Traditional Culture Encyclopedia - Traditional customs - Analysis on how to prevent computer audit risk

Analysis on how to prevent computer audit risk

Computer audit risk refers to the possibility that the auditor's audit conclusion deviates from the actual situation of the audited project after auditing the accounting computerization system of the audited unit. It can also be understood that auditors can't use computer audit technology correctly and reasonably, which leads to audit results inconsistent with facts and inappropriate audit opinions.

First, the causes of computer audit risk

1. The traditional audit trail gradually disappears. In the manual bookkeeping system, every step from original vouchers to bookkeeping vouchers, account book records and financial statements is recorded in writing and signed by different handlers, and the audit trace is very clear. In the computerized accounting system, the traditional account books are gone, most of the written records are gone, and most of the accounting information is stored on disk or tape, so the clues seen by the naked eye are reduced. Moreover, the data stored on the disk can be easily modified, deleted, hidden and transferred without obvious traces. Therefore, it reduces the possibility of auditors finding mistakes and increases the audit risk.

2. Auditing techniques and methods are becoming more and more complicated. After the implementation of computerized accounting, great changes have taken place in auditing techniques and methods. Some of the accounting application software used by the audited units are commercialized and some are developed by themselves, which have certain differences in functions and procedures and require different auditing techniques and methods, which increases the complexity of auditors' auditing. If auditors are unfamiliar with software or adopt improper audit techniques and methods, it will inevitably bring audit risks.

3. It is difficult to obtain evidence through auditing in the dynamic process. In some large enterprises, computer accounting information system is a large-scale network system. Daily settlement of costs and profits, analysis of production trends, for management decision-making reference. Therefore, the system must be in operation, and once it stops working, it will cause huge economic losses to the audited unit. On the one hand, auditors have to complete the audit task, on the other hand, they can't hinder and terminate the operation of the accounting information system of the audited unit, so they can only obtain evidence during the operation of the system, which is difficult and has certain audit risks.

4. The internal control system of the audited entity is not perfect. In the manual system, the test of internal control is tangible, but in the computerized accounting information system, the techniques and methods of internal control have changed greatly, which makes many original control measures in the manual system unsuitable. Most of the control measures are established in the computer accounting information system in the form of programs, which are imperceptible to the naked eye and largely depend on computer processing. Whether the internal control function of computer accounting information system is appropriate and effective will directly affect the authenticity and accuracy of the information output by the system. The complexity of the internal control environment and the limitations of internal control also provide opportunities for fraud, thus increasing the audit risk.

5. Auditors lack computer knowledge. At present, most auditors generally lack computer knowledge. With the implementation of computerized accounting, the audited objects are becoming more and more complicated. Therefore, in addition to professional audit and accounting knowledge, auditors must also master certain computer knowledge and application technology, otherwise, the audit conclusions made by auditors may deviate from the reality of the accounting information system of the audited unit, thus causing audit risks.

6. The audit of computer accounting information system lacks scientific standards and guidelines. In the past, there were many auditing standards and guidelines for manual system auditing. However, when auditing computerized accounting information system, due to the changes of audit objects and audit clues, the audit techniques and means have also changed accordingly, and some original standards and guidelines are no longer applicable. The new standards and guidelines applicable to the audit of computerized accounting information system have not yet been promulgated, which is prone to audit risks.

7. The existing accounting software evaluation mechanism is flawed. The evaluation of current accounting software mainly focuses on the composition of software functions and the rationality of accounting treatment methods, ignoring the security of audit clues; The evaluation focuses on the consistency between the results of accounting software operation and manual work, ignoring the evaluation of internal control system in the process of software development; The evaluation relies on the opinions of the expert group of accounting computerization and some users, ignoring the audit characteristics of the software; The results of the review may conflict with the opinions of the auditors. All these have brought certain difficulties and risks to the work of auditors.

Second, the types of computer audit risks

1. Personnel operation risk. The risk of personnel operation refers to the risk caused by audit public opinion because of relying too much on the results of computer operation when auditing the computerized accounting information system, and failing to conduct necessary audit on all kinds of suspicious clues.

2. Financial data risk. Financial data risk refers to the risk that financial data input by accountants is untrue, modified or delayed.

3. Software management risk. Software management risk refers to the risk caused by the imperfect use and management of computer-aided audit software.

Three, computer audit risk prevention

1. Ensure the integrity of audit data. In order to ensure the integrity and accuracy of audit data, auditors must carefully check whether the data provided by the audited entity is true, whether it belongs to the financial data within the audit time range, whether it belongs to the data after closing, and whether the financial data matches the paper account books and statements. At the same time, the financial data obtained by auditors should be obtained from the financial data backed up by the financial personnel of the audited entity on the spot.

2. Choose the appropriate audit release technology. Auditors can adopt different audit methods and techniques according to the different systems of the audited units, thus effectively reducing audit risks. When the printed documents are sufficient and closely related to the input and output of the audited unit, the audit method of bypassing the computer can be adopted, and audit techniques such as inspection, review and analysis can be used; When the audited entity adopts real-time processing, there are few paper audit clues and it is impossible to directly check the input and output, computer audit can be used. When the auditee has been running and can't stop working during the audit, the system-based method can be adopted. First, review the general control and application control of the computer accounting information system of the audited unit, and determine the focus, scope and method of spot check according to the review results of the general control and application control, which can reduce the audit risk and reduce the audit risk.

3. Choose a reasonable audit method. Because most of the contents to be audited are stored in magnetic media, it is easy to be tampered with and deleted without leaving any traces. Therefore, the audit of computer accounting information system should generally adopt on-site audit or surprise audit. During the audit, the operating data in the system can be copied for review without notifying the operator or programmer in advance, so as to prevent the operator from tampering or deleting the data. Only in this way can we ensure the correctness and integrity of the audited procedures and data and effectively reduce the audit risk.

4. Actively obtain the support and cooperation of the audited entity. In computer audit, it is difficult for auditors to examine the financial data in magnetic media and accounting information system if the financial personnel and operators of the audited unit do not cooperate and encrypt, modify, delete and hide them. Therefore, it is necessary to actively obtain the support and cooperation of the audited entity in the audit process to reduce the audit risk.

5. Establish and improve the standards and guidelines of computerized accounting information system. Some original standards and guidelines are no longer applicable to the audit of computerized accounting information system, which brings certain risks to the audit of computerized accounting information system. Relevant departments should take relevant measures to strengthen computer audit research, formulate standards and guidelines suitable for computerized accounting information system audit as soon as possible, and reduce the risk of computer audit.

6. Improve the evaluation mechanism of accounting software. The vertical evaluation mechanism of exclusive evaluation of accounting software by financial department brings certain difficulties and risks to the audit of accounting computerization information system. Therefore, it is necessary to improve the evaluation mechanism of accounting software. Before the accounting software passes the financial evaluation, the auditing organ will organize experts to audit the software development of software developers and make audit conclusions. The financial department will refer to the audit conclusion and finally make a decision on whether to pass the evaluation. Grassroots auditors only need to refer to the audit conclusion to review and evaluate the accounting software system of grassroots users. In this way, auditors and financial department examiners share the responsibility and risk of evaluation.

7. Actively develop and use computerized audit software. With the popularization of computerized accounting and the continuous upgrading of networking, the audit is becoming more and more difficult. On the one hand, developing and using excellent computerized audit software can improve audit efficiency, on the other hand, it can effectively control and reduce audit risks.