As the corporate world grows increasingly technologically advanced, it’s become more common for companies to employ digital rather than physical systems to complete key business processes. The accounting and finance functions at most organizations, for example, will have had to migrate their work into almost completely computer-based environments over time. This is because traditional pen-and-paper accounting methods are too expensive, slow, and error-prone to be viable in today’s fast-paced, highly volatile economic landscape. A computerized accounting system (CAS), in contrast, supplies complete and accurate numbers in a fraction of the time that manual systems require.
Because computers and information technology (IT) have become so integral to modern accounting departments, auditors should also bear the impact of IT in mind when auditing computerized accounting systems. This means that both internal and external auditors must consider how their clients use IT to collect, process, and document financial information. It’s also generally beneficial for the auditors themselves to utilize IT when auditing financial statements.
At every juncture, auditors and clients should have a clear and mutual understanding regarding the audit’s scope and limitations, as this will help all concerned parties accomplish the audit objectives in a timely and efficient manner. From there, the following steps can be used to effectively audit any computerized accounting system:
Once an audit has been called for, the first thing auditors must do is to run a preliminary survey of the business entity. Auditors must collect key information about the computerized accounting system they’ll be working on in order to devise a sound audit plan. In particular, they should seek to understand the following:
2. Understand the System’s Internal Controls
Next, auditors should carefully study the internal controls in place for the CAS. Computerized accounting systems will typically have two types of controls: general and application controls.
General controls encompass the organization’s operations, management, and any procedures enacted within the computerized system. They are not, however, connected to any particular software or applications. Auditors must test general controls before application controls because ineffective general controls will render the system’s application controls essentially unreliable. The following functions may be counted as general controls:
In contrast, application controls relate to particular tasks the CAS performs. They’re specific to particular applications, and their main function is to ensure that the organization’s accounting records and all entries within those records are complete and accurate. A well-constructed CAS has adequate controls in place for the input, processing, and output stages of computer processing. Auditors must ascertain, evaluate, and report on the state of a system’s application controls in order to accurately identify and measure any risk of errors or inaccuracies in the client’s financial files.
3. Run Compliance Tests
Compliance testing helps auditors ascertain that the system’s controls exist and are in working order. Auditors can approach compliance testing in three ways:
Once the auditor runs whichever test approach they feel is most appropriate, the resultant data should give them a clear picture of the state of the CAS’s controls.
4. Verify Data with More Substantive Testing
Companies having their computerized accounting systems audited usually have five assertions to make about their financial statements:
Using these assertions, auditors can pinpoint audit objectives and design substantive tests. Substantive tests evaluate the analytical procedures, transactions, and balances that are meant to validate the client company’s assertions. Through these tests, the auditor must acquire enough evidence to judge the quality of the financial statements being audited. If they can’t obtain sufficient information from substantive testing, auditors won’t be able to generate a substantial opinion on the company’s financials.
5. Prepare the Audit Report
Writing the audit report is the final stage of the auditing process. An audit report may contain one of the following three assessments:
After the auditor completes and issues the audit report, the audit process can be considered complete.
Want a computerized accounting system that’s guaranteed to perform well under the scrutiny of both internal and external auditors? ANSI can help you get there. We’re a leading Philippine purveyor of accounting software and other business solutions with decades of experience in our field. Get in touch with us online today and we’ll gladly work with you to build a high-performing CAS that’s fully compliant with regulatory standards.