Auditing
through the computer can be described as accessing, analyzing and
reporting the electronic data file in its electronic state with the
objective of ensuring that it conforms to operational control
requirement according to “Joshua Onukagha”.
The culmination of the effort of the environment, hardware, software
security etc according to Nancy Joy (1977) is the electronic data file
and it is this data file that answers important questions (like how is
the business faring)?
Ability to manipulate the data file will obviously mean having the
ability to manipulate the gains or losses of the business. Therefore, it
is important that the Auditor should get very conversant with auditing
through the computer. Early computer were the gigantic and complex
mainframes, which require programs being vigorously written to
interrogate the data files on those mainframe which were only required
to prepare the computer use. This proved enough frustration for the
Auditor and so the trend was to contact the service of a computer
professional to ease the process. This problem continued even in the
time of mini-computers,
When the micro-computers were developed, there was hope for an
automated computer audit took because of the simple features of the
micro-computers. This equally met with a lot of frustrations. The major
reason for this was the difference in data platforms. There were many
programming languages (COBOL, FORTRAN, PASCAL, BASIC etc) used in
creating data files and each programming languages has its own data
platform. To audit the data files made in any of these languages
required writing the interrogation tool (i.e. software) in the
programming language of the data files. So there were compilation and so
it seem as if the Auditor should become a computer professional in
order to do the job.
These were problems facing the Auditor while facing the hassles of
understanding file creation and access format which is necessary for
reading and analyzing any data file even with a matching tool. Also
affecting traditional audit requirement like ensuring competences and
verifying the integrity of the data file which are essential for
accepting the data file for audit placing between choices of audit
samples and reaching out for a wide number of automated and it functions
like stratification histogram, etc. These problems have been tackled by
developing some tools for auditing through the computer.
There are four main sources of the computer aided auditing techniques
and tools (CAATS) that have been developed for the auditors. They are:
- Applications (computer program) that creates the data file
- Utility programs
- Auditor – development program
- Dedicated CAATS
APPLICATION PROGRAMS
Some application come with audit related functions, such functions
usually indicate the number of record in the file, summaries the files
population distribution and other audit base functions. The main problem
here is that most applications rarely include these functions since
they were not designed with auditing in mind where the auditing is
considered it is mainly focused on putting in controls that will ensure
efficient data capture processing recording and reporting of the data.
Therefore, they are so reliable as tools to auditing. If the Auditor
requested for relevant audit function to be incorporated at the design
and development stage, it could provide considerable audit function.
However, no matter how many of these functions may be, they will not be
sufficient enough to meet all the requirement of the Auditor at
different times of the audit.
Applications like package program (1-2-3, D- base fox prog.) contain
function and command that allows the EDP Auditor to access files created
in them (or even other platforms) and carry out some analysis and
report from the. These systems could have been very helpful if applied
to the data files for exhaustive audit but in reality, this is hardly
the case (Goshual Anukagha 1993).
UTILITY PROGRAM
Utility are programs that are usually
short and dedicated (meant) to a set of tasks often required by almost
everyone using the computer. They usually address tasks that the
operator perform most of the time on the computer.