USE OF COMPUTERS IN AUDITS (STUDY OBJECTIVE 7)

Many companies design their IT systems so that important information such as purchase and sales orders, shipping and receiving reports, and invoices can be retrieved from the system in readable form. This kind of supporting documentation, as well as journals and ledgers, can be printed from the computer system to serve as evidence for auditors. Under these conditions, auditors can compare documents used to input data into the system with reports generated from the system, without gaining extensive knowledge of the computer system logic. In such cases, the use of IT systems does not have a great impact on the conduct of the audit, since the auditor can perform audit testing in the same manner as would be done for a manual system. This practice is known as auditing around the computer because it does not require evaluation of computer controls. Sometimes it is also referred to as “the black box approach,” because it does not involve detailed knowledge of the computer programs. Auditing around the computer merely uses and tests output of the computer system in the same manner as the audit would be conducted if the information had been generated manually. Because this approach does not consider the effectiveness of computer controls, auditing around the computer has limited usefulness.

Auditing through the computer involves directly testing the internal controls within the IT system, whereas auditing around the computer does not. Auditing through the computer is sometimes referred to as “the white box approach,” because it requires auditors to understand the computer system logic. This approach requires auditors to evaluate IT controls and processing so that they can determine whether the information generated from the system is reliable. Auditing through the computer is necessary under the following conditions:

• The auditor wants to test computer controls as a basis for evaluating risk and reducing the amount of substantive audit testing required.
• The author is required to report on internal controls in connection with a financial statement audit of a public company.
• Supporting documents are available only in electronic form.

Auditors can use their own computer systems and audit software to help conduct the audit. This approach is known as auditing with the computer. A variety of computer-assisted audit techniques (CAATs) are available for auditing with the computer. CAATs are useful audit tools because they make it possible for auditors to use computers to test more evidence in less time.

Next, we will focus on techniques used to audit through the computer and to audit with the computer in the testing phases of the audit.