A PROJECT REPORT ON

“Audit Under Computerised Information System Environment.”

SUBMITTED BY
MISS MANALI. RAMCHAND. GODHIA,
ROLL NO: 166011
M.Com. SEM- IV
(ADVANCE ACCOUNTANCY)
ACADEMIC YEAR: 2016-17

Under the guidance of PROJECT GUIDE

PROF. NIKHIL KARKHANIS.

SUBMITTED TO UNIVERSITY OF MUMBAI

MULUND COLLEGE OF COMMERCE
S N ROAD, MULUND (WEST)
MUMBAI - 400080

1|Page
 Declaration from the Student
I, MANALI GODHIA ROLL. No. 166011 Student of Mulund College Of Commerce, S. N.
Road, Mulund (West) 400080, studying in M.Com Part- II hereby declare that I have completed
the project on “Audit Under Computerised Information System Environment” under the
guidance of project guide Prof. NIKHIL KARKHANIS during the academic year 2016-17. The
information submitted is true to the best of my knowledge.

Date:
Signature:
Place:

2|Page
 CERTIFICATE
I, Prof. NIKHIL KARKHANIS, hereby certify that Miss MANALI GODHIA. ROLL. No.
166011 of Mulund College of Commerce, S. N. Road,Mulund (West), Mumbai -400080 of
M.com Part II (Advanced Accountancy) has completed her project on “Audit Under
Computerised Information System Environment” during the academic year 2016-17. The
information submitted is true and original to the best of my knowledge.

____________________ ___________________
Project Guide External guide
_____________________ ___________________
Co-coordinator Principal
Date:

3|Page
 ACKNOWLEDGEMENT
I would like to express my sincere gratitude to Principal of Mulund College of Commerce
DR. (Mrs.) Parvathi Venkatesh, Course - Coordinator Prof. Rane and our project guide Prof.
NIKHIL KARKHANIS. , for providing me an opportunity to do my project work on
titled “Audit Under Computerised Information System Environment.”. I also wish to express
my sincere gratitude to the non - teaching staff of our college. I sincerely thank to all of
them in helping me to carrying out this project work. Last but not the least, I wish to
avail myself of this opportunity, to express a sense of gratitude and love to my friends
and my beloved parents for their mutual support, strength, help and for everything.

PLACE: Signature
DATE:

4|Page
 TABLE OF CONTENTS

SR. NO. PARTICULAR PAGE NO.

INTRODUCTION

1 06-11
1.1 Significance
1.2 Statement Of Problems

2 Review of literature 12-18

3 Objective 19-20

Research Methodology:

4 4.1 Scope of audit 21-26

4.2 DATA COLLECTION
4.3 Limitation

5 Analysis 27-30

6 Recommendation 31

7 Conclusion 32

8 Biblography 33

5|Page
INTRODUCTION:

An audit is a systematic and independent examination of books, accounts, statutory records,

documents and vouchers of an organization to ascertain how far the financial statements as well
as non-financial disclosures present a true and fair view of the concern. It also attempts to ensure
that the books of accounts are properly maintained by the concern as required by law. Auditing
has become such a ubiquitous phenomenon in the corporate and the public sector that academics
started identifying an "Audit Society". The auditor perceives and recognises the propositions
before them for examination, obtains evidence, evaluates the same and formulates an opinion on
the basis of his judgement which is communicated through their audit report.

Any subject matter may be audited. Audits provide third party assurance to
various stakeholders that the subject matter is free from material misstatement. The term is most
frequently applied to audits of the financial information relating to a legal person. Other areas
which are commonly audited include: secretarial & compliance audit, internal controls, quality
management, project management, water management, and energy conservation.

As a result of an audit, stakeholders may effectively evaluate and improve the effectiveness of
risk management, control, and the governance process over the subject matter.

The word audit is derived from a Latin word "audire" which means "to hear". During the
medieval times when manual book-keeping was prevalent, auditors in Britain used to hear the
accounts read out for them and checked that the organisation's personnel were not negligent or
fraudulent.

An information system (IS) is any organized system for the collection, organization, storage and
communication of information. More specifically, it is the study of complementary networks that
people and organizations use to collect, filter, process, create and distribute data.

"An information system (IS) is a group of components that interact to produce information."

6|Page
A computer information system is a system composed of people and computers that processes or
interprets information. The term is also sometimes used in more restricted senses to refer to only
the software used to run a computerized database or to refer to only a computer system.

Information systems is an academic study of systems with a specific reference to information and
the complementary networks of hardware and software that people and organizations use to
collect, filter, process, create and also distribute data. An emphasis is placed on an information
system having a definitive boundary, users, processors, storage, inputs, outputs and the
aforementioned communication networks.

Any specific information system aims to support operations, management and decision-
making. An information system is the information and communication technology (ICT) that an
organization uses, and also the way in which people interact with this technology in support of
business processes.

Some authors make a clear distinction between information systems, computer systems,
and business processes. Information systems typically include an ICT component but are not
purely concerned with ICT, focusing instead on the end use of information technology.
Information systems are also different from business processes. Information systems help to
control the performance of business processes.

Alter argues for advantages of viewing an information system as a special type of work system.
A work system is a system in which humans or machines perform processes and activities using
resources to produce specific products or services for customers. An information system is a
work system whose activities are devoted to capturing, transmitting, storing, retrieving,
manipulating and displaying information.

As such, information systems inter-relate with data systems on the one hand and activity systems
on the other. An information system is a form of communication system in which data represent
and are processed as a form of social memory. An information system can also be considered a
semi-formal language which supports human decision making and action.

Information systems are the primary focus of study for organizational informatics.

7|Page
The developments and changes in the economic environment as information revolution, the
liberalization of global trade, the emergence of the giant banks with branches, sections and
intensified competition among banks have resulted in all of these developments which led to the
imposition of local and international significant challenges on the departments of banks to find
control systems and powerful and sophisticated administrative and accounting controls, that
enable them to take various responsibility and assist in the various economic usage and efficient
use of economic resources, which gives them a competitive advantage are most in need.
However, in this development and using accounting information systems in banks led to the
desire of many banks to enter these systems in the field of their work and that because of what
these systems provide in the accuracy of the work, speed in accomplishing, the efficient tool of
accountants, their accuracy in work and the access to the required accounting information as
soon as possible and at the lowest possible cost.
The purpose of this International Standard on Auditing (ISA) is to establish standards and
provide guidance on procedures to be followed when an audit is conducted in a computer
information systems (CIS) environment. For purposes of ISAs, a CIS environment exists when a
computer of any type or size is involved in the processing by the entity of financial information
of significance to the audit, whether that computer is operated by the entity or by a third party.
The auditor should consider how a CIS environment affects the audit. The overall objective and
scope of an audit does not change in a CIS environment. However, the use of a computer
changes the processing, storage and communication of financial information and may affect the
accounting and internal control systems employed by the entity. Accordingly, a CIS environment
may affect:
• The procedures followed by the auditor in obtaining a sufficient understanding of the
accounting and internal control systems.
• The consideration of inherent risk and control risk through which the auditor arrives at the risk
assessment.
• The auditor’s design and performance of tests of control and substantive procedures appropriate
to meet the audit objective.

8|Page
The Significance of the Study:
The significance of this study came as a result of what the computerized accounting information
systems in the operating banks in Jordan may expose of electronic penetration (hacking), and the
role of internal auditor in participating in the protection of these information as confirmed by the
results of previous studies, the significance emerges as a result of the great advances in
information technology and computer industry, which has led to the easiness to copy, modify and
change data and stored files
on computer memory and this thing is not accompanied by similar development in the practices
and controls at banks, in addition this study can benefit other sectors whether they were in the
service sector, or insurance sector to identify the control procedures applied in the computerized
accounting information systems and to get benefit from, and the importance of the study comes
as well as a result of the lack of studies looking at the involvement of internal auditor in the
protection of computerized accounting information systems from electronic penetration
(hacking).
Today, solutions to environmental challenges are aided by an arsenal of information and
knowledge systems that were unavailable for most of the last 30 years when environmental
management was predicated on “command and control” mechanisms such as remediation of
specific sites or compliance with, and enforcement of, end-of-pipe emissions requirements and
standards. As knowledge about the causes of environmental ills has grown, so too has the
number of options on how to handle them and the development of collaborations and
partnerships aimed at harnessing the growing incentive-based approaches to environmental
protection. As additional information technologies and knowledge management techniques
evolve, environmental considerations will join other areas of strategic importance to industry.
Information technologies are unique not just because of their growing use in decision-making
and knowledge management systems, important as that is. Their use has also yielded significant
improvements in the efficiency of energy and materials use. This has contributed to economic
expansion without the increases in environmental impacts that would have resulted had the
efficiency improvements not occurred. Advances in information technology are likely to
continue to provide opportunities for the development of improved and new products and
services.

9|Page
This will not occur, however, without continuing attention to both the individual units (e.g.,
factories or cars) that contribute to environmental degradation as well as the interaction of these
units with each other and the environment. The system studies that are necessary to assess the
trade-offs in such areas as materials choice (e.g., paper or plastic grocery bags, disposable or
cloth diapers) difficult and frequently are hampered by lack of understanding of these
interactions. Understanding the total system remains a daunting challenge.
This volume builds on earlier efforts of the National Academy of Engineering (NAE) in the area
of technology and the environment.1 It contains selected papers from the July 1997 Workshop on
Industrial Ecology, Enabling Environmental Performance Improvement: The Role of Knowledge
and Information Technology. The papers are presented in three sections. The first section
explores the implications of information technologies for sustainable development and the legal
context within which information and knowledge systems are evolving. The second section
focuses on the areas where most of the path-breaking work is occurring—the individual
corporation—and the information- and knowledge-sharing tools and techniques that are being
developed in that arena. The third section provides examples of systems that are evolving in the
relationships between corporations and society as a whole. Although the latter are still in
development, they offer exciting potential for substantially improving the environmental
efficiency of the economy.
This overview provides a context for the accompanying papers by discussing the role of
information and knowledge systems in the evolving discipline of industrial ecology. It describes
how companies are leveraging these systems to reap environmental benefits and how novel
applications of information technologies are bridging the gap between industrial practice and
society’s interest in the environment and sustainable development. It concludes with suggestions
on how to address some of the difficult issues related to “green” information and knowledge.

10 | P a g e
STATEMENT OF PROBLEMS:

Due to the enormous increase in the use of technology systems and various programs, many
banks have acquired and implement the latest systems and electronic software that enabled them
to perform many tasks and accounting functions faster and more accurate. But on the other side,
the computerized accounting information systems seemingly impregnable against penetration
and security threats as there is a belief that the penetrated computer has high skills in
representation and fraud in order to obtain confidential information and to hack illegally to the
information, and he can exploit the existence of gaps or weakness areas in the software and
operation systems which is usually caused by errors in programming or unintended distortions in
the programming process in order to find those gaps. Thus, this study focused on factors
affecting the role of internal auditor in the protection of computerized accounting information
systems from electronic penetration (hacking) and thus, the study seeks to answer the following
questions:
1. What role is played by the internal auditor for the protection of computerized accounting
information systems from the electronic penetration (hacking)?
2. Is there a statistically significant impact of knowledge and skill to the internal auditor for his
role in the protection of computerized accounting information systems?
3. Is there a statistically significant impact of the knowledge of the internal auditor of the nature
of
work on his role in the protection of computerized accounting information systems from the
electronic penetration (hacking)?
4. Is there a statistically significant impact of the security control strategy for electronic
commerce
in the banks on the role of internal auditor in the protection of computerized accounting
information systems?

11 | P a g e
Review of literature

 Kenny Z Lin, , K.Hung Chan, Lingnan University, 14 December 2000

The continuing and deepening economic reforms in China have brought many changes both
socially and economically to the society. The primary function of auditing in China has begun to
shift away from the traditional tax compliance assessment towards the credibility lending to
financial statements. The economic reforms and the development of the Accounting Standards
for Business Enterprises have necessitated the parallel development of auditing standards in
China. While some significant differences exist, the new Chinese auditing standards are, in a
number of important aspects, similar to the professional standards promulgated by the
International Federation of Accountants. The development of a comprehensive body of
standards, auditor independence, the role of certain auditing techniques, and certified public
accountant (CPA) population are the major areas that China needs to improve. Opening up the
Chinese accounting industry will trigger significant advances in the implementation of Chinese
standards and the development of the Chinese accounting profession.
Foot note: Auditing Standards in China—A Comparative Analysis with Relevant International
Standards and Guidelines.
 Ahmad A. Abu‐Musa, Emerald Group Publishing Limited, 2008
The purpose of this paper is to investigate empirically the impact of emerging information
technology (IT) on internal auditors' (IA) activities, and to examine whether the IT evaluations
performed in Saudi organizations vary, based on evaluation objectives and organizational
characteristics.
Design/methodology/approach
– A survey, using a self‐administered questionnaire, is used to achieve these objectives. About
700 questionnaires were randomly distributed to a sample of Saudi organizations located in five
main Saudi cities. In total, 218 valid and usable questionnaires – representing a 30.7 percent
response rate – were collected and analyzed using Statistical Package for Social Sciences – SPSS
version 15.

12 | P a g e
Findings
– The results of the study reveal that IA need to enhance their knowledge and skills of
computerized information systems (CIS) for the purpose of planning, directing, supervising and
reviewing the work performed. The results of the study are consistent with Hermanson et al. that
IA focus primarily on traditional IT risks and controls, such as IT data integrity, privacy and
security, asset safeguarding and application processing. Less attention has been directed to
system development and acquisition activities. The IA's performance of IT evaluations is
associated with several factors including: the audit objectives, industry type, the number of IT
audit specialists on the internal audit staff, and the existence of new CIS.

Practical implications
– From a practical standpoint, managers, IA, IT auditors, and practitioners alike stand to gain
from the findings of this study.

Foot Note: Information technology and its implications for internal auditing: An empirical
study of Saudi organizations

 Klaus Rennings, 11 May 2005

Environmental modernization of the economy includes the implementation of environmental

policies which connect environmental management to technical environmental innovations and
improved economic performance. Some of the most important instruments in this respect are
standards for environmental management systems such as the EU Environmental Management
and Auditing Scheme (EMAS). Based on a unique data set of German EMAS-validated
facilities, this paper investigates the effects of different characteristics of EMAS on technical
environmental innovations and economic performance. Most firms report a positive influence of
environmental management systems in general on environmental process innovations.
Furthermore, environmental reports support the diffusion of technical environmental
innovations. The econometric analysis shows a positive impact of the maturity of environmental
management systems on environmental process innovations. Another important determinant of
environmental process innovations is the strong participation of specific departments in the
further development of EMAS such as the R&D department. For environmental product
innovations, learning processes by environmental management systems have a positive impact.

13 | P a g e
Such learning processes as well as environmental process innovations also have a positive
influence on economic performance. We conclude that a careful design of EMAS is important
for both the environmental and economic performance of a facility. The conclusions should also
be relevant for the worldwide ISO 14001 standard since over 55% of the interviewed EMAS-
validated firms have also implemented ISO 14001.

Foot Note: The influence of different characteristics of the EU environmental management and
auditing scheme on technical environmental innovations and economic performance

 Zabihollah Rezaee, March 2002,

The digital economy has significantly altered the way business is conducted and financial
information is communicated. A rapidly growing number of organizations are conducting
business and publishing business and financial reports online and in real‐time. Real‐time
financial reporting is likely to necessitate continuous auditing to provide continuous assurance
about the quality and credibility of the information presented. The audit process has, by
necessity, evolved from a conventional manual audit to computer‐based auditing and is now
confronted with creating continuous electronic audits. Rapidly emerging information technology
and demands for more timely communication of information to business stakeholders requires
auditors to invent new ways to continuously monitor, gather, and analyze audit evidence.
Continuous auditing is defined here as “a comprehensive electronic audit process that enables
auditors to provide some degree of assurance on continuous information simultaneously with, or
shortly after, the disclosure of the information.” This paper is based on a review of related
literature, innovative continuous auditing applications, and the experiences of the authors. An
approach for building continuous audit capacity is presented and audit data warehouses and data
marts are described. Ever improving technology suggests that the real‐time exchange of sensitive
financial data will place constant pressure on auditors to update audit techniques. Most of the
new techniques that will be required will involve creation of new software and audit models.
Future research should focus on how continuous auditing could be constantly improved in
various auditing domains including assurance, attestation, and audit services.

Foot Note: Continuous Auditing: Building Automated Auditing Capability

14 | P a g e
  H. Ronald Berlack, 15 JAN 2002
Configuration management is a discipline that governs the identification, control, status
accounting, audit, and interface of a given software product. It is one of the many processes that
occur within an engineering development environment in which several engineering, software,
and manufacturing process are performed concurrently.
Configuration management (CM) is a process that provides lines of communication within a
software programming enmity during the design, development, build, test, and delivery of a
software product. A configuration management activity may be an individual or group
designated by an entity's management to ensure that all the people participating in the software
program/project know what is being designed, developed, built, tested, and delivered. In the end
these same people and the ultimate users have to know what was built, tested, and delivered so
that the software product is used as intended and can be supported and maintained in its
environment.
The CM activity interprets a customer's design and development requirements and ensures that
these requirements can be traced from the initial implementation of the software to the final
software product. As changes occur, the CM activity ensures they are managed in a cost-
effective and timely manner.
The successful performance of a CM activity requires early involvement in the development
phases, early planning for support and maintenance, and assignment of the necessary authority
and resources to implement the CM process on a software program or project. Success is
enhanced if the organizational entity has designated an overall focal point for the promulgation
of CM policy and procedure or standards CM planning, documented in a CM plan, providing the
basis for the project's members understanding of their role in the CM process.
For cost, the CM activity provides proven techniques for processing changes. It prevents
unauthorized changes from occurring without review or approval of the requested changes,
identifies all documentation and protects such documents from the incorporation of unauthorized
changes, and also assures the immediate update of changed software or software documentation,
thus providing for least cost of maintenance and reuse.
The CM activity prevents unauthorized changes, thus helping to avoid schedule slippage.
Interface requirements are addressed and documented and provide a readily available trace for
impact analysis. By controlling changes and providing good communication, initial requirements

15 | P a g e
are kept up-to-date and changes are noted and available for review via timely status accounting
records. Requirements must be reviewed during the functional review and physical configuration
audit, where requirements are compared against what was produced. Finally, all system and
component interface documentation is accounted for and under control, enabling the impact
analysis (of change) activity to be performed efficiently.

Foot Note: Software Configuration Management

 P. E. Davies A , J. H. Harris B E , T. J. Hillman C and K. F. Walker, 23 July 2010

The Sustainable Rivers Audit (SRA) is a systematic assessment of the health of river ecosystems
in the Murray–Darling Basin (MDB), Australia. It has similarities to the United States’
Environmental Monitoring and Assessment Program, the European Water Framework Directive
and the South African River Health Program, but is designed expressly to represent functional
and structural links between ecosystem components, biophysical condition and human
interventions in the MDB. Environmental metrics derived from field samples and/or modelling
are combined as indicators of condition in five themes (Hydrology, Fish, Macroinvertebrates,
Vegetation and Physical Form). Condition indicator ratings are combined using expert-system
rules to indicate ecosystem health, underpinned by conceptual models. Reference condition, an
estimate of condition had there been no significant human intervention in the landscape, provides
a benchmark for comparisons. To illustrate, a synopsis is included of health assessments in
2004–2007. This first audit completed assessments of condition and ecosystem health at the
valley scale and in altitudinal zones, and future reports will include trend assessments. SRA
river-health assessments are expected to play a key role in future water and catchment
management through integration in a Basin Plan being developed by the Murray–Darling Basin
Authority for implementation after 2011. For example, there could be links to facilitate
monitoring against environmental targets.

Foot Note: The Sustainable Rivers Audit: assessing river ecosystem health in the Murray–
Darling Basin, Australia

 Zabihollah Rezaee, Rick Elam, Ahmad Sharbatoghlie, since 2006

16 | P a g e
Technological advances (e.g. e‐commerce and the Internet) have changed business practices
and the process of recording and storing business transactions. Extensible Business
Reporting Language (XBRL) will soon be built into accounting and reporting software which
would allow on‐line real‐time preparation, publication, examination, and extraction of
financial information. Thus, outside, independent auditors should use continuous, electronic
auditing when most financial information exists only in electronic form under real ‐time
accounting systems. Continuous auditing and its implications for independent auditors,
including internal control considerations and audit procedures, are described and analyzed.
Foot Note: Continuous auditing: the audit of the future

 Harvey. S. kosh, February 1984

Two auditing techniques are described that can be used to audit on-line applications. Parallel
simulation is a batch oriented technique that is used to audit on-line systems. Continuous and
Intermittent Simulation (CIS) was specifically designed to audit on-line applications. CIS allows
transactions to be audited as they are being processed. Procedures are given that determine which
instructions of the application should be included in an audit using parallel simulation and CIS.
Rules are given for an auditor to determine which auditing technique will create less overhead.
This can be determined before the audit plan is implemented.
Foot Note: Auditing on-line systems: An evaluation of parallel versus Continuous and
Intermittent Simulation

 Randall S. Thomas, 27 Dec 2010

The Central and Eastern Europe (CEE) countries are breaking up their centrally planned
economies at a record pace by selling formerly state-owned industrial enterprises to private
sector investors. Privatization is expected to create more profit-oriented and efficient industries, a
predicate for sustained long term economic growth. This transformation from public to private
ownership presents tremendous challenges to these new democracies as they struggle to create
market economies and democtratic institutions.
Foot Note: The Impact of Environmental Liabilities on Privatization in Central and Eastern
Europe: A Case Study of Poland

17 | P a g e
Objectives of the Study:

General Objective
To establish the role of computer based information system on organizational performance in
Kenya Airways.
Specific Objectives
The study was guided by the following objectives:
1. To establish to what extent efficiency affects organizational performance of Kenya
Airways.

2. To determine to what extent integration affects organizational performance of Kenya

Airways.

3. To evaluate the effect of e-commerce strategy on organizational performance of Kenya

Airways.

4. To examine the effect of communication on organizational performance of Kenya

Airways.

The most important objectives of this study, which seeks to achieve are:

1. Identifying the role of internal auditor in the protection of computerized accounting

information systems from electronic penetration (hacking).
2. Identifying the knowledge and skill impact of the internal auditor for his role in the protection
of computerized accounting information systems from electronic penetration (hacking).
3. Identifying the impact of knowing the nature of the work of internal auditor for his role in the
protection of computerized accounting information systems from electronic penetration
(hacking).
4. Identifying the impact of security control strategy for electronic commerce in banks on the
role of internal auditor in the protection of computerized accounting information systems from
electronic penetration (hacking).
In an IT audit, auditors should meet the following objectives

18 | P a g e
• Checking security provisions, which protect computer equipment, programs, communications,
and data from unauthorized access, modification, or destruction.
– Program development and acquisition are performed in accordance with management’s
authorization.
– Program modifications have authorization and approval from management.
– Processing of transactions, files, reports, and other computer records is accurate and complete.
– Source data that are inaccurate or improperly authorized are identified and handled according
to prescribed managerial policies.
– Computer data files are accurate, complete, and confidential.

19 | P a g e
RESEARCH MEHODOLOGY:
SCOPE:
The use of CIS in various organisations has caused drastic impact on audit approaches,
techniques, risk involved and internal control methods.
Following factors (risks) must be given due consideration while framing an audit plan for an
organisation:
1. High speed and Automatic initiation/execution of transactions: In CIS environment,
transactions are processed instantly. Once the transaction is fed into the system, it might get
executed automatically without requiring for authorisation of the same. Similarly, reports (even
complex one’s also) can be generated at a very high speed and can be viewed by multiple users
at a time. Thus giving rise to many security issues.
2. Uniform processing of transaction, hence low clerical error: While feeding input,
processing transactions and generating outputs, computer system performs multiple checks on
data at each at each point of time. Moreover, the processing of transaction is in a uniform
manner. Hence the clerical errors generated are minimised. However, there is a shift of errors
from human generated errors towards system generated errors.
3. Unintentional or system generated errors: As discussed earlier, there is a shift in nature of
errors from human generated to system generated. Errors occur due to lack of experienced
personnel. And errors are mainly related to development, maintenance and execution of CIS.
4. Inexperienced personnel: Now-a-days, the technological advancement is occurring at a very
fast pace. It has created a deficit of expertized staff to understand the current technology, both at
client end as well as auditor end.
5. Concentration of duties: Under CIS environment, more than one kind of task/function can
be performed by an individual. This leads to difficulty in segregation of duties among individual.
Consequently, it gives rise to a number of security issues also.
6. Lack of audit trail: In computerised system, the processing of a transaction takes place
instantly. This leads to loss of audit trail. Thus, auditor needs to apply some alternate procedure
to compensate the loss of audit trial.
Audit Trail: It can be defined as a step-by-step record by which a transaction can be traced. The
auditor may apply one of the following methods to compensate the loss of audit trail:

20 | P a g e
1. Special/Exceptional Reports: The auditor may ask the client to arrange special reports and
print-outs. E.g.: sales orders for the month of December & March; purchase orders that have
been short-closed by the purchase department.
2. Tagging and Tracing: a.It is a method of compensating the audit trail. b. It involves tagging
the clients input data such that only relevant data is highlighted on the screen, which needs to be
verified by the auditor. c. E.g.: cash payments of more than ₨.20,000/-; debtors outstanding for
more than 3 months; purchase order pending for more than 30 days from expected delivery date;
etc.
3. Alternative Review Procedures (ARP): It means to include a number of methods to
compensate audit trial, such as: a.Auditors’ judgement: budgeting the figures and comparing
them with actual figures. b. Ratio analysis / checking critical ratios. This implies calculating
certain ratios on the basis of budgeted data or previous period’s data or data from similar
industries and comparing them with the actual data of the client organisation. c. Testing on total
basis: if individual items can’t be checked in detail then auditor may take totals of reasonable
chunks of data and check accordingly. d. Clerical recreation: Auditor may manually generate
certain figures that have been generated by the system (automatically).
4. Use of CAAT: The auditor may take the help of white-box audit approach or CAATs.
5. Auditor’s participation in SDLC and dependence on other (manual) controls: We know
that there is a constraint of audit trail in CIS environment. Thus, a computerised information
system lacks manual reasonableness. An information system of an organisation can only be
effective if it has reasonable level of audit facilities integrated into it. Hence participation of
auditor is highly important in SDLC. Moreover, auditor may use certain manual methods also
while performing the audit.
6. Internal Control Environment & management supervision: The success of CIS highly
depends upon the involvement of management in development and maintenance of CIS. Under
CIS environment, the risk of fraud & error is relatively high. 9. Use of CAAT: The audit under
CIS environment cannot be carried by traditional (manual) approaches, effectively. Since the
processing of transaction in CIS environment is fast and complicated, the audit must be carried
out using computer assisted audit techniques (CAAT). This requires a reasonably good amount
of IT skills on part of the auditors.

21 | P a g e
DATA COLLECTION:

Definition of primary Data.

Data used in research originally obtained through the direct efforts of
the researcher through surveys, interviews and direct observation. Primary data is more costly to
obtain than secondary data, which is obtained through published sources, but it is also more
current and more relevant to the research project.

Meaning Of Primary data

Primary data is that which is collected by sociologists themselves during their own research
using research tools such as experiments, survey questionnaires, interviews and observation.

Primary data can take a quantitative or statistical form, e.g. charts, graphs, diagrams and tables. It
is essential to interpret and evaluate this type of data with care. In particular, look at how the data
is organised in terms of scale. Is it organised into percentages, hundreds, thousands, etc.? Is it a
snapshot of a particular year or is it focusing on trends across a number of years?

Primary data can also be qualitative, e.g. extracts from the conversations of those being studied.
Some researchers present their arguments virtually entirely in the words of their subject matter.
Consequently the data speaks for itself and readers are encouraged to make their own
judgements.

Definition Of Secondary Data

Data that has previously been collected (primary data) that is utilized by a person other than the
one who collected the data. Secondary data is often used in social and economic analysis,
especially when access to primary data is unavailable. For example, a survey of a group
of economists (primary data) cannot be repeated, so its results are used in
subsequent research projects. Or, data collected by the Department of Labor (primary data) that
is used in economic analysis.

Meaning Of Secondary Data

Secondary data are the Second hand informations. The data which have already been collected
and processed by some agency or persons and are not used for the first time are termed as

22 | P a g e
secondary data. According to M. M. Blair, “Secondary data are those already in existence and
which have been collected for some other purpose.” Secondary data may be abstracted from
existing records, published sources or unpublished sources.

Advantages of Secondary data

It is economical. It saves efforts and expenses.

It is time saving.

It helps to make primary data collection more specific since with the help of secondary data, we
are able to make out what are the gaps and deficiencies and what additional information needs to
be collected.

It helps to improve the understanding of the problem.

It provides a basis for comparison for the data that is collected by the researcher.

Disadvantages of Secondary Data

Secondary data is something that seldom fits in the framework of the marketing research factors.
Reasons for its non-fitting are:-

Unit of secondary data collection-Suppose you want information on disposable income, but the
data is available on gross income. The information may not be same as we require.

“This Project is totally based on Secondary data.”

23 | P a g e
Limitation:

Unemployment and lack of job security – implementing the information systems can save a great
deal of time during the completion of tasks and some labor mechanic works. Most paperwork’s
can be processed immediately, financial transactions are automatically calculated, etc. As
technology improves, tasks that were formerly performed by human employees are now carried
out by computer systems. For example, automated telephone answering systems have replaced
live receptionists in many organizations or online and personal assistants can be good example
also. Industry experts believe that the internet has made job security a big issue as since
technology keeps on changing with each day. This means that one has to be in a constant
learning mode, if he or she wishes for their job to be secure.

Dominant culture – while information technology may have made the world a global village, it
has also contributed to one culture dominating another weaker one. For example it is now argued
that US influences how most young teenagers all over the world now act, dress and behave.
Languages too have become overshadowed, with English becoming the primary mode of
communication for business and everything else.

Security issues – thieves and hackers get access to identities and corporate saboteurs target
sensitive company data. Such data can include vendor information, bank records, intellectual
property and personal data on company management. The hackers distribute the information
over the Internet, sell it to rival companies or use it to damage the company’s image. For
example, several retail chains were targeted recently by hackers who stole customer information
from their information systems and distributed Social Security numbers and credit card data over
the Internet.

Implementation expenses – to integrate the information system it require pretty good amount of
cost in a case of software, hardware and people. Software, hardware and some other services
should be rented, bought and supported. Employees need to be trained with unfamiliar
information technology and software.

24 | P a g e
Information systems contribute to the efficient running of organizations. Information systems are
showing the exponential growth in each decades. Today’s information technology has
tremendously improved quality of life. Modern medicine has benefited the most with better
information system using the latest information technology. By understanding and learning what
advantages and disadvantages it can bring, we have to try, believe and put an effort with our best
to make that existing advantage much better and navigate the disadvantages to have a less impact
on organizations and society.

25 | P a g e
ANALYSIS:
The auditor should have sufficient knowledge of the CIS to plan, direct, supervise and review the
work performed. The auditor should consider whether specialized CIS skills are needed in an
audit.
These may be needed to:
• Obtain a sufficient understanding of the accounting and internal control systems affected by the
CIS environment.
• Determine the effect of the CIS environment on the assessment of overall risk and of risk at the
account balance and class of transactions level.
• Design and perform appropriate tests of control and substantive procedures. If specialized skills
are needed, the auditor would seek the assistance of a professional possessing such skills, who
may be either on the auditor’s staff or
an outside professional.
If the use of such a professional is planned, the auditor should obtain sufficient appropriate audit
evidence that such work is adequate for the purposes of the audit, in accordance with ISA 620,
“Using the Work of an Expert.”
Planning
auditor should obtain an understanding of the accounting and internal control systems sufficient
to plan the audit and develop an effective audit approach. In planning the portions of the audit
which may be affected by the client’s CIS environment, the auditor should obtain an
understanding of the significance and complexity of the CIS activities and the availability of data
for use in the audit.
This understanding would include such matters as:
• The significance and complexity of computer processing in each significant accounting
application. Significance relates to materiality of the financial statement assertions affected by
the computer processing. An application may be considered to be complex when, for example:
◦ The volume of transactions is such that users would find it difficult to identify and correct
errors in processing.
◦ The computer automatically generates material transactions or entries directly to another
application.

26 | P a g e
◦ The computer performs complicated computations of financial information and/or
automatically generates material transactions or entries that cannot be (or are not) validated
independently.
◦ Transactions are exchanged electronically with other organizations (as in electronic data
interchange (EDI) systems) without manual review for propriety or reasonableness.
• The organizational structure of the client’s CIS activities and the extent of concentration or
distribution of computer processing throughout the entity, particularly as they may affect
segregation of duties.
• The availability of data. Source documents, certain computer files, and other evidential matter
that may be required by the auditor may exist for only a short period or only in machine-readable
form. Client CIS may generate internal reporting that may be useful in performing substantive
tests (particularly analytical procedures). The potential for use of computer-assisted audit
techniques may permit increased efficiency in the performance of audit procedures, or may
enable the auditor to economically apply certain procedures to an entire population of accounts
or transactions. AUDITING IN A COMPUTER INFORMATION SYSTEMS ENVIRONMENT

When the CIS are significant, the auditor should also obtain an understanding of the CIS
environment and whether it may influence the assessment of inherent and control risks.
The nature of the risks and the internal control characteristics in CIS environments include the
following:
• Lack of transaction trails. Some CIS are designed so that a complete transaction trail that is
useful for audit purposes might exist for only a short period of time or only in computer readable
form. Where a complex application system performs a large number of processing steps, there
may not be a complete trail. Accordingly, errors embedded in an application’s program logic
may be difficult to detect on a timely basis by manual (user) procedures.
• Uniform processing of transactions. Computer processing uniformly processes like transactions
with the same processing instructions. Thus, the clerical errors ordinarily associated with manual
processing are virtually eliminated. Conversely, programming errors (or other systematic errors
in hardware or software) will ordinarily result in all transactions being processed incorrectly.
• Lack of segregation of functions. Many control procedures that would ordinarily be performed
by separate individuals in manual systems may be concentrated in CIS. Thus, an individual who

27 | P a g e
has access to computer programs, processing or data may be in a position to perform
incompatible functions.
• Potential for errors and irregularities. The potential for human error in the development,
maintenance and execution of CIS may be greater than in manual systems, partially because of
the level of detail inherent in these activities. Also, the potential for individuals to gain
unauthorized access to data or to alter data without visible evidence may be greater in CIS than
in manual systems.
• In addition, decreased human involvement in handling transactions processed by CIS can
reduce the potential for observing errors and irregularities. Errors or irregularities occurring
during the design or modification of application programs or systems software can remain
undetected for long periods of time.
• Initiation or execution of transactions. CIS may include the capability to initiate or cause the
execution of certain types of transactions, automatically. The authorization of these transactions
or procedures may not be documented in the same way as those in a manual system, and
management’s authorization of these transactions may be implicit in its acceptance of the design
of the CIS and subsequent modification.
• Dependence of other controls over computer processing. Computer processing may produce
reports and other output that are used in performing manual control procedures. The
effectiveness of these manual control procedures can be dependent on the effectiveness of
controls over the completeness and accuracy of computer processing. In turn, the effectiveness
and consistent operation of transaction processing controls in computer applications is often
dependent on the effectiveness of general CIS controls.
• Potential for increased management supervision. CIS can offer management a variety of
analytical tools that may be used to review and supervise the operations of the entity. The
availability of these additional controls, if used, may serve to enhance the entire internal control
structure.
• Potential for the use of computer-assisted audit techniques. The case of processing and
analyzing large quantities of data using computers may provide the auditor with opportunities to
apply general or specialized computer audit techniques and tools in the execution of audit tests.

28 | P a g e
• Both the risks and the controls introduced as a result of these characteristics of CIS have a
potential impact on the auditor’s assessment of risk, and the nature, timing and extent of audit
procedures.
Audit Procedures
In accordance with ISA 400, “Risk Assessments and Internal Control,” the auditor should
consider the CIS environment in designing audit procedures to reduce audit risk to an acceptably
low level.
The auditor’s specific audit objectives do not change whether accounting data is processed
manually or by computer. However, the methods of applying audit procedures to gather evidence
may be influenced by the methods of computer processing. The auditor can use either manual
audit procedures, computer-assisted audit techniques, or a combination of both to obtain
sufficient evidential matter. However, in some accounting systems that use a computer for
processing significant applications, it may be difficult or impossible for the auditor to obtain
certain data for inspection, inquiry, or confirmation without computer assistance.

29 | P a g e
Recommendation:
Four factors were considered in the study. Out the four, integration should be accorded the
highest priority at Kenya Airways since according to the study it had the highest statistical
significance. This factor would lead to KQ achieve competitive advantage over the competitors.
The second priority should be given to e commerce strategy because from the results it had the
second highest statistical significance. Kenya is regional hub for finance and trade in the East
African region with a population of over 129 million. Kenya can take the advantage and
opportunities offered by e commerce in order to remain as the regional hub. Kenya Airways
should accord e commerce high priority to take advantage of Kenya’s trade advantage in the
region.
Thirdly, the company should consider continuous evaluation of their CBIS systems with a view
to upgrade or acquire new CBIS systems in the market that would address the company
requirements. This will enhance effectiveness in business operation processes and hence gain
competitive advantage in the industry. Finally the company needs to consider the interoperability
capabilities of the CBIS systems they acquire with the systems in the industry so that they can be
able to exchange information for mutual benefit.

30 | P a g e
Conclusion:
Emanating from the analyses, the study found out CBIS positively influenced organizational
performance of Kenya Airways. Only two factors statistically influenced organizational
performance (integration and e commerce strategy). The factor integration was found to have had
the highest statistically significant influence on organization performance of Kenya airways.
The study results are consistent with Teixeira, Koufteros and Peng, 2012 in their study on
Organizational Structure, Integration, and Manufacturing Performance: A Conceptual Model and
Propositions. They found out that computer based information system enhanced internal and
external organizational integration. CBIS increased the integration and flow of information
between employees, allowing them to improve the coordination of activities. They further argued
that, internal integration reduced uncertainty by improving communications between
departments which improved decision-making process. This had a positive influence on
organizational performance.
The results of the study indicate that e-commerce strategy had statistically significant influence
on organizational performance of Kenya Airways. These findings of the study are consistent with
the finding of Barkley & Markley (2007) in their study on E-Commerce as a Business Strategy:
Lessons Learned from Case Studies of Rural and Small Town Businesses. They found out that
most businesses used e-commerce because it provided the opportunity for increased profits
(through increased sales or lower costs) and improved the sustainability of the firms. They
suggested that e-commerce benefitted an organization in product design, supply and inventory
management, production, marketing, sales and distribution, and customer service. Thus e
commerce has a positive influence on organizational performance

31 | P a g e
Biblography:

http://faculty.usfsp.edu/gkearns/Articles_Fraud/Introduction_to_Computer_Audit.pdf

http://www.armyacademy.ro/buletin/bul1_2016/Pirvut.pdf

https://prezi.com/rh0csbtsrega/chapter-22-auditing-in-a-computer-information-systems-cis-
environment/

http://nepalca.com/wp-content/uploads/2016/06/Audit.compile.cp4_.pdf

http://www.caclubindia.com/articles/auditing-in-cis-environment-12625.asp

http://www.accaglobal.com/in/en/student/exam-support-resources/professional-exams-study-
resources/p7/technical-articles/auditing-computer-based-environment2.html

32 | P a g e