Question

A. Gita Rani Sdn Bhd (GR) is a plastic manufacturer, which operates from a large production facility, where it undertakes continuous production 24 hours a day, seven days a week. The company’s production facility includes two warehouses, where the company’s raw materials and finished goods are stored. GR’s year end is 31 December. GR is finalizing the arrangements for the year-end inventory count, which is to be undertaken on 31 December 2019. The finished plastic bottle are stored in the first warehouse. The second warehouse is for storing large piles of raw materials, such as silicon, used in the manufacture of plastic.
Required:
For the audit of the inventory cycle and year-end inventory balance of GR Sdn Bhd:
i. Describe four (4) audit procedures that could be carried out using computer-assisted audit techniques (CAATs)

ii. Explain four (4) potential advantage and drawbacks of using CAATs.

B. An audit client is in the process of creating an online web -based sales ordering system for customers to purchase products using online payment method. Identify three risks related to an online sales system that management should consider. For each risk identify an internal control that could be implemented to reduce that risk.

C. Evaluate the risks associated with network systems and database systems to those associated with centralized IT functions.

Answer 1

A)

i. Computer Assisted Audit Techniques :-

1. Computer Assisted Audit Techniques (CAATs) is the tool which is used by the auditors. This tool facilitates them to make search from the irregularities from the given data. With the help of this tool, the internal accounting department of any firm will be able to provide more analytical results. These tools are used throughout every business environment and also in the industry sectors too. With the help of Computer Assisted Audit Techniques, more forensic accounting with more analysis can be done. It’s really a helpful tool that helps the firm auditor to work in an efficient and productive manner.
2. The CAAT tool supports the forensic accounting in which larger amount can be diverted to the analytical form and it also prompts where the tool detects the fraud. This tool simplifies the data and in the automated form. The name of CAATs tool is placed in almost every firm where the auditing or advance level accounting takes place. The firm is well aware of the benefits of these tools and also making some advancement in this tool in accordance with their need, in return all the large raw data becomes in statistical and analytical form. It’s a time saving tool.
3. With the advancement in the field of technology, many easy to use and more efficient CAATs tools are available. Accountants of the present business world found this tool very much easier to use as the new upcoming tools come with the guide book and even are users friendly.
4. For working with the CAAT tool, it is essential for the accountant or the auditor to select the right data, the selection process is very much tricky, and you need to be professional for it. After selecting the right data, import that to the CAAT tool, now the tool will automatically generate the analytical data. This tool really contributes to the efficiency of the auditors.

ii. Computer Assisted Audit Techniques potentials advantages and drawback

1. Advantages :

• Independently access the data stored on a computer system without dependence on the client;
• Test the reliability of client software, i.e. the IT application controls (the results of which can then be used to assess control risk and design further audit procedures);
• Increase the accuracy of audit tests; and
• Perform audit tests more efficiently, which in the long-term will result in a more cost effective audit.

2. Disadvantages :

• CAATs can be expensive and time consuming to set up, the software must either be purchased or designed (in which case specialist IT staff will be needed);
• Client permission and cooperation may be difficult to obtain;
• Potential incompatibility with the client's computer system;
• The audit team may not have sufficient IT skills and knowledge to create the complex data extracts and programming required;
• The audit team may not have the knowledge or training needed to understand the results of the CAATs; and
• Data may be corrupted or lost during the application of CAATs.

B )

An online sales ordering system poses many potential risks for an audit client. Risks that may exist include: 1.Customer data is susceptible to interception by unauthorized third parties.

2.The client company’s data, programs, and hardware are susceptible to potential interception or sabotage by external parties.

3 . An unauthorized third party may attempt to transact business with the client company.

These risks can be addressed by the use of firewalls, encryption techniques, anddigital signatures. A firewall is a system of hardware and software that monitors and controls the flow of e-commerce communications by channeling all network connections through a control gateway. A firewall protects data, programs, and other IT resources from external users accessing the system through networks, such as the Internet. Encryption techniques are based on computer programs that transform a standard message into a coded (encrypted) form. One key (the public key) is used for encoding the message and the other key (the private key) is used to decode the message. Encryption techniques protect the security of electronic communication during the transmission process. Finally, the use of digital signatures can enhance internal controls over the online sales order system by authenticating the validity of customers and other trading partners whoconduct business with the client company.

Internal controls can be used to mitigate many of the risks associated with e-commerce activities. In accordance to this, “Risk Assessments and Internal Control,” the auditor considers the control environment and control procedures the entity has applied to its ecommerce activities to the extent they are relevant to the financial statement assertions. In some circumstances, for example when electronic commerce systems are highly automated, when transaction volumes are high, or when electronic evidence comprising the audit trail is not retained, the auditor may determine that it is not possible to reduce audit risk to an acceptably low level by using only substantive procedures. CAATs are often used in such circumstances.

C)

Compare the risks associated with network systems and database systems to those associated with centralized IT functions.

Because many companies that operate in a network environment decentralize their network servers across the organization, there is an increased risk for a lackof security and lack of overall management of the network operations. The decentralization may lead to a lack of standardized equipment and procedures. In many instances responsibility for purchasing equipment and software, maintenance, administration, and physical security often resides with key user groups rather than with a centralized IT function. Also, network-related softwareoften lacks the security features, including segregation of duties, typically available in traditionally centralized environments because of the ready access tosoftware and data by multiple users. In database management systems where many applications share the same data, controls can often be strengthened as data are more centralized and duplicate files can be eliminated. However, there are also increased risks in some cases given that multiple users, including individuals outside accounting, access and update data files. Without proper database administration and access controls, risks of unauthorized, inaccurate, and incomplete data files increase. Centralization of data also increases the needto properly back up data information on a regular basis.