w

e
i
v
r
e
Ov
t
i
d
u
A
T
I
f
o
1.1
Philippine
Standard
on
Auditing(PSA) 401
1.2 Philippine Auditing Practices
Statements
(PAPS)1001,1002,1003,1008,1009,1013

1.1
e
n
i
p
p
i
l
i
h
d
P
r
a
d
n
a
t
S
on
P
(
g
n
i
t
i
d
Au
1
0
4
)
SA

PSA 401: AUDITING IN A

COMPUTER
INFORMATION
SYSTEMS ENVIRONMENT
61. The increasing availability of computer-based
accounting systems that are capable of meeting
both functional and economic circumstances of
even the smallest entity impacts on the audits of
those entities.
Small entities accounting systems often make use
of personal computers.
Philippine Auditing Practice Statement 1001, CIS EnvironmentsStandAlone Personal Computers gives additional guidance regarding the
special considerations of such an environment.
Functional- more practical use
Economical- using resources wisely

PSA 401: AUDITING IN A

COMPUTER
INFORMATION
SYSTEMS ENVIRONMENT
62. Small entities are likely to use less
sophisticated hardware and software packages
than large entities (often packaged rather than
developed in house).
Nevertheless, the auditor has sufficient knowledge
of the computer information system to plan,
direct, supervise, and review the work performed.
The auditor may consider whether specialized
skills
are
needed
in
an
audit.

PSA 401: AUDITING IN A

COMPUTER
INFORMATION
SYSTEMS
ENVIRONMENT
63. Because of the limited segregation of duties,
the use of computer facilities by a small entity
may have the effect of increasing control risk.
For example, it is common for users to be able to
perform two or more of the following functions in the
accounting system.
Initiating and authorizing source documents.
Entering data into the system.
Operating the computer.
Changing programs and data files.
Using or distributing output.
Modifying the operating systems

PSA 401: AUDITING IN A

COMPUTER
INFORMATION
SYSTEMS
ENVIRONMENT
64.
The use of computer
information systems by
small entities may assist the auditor in obtaining
assurance
as
to
the
accuracy
and
appropriateness of accounting records by
reducing control risk.
Computerized information systems may be
better organized, less dependent upon the skills
of people using them, and less susceptible to
manipulation than non-computerized systems.
The ability of the auditor to obtain relevant
reports and other information may also be
enhanced.

PSA 401: AUDITING IN A

COMPUTER
INFORMATION
SYSTEMS
ENVIRONMENT
Good computerized
systems facilitate accurate
double entry and the reconciliation of subsidiary
ledgers with control accounts.
Report generation and the production of bank
reconciliations may be more disciplined and
effective, and the availability of reports and other
information to the auditor is often improved.
The assurance provided by such features, as long
as they are properly evaluated and tested, may
permit the auditor to limit the volume of
substantive testing of transactions and balances.

PSA 401: AUDITING IN A

COMPUTER
INFORMATION
SYSTEMS ENVIRONMENT

65. The general principles outlined in

Philippine Auditing Practice Statement 1009
Computer-Assisted
Audit
Techniques
(CAATs) are also applicable in small entity
computer environments and give additional
guidance
regarding
the
special
considerations in such an environment.
However, in many cases where smaller
volumes of data are processed, manual
methods may be more cost-effective.

1
0
0
1
S
P
PA
IS
C

(
s
t
n
e

m
n
o
r
e
i
n
v
o
n
l
E
A
d
S ta n
nal

o
s
r

Pe
s
r
e
t
u
p
m
o
C

PHILIPPINE
AUDITING
PRACTICES
STATEMENTS
(PAPS)
1001
Personal computer systems
These are economical yet powerful selfcontained general purpose computer
consisting typically of a CPU, memory,
monitor, disk drives, printer cables,and
modems
They can be used to process
accounting transactions and produce
report that are essential in the
preparation of financial statements

PHILIPPINE AUDITING PRACTICES

STATEMENTS (PAPS) 1001
Personal computer configurations
Stand-alone workstation
This can be operated by a single user or a number of
users at different times accessing the same or
different programs
The programs and data are stored in the personal
computers or unclose proximity
Data are entered manually through a keyboard
Programming may include the use of a third-party
software package to develop electronic spreadsheets
or database applications

PHILIPPINE AUDITING PRACTICES

STATEMENTS (PAPS) 1001
Workstation which is a part of a local area
network or personal computers
A local area network is an arrangement
where two or more personal computers are
linked together through the use of a special
software and communications lines.
A local area network allows the sharing of
resources such as storage facilities and
printers
Workstation connected to a server

PHILIPPINE AUDITING PRACTICES

STATEMENTS (PAPS) 1001
Characteristics of personal computers
It provides the user with substantial computing capabilities
They are small enough to be transportable
Relatively inexpensive
Can be placed in operation quickly
Can be operated easily
Operating system software is less comprehensive than in larger
environments
Software cab be purchased from third-party vendors
Users can develop other applications with the use of generic
software packages
The operating system software, application programs and data can
be stored and retrieved from removable storage media
Storage medias are susceptible to virus attacks

PHILIPPINE AUDITING PRACTICES

STATEMENTS (PAPS) 1001
A virus is a computer program (a block
of executable code) that attaches
itselfto a legitimate program or data
file and uses it as a transport
mechanism to reproduce itself without
the knowledge of the user

PHILIPPINE AUDITING PRACTICES

STATEMENTS (PAPS) 1001
Internal control in personal computer environments
CIS environment in which personal computers are used is less
structured than a centrally-controlled CIS environment
Application programs can be developed relatively quickly by
users possessing basic data processing skills
Controls over the system development process and operations
may not be viewed by the developer, user or management may
not be viewed as important or cost-effective in a personal
computer environment
Users may tend to place unwarranted reliance on the financial
information stored or generated by a personal computer
The degree of accuracy and dependability of financial
information produced will depend upon the internal controls
prescribed by management and adopted by the user

PHILIPPINE AUDITING PRACTICES

STATEMENTS (PAPS) 1001
Management policy statement may include
Management responsibilities
Instructions on personal computer use
Training requirement
Authorization for access to programs and data
Policies to prevent unauthorized copying of program and data
Security, back-up and storage requirements
Applications development and documentation standards
Standards of report format and report distribution controls
Personal usage policies
Data integrity standards
Responsibility for programs, data and error corrections
Appropriate segregation of duties

PHILIPPINE AUDITING PRACTICES

STATEMENTS (PAPS) 1001
Physical security relating to equipment
Restrict access to personal computers by using door locks
Fastening the computer to a table using security cables
Locking personal computers in a protective cabinet or shell
Using an alarm system that is activated when a personal
computer isdisconnected or moved from its locationPhysical
security relating to removable and non-removable media
Delegation of a software custodian or data librarian
Use of program and data file check-in and check-out system
Locking of designated data locations
Storage medias should be stored in a fire-proof container
either on-site, off-site or both

PHILIPPINE AUDITING PRACTICES

STATEMENTS (PAPS) 1001
Program and data security
Segregate data files organized under separate
file directories this allows the user to segregate
information on removable and non-removable
storage media
Using hidden files and secret file names
Employing passwords
Using cryptography this is the process of
transforming programs and information into an
unintelligible form
Using anti-virus programs

PHILIPPINE AUDITING PRACTICES

STATEMENTS (PAPS) 1001
Software and data integrity
Integration of format and range checks and cross checks of
results
Adequate written documentation of application that are
processed on the personal computer
Application programs developed and maintained at one place
rather than by each user dispersed throughout the entity. The
effect of personal computers on the accounting system and the
associated risks will generally depend on
The extent to which the personal computer is being used to
process accounting applications
The type and significance of financial transaction being
processed
The nature of files and programs utilized in the applications

PHILIPPINE AUDITING PRACTICES

STATEMENTS (PAPS) 1001
Functions in an accounting system
Initiating and authorizing source documents
Entering data into the system
Operating the computer
Changing programs and data files
Using or distributing output
Modifying the operating system
Lack of segregation of functions in a personal computer
may
Allow errors to go undetected
Permit the perpetration and concealment of fraud

PHILIPPINE AUDITING PRACTICES

STATEMENTS (PAPS) 1001
CIS application controls
A system of transaction logs and
batch balancing
Direct supervision
Reconciliation of record counts or
harsh totals

PHILIPPINE AUDITING PRACTICES

STATEMENTS (PAPS) 1001
Functions of CIS application controls
Receive all data for processing
Ensure that all data are authorized and recorded
Follow up all errors detected during processing
Verify the proper distribution of output
Restrict physical access to application programs and data files
Effects of personal computer environment on audit procedures
The auditor often assumes that the control risk is high in such
systems
The auditor may find it cost effective not to make a review of
general CIS controls or CIS application controls but to concentrate
the efforts on substantive tests at or near the end of the year

C
I
P
O
T
T
X
NE