It Auditing

IT auditing involves examination of the general and application controls present in the IT environment. Computers affect both interim and financial statement audits in several ways. Auditing around the computer ignores the actual processing. It essentially compares the data inputs with the information outputs from the processing. Knowledge of what steps are supposed to occur in the processing will allow creating an expected test version of the output for comparison. It pays little or no attention to the control procedures within the IT environment (UOP).   Auditing through the computer focuses on the verification of general and application controls in the IT environment. This requires knowledge of specific applications and may even require direct examination of computer code. Attention is given to the overall security of the IT environment and overall data integrity.   It assumes that the CPU and other hardware are working properly.   This leaves the auditor with the task of verifying processing and control logic (UOP).   Auditing with the computer, on the other hand, makes use of various audit software packages, known as generalized audit software (GAS), to make the process of retrieving and analyzing data more efficient. This may require a software specialist if the audit staff is not familiar with the programs or the analytical methods. GAS packages such as ACL support computer-assisted audit techniques (CAATs). They can be used for testing automated controls, data related to assertions, and the effectiveness of access controls.
All three of these computer-based approaches may be present in an ERP audit (Bodnar & Hopwood, 2004).