Auditing Computer Processing

(Auditing without processing of data thru the system)

Integration of Parts of the System with conditions necessary to use the approach Integration of Types of Test

Tests of controls Substantive Test

Series of Programs Multiple files Programs and files User, General, and application
Controls
examining computer printouts
Separate Test Separate Test Separate Test Separate Test
Understand internal control structure and source documents
Single Test

Control test
May elect course of action, using non-processing of data
approach Substantive Test

1. Assess a low level of risk on controls external to EDP after evaluating Dual Purpose Test
May or may not lead to design of
the strengths and weaknesses of EDP controls
control test (non-processing N/A) Multiple test
2. Assess a low level of risk on controls external to EDP before evaluating
the strengths and weaknesses of EDP controls Control test
Processing of actual data Combinations of
Processing of Actual Data Substantive test
• Evaluation of user control Techniques for
If strong, go for control testing followed by ST testing
If EDP Processing of Simulated Data
controls • Substantive Test If weak, or decides not to test strong controls,
are weak proceed to ST Programs Test Files Test
 Or both Control Test Substantive Test
1. Controlled 1. Custom-designed program
processing
2. Controlled 2. Generalized audit software
-Test records
If controls reprocessing
are adequate -Integrated facility 3. Parallel Simulation 3. Custom-designed program
4. Custom-designed
but still not program
4. Generalized audit software
decide to 5. Centralized Audit 5. Custom-designed program
assess a low Software
level of risk
Various courses of Program Test File test
action depending Performing substantive
test or examine user Control Test Parallel simulation- Gen. audit procedure
on the reason for Dual Purpose Testing
the decision. control. Substantive Test Parallel simulation- Gen. audit procedure