CHAPTER 9 AUDITING COMPUTER-BASED INFORMATION SYSTEMS

SUGGESTED ANSWERS TO DISCUSSION QUESTIONS

9.1 Since most organizations make extensive use of computer-based systems in processing accounting data, it is essential that computer expertise be available in the organization's audit group. Such expertise should include: Extensive kno ledge of computer hard are, soft are, and accounting applications ! detailed understanding of appropriate control policies and procedures in computer systems !n ability to read and understand system documentation Experience in planning computer audits and in using modern computer auditing techni"ues.

!ll internal auditors may not possess expertise in all of these areas. #o ever, there is certainly some minimum level of computer expertise that is appropriate for all auditors. $his ould include: 9.2 !n understanding of computer hard are, soft are, accounting applications, and controls. $he ability to examine all elements of the computerized !%S $he ability to use the computer as a tool to accomplish these auditing ob&ectives.

'any authorities have suggested in recent years that internal auditors should be involved in systems development pro&ects in order to ensure that ne ly developed systems are auditable and have effective controls. #o ever, if the auditor's involvement is too great, then his or her independence may be impaired ith respect to subse"uent revie and evaluation of the system. !ccordingly, the auditor should not be a member of a systems development team, or be other ise directly involved in designing or implementing ne systems. $here are indirect forms of auditor involvement that are appropriate. $he auditor can (. *. )ecommend a series of control and auditability guidelines that all ne systems should meet. %ndependently revie the ork of the systems development team, evaluate both the "uality of the systems development effort and its adherence to control and auditability guidelines, and report his or her findings to management.

%n both cases the auditor is orking through management rather than ith the systems development team.

+-(
, *--+ .earson Education, %nc. publishing as .rentice #all

Ch. 9: Auditing Computer-Based Information Systems 9.3 $he most effective auditor is a person ho has training and experience as an auditor and training and experience as a computer specialist. #o ever, fe people have such an extensive background, and personnel training and development are both expensive and time consuming. /er ick may find it necessary to accept some tradeoffs in staffing its audit function. Since auditors generally ork in teams, /er ick should probably begin by using a combination of the first t o approaches. $hen, as audit teams are created for specific purposes, care should be taken to ensure that the members of each audit team have an appropriate mix of skills and experience. 9.4 $he "uestion implies $ustin's internal auditors never bothered to investigate transactions belo a certain dollar amount, and0or shortages of less than a certain percent. $his is not good audit practice. 1hile auditors generally examine transaction samples that are selected to include a high percentage of items having a high dollar value, their sampling procedures should not ignore transactions ith lo er dollar values. $here must have been hundreds of falsified transactions, and an effective sampling plan should have uncovered a fe of them. !udit soft are could be used to fully reconcile collections ith billings, and list any discrepancies for further investigation. !n assistant finance director should not have the authority to enter credits to customer accounts. 2ertainly, there should have been documentation to support such transactions. !n internal control audit should have detected inade"uacies in $ustin's computer access controls, as ell as a lack of documentation for certain transactions.

9.5 Exception testing for payroll deductions. $his type of computer-assisted audit techni"ue 32!!$4
program can identify employees ho have no deductions. $his is important because fictitious or terminated employees ill generally not have deductions. 32%! Examination, adapted4

+-*

Accounting Information Systems

SUGGESTED SOLUTIONS TO THE PROBLEMS

9.1 a. $he response to the recommendation that your department be responsible for the pre-audit of supplier's invoices is: %nternal auditing should not assume responsibility for pre-audit of disbursements. 5b&ectivity is essential to the audit function, and internal auditors should be independent of the activities they must revie . $hey should not prepare records or engage in any activity hich could compromise their ob&ectivity and independence. 6urthermore, because internal auditing is a staff function, involvement in such a line function ould be inconsistent ith the proper role of an internal auditor. b. $he response to the re"uest that you make suggestions during development of the system is: %t ould be advantageous for internal auditing to make specific suggestions during the design phase concerning controls and audit trails to be built into a system. %nternal auditing should build an appropriate interface ith the 7ata .rocessing 7epartment to help achieve this goal. 8either ob&ectivity nor independence is compromised if the auditor makes recommendations for controls in the system under revie . 6or example, internal auditing may: .rovide a list of control re"uirements. )evie testing plans. 7etermine that there are documentation standards and that they are being follo ed. 7etermine that the pro&ect itself is under control and that there is a system for gauging design progress.

%nternal auditing must refrain, ho ever, from actual participation in designing the system. c. $he response to the re"uest that you assist in the installation of the system and approve the system after making a final revie is: $he auditor must remain independent of any system that ill be subse"uently audited. $herefore, the auditor must refrain from giving overall approval of the system in final revie . $he auditor may help in the installation or conversion of the system by continuing to offer suggestions for controls, particularly during the implementation period. %n this situation, the auditor may revie for missing segments, results of testing, and ade"uacy of documentation of program and procedures in order to determine readiness of the system for installation or conversion. !fter installation or conversion, the auditor may participate in a post-installation audit, either alone or as part of a team. 32%! Examination, adapted4

+-9

Ch. 9: Auditing Computer-Based Information Systems 9.2 $he important audit step that has not been performed in this case is tests of controls 3sometimes called compliance tests4. Since a system revie only tells the auditor hat controls are prescribed, tests of controls allo the auditor to determine hether the prescribed controls are being adhered to and are operating effectively. Examples of audit procedures hich ould be considered tests of controls are: 5bservation of computer operations, data control procedures, and file library control procedures. %n"uiry of key systems personnel ith respect to the ay in hich prescribed control procedures are interpreted and implemented. ! "uestionnaire or checklist often facilitates such in"uiry. )evie a sample of source documents for proper authorization. )evie a sample of on-line data entry entries for authorization. )evie of the data control log, the computer operations log, the file librarian's log, and the error log for evidence of adherence to prescribed policies. $est data processing by submitting a set of hypothetical transactions and comparing system outputs ith expected results. $racing selected transactions through the system and checking the accuracy of processing of these transactions. 2hecking the accuracy of a set of batch totals. )evie of system operating statistics. :sing a computer audit soft are package to edit the data on selected master files and in selected databases.

9.3

a. and b. !dvantages and disadvantages of the test data processing approach: a. A !a"#a$%& '. D(&a !a"#a$%&

+-;

Accounting Information Systems 7oes not re"uire extensive programming kno ledge to use. Easily understood by the internal auditor. $he complete system may be revie ed. )esults are often easily checked. !n opinion may be formed as to the system's accuracy in processing data. ! regular computer program may be used. Situations can be tested that may not exist hen auditing <around< the computer. %t may save time. $he auditor gains experience. $he auditor maintains control over the test. %nvalid data can be submitted to test for re&ections. %t may save computer time. %t is impractical to test all error possibilities. $here is inability to relate input data to output reports in a complex system. 3$he particular system output may be in a tape or memory form.4 %f independent files are not used, it may be difficult to reverse or back out test data from the system. .reparation of satisfactory test transactions may be time consuming. .reparation of test transactions re"uires technical kno ledge.

32%! Examination, adapted4 9.4 !ctions auditors should take to proceed ith the accounts receivable audit are: S(#)a#(*" a $he auditor should not accept this explanation and arrange ith company executives for access to the computer system. $he auditor should recommend that the procedures manual spell out computer use and access for audits. S(#)a#(*" ' $he auditor should not permit the computer program to be cataloged because it could then be changed ithout the auditor's kno ledge. S(#)a#(*" + $he auditor's charter should clearly provide for access to all areas and records of the organization. S(#)a#(*" !uditors should insist on using their o n computer audit program, since someone at the company may ish to conceal falsified accounts receivable. !uditors should insist on using their o n computer audit program to expedite the audit, simplify the application, and avoid misunderstanding. 32%! Examination, adapted4

+-=

Ch. 9: Auditing Computer-Based Information Systems 9.5 .roblems ith 72#'s test data processing application, and suggested solutions: .roblems 7uplicate copy of the program may not be a true duplicate of the current version. Suggested Solutions Source code comparison. )eprocessing 3use previously valid program4. .rocess test transactions concurrently ith live ones, on a concealed basis. 5btain the live file and duplicate it under audit control. .rocess test transactions concurrently ith live ones, on a concealed basis. !uditor must devise o n test transactions, either 3a4 manually, or 3b4 using a test data generator. Erroneous transactions should deliberately be included.

7uplicate copy of the file may not be a true duplicate of the current version.

.rogrammer's test data file a. as not independently prepared, and b. may not have contained any erroneous transactions to test the program>s ability to detect errors. 5ffsite test only checks the programs, not the source data controls, error procedures, etc. !udit senior's conclusion has no basis 3no supporting evidence4.

.rocess test transactions concurrently ith live ones, on a concealed basis. :se mini-company test 3%ntegrated $est 6acility4. 'ust predetermine the result of test data processing, and then compare these to actual results.

+-?

Accounting Information Systems

9.,

a.

!1's %nformation Systems 7ivision organization chart: 7irector of %nformation Systems

'anager of Systems 7evelopment and .rogramming

'anager of 5perations

7ata Entry Supervision

5perations Supervisor

7ata 2ontrol

b.

(.

1hat is good about this organization structure: Systems development and programming are organizationally independent of the operations functions. 2omputer operations organizationally independent of data entry and data control.

*. 1hat is bad about this organization structure: c. $he manager of operations is responsible for systems programming. $he data control clerk is responsible for the file library.

!dditional information, to be obtained from tests of compliance, ould involve hether operating procedures are enforced hich ill make the separation of functions effective. Such procedures ould include: @imited access to e"uipment, files, and documentation. 'aintenance of activity logs for operating functions. )otation of operations personnel and mandatory vacations. 2hecking of source data authorization.

+-A

9.-

%nventory transactions input control matrix:

6%E@7 8!'ES %tem number 7escription $ransaction date $ransaction 7ocument :nit type number Buantity cost 2omments

)E25)7 8!'E: .arts inventory transactions %8.:$ 258$)5@S: 6inancial totals #ash totals )ecord counts 2ross-footing balance Eisual inspection 2heck digit verification .renumbered forms $urnaround document Edit program Se"uence check 6ield check Sign check Ealidity check @imit check )easonableness test )edundant data check 2ompleteness test 5verflo procedure 5ther:

2ompute $otal cost if possible C C C Des 8o !ll fields C C 8o Des C C C C C C C C C C C C C C C C C C C C Des all fields C C 2ompare "uantity ith item number C C !lso for balance on hand

+-F
, *--+ .earson Education, %nc. publishing as .rentice #all

Accounting Information Systems 9.. a. $he fraud or abuse an auditor should be most concerned about is the submission of fictitious transactions into the system, either by a dishonest elfare examiner or by an unauthorized person. 6ictitious transactions could cause excessive elfare benefits to be paid to a valid elfare recipient, or payments to an ineligible or fictitious recipient. $hus, the most necessary concurrent audit techni"ues ill involve the processes of submitting changes in record status from <pending< to <approved< and modifying elfare records to reflect changes in the recipient's circumstances. $he auditor should verify that the system is set up to: check the pass ord of every person ho uses the system permit applicant records to be entered only by persons classified as < elfare clerks< permit transaction records to be entered only be persons classified as < elfare examiners< to capture and store the identity of the person entering every applicant record and transaction record

$he most useful concurrent audit techni"ue to minimize the risk of fraudulent transactions ould be the use of audit hooks. $hese program subroutines ould revie every record entered into the system, capture all data relating to any record that is suspicious and possibly fraudulent, rite these records on an audit log or file, and report these records to the audit staff on a real-time basis. Some examples of "uestionable records that audit hooks might be designed to flag ould be: !ny elfare application record that is entered into the system by someone other than one of the authorized elfare clerks, and especially if entered by a elfare examiner. !ny elfare record status change or modification that is entered into the system by someone other than one of the authorized elfare examiners. !ssuming that it takes a minimum of n days for a elfare examiner to verify the authenticity of the data provided by a elfare applicant, any record for hich the status change is entered ithin less than n days of the entry of the original applicant record. !ny elfare record modification transaction that causes a elfare recipient's benefits to increase by a significant amount 3say, *-G4, or to exceed some upper limit that is close to the maximum amount a recipient can collect. !ny elfare record that is modified more than t o or three times ithin a short period, such as t o or three months. !ny elfare record modification transaction that involves a change in the recipient's address. !ny elfare record here the recipient's address is a post office box. !ny elfare record that is not modified at all ithin a five year period. !ny attempt to access the system by someone not able to supply a valid elfare clerk or elfare examiner pass ord. !ny record entered into the system at a time of day that is other than during the agency's normal business hours, or is during a eekend or holiday period. +-+

Ch. 9: Auditing Computer-Based Information Systems $here are undoubtedly other useful audit hooks that could be identified. $he audit staff should <brainstorm< about methods that a fraud perpetrator could use to defraud the system, and develop audit hooks to counteract plausible fraud schemes. !s the audit staff receives the data captured by these audit hooks, they must promptly follo up to verify the validity of the data in each "uestionable record. $he auditor should also be concerned about the accuracy of the portion of the program that calculates each elfare recipient's benefits. $he auditor should verify that this program code is thoroughly tested during the implementation process, and should prepare a copy of this program code for audit purposes, to be compared ith the version of this code that is in use at subse"uent intervals. $o supplement this procedure, as ell as to provide additional protection against a possible fraud perpetrator, the auditor could add another audit hook that captures relevant data relating to any attempt to access and modify the elfare processing program itself. b. 2omputer audit soft are could be used to process the elfare recipient database against other databases that contain data about elfare recipients, identify any discrepancies in the data items used to determine eligibility for benefits and0or calculate the amount of benefits, and report these discrepancies to the audit staff. 5ther possible databases that might be used for this purpose ould include: State income tax records, hich contain data on the income and dependents of elfare recipients. State unemployment and0or disability compensation records, hich contain data on other sources of income for elfare recipients. State motor vehicle registration records, hich might contain data about valuable assets o ned by elfare recipients. .roperty tax records, hich might contain data about valuable assets o ned. 7eath records, hich obviously reflect changes in eligibility for benefits. $he reason it is important to revie these is that a very common fraud scheme involves failure to enter a death record, follo ed by the diversion of subse"uent benefit checks.

%f a elfare recipient does not appear in any of the first four databases listed above, it ould raise the issue of hether the person exists at all 3e.g., is the elfare recipient a fictitious personH4. $o investigate this, driver license registration records and voter registration records could also be checked. %f the recipient does not sho up there, the audit staff should probably insist that a 1elfare !gency employee 3other than a elfare examiner4 verify the recipient's existence by delivering the elfare check in person. $he use of computer audit soft are serves t o purposes. 6irst, it helps reduce the risk of abuse of the system by elfare applicants ho provide inaccurate or incomplete data about the factors on hich benefit calculations are based. 1elfare examiners are responsible for identifying such cases, but may not al ays do so effectively, so audit revie s of this kind provide a second line of defense against this form of abuse.

+-(-

Accounting Information Systems Second, the use of computer audit soft are in this ay should increase the chance that the audit staff ill identify any cases here a elfare examiner attempts to perpetrate fraud by entering false records into the system. 2ombined ith the audit hooks described in part 3a4, this use of computer audit soft are should provide strong assurance that the risks of fraud and abuse have been minimized. 9.9 a. $ests of edit checks: $ES$ $)!8S!2$%58 7!$! EC.E2$E7 )ES:@$S .ay code ( ( ( ( 9 ( ( * * 1age rate or salary I+.=+.=+.=+.=*--.-;(.-+.=;(--.-+.=#ours orked ;-.9C.;-.;-.;-.;-.F-.;-.;-.Exemption s -* -* C( -* -; -9 -9 -* -9 D-$-7 gross pay (----.-(----.-(=---.-I(----.-*----.-*----.-*----.-9----.-(----.-8onnumeric data: age0salary 8onnumeric data: hours orked 8onnumeric data: exemptions 8onnumeric data: y-t-d gross pay %nvalid pay code 1age rate exceeds limit #ours orked exceeds limit Salary exceeds limit Salary belo limit

b.

$ests of gross pay calculation: $ES$ $)!8S!2$%58 7!$! EC.E2$E7 )ES:@$S

.ay code * ( (

1age rate or salary =--.-+.=+.=-

#ours Exemptions orked ;-.;-.;=.-9 -* -*

D-$-7 gross pay (*---.-(----.-(----.-Jross pay K Salary K I=--.-Jross pay K I9F-.-Jross pay K I;=(.*=

+-((

Ch. 9: Auditing Computer-Based Information Systems c. $ests of federal ithholding tax calculation: EC.E2$E7 )ES:@$S 6ederal 10# 6ederal 10# Jross pay tax rate tax amount I(*-.-.-? I A.*(*-.-.-; ;.F(*-.-.-* *.;(*-.-.--.-9*-.-.(* 9F.;9*-.-.(9*.-9*-.-.-F *=.?9*-.-.-? (+.*=--.-.(F +-.-=--.-.(? F-.-;--.-.(; =?.-;--.-.(* ;F.-?--.-.*; (;;.-?--.-.** (9*.-F--.-.*(?-.-F--.-.(F (;;.--

$ES$ $)!8S!2$%58 7!$! .ay 1age rate #ours ExemptD-$-7 code or salary orked ions gross pay ( ?.-*--( (-----( ?.-*--* (-----( ?.-*--; (-----( ?.-*--? (-----( F.-;--( (*----( F.-;--9 (*----( F.-;--= (*----( F.-;--A (*----( (*.=;--( (=----( (*.=;--* (=----* ;--.-;--; *-----* ;--.-;--F *-----* ?--.-;--( *=----* ?--.-;--9 *=----* F--.-;--= *=----* F--.-;--? *=----d. $ests of state ithholding tax calculation:

$ES$ $)!8S!2$%58 7!$! .ay 1age rate #ours Exempt D-$-7 code or salary orked -ions gross pay ( =.-;-.-( (*---.-( =.-;-.-; (*---.-( A.=;-.-* (=---.-* ?--.-;-.-= *=---.-* F--.-;-.-( 99---.-. e. $ests of pension contribution calculation:

EC.E2$E7 )ES:@$S State 10# State 10# Jross pay tax rate tax amount I *--.-.-9 I ?.-*--.-.-( *.-9--.-.-9 +.-?--.-.-9 (F.-F--.-.-= ;-.--

$ES$ $)!8S!2$%58 7!$! .ay 1age rate #ours Exempt D-$-7 code or salary orked -ions gross pay ( A.=;-.-( (*---.-* F--.-;-.-= *=---.--

EC.E2$E7 )ES:@$S .ension .ension Jross pay percentage contribution I 9--.-L .-9 I +.-F--.-L .-; 9*.--

+-(*

Accounting Information Systems 9.1/ a. !dvantages of using computer audit soft are to assist ith audits include the follo ing: !udits can be more efficient, saving labor time spent on routine calculations. $he routine operations of footing extensions, transcription bet een reports, report generation, etc., are performed by the computer. $he auditor's time spent on the audit is more analytical than clerical. $he auditor can examine more records and extract data more readily through ad hoc reporting. 2omputer-generated reports and schedules are more ob&ective and professional, improving data communication. !udit sampling is improved. !ny bias in sample selection is eliminated because of assured randomness. $his has a direct effect on sampling precision, reliability, and audit accuracy. .ossible to check (--G b. (. $he purpose of generalized audit soft are programs is to perform a variety of auditing operations on the computer files used to store the information. $he steps to be follo ed by the internal auditor to use generalized computer audit soft are ould include: planning and designing the audit application. ensuring that the output and final reports are generated from the files being tested.

*. $he purpose of integrated test facility 3%$64 packages is to test both source data controls and processing controls. $he steps to be follo ed by the internal auditor to use an %$6 include: selection and preparation of the test transactions to be passed through the %$6. $hese transactions must be representative of all of the transactions the dummy unit emulates. !ll types of valid and invalid transactions must be used and blended ith regular transactions over time to properly test the system under normal conditions.

revie of all output and processing routines including a comparison of actual results to predetermined results. 9. $he purpose of a control flo charting package is to interpret the program source code and generate a program flo chart corresponding to it in order to facilitate the revie of internal controls. $o use a control flo charting package, the internal auditor should: Establish the audit ob&ective by identifying the systems and programs to be tested. )evie manuals and documentation of the system and intervie involved personnel to get an overvie of the operations to be tested.

+-(9

Ch. 9: Auditing Computer-Based Information Systems ;. $he purpose of a parallel simulation package is to ensure that organizational ob&ectives are being met, ensure compliance to technical standards, and detect unauthorized program changes. $o use a parallel simulation package: )un the same data used in the company's current application program using the <simulated< application program. 2ompare the results from the <simulated< application ith the results from the company's current application program to verify that ob&ectives are being met. 32'! Examination, adapted4

9.11 .ossible applications of computer audit soft are in a financial audit of fixed assets: a. Edit the file for obvious errors or inconsistencies such as: )etired assets hich have a non-zero net value. )etirement date hich precedes ac"uisition date. !ccumulated depreciation hich exceeds original cost. :seful life hich exceeds a reasonable limit 3such as ;- years4. %nvalid type code, location code, or depreciation method code. 8umeric fields hich contain non-numeric data. b. c. d. e. f. )ecalculate year-to-date depreciation for each asset record, compare to the amount in the record, and list any and all asset records for hich a discrepancy exists. .repare a list of all assets retired during the current year for comparison to supporting documents. .repare a list of all assets ac"uired during the current year, by location, for possible physical examination by the auditor. Select a sample of assets, stratified by net dollar value, and sorted and listed by location, for possible physical examination by the auditor. 6oot the entire file to obtain file totals for total original cost, total accumulated depreciation, total current year depreciation, and total cost of current year ac"uisitions, for comparison to externally maintained records.

+-(;

Accounting Information Systems 9.12 2omputer audit soft are can help auditors examine inventory records as follo s:

A) (# P0*+% )0% (. 5bserve the distributor>s physical count of inventories as of a given date, and test a sample of the distributor>s inventory counts for accuracy. *. 2ompare the auditor>s test counts to the inventory records. 9. 2ompare physical count data to the inventory records.

H*1 A) (# S*2#1a0% Ca" H%34 7etermine hich items are to be test counted by taking a random sample of a representative number of items from the inventory file as of the date of the physical count. !rrange test counts in a format identical to the inventory file, and then match the counts. 2ompare the total of the extended values of all inventory items counted, and the extended values of each inventory item counted, to the inventory records. 2alculate the dollar value of each inventory item counted by multiplying the "uantity on hand by the cost per unit, and then verify the addition of the extended dollar values. 2ompare the unit costs on the auditor>s price test to those on the inventory file. .repare a list of a sample of items on the inventory file for hich the date of last purchase and date of the last sale are on or immediately prior to the date of the physical count. .repare a list of items located in public arehouses. .repare a list of items on the inventory file for hich the date of last sale indicates a lack of recent transactions. .repare a list of items on the inventory file for hich the "uantity on hand is excessive in relation to the "uantity sold during the year. .repare a list of items, if any, ith negative "uantities or costs. 32.! Examination, adapted4

;. $est the mathematical accuracy of the distributors> final inventory valuation.

=. $est the pricing of the inventory by obtaining a list of costs per item from buyers, vendors, or other sources. ?. Examine inventory purchase and sale transactions on or near the year-end date to verify that all such transactions ere recorded in the proper accounting period. A. !scertain the propriety of items of inventory located in public arehouses. F. !nalyze inventory for evidence of possible obsolescence. +. !nalyze inventory for evidence of possible overstocking or slo -moving items. (-. $est the accuracy of individual data items listed in distributor>s inventory master file.

+-(=

9.13 a. $he data processing manager should have primary responsibility to detect and correct data processing errors. $he data processing manager has primary responsibility for the four stages of the data processing cycle hich are: data input, data processing, data storage, and information output. Setting up a system that ill detect and correct data processing errors falls s"uarely into the data processing cycle. !lthough the computer operator is responsible for the operation of the hard are and soft are of the organization, he is not responsible for the data. %f that ere the case it ould represent a eakness in the segregation of duties internal control structure $he corporate controller has overall responsibility for the operation of the accounting function, but ould not have primary responsibility to detect and correct data processing errors. $he independent auditor has no responsibility to detect and correct a client>s data processing errors. $he independent auditor>s responsibility is to attest to fairness of the financial statements.

b.

c.

d.

+-(?
, *--+ .earson Education, %nc. publishing as .rentice #all

Accounting Information Systems

SUGGESTED SOLUTIONS TO THE CASES

9.1 9.2 AUDIT PROGRAM a. Edit the general &ournal file for errors and inconsistencies such as: %nvalid debit0credit code or document type. 7ate not ithin current fiscal year. 'issing data values. 8on-numeric data in account number, amount, or document number fields. b. Edit the general ledger file for errors and exceptions such as: %nvalid debit0credit codes. 'issing data values. 8on-numeric data in account number or balance fields. c. Select a sample of general &ournal transactions, stratified by dollar value. Sort and list by document type. AUDIT OB5ECTI6ES AND PROCEDURES 5b&ective: Evaluate the "uality of the file data. .rocedures: )evie error listing for common error patternsM initiate correction of the errorsM trace cause of errors if possible. $he ans ers to this case ill vary ith the student's experience. 'ake sure that the student is thorough in ans ering all of the "uestions assigned.

5b&ective: Evaluate the "uality of the file data .rocedures: )evie errors listing for common error patternsM initiate error correctionM trace cause of errors.

d. 'erge the general &ournal and general ledger files by account number, and list all unmatched general &ournal entries. 3or look them up in the appropriate tables4 e. )ecalculate each ledger account>s current balance from the beginning balance and the general &ournal amounts, and list any discrepancies bet een the recalculated balance and the file balance. f. .repare comparative financial statements for the current and prior year, including selected li"uidity, profitability, and capital structure ratios. g. !nalyze selected accounts, listing the beginning balance, all transaction, and the current balance for the allo ance for bad debts, notes receivable from officers, capital stock, etc.

5b&ective: $est the transaction data entry accuracy. .rocedures: 2ompare transaction data values to source documents and identify discrepancies. %nitiate correction of all errors discovered. 5b&ective: $est transaction data entry accuracy. .rocedures: 2ompare unmatched transaction data values to source documentsM initiate errors correction. 5b&ective: $est current ledger balance accuracy. .rocedures: )evie discrepancies to see if the transaction amounts or ledger balances are erroneousM initiate appropriate corrections. 5b&ective: %dentify accounts to be investigated in greater detail. .rocedures: !nalytical revie of ratios and trends to search for unusual account balances. 5b&ective: .rovide reference data for accounts the auditor ishes to investigate in greater detail. .rocedures: )evie , analysis and investigation of specific account as appropriate.
+-(A

Ch. 9: Auditing Computer-Based Information Systems

+-(F