Computer Audit

Well usually when it comes to the Computer Audit the following will be the hot topics

1. Audit around computer and audit through computer
   
2. Advantage and disadvantage of using It in Audit
   
3. Discuss the use of computers in relation to the administration of the audit
   
4. Explain the use of computer assisted audit techniques in the context of an audit.
   
5. Discuss and provide relevant examples of the use of test data and audit software for the transaction cycles and balances mentioned in sub capability
   
6. Control that exist in the IT environment

Item 1-3 I would consider as easy to handle however for item 4-6, you need further understanding as it might require you to relate to a scenario especially the Control that exist in IT environment.

Item 2 and three I believe you can find it in the lecturer notes therefore I am not going to touch on it. Let's look at the remaining areas:

Bear in mind when it involve IT system, usually you will have three key process, namely input, process and output. Therefore the control and audit for IT environment will also be focus on the 3 principles.

It simple, Audit around computer mean audit on the input and output on the IT environment and skip the audit on the processing function, whereas audit through the computer will involve audit of the Input, process and output of the IT environment.(Please refer to the notes for further details)

You examiner seem to like CAAT and focus on audit software and Test data.
Now in layman term how to define them. Audit software is like any other software and its purpose is to help auditor to audit, it is a tool that auditor use to audit. For example computerized audit working paper can consider as audit software too. Test data is date that auditor used to test the reliability of the IT system of the client it can live or dummy data.

Don't think that it is complicated. It is not

For example Audit software is just software, the main function included:

1. Reading files
   
2. Select information
   
3. Performing calculation
   
4. Creating data files
   
5. Printing reports

Test data in layman term mean data used by auditor to test the Client IT system. The auditor will prepare separate data and have it loaded into the client IT system. Then the system will have to process those data. The end objective is that the system must reject those data as those data are fictitious data. If the system process those data at the end of the day the system is consider not reliable.

As far as I am concern there are 2 type of control that you should put in place for IT environment, namely: Application control and General control

Application control aim to control at the 3 key elements of IT system namely:-

1. Control over input
   
2. Control over process and
   
3. Control over output

This is more specific type of control aiming at the three key areas

General control is more towards administrative control; it can be segregated into 2 key areas:

1. General control on system development
   
2. General control on administration

The above are the type of control and the control element will be listed under the Program and manual control

Note: the above is just a brief explanation and the objective is to help you to understand the basic concept of the topic. Please refer to the handout for more details. Should you required further information, please do not hesitate to contact me by leaving your comment or email me.