CUESTIONARIOS ESTRUCTURADOS DE
ÍNDICE DE RIESGO NUTRICIONAL GERIÁTRICO (IRNG)34
N -0 6 M -0 7 N -0 7 M -0 8 N -0 8 M -0 9 N -0 9 M -1 0 N -1 0 M -1 1 N -1 1 M -1 2 N -1 2 M -1 3 N -1 3 M -1 4 N -1 4 M -1 5 N -1 5 M -1 6 1. A - - 5 - - - 6 - - - 4 - - - - 2. A - - - 4 - - - 4 - - - - - - 3. B - - - - - - - - - 4. A 10 - - 6 - - - 8 - - - - - 4 5. B - - - 2 - - - - - - - - - - 6. A - - - - - - - - - - - - 7. A - - - - - - - - - 8. B - - - - - - - - - - - - - - - - 9. B - - - 5 - - - - - - - - - 10. B - - - - - - - - - 11. B - - - - 6 - - - 5 - - - - - - - 12. B - - - 5
Q.No.1. Write about different approaches to auditing in a computerised environment. (A) (M 05 - 8M, PM)
There are basically 2 approaches for auditing Information Systems in a computerised environment:
Audit around Computer - The Black Box Approach: In early days of data processing
applications, computers could be considered as another type of book keeping machine. Computer functions used to replicate manual processes in a straightforward way. Thus, the auditor completely ignores what is happening inside the computer.
Since this approach completely relies on non - EDP segment of a system, it is commonly known as auditing around the computer. Under this approach auditing is done in usual traditional way. No attempt is made to test the client’s EDP system and to use the computer for auditing purpose.
In this approach the auditor does not verify the processing part of the computer application programs.
Audit around the computer can be followed when:
a) Source documents are available in a non machine language.
b) The documents are maintained in such a way that it is possible to read manually.
c) It is possible to trace individual transactions from source documents to output and vice versa. d) Auditing around the computer is acceptable approach when the information needs of
client’s organisation require it to maintain the necessary source documents, detailed outputs and the system is batch oriented and simple.
The advantages of this approach are: a) This method is fast, easy and inexpensive, b) It requires less knowledge of computers,
c) Since the source documents are available in non-machine language, audit trails are easy to trace, d) There is no possible risk of tampering with client’s data.
Ph:
98851 25025/26 www.mastermindsindia.com
Audit through computer: This approach involves running the auditor’s program on a
controlled basis in order to verify the client’s data recorded in the computer. The auditor can perform different kinds of tests and other functions with such computer program. These
include: (N 03, M 07 - 5M, PM)
a) Examining records for quality, completeness, consistency and correctness, b) Comparing data on separate files,
c) Summarizing or re - sequencing data and performing analysis, d) Selecting audit samples and
e) Checking the logic and controls existing within the system.
There are several circumstances where it is compulsory to use auditing through computer: a) The application system processes large volumes of input and produces large volumes of output, b) Significant parts of the internal control system are embodied in the computer system, c) The logic of the system is complex and
d) Because of cost-benefit considerations, there are substantial gaps in the visible audit trail.
The primary advantage of this approach is that the auditor has increased power to effectively test a computer system. Thus the auditor acquires great confidence that data processing is correct.
The primary disadvantage of this approach is that it is very costly and it requires expert technical knowledge. The most serious problem in this approach is to obtain a suitable program at a reasonable cost. Three options are available:
a) Use the client’s program.
b) Write a program specifically for the audit.
c) Use computer assisted audit techniques (CAATs)
In first 2 options the auditor should have expert knowledge in the area of computers. However, Computer Assisted Audit Softwares are readily available which do not need expert knowledge.
Similar Question: State the circumstances where the auditing through the computer must be
used. (PM)
Ans: Refer above circumstances.
Q.No.2. Write about the design and special characteristics / procedural aspects of EDP system. (A) (N 01, 08 - 4M, PM)
The EDP systems have certain design and procedural characteristics which are different from those found in manual systems. They are:
a) Consistency of Performance: EDP systems perform functions exactly as they are
programmed. This is particularly important from an auditor’s viewpoint since it implies that if a computer program is correct, the information will be consistently processed correctly (except in the event of malfunctioning of the hardware). On the other hand, if the computer is not correctly programmed, it will consistently process the data erroneously. Thus, in auditing EDP-generated information, it is not wise to test large sample of similar transactions but it is sufficient to test the programs, changes in programs and unusual transactions.
b) Programmed Control Procedures: In an EDP system, some of the internal control
procedures may be incorporated into the computer program itself. For example, password
controls. In such environment there is little visible evidence of their execution. But in non
EDP environment, evidence of execution can be reviewed through manual procedures.
Copyrights Reserved To MASTER MINDS, Guntur
No.1 for CA/CWA & MEC/CEC
MASTER MINDS
c) System - generated transactions: In an EDP system, certain transactions may be initiatedby the system itself without the need for an input document. For example, interest may be
calculated and charged to customer accounts automatically by the computer program. The authorisation of such transactions may not be visible. Similarly, EDP system may be programmed in such a way that an order for purchase of inventory is automatically placed when some pre-determined ordering level is reached. In these instances, authorisation is not made for each transaction but is implicit in the design of the computer system.
d) Vulnerability of Programs and Data: In an EDP environment, huge volume of data and
programs are stored centrally. When such data or programs are stored on portable storage media such as floppy disks, magnetic tapes, etc. they are vulnerable to theft, loss, etc. These, as well as other media like hard disks are also susceptible to intentional or accidental destruction.
The above characteristics of an EDP environment affect the nature, timing and extent of audit procedures. For example, an auditor may use special audit procedures, which use computer itself, while carrying out the audit. Similarly, the timing of certain procedures may also undergo change. E.g., where the transaction trail is available only for a limited period of time, the auditor may decide to conduct the relevant audit procedures at that time. Finally, the auditor may decide the extent of audit procedures based on the special features of EDP systems.
Similar Questions: In a CIS environment, what are the different design and procedural
aspects which are different from those found in manual systems?
Ans: Same as above
Q.No.3. Write about nature of processing in an EDP environment? (B)
The nature of processing in an EDP environment has certain distinguishing features. They are:
1. Likely Absence of Input Documents: In a manual system, each transaction is recognised
in the books of account on the basis of a source document. However, in many EDP systems, number of transactions is fed into the computer without any source document.
2. Lack of Visible Transaction Trail: The transaction trail (or the ‘audit trail’) refers to the
successive stages in the recording of a transaction in the books of accounts through which one can trace accounting entries in the books back to their initiation and vice versa.
In a manual system, it is normally possible to follow a transaction by examining the relevant source documents, books of accounts records, etc.
In an EDP environment, source documents for many transactions may not exist. Moreover, the updating of multiple files may be done by a single transaction. For example, the sale of a unit may be processed by a computer to update inventory records, sale records and debtor records. Because of these, it may be difficult to trace.
3. Lack of Visible Output: In a manual system, it is normally possible to examine the
detailed results of processing. However, in some EDP systems, certain transactions or results of processing may not be printed or only summary data may be printed. Due to this the auditor should access the required data in computer only.
4. Difference in nature of output: In a manual system, visual examination of records
enables an auditor to identify cuttings, insertions, overwritings, etc. The auditor examines these things thoroughly because presence of these things indicates an attempt to manipulate the records. In an EDP environment, on the other hand, the alteration of records cannot be identified through their visual examination. The auditor, therefore, has to apply other appropriate procedures to satisfy himself that the records are not altered in an unauthorised manner.
5. Easy to Access Data and Computer Programs: The data and computer programs may
be accessible through computer terminals at remote locations. Thus, there are more chances for unauthorised access, alteration of programs and data by unauthorised persons unless there are adequate controls.
Ph:
98851 25025/26 www.mastermindsindia.com
Q.No.4. Why are CAAT required in EDP Audit? What are the advantages of CAAT? (A) (M16 - 4M, M 06 - 10M, PM, N14 RTP)
The use of computers may result in the design of systems that provide less visible evidence than those using manual procedures. CAATs are such techniques applied through the computer which are used in verifying the data being processed by it. System characteristics resulting from the nature of EDP processing that demand the use of Computer Aided Audit Techniques (CAAT) are:
a) The absence of input documents (e.g. order entry in on-line systems) or the generation of
accounting transactions by computer programs (e.g. automatic calculation of discounts) may preclude the auditor from examining documentary evidence.
b) The lack of a visible audit trail will preclude the auditor from visually following transactions
through the computerized accounting system.
c) The lack of visible output may necessitate access to data retained on files readable only
by the computer.
Advantages of CAAT:
1. Audit effectiveness: The effectiveness and efficiency of auditing procedures will be
improved through the use of CAAT in obtaining and evaluating audit evidence, for example.
a) Some transactions may be tested more effectively for a similar level of cost by using
the computer.
b) In applying analytical review procedures, transactions or balance details of unusual
items may be reviewed and reports got printed more efficiently by using the computer.
2. Savings in time: The auditor can save time by reviewing the EDP controls using CAAT
than using other audit procedures.
Effective test checking and examination in depth: CAAT permits effective examination in
depth of selected transactions since the auditor constructs the lost audit trail.
Similar Question: Why are computer assisted audit techniques (CAAT) needed in a
Computerised Information Systems (CIS) environment and how it helps the auditor in obtaining and evaluating audit evidences? (PM)
Q.No.5. State your opinion / Comment on “the overall objective and scope of an audit does not change in an EDP Environment.” (B) (M 00 - 6M, PM) 1. The overall objective and scope of an audit does not change in an EDP environment.
However; the use of a computer changes the processing and storage of financial information and may affect the organisation and procedures employed by the entity to achieve adequate internal control.
2. Accordingly, the auditor should posses adequate skill and competence to discharge his
duties and responsibilities in an EDP environment.
3. Therefore, the auditor should be familiar with the following to understand the computer
system used by the client:
a) Knowledge of EDP vocabulary and terminology is absolutely essential to decipher
system.
b) Understanding of computer hardware and software.
c) Computer hardware being physical part of computer system, he should understand
input devices, output devices storage devices and processing devices.
d) With the development of application softwares the auditor need not be familiar with the