15.6 Planning the audit in computerised systems

Planning the audit in computerized systems involves specific considerations to address the unique risks and complexities associated with such systems. Here are some key steps in planning the audit in computerized systems:

1. Understand the System: Gain a comprehensive understanding of the computerized system, including its structure, functionality, and underlying technology. This involves studying system documentation, conducting interviews with key personnel, and reviewing system flowcharts and data models.
2. Assess System Controls: Evaluate the effectiveness of general and application controls in the computerized system. General controls include those related to system security, access controls, change management, and backup and recovery procedures. Application controls are specific to individual applications and ensure the accuracy, completeness, and integrity of data processed by the system.
3. Identify Risks: Identify and assess the risks associated with the computerized system. This includes understanding the potential impact of errors, frauds, and IT-related risks on financial reporting and internal controls. Consider risks related to data integrity, unauthorized access, system failures, and compliance with laws and regulations.
4. Determine the Scope: Determine the areas of the computerized system that require audit attention based on risk assessment. This may include focusing on high-risk areas such as revenue recognition, inventory management, financial reporting processes, and sensitive data access.
5. Develop Audit Procedures: Design and develop audit procedures specific to the computerized system. This may include using computer-assisted audit techniques (CAATs) to perform data analytics, testing system controls, reviewing system-generated reports, and conducting substantive testing procedures.
6. Consider IT Expertise: Assess the need for IT expertise within the audit team. Depending on the complexity of the computerized system, it may be necessary to have individuals with specialized IT skills and knowledge to effectively plan and execute the audit.
7. Document the Audit Plan: Document the audit plan, including the specific objectives, scope, and procedures to be performed in the computerized system. Ensure that the plan is adequately documented to provide a clear roadmap for the audit engagement.