The development of Informatics, and the existence of a high degree of management-oriented data processing applications, as well as its rapid and constant growth, together with the need to provide organizations with a control instrument that promotes a beneficial expectation at a reasonable cost and constantly raise Internal Control, constitute the basis on which the principle of conducting audits with the use of computer tools and computer systems is based.
On the other hand, to perfect the work, a study of the various types of samplings that are described in the universal literature was necessary; as well as the two types of general or specific systems used worldwide, in order to reduce the risks in the audit work carried out.
Taking into account the aforementioned aspects, a new way of carrying out audits entitled as Distance Auditing is undertaken, which demonstrated advantages in its application, such as contributing to the creation of a control environment, allowing the preparation of annual plans and more effective planning, consultations can be carried out upon request to the entities, an increase in productivity is achieved and it allows the determination of common deficiencies in all audited entities.
I.1- Introduction
The audit can be defined as “a systematic process to obtain and objectively evaluate the evidence related to reports on economic activities and other related events, whose purpose is to determine the degree of correspondence of the informative content with the evidence that gave rise to it, thus how to establish whether these reports have been prepared observing the principles established for the case. "
On the other hand, the audit constitutes a tool of control and supervision that contributes to the creation of a culture of the discipline of the organization and allows to discover flaws in the structures or existing vulnerabilities in the organization.
Another element of interest is that during the performance of their work, auditors encounter new advanced technologies in the entities on a daily basis, which is why they require the systematic incorporation of tools with the same technical requirements, as well as increasingly in-depth knowledge. of the most widespread computer techniques in management control.
Taking into account the aspects mentioned above in this chapter, a presentation and analysis of contemporary concepts on auditing that are collected in the literature is made.
I.2- Internal Control
What is the origin of the term Internal Control? One of the oldest references to this word, of which there is evidence, is made by LR Dicksee in 1905. This author indicates that <
In the book titled <
In the Audit and Control magazine, G. Capote states that <
For the purposes of this work, based on the experience gained in the Audit Management of the Ciudad de la Habana Branch of the CIMEX Corporation, the above criteria are considered valid and adequate since there is an accounting system and an environment of This control includes a supervision team, a team of internal auditors and, as a new element, Remote Audits, so that entities do not always have notion of when their operations are being verified.
However, in relation to the control procedures, these depend to a great extent on the actions of the administrations, that if they adequately carried out their checking functions, fraud and irregularities would be largely avoided, since they are the ones that are faced daily. problems, while the auditor only checks a certain period, which is associated with the risk of not detecting all irregularities.
I.3- Types of Audit
Internationally, audits are classified according to:
- The affiliation of the auditor: State and Independent or Private The work relationship: External and Internal The object that is reviewed: General State, State fiscal and Independent The fundamental objectives pursued: Management, Financial, Special and Fiscal
The internal nature of the Audit Bodies of the companies means that the most commonly used classifications are Internal, which constitute the control that is developed as an instrument of the administration itself and consists of an independent assessment of their activities: examination of the Internal Control systems, accounting and financial operations and application of the corresponding administrative and legal provisions, in order to improve control and degree of economy, efficiency and effectiveness in the use of resources, prevent their misuse and contribute to the strengthening of discipline in general. Within them from the year 2000, they are classified by the Ministry of Audit and Control (MAC) as follows:
Accountants
Management or Operational: It consists of the examination and evaluation, which is carried out to an entity to establish the degree of Economy, Efficiency and Effectiveness in the planning, control and use of resources and verify the observance of the pertinent provisions, with the objective to verify the most rational use of resources and improve the activities or matters examined, in accordance with the objectives and goals set, includes the examination of the organization, structure, internal accounting and administrative control, the consequent application of the Accounting Principles Generally Accepted, the reasonableness of the Financial Statements, as well as the degree of fulfillment of the objectives to be achieved in the audited organization or entity.
Comprehensive: These are those audits that are at the midpoint between a management audit and a financial one, since it is accounting - financial and has management elements to a large extent, taking into account the fundamental activity of the audited unit. In this, it must be defined in the conclusions if the Financial Statements reasonably reflect the financial situation and the results of its operations and if the resources that the entity manages and that were reviewed, are used with Economy, Efficiency and Effectiveness.
Financial: Consists of examining and evaluating the documents, operations, records and Financial Statements of the entity, to determine if they reasonably reflect its financial situation and the results of its operations, as well as compliance with the economic-financial provisions, with the aim of improving the procedures related to them and internal control.
Thematic: Refers to those that are carried out with the purpose of examining one to four specific topics on time, covering in depth the aspects related to these topics that allow evaluating in all their dimensions if the unit complies with the established regulations.
Special: They consist of the verification of specific matters and topics, of a part of the financial or administrative operations, of certain events or special situations and respond to a specific need.
Recurrent: They are those where the Plans of Measures prepared in previous audits where a rating of Deficient or Bad was obtained, in the case of Management, Comprehensive, Financial, Thematic or Special Audits are examined.
IT
Regular Computing: Refers to those made to the quality of the information in the databases of the computer systems used to control the resources, their environment and the risks associated with this activity.
Special Informatics: It consists of the analysis of the specific aspects related to the databases of the computer systems in which some type of alteration or incorrect operation of the same has been detected.
Recurrent Computing: Are those where the Plans of Measures elaborated in previous computer audits where the qualification of Deficient or Bad was obtained, either in a Regular or Special, are examined.
I.4- Determination of the extension and structure of the sample
The evidence examined by the auditor consists of a wide variety of information. The auditor must select it, make an evaluation using her professional judgment and if she has detected significant errors or deviations in the examination of the procedures, she will apply her substantive tests to a greater extent and depth. But, taking into account that at the present time there is practically no entity that does not use digital techniques for the registration and control of its activity, it is necessary that the auditor has the due specialization and knowledge in the electronic processing of data, that allows you to judge the administrative procedures and systems established in the company.These factors show that the auditor must have sufficient computer training and, if possible, have an audit system that minimizes work time and allows them to go directly to the detection of problems.
When performing the audit, the auditor must determine the reliability of the accounting data and other operations, through the primary evidence that is corroborated in practice and define if there are weaknesses in the Internal Control, to reach the final conclusions.
According to J. Gómez Morfin in Introduction to the Audit of Financial Statements, Mexico, 1998, once the auditor has understood the way of operating administrative procedures, he is training himself to decide the degree of confidence that these procedures deserve. Consequently, you will be able to determine the scope and depth of the tests that you must apply.
The auditing techniques indicated consist of compliance tests and substantive tests, supported by statistical sampling. Hence the need to master the particularities of the systems in use in the entities that are subject to audit, being necessary to carry out a study of all the tables that make up the databases, which in our case corresponds to the two main systems that have the Retail Trade units, the Silver (Inventory Submajor) and the Account Mate (Accounting Major).
Sampling, whatever its form, consists of the application of compliance or substantive tests to a sufficiently representative sample of the total population, whether it is a series of transactions or a set of items that make up the balance of an account.. However, for the sampling method to be adequate, the auditor needs an activity plan, so that he can reach conclusions and obtain the necessary evidence.
Within this plan, the auditor will consider the following main aspects:
- Define the population or universe Choose the sampling method Determine the sampling objectives Establish statistical sampling procedures
These authors add that the auditor must evaluate what constitutes a material error in the Financial Statements, in order to make an adequate determination about any errors discovered during the performance of the audit and they call the uncertainty associated with the performance of an audit "final risk" audit; As well as the objective of sampling by the auditor is to obtain a sample that exactly represents the population, this is the main objective and is known as representative sampling. Other objectives are corrective sampling, protective sampling, and preventive sampling.
The objective of corrective sampling is to maximize the number of errors included in the sample in order to be able to find and correct them; while protective sampling is designed to maximize the valuation weights in the items included in the sample, which provides the auditor with the assurance that a greater proportion of the total value of the population has been examined, while preventive sampling is designed to select items from all areas of the accounting records so that the client does not consider any area free from the audit review, in order to prevent fraud, creating uncertainty in the client's mind as to which areas will be examined. In the latter case, it is required to select samples in such a way that there is no clear pattern so that the client does not feel sure in advance whether an area will or will not be examined.
According to LF Pérez Toraño, as it is not practical to review all the operations of a company, procedures based on selective tests must be applied, recording the selection method and the selected items on working papers. This procedure highlights the fact that one should normally work with selective tests, because these allow obtaining evidence without the need to test all the items and do useless and / or extensive work. Recording the method and the items selected is important, because it allows evaluating the effectiveness of the sampling.
From the auditor's perspective, it should be borne in mind that, normally when recording operations of any type that make up the Financial Statements, it is common for them to be repeated systematically, so that when knowing, reviewing and judging their correctness, a certain number of them to be able to comment on the total population of the operations carried out. However, this advantage must be carefully exploited in such a way that, when reviewing any operation, it is analyzed and prosecuted by various techniques, which by their nature will give better results, some used first, others simultaneously and others at the end of the procedure. review.
When there are many games and similarities between them in a single account, the most practical and advisable thing is to resort to the procedure of examining a representative sample of the individual games, to derive from the result of that examination, a general opinion about the overall game.
The auditor can opt for a sampling subject to his intuition and supported by his great experience, however, statistical sampling is considered more effective, since it is based on mathematical probabilities.
There are procedures for using statistical sampling, based on characteristics and in relation to population distribution. The most commonly used types of statistical sampling plans are:
- Attribute sampling: Its purpose is to know how many times an event occurs or does not occur. For example, the rate of occurrence of a specific type of error in an accounting population is investigated using this type of sampling. Variable sampling: It is used when it is necessary to estimate a range of values for a characteristic of the population. For example, the total value of the accounts receivable population can be estimated using variable sampling.
The auditor should always bear in mind the risks posed by the use of sampling methods. The possibility arises that the conclusions based on the samples applied for compliance or substantive tests could differ from the results that would have been reached if the same audit procedure had been applied to the entire universe.
The auditor will use his judgment and experience in the preparation of his work papers in such a way that they contain the nature, timing and scope of the audit procedures applied.
Traditionally, the auditor has relied on written papers to demonstrate the timeliness and scope of the audit procedures. Nowadays, with the technological advances derived from the introduction of computing machines, both the audit tests and the working papers are carried out using this instrument.
A better auditor is not the one who generates a large accumulation of working papers with faithful transcripts of operations records, investing a great effort and time in it, but the one who obtains only enough, of high quality and reliable, applying the Exception Principle afterwards. of a conscientious study and evaluation of Internal Control throughout its cycle of transactions, or of the results obtained from the specific purpose computer system that it uses.
An example of this situation is the following, after processing all the options that are related to computer checks that are part of an audit system and no idea of the existence of problems with the information, it would only be necessary to prepare a work paper where detail everything reviewed and its results, without having to leave as evidence an accumulation of documents as used to be done in traditional audits; although in all cases the information of the unit is saved in digital format to be used if necessary.
Additionally, as part of the Auditing Standards, mandatory for the audit of Financial Statements, there are the Work Execution Standards and within them, the Obtaining of Sufficient and Competent Evidence is incorporated, among others (Through audit procedures, the supporting and pertinent evidence to the extent required, so that your opinion has an objective basis).
I.5- Computer-assisted audit
I.5.1- General
The use of computer equipment in institutions has had an important impact on the work of the public accountant, not only with regard to information systems, but also the use of computers in auditing. When conducting audits where computerized systems exist, the audit professional faces problems of a very diverse nature; One of them is the review of the administrative procedures (Internal Control) established in the auditing company.
Although the procedures that determine the control of transactions are the same in a manual system as in a computerized system, the auditor must be trained to understand the mechanisms that are developed in electronic processing. You must also be prepared to face computerized systems in which the majority of information produced manually is eliminated, which in turn appears by means of computer printouts.
Therefore, the techniques for applying audit procedures can vary considerably in their design and size, from the simplest to the most sophisticated, considering that according to the Dictionary of the Spanish Language of the Royal Spanish Academy, <
The professional, in his role as auditor, will likewise have to change and develop new auditing techniques as technology progresses.
Gómez Morfin in Introduction to the Audit of Financial Statements, Mexico, 1998 details in relation to the auditing techniques when using computer equipment, that the auditor may sometimes opt for manual auditing procedures, combined with techniques supported by computers, so that the desired evidence is achieved; that computer-aided auditing techniques must be used to verify, through compliance testing, whether the controls are working satisfactorily. The use of packages of generalized audit programs helps to a great extent to the realization of substitute tests and other work of the audit, among them, to the elaboration of evidence reflected in the working papers.
Among the options available in the software packages for the most frequently performed jobs according to JW Cook and JM Winkle are the following:
- Selection and printing of audit samples on statistical or non-statistical basis Performing analytical review functions by making comparisons, calculating ratios, identifying fluctuations, and performing multiple regression calculations Manipulating information by subtotaling, adding and classifying information, reorder a series of information, etc.
Examination of records according to specified criteria.
According to L. Zavaro and C. Martínez in their book <>, the standard Computer Aided Auditing Techniques (CAAT) are the use of certain program packages that act on the data, carrying out the following tasks more frequently:
- Selection and printing of audit samples on statistical or non-statistical bases, to which we add, on the basis of the knowledge acquired by the auditors Mathematical verification of sums, multiplications and other calculations in the files of the audited system Performing functions of analytical review, when making comparisons, calculating ratios, identifying fluctuations and carrying out multiple regression calculations Manipulation of information by calculating subtotals, adding and classifying information, re-ordering information in series, etc. Preparation of Trial Balances and Financial Statements, which in our opinion are used to compare them with those issued by the unit, as well as with the audit work papers. Examination of records according to the specified criteria.Several comparison functions, an aspect that is repetitive in the queries that we intend to explain, for example in relation to the input (positive) and output (negative) settings that must coincide in the number of physical units. Search for some information in particular, which meets certain criteria, which is found within the databases of the system being audited Take random samples through algorithmsTake random samples through algorithmsTake random samples through algorithms
Taking into account that the audited activities in Retail Trade are based on the commercial management carried out by these service units, it is necessary to include specialists in the commercial activity in the audit team with a view to carrying out comprehensive audits that include this topic.
Similarly, taking into account that it was essential to audit computer systems; As well as designing auditing programs, IT specialists must be incorporated, forming multidisciplinary teams capable of venturing into IT and Commercial Audits, independently of the Accounting ones, where the auditors who fulfill the function of team leaders are obliged to document themselves on all audited issues. In this way, the auditors acquire more knowledge of the different topics, being able even, without specialists in the remaining subjects, to carry out analyzes of those topics, although sometimes it is necessary for the auditor to consult with experts, such as industrial engineers, lawyers,human resources or work standardization specialists to obtain evidence to gather sufficient evidence.
The previous decision coincides with the criteria of LF Pérez Toraño, in his book Audit of Financial Statements, Mexico, 1999, where it is stated that accounting, contemporary auditing, administration and consulting have their own technique, therefore they must have professionals who know and apply this specialized technique, since their activity is not limited, as in the past, to the accounting aspect, since every day the scope of the professional services provided to companies is defined more clearly, such as financial planning, marketing, human resources, systems and procedures, production, public relations, etc.
The generalized computerization of economic mechanisms that until just a decade ago were processed manually, as well as the changes that occurred in the computer processing themselves, have introduced substantial transformations on the traditional concept of Internal Control and the structure of the registry, conditioning the existence and development of the Audit with IT. Some of these changes are:
- The transformation of records and other traditional means into files as means of document control and supports Increase in the dependence of managers, officials and employees on computer specialists, in direct relation to the dynamics of computerization development Generated transactions, correlated, summarized and recorded internally in an automated way The continuous expansion of database management systems, with the consequent influence on the increase in the complexity of the computer systems that are used Emergence and spread of computer crime Increased awareness on the part of the administrations of the entities, of the need to protect their information and to optimize their computer systems.
Carrying out audits in a computerized environment, where the computerization of accounting and management systems have reached a notable development, entails the introduction of a different conception from the one that has existed for decades; where information technology actively participates as a very valuable tool, which allows this discipline to evolve at the same rate as the transformations incorporated into the structure of the registry and Internal Control.
Considering the importance of an IT environment for auditing, as it is a strategic element for the organization and because it constitutes one of the areas with the greatest potential for obtaining evidence quickly and accurately, foray into this area is decisive since it makes it possible to obtain viable evidence and clues that allow establishing a reliable assessment in relation to deficiencies, violations, adulterations and even detecting allegedly criminal practices.
I.5.2- Advantages of using computer-assisted auditing techniques (CAAT).
The use of TAAC offers the following advantages:
- They increase or broaden the scope of the investigation and allow tests that cannot be carried out manually;
- They increase the scope and quality of the samplings, verifying a large number of elements;
- They raise the quality and reliability of the verifications to be carried out; They reduce the period of testing and sampling procedures at a lower cost; They guarantee the least number of possible interruptions to the audited entity; They provide the auditor with autonomy and independence of work, by not depending only of the verifications that are detailed in the audit guides; They allow to carry out simulations on the processes subject to examination and to monitor the work of the units; To carry out a priori planning on the points with potential violation of the Internal Control; Considerable reduction of the risk of non-detection of problems; Possibility for the acting auditors to focus their attention on those indicators that show unusual balances or significant variations, which need to be reviewed as part of the audit;Increase in productivity and the depth of the analyzes carried out in the audit; Possibility of rescuing value in the result of each audit; Elevation of the professional self-esteem of the auditor, by mastering cutting-edge techniques that equate to the development of discipline in the at international level.
I.5.3- Types of Systems
In addition to the widespread audit programs available, many auditors create their own software application to carry out specialized audit work. In this way, procedures can be designed that adapt to the peculiarities of the company's system and increase the efficiency of the audit. .
L. Zavaro and C. Martínez point out in their book Computer Auditing that CAATs can be carried out with the use of a computerized audit system, either general or specific. The general purpose auditing system can work with different database structures such as IDEA and ACL; on the other hand, the specific systems that adopt the “made-to-measure” classifier can only be used on a given database structure.
In this paper, a group of options for analysis and queries that were designed manually and later formed part of a specific-purpose system will be exposed, so it is necessary to mention the advantages and disadvantages of this type of application:
- Design of specific procedures for the Computer System used to record operations. It does not present limitations related to the query language it uses. It allows the verification of application controls, such as: Sequence, Integrity, Range, Validity, Date, etc. They can prepare several reports to be used in subsequent procedures It allows to organize, consolidate and totalize data according to the objectives pursued by the auditor Procedures can be simulated in parallel from the same input data, to compare the results obtained with the output files of the audited application.
- High development cost. Limited number of reports and queries. They are dependent on the system in use in the audited entity. Need for system maintenance due to modifications that the application will have had in subsequent examinations or due to application change.
The previous analysis differs from the one carried out by L. Zavaro and C. Martínez where they only point to an advantage to the specific purpose system, which coincides with the first one indicated above and they place it in a secondary place. However, as the existence of five more important advantages can be seen, this type of application would occupy a similar place to those of general purpose.
For the purposes of this work, it is considered that specific-purpose programs have six advantages and four disadvantages, as indicated above, which is why it is more profitable for the internal auditor, not being in the same way with external auditors those who They generally use general purpose ones, to which L. Zavaro and C. Martínez find the following advantages and disadvantages:
Advantage:
- The costs you face in application modifications are lower. They have individual and unique characteristics, tending to be similar in concept and purpose. They have a wide range of functions aimed at the verification of processing and controls.
See Chapter VII, Introduction to the Audit of Financial Statements, Joaquín Gómez Morfin, México, 1998
Tests designed to obtain a certain assurance that established internal accounting control procedures are being followed.
Chapter 10 JW Cook and JM Winkle, Audit, McGraw-Hill, 1992
LF. Peréz Toraño, Audit of Financial Statements, Mexico, 1999.
Standards and Auditing Procedures of the Mexican Institute of Public Accountants, 1996, Bulletins 1010, 1020, 2010 and 3040
JW Cook and JM Winkle, Audit, McGraw - Hill, 1992
The value redeemed in the audit is the expense or loss that will not be incurred by the unit if it follows the recommendations indicated in the audit, it may be related to a forecast of increased sales or decreased losses when the products do not expire.
L, Zavaro; C, Martínez, Computer Audit, Cuba, 1999
Page 132 of The Internal Audit: Key to financial and operational improvement, Alexander Hamilton Institute, USA, 1982.
Download the original file
