Scribd
Upload
1K views7 pages

EDP Audit CIS Environment Meaning

This document discusses electronic data processing (EDP) audits in a computer information system (CIS) environment. An EDP audit evaluates the accuracy and proper functioning of an organization's data processing. There are differences in risk assessment, controls, and audit procedures in a CIS environment compared to a manual environment. The overall audit objectives do not change, but the auditor may take a black box or white box approach and use computer-assisted audit techniques. Internal controls in a CIS environment include general EDP controls over organization, systems, applications, and operations as well as specific application controls.

Uploaded by

Sushant Maskey
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
1K views7 pages

EDP Audit CIS Environment Meaning

This document discusses electronic data processing (EDP) audits in a computer information system (CIS) environment. An EDP audit evaluates the accuracy and proper functioning of an organization's data processing. There are differences in risk assessment, controls, and audit procedures in a CIS environment compared to a manual environment. The overall audit objectives do not change, but the auditor may take a black box or white box approach and use computer-assisted audit techniques. Internal controls in a CIS environment include general EDP controls over organization, systems, applications, and operations as well as specific application controls.

Uploaded by

Sushant Maskey
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

EDP Audit

CIS Environment

Meaning :- CIS Environment is where a computer of any type or size is involved in the processing by
the entity of financial information of significance to the audit; whether that computer is operated
by the entity or by a third party.

Electronic Data processing audit refers to an evaluation of the accuracy and proper functioning of
an organization’s data processing. The purpose of this audit is to check whether or not data
processing is accurate.

Features of Audit in CIS Environment


1. Faster Processing
2. Arithmetical Accuracy
3. Timely Suggestions
4. Potential for use of CAAT
Auditing in CIS Environment

The overall objective of audit in CIS environment does not change. However, following changes can
be noted in EDP Auditing:-
1. Differences in Risk Assessment Procedures
2. Difference in ROMM due to different nature of controls implemented
3. Difference in Compliance and Substantive Procedures
Steps in EDP Auditing
1. Planning
2. Knowledge of Business
3. Identification of Controls
4. Testing of Controls
5. Substantive Procedure
6. SAAE
7. Reporting
Approaches to EDP Audit
1. Black Box Approach
In Black box Approach, auditor reconciles the input data with the result data without actually
checking the Processing done by computerized system. Here, Auditor ignores how inputs are
converted to outputs.

This is suitable if the auditor lacks sufficient skills to examine the computerized system.

2. White Box Approach


In white Box Approach, auditor examines the processing of data by the computer system.
This requires technical competence in the expert.
This is specifically necessary in cases where audit trail is not visible, i.e., it is embedded within
the computer system.

Auditor takes help of Computer Assisted Audit Techniques (CAAT) in this approach.
Concept of Audit Trail
It involves tracing transactions from the beginning to the end so that transactions can be
traced from initiation to end (i.e. input-processing-output).

In computerized system, audit trail may not visible, i.e., it may be embedded within the
computer system. This can be checked in White box approach through CCAT or in Black Box
Approach through clerical Recreation process.

Processing System in EDP

1. Batch Processing System


This concept is also known as deferred processing or offline processing since transactions
are processed in bunch and not individually or online-real time basis. Processing
transactions in one lot saves time and cost.

Eg. Batch processing of cheques by banks.


2. OLRT (Online Real Time System)
In this concept, input data is processed instantly, without waiting for accumulation of
bunch of inputs.Eg. Real time settlement of accounts while withdrawing money from ATM
machine.

Concept of Service Bureau


Sometimes, organizations may obtain specialized service outsourced from external firms. Eg.
Payroll processing.
In this case, the outsourcing firm, also called as service bureau, maintains data of client in digital
format.
In such case, EDP auditor should examine the internal controls as well as correctness of data
maintained by service bureau.
Homework – Overall Objectives of Auditor Does not Change in EDP Environment. Comment.
Nature of Risks in Computer Information System:-
1. Lack of Transaction Log :- Can be embedded
2. Lack of Segregation of Authorities due to faster speed of work in CIS environment
3. RISK of GIGO (Garbage In Garbage Out) due to uniform processing of transactions
4. Higher Inherent Risk

Features of CIS Environment


1. Potential for use of CAAT
2. Potential for use of increased management supervision
3. Potential For automated transactions. Eg in case of safety stock maintained in CIS
environment.
Internal Controls in EDP Environment
1. General EDP Controls
a. Organization and Management Controls
- Procedures relating to Overall control functions and segregation of duties
b. System Software Controls
- Controls related to System Software
c. Application System Controls
- Controls related to application software
d. Operational Controls
- Timely data backup
- Safe location of computers
e. Data Entry and Program Controls
- Control over input and processing, in general
Eg. In general, every input should pass through maker-checker control
2. Specific Control over specific applications
a. Control over input
b. Control over Processing
c. Control over outputs

You might also like