AUDITING AROUND THE COMPUTER


When it is possible to relate on a one to one basis, the original input to the final output or to put it another way, where the audit trail is always preserved than the presence of the computer has minimal effect on the auditor's work, and in that case it is possible to ignore what goes on in the computer and concentrate audit tests on the completeness, accuracy, validity on the input and the output, without paying any due concern to how that output has been processed. Where there is super abundance of documentation and the output is as detailed and complete as in any manual system and where the trail from beginning to end is complete so that all documents can be identified and vouched and totally cross referenced, then the execution of normal audit tests on records which are computer produced but which are nevertheless as complete as above then this type of auditing is called auditing around the machine. In this case, the machine is viewed as simply an instrument through which conventional records are produced. This approach is much criticised because:

i. It indicates a lack of knowledge on the part of the auditor;

ii. It is extremely risky to audit and give an opinion on records that have been produced by a system that the auditor does not understand fully, and;

iii. A computer has immense advantages for the auditor and it is inefficient to carry out an audit in this manner.

However, problems arise when it is discovered that management can use the computer more efficiently in running the business. This is usually done by the production of exception reports rather than the full records. For example, the management is interested in a list of delinquent debtors, therefore producing the whole list of debtors means the list has to be analyzed again to identify delinquent debtors and act upon them. This is inefficient and time consuming as the printer is the slowest piece of equipment in any computerised system. From the auditor's view, exception reports which provide him with the very material he requires for his verification work raise a serious problem because he cannot simple assume that the programs which produce the exception reports are:

i. Doing so accurately;

ii. Printing all the exception which exists;

iii. Are authorised programs as opposed to dummy programs specially created for a fraudulent purpose or out of date programs accidentally taken from the library and;

iv. That they contain programs control parameters which do in fact meet the company's genuine internal control requirements.So although it may be reasonable for management to have faith in their systems and programs, such faith on the part of the auditor would be completely misplaced and may reflect very adversely on his duty of care. This is the first situation on the loss of audit trail.The other situation where loss of audit trail is noted where the computer generates, totals, analyses and balances without printing out details. It therefore becomes necessary for the auditor to find a way to audit through the computer rather than around it. But before we go on to that, the loss of audit train can be overcome as follows:

(a) We can have special print outs for auditors, remember the need to be consulted at the design stage.

(b) Inclusive audit facility. This means putting in the programs special audit instructions that enable the computer to carry out some audit tests and produce print outs specially for the auditor.

(c) Clerical recreation: Given unlimited time and man power, maintain the possibility to recreate manually the audit trail. This would obviously be a very tedious exercise.

(d) Total testing and comparison: It is possible to compare results with other data, budgets, previous periods and industry averages.

(e) Alternative tests: We can perform stock takes, debtors circularisation and examination of the condition of fixed assets.

(f) We can use test packs to verify program performance.