Tuesday, April 21, 2009

Audit Trail And Documentation Control

An important function of system controls is providing for an audit trail. Anaudit trail is a routine designed to allow the analyst, user, or auditor to verify a process or an area in the new system. In a manual system, the audit includes journals, ledgers, and other documents that the auditor use trace transactions through the system. In a computerized system, re content and format frequently make it difficult to trace a transaction completely. Some reasons are the following:
   1. Records stored on a magnetic medium (tape, disk, etc.) can be read only by a computer and with the use of a computer program.
   2. Data processing activities are difficult to observe, since they take place within the computer system.
   3. The record sequence is difficult to check without the assistance of a computer system.
   4. Direct data entry eliminates the physical documentation for an audit program.

One way to overcome these constraints is to keep a file on all transactions as they occur. For example, transactions can be recorded on tape, which can be an input to an audit program. The program pulls selected transactions and makes them available for tracing their' status. The systems analyst must be familiar with basic auditing or work closely with an auditor to ensure an effective audit trail during the design phase.

The proper audit of a system also requires documentation. Documentation is the basis for the review of internal controls by internal or independent auditors. It also provides a reference for system maintenance. Preparing documentation occupies much of the analyst's time. When the implementation deadline is tight, documentation is often the first item to be ignored.

Documentation may be internal (in program documentation) or external hard-copy documentation. It must be complete and consistent for all systems prepared according to standards. So a plan to approve a new design should include documentation standards before programming and conversion.

In summary, the primary purpose of auditing is to check that controls built into the design of candidate systems ensure its integrity. Audit considerations must be incorporated at an early stage in the system development so that changes can be made in time. Neglecting this "ital step could spell trouble for system implementation.

1 comment:

  1. Is the electronic audit trail readily available for inspections and audits

    ReplyDelete