutinise of large volume of data without interference of
manual.
e) Less Manual Procedure:
CAAT’s helps automatic transfer of data to several files and with the command generate
quick data without much involvement of manpower.

3.4.3.2. Types of CAATs:

CAATs have peculiar application in an organization. The application is based on requirements of

an organisation. Types of CAATs decide the performance of auditor in respect of demand for audit
process. The types of CAATs used for audit purpose are discussed as follows:22

130
 Chart: 3.4.3.2. (a) Types of CAAT

3.4.3.2.(A) Test Data/ Packs:

An organization compares the results obtained with pre- determined results by using Test data
techniques in directing audit measures by inflowing data into computer system. It involves use of
specific data for testing a particular sequence or program operated by the system.
i. The test data use for processing purpose are:
a. Based on past transaction
b. Constructed deliberately for test purpose:
i. Abnormal transaction
ii. Normal transaction
iii. Absurd transaction
ii. Auditor verifies how the computer system responds to test pack. Whether the
transactions reports as abnormal or normal or accepts them as “Garbage- In- Garbage –
Out (GIGO)”.
iii. The data in test pack is also processed manually: Auditor need to compares and
scrutinise the results under manual and computerized processing and derives his
conclusion.
Examples:
a. Specific controls in computer programs such as password and data access controls are
usually tested by test data system.
b. Throughout the ordinary dispensation test dealings recycled in a united test ability where a
‘dummy’ unit is established and to which test businesses are posted.

131
When examination data is administered with the organizations normal processing auditor should
safeguard that the test businesses are afterward jettisoned from accounting records of an
organization.

3.4.3.2. (B)Audit Software/ Computer Programs:

Auditing software include of computer program accepted by the auditor as a part of auditing
procedure to route data of audit connotation. For examples, auditor can generate own computer
program to prepare ageing schedule of debtors based on past data. In the computer stored and then
compare it with the ageing schedule processed by computer system of an entity. Such types of
software called as Purpose Written Audit Software. In many cases the auditor can use Generalized
Audit Software (GAS).23
Generalized audit software is a set of computer system that can perform certain shared data
dispensation purposes such as:
a) Computer files
b) Selecting records
c) Performing calculation
d) Printing reports
It was discovered by software developing agencies and by large organization. GAS performs the
following functions:
i. Verify calculations
ii. Examine records for correctness, consistency and completeness
iii. Evaluate information retrieved through order audit procedures with enterprise records
iv. Compare data on separate files
v. Summaries or re-sequence data
vi. Select samples

On the above discussion emphasized that different audit software can be developed, according to
24
demand of an entity. Hence audit software should consists of the following:
1. Package Programs
2. Purpose Written Programs
3. Utility Programs

132
 1. Package Programs:
A package program is nothing but Generalized Audit Programs (GAP). Data processing procedure
such as reading computer files, selecting information, creating data and printing reports are
performed by GAP. GAP is meant for common purpose specified by the auditor.

2. Purpose Written Programs

As the name suggest it is developed for specific purpose for specific circumstances. It is use as per
the need of an organization.

3. Utility Programs
These systems adopted by the organization to carry out regular data processing factions, such
sorting, creating and printing files. These programs are generally not designed for audit purpose and
therefore may not contain such feature as automatic records totals or rheostat wholes.
It can used for it is used for both the testing compliance and substantive. It helps to perform various
auditing procedures.25

CAATs application is alteration or substitute of exiting system. As this system has a numbers of
positive features which helps to accomplice the objective of an entity. But the accurately and
effectiveness of result is based on following factor which needs to undertake while adopting the
CAATs.
Chart: 3.4.3.2 (B) a. Factor Responsible for Application CAAT’s

133
 a) Accessibility of adequate IT knowledge and proficiency: CAATs is the part of Auditing
with the computer. It means it has excess use of software system. The use of software
system is either self-made or acquired from outside. In both the case the auditor and
accountant must able to use it. The continuous development under this system demand high
skill and knowledgeable staff to handle the system.

b) Incompatibility between CAATs and computer facilities (of entity): Most of time there is
vast difference between the availability of facilities and required. Hence auditor must verify
the entity’s capacity regarding the use of software system and their financial position to
accept the same.

c) Impracticability of manual tests: It has been noticed that a single change in the operating
environment not only affect organisation but also the staff. Auditor should examine impact
of CAATs on the manual audit process. The application of CAAT is inseparable part of
manual system.

d) Influence on success and proficiency in removing a data: Auditor should safeguard that the
enactment of CAAT. It should not affect the authenticity of data used in audit process.
Usually it is noticed that the one acceptance affect the other one.

e) Time constraints: Manual audit system is based on different audit procedure. There is
transformation from one to another. Coasting, totalling, posting, scrutiny task the time to
complete. Due to nonexistence of audit trails in terms of input and output save the time
under CIS environment. CIS environment keeps away from itself from the issues related
with time constraints.

Hence the control procedures needed while using CAAT under both the application i.e. Software
and control test applications. The application of Computer Audit Programme facilitates in audit
procedure and provide silent feature. The following is brief characteristics of Computer Audit
Programme:

134
 Chart: 3.4.3.2 (B) b. Characteristics of Computer Audit Program

Auditing and Assurance Standard (AAS) is establishing standard on measures to be shadowed

when an audit is steered in CIS environment by Institute of Chartered Accountants of India (ICAI).
The auditing standard is essential to maintain the standardized.

3.4.3.3. ICAI’s guidance notes on importance of CAATs:

It may be noted that test data and audit software data. It is complementary and not mutually
exclusive. There are other techniques available which can be accepted by concern. Apart from test
data and software ICAI’s guidance note identifies the following importance of CAATs: 26

135
 Table: 3.4.3.3. (i) ICAI’s guidance notes on importance of CAATs
Sr. No. Importance Facilitates
1 Audit Automation Perform various tasks: evaluating client’s risk
management procedures, generating electronic
working paper etc.
2 Core Image Comparison Compare the executable adaptation of a system
through secure master copy. It give assurance about
the program in use is authorized or unaltered.
3 Database Analysis To examine the rights associated with terminals and
the ability of users to access information on a database
which help to understand database management
system.
4 Embedded Code It is own programs used by the client for processing. It
helps the auditor to examine transaction passing
through the system and to find out unusual
transactions.
5 Log Analyzers To read and analyze records of computer activity and
evaluate the efficacy of access control.
6 Mapping To list unused program instructions which helps in
identifying program codes which may be there for
fraudulent purpose.
7 Modeling To help to carry out variety of procedures such as
analytical procedures, on client’s records. It also helps
to project the result and compare actual result with
expected results.
8 Online Testing It help to verify whether a specific programs or test
performing its task properly or not.
9 Program Code Analysis It helps to examine the cradle code of actual program
with a view to subsequent the judgment of the
program to content himself that it will perform
according to his understanding.
10 Program Library Analyzers It helps the examiner to recognize dates on which
changes were made to executable programs.
11 Source Comparison It helps in comparison of source edition of a system
through secure master copy.
12 Tracing It helps to spot which guidelines were followed in a
program and in what command.

136
 3.5 DISPARITY BETWEEN APPROACHES:27

Auditing around the computer, Auditing through the computer and Auditing with the computer
has distinctions prose and corn. As per the necessity of an organisation application of CIS
environment is decided. Each approach has different features with the need of an entity. The
following is the list of disparity between approaches:

Table: 3.5 (i) Disparity between Approaches

Sr. Particulars Auditing through the Auditing around the Auditing with the
No Computer Computer Computer
1 Recognition of Under this systems are Computers are treated It is integral part of
Computer accepted as “live” and as mechanical book- computer. It is itself is
dynamic devices, which keeping aids under this computer program.
add value to the process approach
of auditing.
2 Audit Assurance The focus of audit is to The focus of audit is to The focus of audit
examine the accounting take voluminous software used in audit
system and software used reports and output and process. Audit assurance
– to certify that they compare “input focus of GAAT specific
deliver audit pledge on voucher” with “system Generalize audit software
the various features of output” to obtain audit (GAS).
control assurance
3 Use of CAATs Applicable Non Applicable Applicable
4 Extent Computer Knowledge of use of No specific skill is Mote intensive knowledge
skill required software and programs required is required.
required
5. Application of Testing of client’s data Manual testing of Testing of client’s
approach involves files transaction data programs

3.6 SUMMARY:

Audit under Computerised Information System environment provides an examination of system

efficiency, system effectiveness and safeguard of assets of an organization. Such examination of
audit process reflects True and Fair View and accurate only when appropriate approach have been
used. The approaches suggested by the expert and ICAI has its own prone and corns. Each
approach has distinct feature and satiability level.

137
Auditing around the computer is basically similar to manual audit process. Under this approach an
auditor basically focused on input data and output data. He does not bother about the how he got
the output result. It has many advantages with disadvantage. Such approach can be applicable to
small organization where volume of transaction is less.

The second approach i.e. Auditing through the Computer emphasise on excess use of computer.
Under this approach an auditor need to comprehend the procedure system to make audit process
effective and efficient. It is based on internal control system. Both the control system i.e. General
and Application system must be control. It is also based on factor such as On-Line data entry,
Elimination or reduction of printouts and Real time file updating. Auditing through the computer
can be completed by applying method such as Test Data, Controlled Processing and Computer
Audit Programmes. Even this approach has merits and demerits. It depends on auditor how he is
using and understanding.

The last approach is Auditing with the Computer. This approach actual make the computer in use. It
involves auditing system and programmes used in the entity by an examiner. The techniques which
use the computer itself for audit purpose are known as “Computer Assisted Auditing Techniques”
(CAAT’s). It is part of Auditing Through the Computer. CAATs are techniques that can be applied
in auditing. It comprises computer programmes and data that can be accepted by auditor in process
of information system. IT based tools and techniques are required to enable the auditor to access,
analyse and evaluate the data stored on the computers. Again CAATs has different types such as
test data and audit software. The application such types depends on audit purpose. ICAI has led
down the guideline notes on the importance of CAATs in audit process.

Hence all the approaches have its characteristics. Every application restricted with certain
impediment. Application of such approach depends on nature of business, knowledge of computer,
availability computer system and internal control system an organization has.

3.7 REFERENCES:
1. CA. Vikas Oswal, “ Simplified Approach to Advanced Auditing and Professional Ethics”,
Walter Kluwer Pvt. Ltd., second edition 2013, pg no. 102; ISBN-13:978-81-8473-892-6

2. “Audit under Computerized Information System (CIS) Environment”, The Institute of

Chartered Accountant of India, www.icaiknowledgegateway.org

138
3. CA. Vikas Oswal, op.cit. pg no. 103

4. “Audit under Computerized Information System (CIS) Environment”, The Institute of

Chartered Accountant of India, www.icaiknowledgegateway.org

5. CPA P2 Audit Practice & Assurance Services Cenit Online 2015

6. Aruna Jha, “Auditing Problems and Solutions”, Taxmann’s Allied Services Pvt. Ltd. CA-
PCC; July, 2008, pg no 125-126 ; ISBN: 978-81-8478-096-3

7. CPA P2 Audit Practice & Assurance Services Cenit Online 2015

8. Kenneth A. Smith and Albert K. Francisco, “CPA Review of Auditing”, Addision Westey
Publication

9. G. Sekar and B.Saravana Prasath, “A students handbooks on Auditing and

Assurance”,CA.PE II/PCC, C. Sitaraman & Co. Pvt. Ltd. May-2008; pg no.11.10- 11.12

10. “Audit under Computerized Information System (CIS) Environment”, The Institute of
Chartered Accountant of India, www.icaiknowledgegateway.org

11. Aruna Jha, op.cit pg no 126-127

12. CA. Vikas Oswal, op.cit. pg no. 104;

13. G. Sekar and B.Saravana Prasath, op.cit. pg no.11.10- 11.13

14. Aruna Jha, op.cit. pg no. 123

15. Mohan Bhatia, “Auditing in a Computerized Environment”, Tata Mc Graw-Hill Publishing

Company Ltd. ISBN: 0-07-043624-X pg no.471
16. Kamal Gupta, “Contemporary Auditing” Tata the MacGraw hill Companies Ltd. New Delhi
6th edition (2005), ISBN: 007-058584-9 pg no.206-207

17. G. Sekar and B.Saravana Prasath, op.cit. pg no.11.10

18. CA. Vikas Oswal,op.cit. pg.no 105

19. CA Pankage Garg, “ CA- Final Advanced Auditing and Professional Ethics”, 8th
Edition
Taxmann’s ISBN: 978-93-86189-701-0

20. G. Sekar and B.Saravana Prasath, op.cit pg no.11.10- 11.11

139
21. CIS Auditing by Mhod.Shafif July, 2012 https://mohdshafle.wordpress.com/auditing

22. G. Sekar and B.Saravana Prasath, op.cit. pg no.11.10- 11.11

23. Kamal Gupta, op.cit. pg no.209

24. CA Pankaj Garg , “ICC CA Final : Advanced Auditing and professional Ethics” 5 th Edition
Taxmann’s ISBN: 978-93-5071-678-6 Pg No. 30 to 37

25. CA. Vikas Oswal, op.cit pg no. 107

26. Kamal Gupta, op.cit. pg no.210

27. Srinlvasan Anand G. “Auditing EDP Audit”, Taxmann’s Allied Services Pvt. Ltd. Pg no.
362-368

140