Automated Accounting Information Systems Accounting Essay

Automated invoice development trunks Accounting Essay2.1 estimator scrutinizeing2.1.1 The introduction of automated Accounting Information SystemsIn earlier times, when all in all write up study was exerciseed and droped in financial statements manual of armsly, it was relatively easier for the analyzeor to observe the scrutinise tangle as all exhibit was produced in a manual/physical format. At that time, Information Systems (IS) were precisely a small integrated part of the be establishment which plainly automated minor parts of the score serve well, much(prenominal)(prenominal) as payroll dish uping. Figure 2.1, as suggested by Arnold and Sutton (2001), illustrates the evolution of the relationship mingled with accounting and information governances by dint ofout the last four decades.AccountingFigure 2.1 Evolution of AISInformation SystemsTIME pull1970sInformation SystemsAccountingAIS00Information SystemsAccounting2010sOver time, accounting and info rmation ashess started to integrate as more than accounting tasks were becoming automated. In fact, Arnold and Sutton (2001) state that the fundamental underlying driver of evolution is simply that accounting no longer drives the information administration rather the information constitution drives accounting.As pictured in Figure 2.1, Information Systems breach way present become an integral part of many companies. The Accounting Information System (AIS) is a small part of the whole Information System of an organisation, and as organisations continue to increase their reliance on figurer technology to process, get down and report financial information, listeners allow undoubtedly tolerate to rely on sore information technology techniques in the conduct of their scrutinizes (Hunton, Bryant and Bagranoff, 2004).Through the evolution of AISs, the conventional analyze narrate was be re staind by electronic consequence (Rezaee and Reinstein, 1998). The Ameri washbasin Institute of Certified Public Accountants (AICPA) in Auditing Procedures Study The Information Technology Age Evidential Matter (1997) defines electronic visitation as information transmitted, tasteful, maintained, or accessed by electronic means and economic consumptiond by an meeter to gauge financial statement assertions. The concept of electronic evidence cleard new challenges to the modern understructurevasor as the traditional scrutinise trail could no longer be observed (Bierstaker, et al., 2001). This required listeners to consider the delectation up of calculating motorcar audit techniques in order to be able to unappeasable market out audit studys on electronic evidence (Mancuso, 1997). The lend oneself of much(prenominal) new techniques will eventually improve the powerfulness and efficiency of the audit as attenders will be free from carrying out many traditional routine audit tasks and instead the attender bed focus more on higher level tasks, such(prenominal) as understanding the clients telephone circuit risk of infection (Rezaee, Elam and Sharbatoghlie, 2001).2.1.2 Auditing Around to Auditing With the computing deviceWith the introduction of electronic information processor technology, auditors did not have the elongated intimacy to enjoyment computing machines to enhance the efficiency and effectiveness of the audit. Initially, auditors regarded the computing machine as a black box and audit around the ready reckoner (Watne and Turney, 2002). This consists in the auditor observing inputs into the dodge and the relative outputs and checking for mutual torso (Hall, 2004). When using this method no attempt is made to establish and evaluate existence of controls. Auditing around the computer is only relevant when automated musical arrangements coverings atomic number 18 relatively simple and straightforward (supported with up-to date documentation on how the governing body of rules works) and when the audit trail is easy to observe (Cerullo and Cerullo, 2003).The increased reliance on computers for accounting by organisations created the need for auditors to understand and pass judgment the controls that were in place in computer systems (Watne and Turney, 2002). Ignoring such computer controls would immobilize the ability of the auditor to assess the effectiveness and robustness of the clients internal controls. Auditors could no longer audit around the computer, and instead a new sexual climax, auditing through the computer, was being utilize. Hall (2004) defines auditing through the computer asthe ability to trace exploit paths from input to output through all parts of the system-manual and automated. The f downhearted of entropy must be verified as it moves through the system, and the contents of machine readable files must be examined. upcountry controls be assayed as they flow on the info. The black box is gone.The auditing through the computer sexual climax is suitable for seeing controls in complex Information Technology (IT) systems (as suggested in SAS no. 94 The Effect of Information Technology on the Auditors amity of Internal Control in a Financial narration Audit). The motor behind auditing through the computer is to be able to understand and assess the robustness and operational effectiveness of the computer controls inwardly a system. accord to Cerullo and Cerullo (2003), this advent is based on the assumption that if controls atomic number 18 adequately certain into the system, therefore faults ar unlikely to slip by undetected, and thus outputs from the system place reasonably be accepted as reliable.Moreover, Hall (2004) suggests that the authoritative trend is towards auditing with the computer, that is, instead of being treated as a black box, the computer is actually apply as a tool to access, analyse and extract files and entropy from the clients AIS. This rise helps auditors to improve the efficienc y and effectiveness of the audit as the computers speed and reliability can be apply to follow wide volumes of selective information. However, the last two approaches highlight the need for auditors to have an extensive knowledge of computers in order to be able to assess the fairness of the clients computer system or to use the computer as a tool to carry out the audit.2.1.3 Objective of an Audit in an IT purlieu noneetheless, whether an audit is carried out in an IT environment or not, the neutral of the audit remains the same, that is, as enunciateed by International Federation of Accountants (IFAC) in ISA 200 Overall Objectives of the Independent Auditor and the conduct of an audit in accordance with International Standards on AuditingTo obtain reasonable assurance virtually whether the financial statements as a whole atomic number 18 free from bodily misstatement, whether due to fraud or error, thereby enabling the auditor to point an effect on whether the financi al statements ar markd, in all framework respects, in accordance with an applicable financial reporting frameworkThe auditor must be able to obtain sufficient and arrogate evidence in order to reduce audit risk to an acceptable low level. In doing so, the auditor would be in a position to express an opinion whether the financial statements prepared by the client give a true and fair view.It is thus fundamental for the auditor to assess the clients IT environment and plan adequately (with the support of standards and guidelines) on whether the use of ready reckoner- assist Audit Techniques (CAATs) will be required to gather sufficient appropriate evidence during the audit.2.1.4 Audit of Public Interest EntitiesCAATs are commonly use when auditing clients which carry-out all their trading operations online, such as Online Gaming companies, and when auditing self-aggrandizing clients which rely on large and complex IT systems. Examples of the latter could be listed companies, fi nancial institutions and insurance companies, all of which give ear under the rendering of Public Interest Entities (PIEs).The definition of PIEs varies across countries, but the core element is always the same. In fact, the revised 8th directive provides with a core definition of PIEs, but it also permits the designation of some other entities as PIEs by member states as they deem adequate (based on meeting a number of criteria). The definition is as followsEntities governed by the law of a Member State whose transferable securities are admitted to trading on a regulated market of any Member State, faith institutions and insurance undertakings. Member States whitethorn also designate other entities as commonplace interest entities, for instance entities that are of significant public relevance because of the nature of their business, their size or the number of their employees.In light of the definition set out by the revised 8th Directive, examples of Maltese PIEs are lis ted companies, financial institutions, insurance companies, large not for profit entities, and some publicly owned entities all having a wide range of stakeholders.Due to the public stake in the transactance of PIEs, the auditors role and responsibilities in giving an opinion on the financial statements of such entities becomes more important. In fact, the majority of PIEs in Malta are audited by the Big Four audit firms as these firms have the extensive knowledge and resources to carry-out audits of PIEs efficiently and in effect.Big Four Audit firms use CAATs to improve audit efficiency as it allows auditors to perform previous manual routine tasks quickly and efficiently (Zhao et al. 2004). Furthermore, Big Four Audit firms can use CAATs to improve audit effectiveness as more information can be obtained on controls indoors AISs of the client, and in certain cases c percent of the population can be tested (Braun and Davis, 2003).2.2 Computer Assisted Auditing Techniques (CAATs) 2.2.1 Standards and GuidelinesDue to the aforementioned increased reliance on IT systems by clients, new auditing standards and guidelines were needed to provide support and guidance to auditors. With relevance to this study, there are three important standards/guidelines that provide guidance to auditors when carrying-out an audit at bottom an IT environment.SAS No. 94 The Effect of Information Technology on the Auditors Consideration of Internal Control in a Financial rehearsal Audit provides appropriate guidance to auditors on how to adequately understand and assess the computer controls at heart an organisation. SAS No. 94 goes on to clarify what the auditor should know in order to be able to understand the automated and manual procedures an entity uses to prepare its financial statements and related disclosures (Yang and Guan, 2004). Furthermore, this auditing standard emphasises on the need to use Computer-Assisted Auditing Techniques (CAATs) to test automated controls, es pecially in complex IT environments (Cerullo and Cerullo, 2003).ISACA Guideline No. 3 Use Of Computer-Assisted Audit Techniques (CAATs) provide guidelines to auditors on how CAATs can be effectively applied, specifically by providing detailed steps in planning the use of CAATs playacting the work documenting and reporting.Another standard, SAS No. 99 should I refer to ISA 240 instead? Consideration of Fraud in a Financial Statement Audit provides guidance to auditors on how to identify risks of material misstatements whether due to error or fraud. SAS No. 99 also recognises the enormousness of CAATs in the precondition of fraud, as this standard suggests that in cases where the client relies heavily on computer systems, the auditor should make use of CAATs to detect patterns of fraud. Furthermore, this audit standard highlights the importance of identifying the possibility of management override of controls.2.2.2 Application of CAATs in Financial AuditingDuring a study carried out in Sweden by Temesgen (2005) on the Determinants for effective natural covering of software in CAATs it was found that the most used type of CAATs by the big four audit firms in Sweden are CAATs used for reduction of monotonous tasks, such as Microsoft Office and other off-the shelf audit software packages. On the other hand, this study identified that the most effective CAATs such as see information, structured Test Facility, Parallel manikin and other experts systems, which would have been more effective in observing electronic audit trails, are less utilised.CAATs can aid the auditor in playing various audit procedures especially when adopting the audit through the computer and audit with the computer approaches. Depending on the requirements of the audit, the auditor can choose to use CAATs to perform specific audit tasks such as drawing a sample, canvas balances between accounting periods, reviewing proceedings for double-tongued patterns, exam lotions controls, and execute tests of detail.2.2.2.1 Sampling and Tests of DetailWhen using CAATs the auditor has the ability to test large volumes of transactions, more than he would have had he done the same process manually. This is one of the advantages of using CAATs. Using the computers speed, reliability, accuracy and robustness the auditor can perform repetitive tasks efficiently and effectively. Additionally, CAATs can also be used to draw samples representing the population and to carry out tests of detail, such as recalculation of discounts on invoices or recalculation of overtime allowances2.2.2.2 Analytical ProceduresISA 520 Analytical Procedures defines analytical procedures as evaluations of financial information through analysis of plausible relationships among two financial and non-financial data. Furthermore, concord to Wilson and Colbert (1991), analytical procedures involve drawing conclusions based on expected bills deliberate by the auditor. In performing such procedures, CAATs can be expedient especially when reviewing complex data. These automated techniques are set to compare figures between accounting periods and possibly identify inconsistencies.2.2.2.3 Test of General and Application ControlsCAATs can also aid in testing general and finish controls. As required in the audit through the computer approach, such computer aided techniques are used to assess the reliability of internal controls within computerised systems (Watne and Turney, 2002). For this to be successful the auditor must first understand how the clients system works, and then various CAATs can be applied to test the operating effectiveness of the clients system controls.2.2.2.4 Fraud DetectionRecent fraud scandals such as the cases of Enron and Worldcom, increased the importance given to performing audit procedures with the objective to identify fraudulent activities. As organisations use computer technology to process information, weak computerised internal controls or the lac k thereof would increase the risk of fraud occurring through computer assisted means (Coderre, 2000).In fact, SAS No. 99 Consideration of Fraud in a Financial Statement Audit proposes the use of CAATs for identifying fraudulent transactions and management override of controls. digital Analysis is one type of CAAT with the specific purpose to identify fraudulent transactions (Hall 2004). This approach is used to identify inconsistencies in digits based on statistical properties through the use of Benfords Law.Additionally, according to Coderre (2000), as auditors develop a more systematic knowledge of fraudulent patterns within organisation, they can create a fraud profile which identifies the main fraud areas and patterns. This could then extend as a template and be used when auditing different organisations.2.3 Types of Computer Assisted Auditing TechniquesCAATs are often divided into two categories, that is, CAATs used by the auditor to review and extract data (auditing with the computer) and CAATs used for testing the controls within computerised AISs of clients (auditing through the computer).2.3.1 Reviewing and Extracting Data shootsCompared with the techniques used for testing controls within AISs, CAATs used for reviewing and extracting data whitethorn require relatively less computer knowledge to use. Auditors may use these techniques to review and extract transaction and standing data in order to use it to perform substantive tests or test of controls. devil types of CAATs generally dismounting in this category are the Data File examination and Embedded Audit faculty techniques.2.3.1.1 Data File InterrogationData File Interrogation is about using the computer as a tool to review large volumes of data (Auditnet, 2003). With the use of computer software, the auditor can use the computers speed and reliability to perform tasks such as searching for missing or duplicate transactions and comparing the contents of two files and printing a report conta ining the results with exceptions and/or record teammatees. Data File Interrogation can also be used to extract representative samples of data from the population to be used at a later stage in the audit.2.3.1.2 Embedded Audit Module (EAM)As the name suggests, an Embedded Audit Module is a programmed mental faculty embedded in the clients computer system to review and capture data based on predetermined criteria set-out by the auditor (Auditnet, 2003). Transactions are examined as they are inputted in the system. The objective of the EAM is to capture those transactions which fall under the parameters set-out by the auditor. These transactions are then copied and stored in an audit log file for subsequent review from the auditor. The transactions which are captured by the EAM can then be used by the auditor to perform substantive tests.One the advantages of using Embedded Audit Modules is that it provides the auditor with data which is captured throughout the audit period and thus reduce the time and amount of work the auditor must do to identify transactions to be used for substantive testing at a later stage. On the other hand, one major limitation of EAM is that it cannot be easily added to the clients system once it is operational and thus this technique is more useful when the clients system is still in the design stage (Auditnet, 2003).2.3.2 Testing Controls within Accounting Information SystemsIn contrast to the first category of techniques discussed above, there are CAATs which the auditor uses to audit through the computer. According to Braun and Davis (2003) these CAATs are used by auditors to examine the internal logic of the screening. This means that the objective of such techniques is to assess the integrity and operational effectiveness of the controls within the clients computerised system.Three techniques are commonly used in the audit through the computer approach and these are Test Data, interconnected Test Facility (ITF), and Parallel mannikin.2.3.2.1 Test DataWhen using the Test Data method, the auditor conducts testing of the clients system by inputting copy test transactions into the system. The facility to design the test data gives the auditor the ability to decide what to and not to test. These test transactions are affect by the system and then the auditor compares the processed results with expected output. Any differences between the processed results and the expected results by the auditor could indicate a logic or control problem within the clients system (Braun and Davis, 2003). On the other hand, if no exceptions occur between the processed results and the expected results, then the auditor can reasonably assume that the systems controls operate effectively under normal circumstances.As suggested by Watne and Turney (2002), the objective of performing substantive testing with test data is to determine the accuracy of that computer treat for which a test record is submitted. Furthermore, test data can also be used to test the error detection capabilities of the system and to test the accuracy of reports produced by such system.The test data approach is commonly used by auditors as it requires limited computer knowledge and it is relatively easier to use when compared to other CAATs. Additionally it provides the auditor with an understanding of how the system operates (Auditnet, 2003).On the other hand, when creating the test data transactions the auditor may not be allowing for specific circumstances that may occur when the system is know and may lead the auditor making wrong assumptions on the integrity of the clients system controls.2.3.2.2 Integrated Test Facility (ITF)Watne and Turney (2002) define Integrated Test Facility as a technique whereby the auditor creates simulate transactions, intermixes the transactions with a clients actual transactions, waits for the processing of the intermixed transactions, and then analyses the processing of the simulated transactions.F igure 2.2, as depicted by Auditnet in its Monograph Series Principles of Computer Assisted Audit Techniques (2003), illustrates the in-built testing facility/module which can be used for audit testing.The process is the same as that for the test data approach. The difference between the two methods is that in the test data approach the auditor uses a copy of the clients system to input the test transactions. On the other hand, when using the ITF method, the auditor actually inputs the test transactions in the clients system when running live under normal circumstances. As depicted in Figure 2.2, the system then processes the clients actual data intermixed with the auditors test data. Output is then separated again into client output and test output. The test output is compared with the auditors expected results and any deviations from the expected results are highlighted. Thus, this provides the auditor with a more accurate observation of controls within the system.Figure 2.2 Inte grated Test FacilityThe advantages that ITF has on test data are that it allows the auditor to make unscheduled regular testing on the system when its live, and it provides live evidence on the operation effectiveness and integrity of the clients system. However, when using this method, auditors should give particular attention to identifying and removing the test transactions from the clients records once the audit testing is complete as this may hinder the integrity of the clients system.2.3.2.3 Parallel SimulationSimilar to the Test Data approach and ITF, parallel simulation is used to test the integrity and operating effectiveness of the clients application (Hunton, Bryant and Bagranoff, 2004). Figure 2.3 illustrates the process in using parallel simulation as depicted by Auditnet (2003).Watne and Turney (2002) define parallel simulation as the construction of a processing system for an accounting application and the processing of actual data through both the clients program and the auditors program. In simpler terms, the auditor designs an application which simulates the clients application. The simulated application should contain the appropriate controls that the auditor is expected to find in the clients application. factual data (transactions occurring from the normal day-to-day running of the clients business) is then inputted in both the clients and simulation applications. The auditor then compares the output produced by the simulated application with that produced by the clients application.Figure 2.3 Parallel SimulationAssuming that the simulation application contains all the appropriate controls, then output from the simulation application should match with output from the clients application. If there are differences between the outputs produced by the two systems, then the auditor may infer that the input, processing and output controls within the clients application are not operating effectively.As the ITF technique, parallel simulation ena bles the auditor to test the clients system under normal operations. Furthermore it enables the auditor to use live data in testing controls unlike with the Test Data approach and ITF where test transactions are used. On the other hand, this technique requires extensive computer knowledge to be able to design a simulation application. Additionally, the cost for developing the simulation application can be relatively high (Watne and Turney, 2002)As discussed in this chapter, CAATs provide means of meliorate the efficiency and effectiveness of the audit. However, as correctly stated by Brazina and Leauby (2004) CAATs are not a substitute for auditor judgement. It is crucial for auditors to use guidelines (such as ISACA Guideline No. 3) in order to plan the use of such techniques during the audit as lack of planning will eventually hinder the benefits derived from the use of CAATs. Particular considerations should also be given to the IT knowledge and become of the audit team the acc ess available to the clients computer systems and the impracticability of performing manual tests when auditing complex automated systems.