5 Steps When Auditing a Computerized Accounting System (CAS) and Testing for Compliance

As the corporate world grows increasingly technologically advanced, it’s become more common for companies to employ digital rather than physical systems to complete key business processes. The accounting and finance functions at most organizations, for example, will have had to migrate their work into almost completely computer-based environments over time. This is because traditional pen-and-paper accounting methods are too expensive, slow, and error-prone to be viable in today’s fast-paced, highly volatile economic landscape. A computerized accounting system (CAS), in contrast, supplies complete and accurate numbers in a fraction of the time that manual systems require.

Because computers and information technology (IT) have become so integral to modern accounting departments, auditors should also bear the impact of IT in mind when auditing computerized accounting systems. This means that both internal and external auditors must consider how their clients use IT to collect, process, and document financial information. It’s also generally beneficial for the auditors themselves to utilize IT when auditing financial statements.

At every juncture, auditors and clients should have a clear and mutual understanding regarding the audit’s scope and limitations, as this will help all concerned parties accomplish the audit objectives in a timely and efficient manner. From there, the following steps can be used to effectively audit any computerized accounting system:

1. Determine How to Conduct the Audit

Once an audit has been called for, the first thing auditors must do is to run a preliminary survey of the business entity. Auditors must collect key information about the computerized accounting system they’ll be working on in order to devise a sound audit plan. In particular, they should seek to understand the following:

• How accounting functions are organized within this specific CAS
• What hardware and digital software the business uses
• What significant accounting applications the system processes and how each one works in detail
• Any plans to implement new applications or revise existing ones

2. Understand the System’s Internal Controls

Next, auditors should carefully study the internal controls in place for the CAS. Computerized accounting systems will typically have two types of controls: general and application controls.

General controls encompass the organization’s operations, management, and any procedures enacted within the computerized system. They are not, however, connected to any particular software or applications. Auditors must test general controls before application controls because ineffective general controls will render the system’s application controls essentially unreliable. The following functions may be counted as general controls:

• Delegation of duties
• Data back-ups
• Disaster response plans
• Access control
• Labeling schemes
• Procedures concerned with acquiring and implementing new hardware or software

In contrast, application controls relate to particular tasks the CAS performs. They’re specific to particular applications, and their main function is to ensure that the organization’s accounting records and all entries within those records are complete and accurate. A well-constructed CAS has adequate controls in place for the input, processing, and output stages of computer processing. Auditors must ascertain, evaluate, and report on the state of a system’s application controls in order to accurately identify and measure any risk of errors or inaccuracies in the client’s financial files.

3. Run Compliance Tests

Compliance testing helps auditors ascertain that the system’s controls exist and are in working order. Auditors can approach compliance testing in three ways:

• Test data approach – The auditor uses the system to process a number of test transactions and compares the results to a set of predetermined test results.
• Integrated test facility approach – The auditor processes some dummy transactions alongside real transactions and compares the results to a set of predetermined test results.
• Parallel simulation approach – The auditor processes real transactions through two systems: the client’s system and a parallel system set up using the same applications and protocols. Once the systems have concluded processing, the auditor compares the two sets of results produced.

Once the auditor runs whichever test approach they feel is most appropriate, the resultant data should give them a clear picture of the state of the CAS’s controls.

4. Verify Data with More Substantive Testing

Companies having their computerized accounting systems audited usually have five assertions to make about their financial statements:

• Completeness
• Statement presentation and disclosures
• Allocation or valuation
• Occurrence or existence
• Rights and obligations

Using these assertions, auditors can pinpoint audit objectives and design substantive tests. Substantive tests evaluate the analytical procedures, transactions, and balances that are meant to validate the client company’s assertions. Through these tests, the auditor must acquire enough evidence to judge the quality of the financial statements being audited. If they can’t obtain sufficient information from substantive testing, auditors won’t be able to generate a substantial opinion on the company’s financials.

5. Prepare the Audit Report

Writing the audit report is the final stage of the auditing process. An audit report may contain one of the following three assessments:

• Unqualified opinion – The client’s financial statements are fairly presented in accordance with generally accepted accounting principles (GAAP).
• Qualified opinion – The client’s financial statements are mostly fairly presented and compliant with GAAP, but one or more qualifying issues remain.
• Disclaimer of opinion – The auditor was unable to gather sufficient evidence to develop an opinion on the client’s financial statements.

After the auditor completes and issues the audit report, the audit process can be considered complete.

Want a computerized accounting system that’s guaranteed to perform well under the scrutiny of both internal and external auditors? ANSI can help you get there. We’re a leading Philippine purveyor of accounting software and other business solutions with decades of experience in our field. Get in touch with us online today and we’ll gladly work with you to build a high-performing CAS that’s fully compliant with regulatory standards.