2014A年ACCA学习辅导——F8（4）

ELEVANT TO CAT QUALIFICATION PAPER 8 AND ACCA QUALIFICATION

　　PAPERS F8 AND P7

　　SPECIFIC ASPECTS OF AUDITING IN A

　　COMPUTER-BASED ENVIRONMENT

　　Information technology (IT) is integral to modern accounting and management

　　information systems. It is, therefore, imperative that auditors should be fully

　　aware of the impact of IT on the audit of a client’s financial statements, both in

　　the context of how it is used by a client to gather, process and report financial

　　information in its financial statements, and how the auditor can use IT in the

　　process of auditing the financial statements.

　　The purpose of this article is to provide guidance on following aspects of

　　auditing in a computer-based accounting environment:

　　? Application controls, comprising input, processing, output and master

　　file controls established by an audit client, over its computer-based

　　accounting system and

　　? Computer-assisted audit techniques (CAATs) that may be employed by

　　auditors to test and conclude on the integrity of a client’s

　　computer-based accounting system.

　　Exam questions on each of the aspects identified above are often answered to

　　an inadequate standard by a significant number of students – hence the reason

　　for this article.

　　Dealing with application controls and CAATs in turn:

　　APPLICATION CONTROLS

　　Application controls are those controls (manual and computerised) that relate

　　to the transaction and standing data pertaining to a computer-based

　　accounting system. They are specific to a given application and their objectives

　　are to ensure the completeness and accuracy of the accounting records and

　　the validity of entries made in those records. An effective computer-based

　　system will ensure that there are adequate controls existing at the point of

　　input, processing and output stages of the computer processing cycle and over

　　standing data contained in master files. Application controls need to be

　　ascertained, recorded and evaluated by the auditor as part of the process of

　　determining the risk of material misstatement in the audit client’s financial

　　statements.

　　Input controls

　　Control activities designed to ensure that input is authorised, complete,

　　accurate and timely are referred to as input controls. Dependent on the

　　complexity of the application program in question, such controls will vary in

　　terms of quantity and sophistication. Factors to be considered in determining

　　these variables include cost considerations, and confidentiality requirements

　　with regard to the data input. Input controls common to most effective

　　application programs include on-screen prompt facilities (for example, a

　　request for an authorised user to ‘log-in’) and a facility to produce an audit

　　2

　　SPECIFIC ASPECTS OF AUDITING IN A COMPUTER-BASED

　　ENVIRONMENT

　　JANUARY 2011

　　trail allowing a user to trace a transaction from its origin to disposition in the

　　system.

　　Specific input validation checks may include:

　　Format checks

　　These ensure that information is input in the correct form. For example, the

　　requirement that the date of a sales invoice be input in numeric format only –

　　not numeric and alphanumeric.

　　Range checks

　　These ensure that information input is reasonable in line with expectations. For

　　example, where an entity rarely, if ever, makes bulk-buy purchases with a value

　　in excess of $50,000, a purchase invoice with an input value in excess of

　　$50,000 is rejected for review and follow-up.

　　Compatibility checks

　　These ensure that data input from two or more fields is compatible. For

　　example, a sales invoice value should be compatible with the amount of sales

　　tax charged on the invoice.

　　Validity checks

　　These ensure that the data input is valid. For example, where an entity

　　operates a job costing system – costs input to a previously completed job

　　should be rejected as invalid.

　　Exception checks

　　These ensure that an exception report is produced highlighting unusual

　　situations that have arisen following the input of a specific item. For example,

　　the carry forward of a negative value for inventory held.

　　Sequence checks

　　These facilitate completeness of processing by ensuring that documents

　　processed out of sequence are rejected. For example, where pre-numbered

　　goods received notes are issued to acknowledge the receipt of goods into

　　physical inventory, any input of notes out of sequence should be rejected.

　　Control totals

　　These also facilitate completeness of processing by ensure that pre-input,

　　manually prepared control totals are compared to control totals input. For

　　example, non-matching totals of a ‘batch’ of purchase invoices should result in

　　an on-screen user prompt, or the production of an exception report for

　　follow-up. The use of control totals in this way are also commonly referred to

　　as output controls (see below).