Computer-assisted audit techniques can be defined as any technique that enables the auditor to use Information technology systems as the source of gathering audit evidence.
The following are two types of computer-assisted audit techniques:
Test data involves the auditor submitting ‘dummy’ data into the client’s system to ensure that the system correctly processes it and that it prevents or detects and corrects misstatements. The objective of this is to test the operation of application controls within the system. To be successful test data should include both data with errors built into it and data without errors. Examples of errors include:
codes that do not exist, e.g. customer, supplier and employee;
transactions above pre-determined limits, e.g. salaries above contracted amounts, credit above limits agreed with customer;
invoices with arithmetical errors; and
Submitting data with incorrect batch control totals. Data may be processed during a normal operational cycle (‘live’ test data) or during a special run at a point in time outside the normal operational cycle (‘dead’ test data). Both have their advantages and disadvantages:
- Live tests could interfere with the operation of the system or corrupt master files/standing data;
- Dead testing avoids this scenario but only gives assurance that the system works when not operating live. This may not be reflective of the strains the system is put under in normal conditions.
Audit software is used to interrogate a client’s system. It can be either packaged, off-the-shelf software or it can be purpose written to work on a client’s system. The main advantage of these programs is that they can be used to scrutinize large volumes of data, which it would be inefficient to do manually. The programs can then present the results so that they can be investigated further. These procedures can simplify the auditor’s task by selecting samples for testing, identifying risk areas and by performing certain substantive procedures. The software does not, however, replace the need for the auditor’s own procedures