1 Recent Trends in Auditing

Third Year B.Com.

Semester -VI
Advanced Accounting & Auditing - Paper-VII
(PRINCIPLES OF AUDITING)
Course Code - CE 620 A (1)
(Syllabus effective from Academic Year 2018-19)

Unit Course Inputs Weightage

4 Recent Trends in Auditing: 20%
Nature and Significance of
1. Cost Audit,
2. Tax Audit,
3. Management Audit,
4. EDP Audit.
2 Recent Trends in Auditing
3 Recent Trends in Auditing

Chapter

1 Cost Audit

1.1 Introduction
Rapid economic and industrial growth and increased competition has led
businesses focus on expansion and diversification of their operations
which has made business structures and procedures very complex. As a
result a need of various types of Audit have emerged to ascertain the
correctness of business operations and improving deficiencies, so that an
organization is able to sustain in this competitive environment.
1.2 Recent Trends in Auditing
With the variety of business operations, various types of Audits are
emerged. Classification of various audits is possible from four different
view-points as under.

Organisation
Objective Timing Scope
al Structure
• Voluntary Audit • Independent • Continuous • Complete Audit
• Sole Financial Audit Audit • Partial Audit
Proprietorship • Internal Audit • Annual Audit • Detailed audit
• Partnership • Cost Audit • Interim Audit
Firm • Management • Balance Sheet
• LLP/ NGOs Audit Audit
• Statutory Audit • Tax Audit
• Government • Secretarial
Audit Audit
• Forensic Audit
• Information
Security Audit
• Social Audit
• Environment
Audit
• Performance
Audit
• Propriety Audit
• Operational
Audit
4 Recent Trends in Auditing
In this section we will discuss various four audits from the above
classification. They are Cost Audit, Tax Audit, Management Audit and
EDP Audit. In this chapter Cost Audit is discussed. Other three Audits
are discussed in subsequent chapters.

1.3 Cost Audit - Definition

The Institute of Chartered Accountants of India has defined auditing
as “A systematic and independent examination of data, statements,
records, operations and performances (financial or otherwise) of an
enterprise for a stated purpose. In any auditing situation, the auditor
perceives and recognises the propositions before him for examination,
collects evidence, evaluates the same and on this basis formulates his
judgment which is communicated through his audit report”.
Cost Audit is an audit process for verifying the cost of manufacture or
production of any article, on the basis of accounts as regards utilisation
of material or labour or other items of costs, maintained by the company.
In simple words the term cost audit means a systematic and accurate
verification of the cost accounts and records and checking of adherence
to the objectives of the cost accounting.
As per ICWA London, “Cost audit is the verification of the correctness
of cost accounts and of the adherence to the cost accounting plan.”

1.4 Objectives
Basic objective of Cost Audit is to verify the cost of manufacture or
production of any article, on the basis of accounts as regards utilisation
of material or labour or other items of costs, maintained by the company.
Accordingly, the detailed objectives are explained as under:
1. Accuracy of Cost Records: The Cost Audit checks the arithmetic
accuracy of entries made in the books of Cost Ledger.
2. Cost Accounting Standards: Cost Audit verifies whether the
company has followed the Cost Accounting Standards (CASs) issued
by Cost Accounting Standards Board (CASB).
3. Detection of Fraud: Cost Audit aims to detect any fraud or error
prevailing in Cost Accounts.
5 Recent Trends in Auditing
4. Cost of goods/Services: An aim of cost audit is also to verify that
whether cost of goods or services is determined scientifically or not.
5. Overheads: Overheads are not direct cost to company. It is essential
to verify whether such overheads are absorbed to the cost fully by the
end of the accounting period. Cost Audit verifies it and also calculates
over absorption and under absorption of such overheads.
6. Efficiency: Cost Audit verifies the correctness of cost records of company
and thus helps in verifying the efficiency of various departments.
7. Reconciliation: Cost Audit also aims to reconcile the figures between
Cost accounts and Financial accounts.
8. Exercise control: Cost Audit also helps in exercising control over the
expenditure in manufacturing and marketing of the products or
services.

1.5 Difference between Cost Audit and Financial Audit

The following are the main points of differences between Financial Audit
and Cost Audit:

Point of Financial Audit Cost Audit

Difference
1. Meaning Verification of Financial Verification of cost accounts
Assets, financial accounts to ascertain the accuracy of
and statements to cost records
ascertain their accuracy
2. Objective Detection and prevention Verification of cost records
of errors in financial and to ascertain whether cost
accounts plans are adhered.
3. Aspect Focuses mainly financial Focuses mainly cost aspect
aspect
4. Interest Prepared in the interest of Prepared in the interest of
owners i.e. shareholders management
5. Report is Auditor addresses the Auditor addresses the report
addressed report to shareholders and to Company Law Board and
to submit it to the secretary submit it to the company
of the company. Law board and a copy to the
company.
6 Recent Trends in Auditing

6. Compulsi Financial Audit is Cost Audit is not compulsory

on compulsory as per for all companies. It is
Companies Act 2013. compulsory as per section
143 of Companies Act 2013.
7. Audit by Audit is done on behalf of Audit is done on behalf of
whom proprietor of a business. government or company Law
Board.
8. Auditor Generally such audit is Generally such audit is done
done by a chartered by a cost Accountant.
Accountant.
9. Valuation Auditor here is required Auditor here is required to
of Stock to verify the correctness check whether valuation of
of valuation of stock. stock is according to the
requirements or not.
10. Scope Scope of financial Audit Scope of Cost Audit is to
is to verify that verify efficiency of business
transactions recorded are unit.
supported by vouchers or
not.

1.6 Statutory Provisions

Provisions of Cost Audit are covered by Section 148 of the Companies
Act, 2013. The audit conducted under this section shall be in addition to
the audit conducted under section 143.
As per section 148 the Central Government may by order specify audit of
items of cost in respect of certain companies. Further, the Central
Government may, by order, in respect of such class of companies
engaged in the production of such goods or providing such services as
may be prescribed, direct that particulars relating to the utilisation of
material or labour or to other items of cost as may be prescribed shall
also be included in the books of account kept by that class of companies.
The Central Government has notified the Companies (Cost Records and
Audit) Rules, 2014 which prescribes the classes of companies required to
include cost records in their books of account, applicability of cost audit,
maintenance of records etc.
7 Recent Trends in Auditing
1.7 Advantage of cost Audit

(a) To the Management:

1. Reliable Data: Management gets reliable data for its day-to-day
operations like price fixing, control, decision making, etc. And
accordingly it increases the efficiency of management.
2. Control on Wastages: A close and continuous check an all wastages
will be kept through a proper system of reporting to management. So
that management can take necessary steps to control abnormal losses
and wastages which arise due to various controllable reasons.
3. Efficient Working: Inefficiencies in the working of the company will
be brought to light to facilitate corrective action.
4. MBE: Management by exception becomes possible through
allocation of responsibilities to individual managers.
5. Support to other systems: System of budgetary control and standard
costing will be greatly facilitated by the cost audit. Management
would be able to compare actuals and budget and take necessary
decisions. The system also helps standard Costing system to find out
the reasons for various variances.
6. Valuation of Stock: Reliable check on valuation of closing stock and
work-in-progress can be established.
7. Moral Check on employees: The existence of cost audit
automatically keeps a moral check on employees. Employees when
are aware that records are going to be audited, they take an extra care
in preparing the accounts and records.
8. Detection of frauds: Cost Audit helps in detection of frauds and
errors.
(b) To the shareholders
1. Proper Records: Cost Audit ensures that proper records are kept as
to purchases and utilisation of material and expenses incurred on
wages, etc. So that shareholders are assured that their money is in safe
hands.
2. Fair Return: Cost Audit also makes sure that the valuation of closing
stock and work-in-progress is on a fair basis. Thus, the shareholders
are assured of a fair return on their investment.
8 Recent Trends in Auditing
(c) To government
1. Price Fixation: Cost audit helps government in satisfying the
correctness of cost accounts and accordingly it helps government in
fixation of prices and policies.
2. Other decisions: Cost Audit provides an important data to the
government which helps government in taking decisions regarding
granting subsidies and relief to certain kinds of industries etc.

1.8 Disadvantage of Cost Audit

These are following disadvantages of cost accounting.
1. Current Values: Accountants cannot estimate price of assets at
current values.
2. Only cost data: Cost Audit covers cost of business. But does not
evaluate overall profitability.
3. Manipulations: Manipulations in accounts still exist.
4. Vary: Standards of accounting vary from business to business. So it
becomes very difficult to establish predetermined standards in Cost
Audit.

1.9 Cost Auditor

1.9.1 Who can be Cost Auditor?
The audit shall be conducted by a Cost Accountant in Practice who shall
be appointed by the Board of such remuneration as may be determined
by the members in such manner as may be prescribed.
It may be noted that no person appointed under section 139 as an auditor
of the company shall be appointed for conducting the audit of cost
records.
1.9.2 Appointment of Cost Auditor
Rule 6 of the Companies (Cost Records and Audit) Rules, 2014 requires
the companies prescribed under the said Rules to appoint an Auditor
within 180 days of the commencement of every financial year. Every
referred company shall inform the cost auditor concerned of his or its
appointment as such and file a notice of such appointment with the
9 Recent Trends in Auditing
Central Government within a period of 30 days of the Board meeting in
which such appointment is made or within a period of 180 days of the
commencement of the financial year, whichever is earlier, through
electronic mode, in Form CRA-2, along with the fee as specified in
Companies (Registration Offices and Fees) Rules, 2014.
The cost auditor appointed as such shall continue in such capacity till the
expiry of 180 days from the closure of the financial year or till he
submits the cost audit report, for the financial year for which he has been
appointed.
1.9.3 Duties of an auditor
 Examine the correctness of the cost records maintained by the concern
and
 To report as to whether the cost accounting plans have been adhered
to or not.

1.10 Applicability of Cost Audit:

Rule 4 of the Companies (Cost Records and Audit) Rules, 2014 states the
provisions related to the applicability of cost audit depending on the
turnover of the company as follows-
(i) Classes of companies specified under item (A) “Regulated Sectors”
are required to get its cost records audited if the overall annual
turnover of the company from all its products and services during the
immediately preceding financial year is ₹ 50 crore or more and the
aggregate turnover of the individual product(s) or service(s) for
which cost records are required to be maintained under rule 3 is ₹ 25
crore or more.
(ii) Classes of companies specified under item (B) "Non-Regulated
Sectors" are required to get its cost records audited if the overall
annual turnover of the company from all its products and services
during the immediately preceding financial year is ₹ 100 crore or
more and the aggregate turnover of the individual product(s) or
service(s) for which cost records are required to be maintained under
rule 3 is ₹ 35 crore or more.
10 Recent Trends in Auditing
Applicability of Cost Audit to following companies:

Turnover Regulated Sector Non regulated Sector

Aggregate Turnover ₹ 50 crores or more ₹ 100 crores or more
Individual product Turnover ₹ 25 crores or more ₹ 35 crores or more
1.11 Non Applicability of Cost Audit:
Sub-rule (3) of rule 4 provides that the requirement for cost audit under
these rules shall not be applicable to a company which is covered under
Rule 3, and,
(i) whose revenue from exports, in foreign exchange, exceeds 75% of
its total revenue; or
(ii) which is operating from a special economic zone.

Non Applicability of Cost Audit

Companies having
Companies Companies engaged
more than 75% of
operating from a in generation of
revenue from
special economic electricity for
exports in foreign
zone captive consumption
exchange

1.12 Cost Audit Report

1.12.1 Format
Form CRA - 3
[Pursuant to Rule 6(4) of the Companies (Cost Records and Audit) Rules, 2014]

FORM OF THE COST AUDIT REPORT

1. I/We, __________________ having been appointed as Cost Auditor(s) under

Section 148(3)of the Companies Act, 2013 (18 of 2013) of _________
(mention name of the company) having its registered office at
______________________ (mention registered office address of the
company) (hereinafter referred to as the company), have audited the Cost
Records maintained under section 148 of the said Act, in compliance with the
11 Recent Trends in Auditing
cost auditing standards, in respect of the ___________________ [mention
name (s) of Product(s) / service(s)] for the period/year _________ (mention
the financial year) maintained by the company and report, in addition to
my/our observations and suggestions in para 2.

I. I/We have/have not obtained all the information and explanations, which
to the best of my/our knowledge and belief were necessary for the
purpose of this audit.
II. In my/our opinion, proper cost records, as per Rule 5 of the Companies
(Cost Records and Audit) Amendment Rules, 2014 have/have not been
maintained by the company in respect of product(s)/service(s) under
reference.
III. In my/our opinion, proper returns adequate for the purpose of the Cost
Audit have/have not been received from the branches not visited by
me/us.
IV. In my/our opinion and to the best of my/our information, the said books
and records give/do not give the information required by the Companies
Act, 2013, in the manner so required.
V. In my/our opinion, the company has/does not have adequate system of
internal audit of cost records which to my/our opinion is commensurate to
its nature and size of its business.
VI. In my/our opinion, information, statements in the annexure to this cost
audit report gives/does not give a true and fair view of the cost of
production of product(s)/rendering of service(s), cost of sales, margin and
other information relating to product(s)/service(s) under reference.
VII. Detailed unit-wise and product/service-wise cost statements and
schedules thereto in respect of the product/service under reference of the
company duly audited and certified by me/us are/are not kept in the
company.

2. Observations and suggestions, if any, of the Cost Auditor, relevant to the cost
audit.
Dated: this ____ day of _________ 20__
At __________ (mention name of place of signing this report)

SIGNATURE AND SEAL OF THE COST AUDITOR (S)

MEMBERSHIP NUMBER (S)

1.12.2 Submission of Cost Audit Report:

(i) To the Board of Directors of the Company- The cost auditor shall
submit the cost audit report along with his reservations or
qualifications or observations or suggestions, if any, in Form CRA-3.
He shall forward his report to the Board of Directors of the company
within a period of 180 days from the closure of the financial year to
12 Recent Trends in Auditing
which the report relates and the Board of Directors shall consider and
examine such report particularly any reservation or qualification
contained therein.
(ii)To the Central Government- The company shall within 30 days
from the date of receipt of a copy of the cost audit report prepared (in
pursuance of a direction issued by Central Government) furnish the
Central Government with such report along with full information and
explanation on every reservation or qualification contained therein in
Form CRA-4 along with fees specified in the Companies
(Registration Offices and Fees) Rules, 2014. If, after considering the
cost audit report and the, information and explanation furnished by
the company as above, the Central Government is of the opinion, that
any further information or explanation is necessary, it may call for
such further information and explanation and the company shall
furnish the same within such time as may be specified by that
Government.
1.13 Penal Provisions in Case of Default:
If any default is made in complying with the provisions of this section,
(a) the company and every officer of the company who is in default shall
be punishable in the manner as provided in sub-section (1) of section
147;
(b) the cost auditor of the company who is in default shall be punishable
in the manner as provided in sub-sections (2) to (4) of section 147.
As per section 147

147(1) Company in default Fine which shall not be less than ₹

25,000 but may extend to ₹ 5,00,000

Officer in default Imprisonment for a term which may

extend to one year or with fine which
shall not be less than ₹ 10,000 but which
may extend to ₹ 1,00,000, or with both

147(2) Auditor Fine which shall not be less than ₹

25,000 but which may extend to ₹
5,00,000 or four times the remuneration
of the auditor, whichever is less
13 Recent Trends in Auditing

Auditor knowingly imprisonment for a term which may

or wilfully intend to extend to one year and with fine which
deceive the shall not be less than ₹ 50,000 but which
company may extend to ₹ 25,00,000 or eight times
the remuneration of the auditor,
whichever is less

147(3) Convicted auditor refund the remuneration received by him

to the company and
pay for damages to the company,
statutory bodies or authorities

147(4) statutory body or prompt payment of damages to the

authority or an company or the persons
officer

147(5) partner or partners civil or criminal liability

of the audit firm
has or have acted in
a fraudulent manner
14 Recent Trends in Auditing
1.14 Question Bank

Q.1 Short Questions:

1. What is Cost Audit?
2. Who can be a Cost Auditor?
3. Which companies are required to get its accounts audited under cost
audit provisions?
Q.2 Long Questions:
1. State the difference between cost audit and financial audit.VNSGU 2011
2. Explain the consequences applicable if company does not comply with
the provisions of cost audit.
3. Explain the advantages and disadvantages of cost audit in detail.
4. State the provisions of companies act regarding cost audit.
5. What is cost Audit? Discuss the advantages of cost audit.VNSGU 2000
6. What is cost Audit? Discuss the objects of cost audit. VNSGU 2001,10
7. What is cost Audit? Describe the importance of cost audit.
VNSGU 2004, 2009
8. What is cost audit? Explain the provisions of cost audit in the case of
limited companies with regards to companies act. VNSGU 2013
Q.3 Short notes:
1. Cost Audit
2. Objects of Cost Audit VNSGU 1981
3. Criticism against Cost Audit VNSGU 1981
4. Advantages of Cost Audit VNSGU 1982, 2006
5. Difference between Cost Audit and Financial Audit
6. Applicability of Cost Audit
7. Penal Provisions in Case of Default in provisions of Cost Audit
8. Qualification of Cost Auditor VNSGU 1995, 2007
15 Recent Trends in Auditing

Chapter

2 Management Audit

2.1 Introduction
Auditing is generally related with accounting activities or events. These
activities or events are usually in monetary terms. Because of this reason,
we generally take a very narrow view of matters, that auditing is
concerned with only the monetary accounting data.
With this narrow view, we lose a sight of the fact that auditing is not
necessarily expressed in monetary figures only, but is concerned itself
with collection and appraisal of evidence underlying transactions that are
quantifiable. Auditing is rather more extensive than just monetary
figures.
The use and expectations from Auditing body is changing over the years.
Auditing requires a more useful information which may not be found in
solely financial statements. Today, shareholders, investors, banks,
government bodies, creditors and general public are seeking information
that can judge “quality of management”. As a result of it, a new branch
in Auditing has arose which judge the merits and demerits of
organisations.

2.2 Meaning
Management audit is a comprehensive and thorough examination of an
organization or one of its components. The audit is implemented to
identify problems or significant weaknesses in the organization or
corporation, thus providing management with a tool to address and repair
the problem area.
The management audit is now widely accepted in the business field. For
more than 40 years, corporations and non-profit organizations have
utilized the management audit as a comprehensive tool.
16 Recent Trends in Auditing
According to T.G. Rose, “The management audit would concern itself
with the whole field of activities of the concern, from top to bottom,
starting, as always where management control is concerned, from the
top, because we are primarily concerned with whether the general
management is functioning smoothly and satisfactorily. If it is not, it may
be due to the functional management being faulty and, therefore, we pass
on to examine that in its turn, in order to find the missing or faulty link
which is causing the trouble”.
The management audit is defined by its scope and objectives. The scope
is broad and generally includes all functions of the organization,
including objectives and strategy, corporate structure, organizational
planning, the budgeting process, human and financial resources
management, decision making, research and development, marketing,
equipment and operations, and management information systems. This
breadth extends to recent, present, and future operations and covers
external issues as well as internal concerns.

2.3 Objectives of Management Audit

Objectives of the management audit include the development of
recommendations and improvements, as well as increased awareness of
the credibility and acceptance of the audit’s results. Let’s discuss it in
detail.
(1) Improved Efficiency: Objective of management Audit is not just to
examine financial accounts but also to evaluate the efficiency of the
business. Management Audit is supposed to verify whether policies
and plans are efficiently implemented or not. It also examines
whether resources are properly utilised or not. And by this, it helps in
improving efficiency of business.
(2) Performance Evaluation: This kind of audit is required to evaluate
the performance of the business at various levels of management. It
evaluates the performance of various personnel at various levels of
management.
17 Recent Trends in Auditing
(3) Reveal Deficiencies: Management Audit reveals all the
shortcomings and deficiencies in management. So, Management
Audit helps in tracking irregularities and removing them.
(4) Implementation of policies: This Audit verifies whether the policies
and procedures prepared are properly implemented or not. And by
doing so, it helps in better implementation of procedures and
improved business efficiency.
(5) Control: A number of controls are used in business to run business
in smooth and efficient manner. Management Audit aims to check
how effectively the controls are managed and thus critically
evaluated the control function.
(6) Opportunities: Every business has opportunities every now and
then. With an effective management audit, they can identify the
possible profitable events which can immensely benefit the business.
(7) Future Risks and Contingencies: Management has always future
ideas and future risk and contingencies. By an effective management
Audit, management comes to know about the limitations and
deficiencies in the operations. In addition, a proper planning is also
possible to prevent such deficiencies.
(8) Achievement of objectives: Management Audit recognises the
objectives of the business and tries to evaluate whether business has
achieved them or not. And if not, management audit also helps in
finding the reasons for it and suggest measures to remedy.
(9) Profitability: All businesses have various objectives. One of them is
always a profitability. Management Audit helps business to examine
whether the business has earned the expected profit or not. If the
expected profit is not met, it also analyses the causes for it and
suggest the actions to reach the targeted profit.
(10) Optimum usage of resources: A lot of machines and equipments
are used in the business. Management Audit helps in evaluating their
performance. Management Audit will suggest whether these
equipments are used optimally in business and also suggest if they
require a replacement in existing machineries.
18 Recent Trends in Auditing
2.4 Difference between management Audit and Financial Audit
Management Audit and Statutory Financial Audit differ in following
manner:
Statutory/ Financial Audit Management Audit
1. Financial Financial Audit discloses Management Audit analyses
Health financial health of the the reason for good or bad
business. Such financial financial health and also
health can be good or bad. suggests remedies for it.
2. Result/ Statutory Audit will show Management Audit will show
Remedy profit or loss of business and the reasons for losses incurred
also certifies the correctness and suggests the remedies to
of it. improve it.
3. Past/ Such Audit is an audit of Such audit analyses the past
Future past data. So, it evaluates the and looks at the future. So, it
past events. is responsible for future
events.
4. Scope It has a limited scope to It has a wide scope to
financial transactions only. performance and efficiency as
well.
5. Period of Such audit is generally for Such audit can be for more
Audit an accounting period i.e. one than one years as well as it
year only. can be for a part of the year.
6. Legal Statutory Audit is conducted There is no legal requirement
provision as per legal requirements. for such audit. It is conducted
s as per need and contract of
management.
7. Covera- Such Audit covers the whole Such audit may be done for a
ge of accounts and report is particular area of business
prepared accordingly. only.
8. Policies Statutory audit doesn’t cover Management Audit covers the
the evaluation of policies examination and evaluation of
and procedures. policies and procedures.
9. Unit Statutory audit evaluates Management audit evaluated
under performance of business performance of management
study unit. personnel.
19 Recent Trends in Auditing
2.5 Scope of Management Audit
An important aspect of the management audit is the composition of the
study team. Both internal and external analysts are frequently used on
audit teams; the composition depends on several factors, including the
need for independent appraisal, the lack of human or financial resources
to conduct the audit, and the need to provide an external audit to contrast
against internal findings.
In some instances, associations such as the American Institute of
Management (AIM) provide audit teams. The AIM has developed ten
categories of the management audit, and many audits apply these same
categories.
They include:
i. economic function
ii. corporate structure
iii. health of earnings
iv. service to stockholders
v. research and development
vi. directorate analysis
vii. fiscal policies
viii. production efficiency
ix. sales vigor
x. executive evaluation
Management audits are not limited to business corporations. Non-profit
organizations—including educational institutions, hospitals, and
churches—often use the management audit to attempt to improve
operations. When conducted effectively, and when recommendations are
applied properly, the management audit has proved its usefulness as a
management technique.

2.6 Various Aspects of Management Audit

Management Audit has various aspects of audit. The main three aspects
of them are Efficiency Audit, Propriety Audit and Operational Audit.
20 Recent Trends in Auditing

Properiety Audit

Operational
Efficiency Audit
Audit

Management
Audit

We will discuss them all in brief:

2.6.1 Efficiency-Cum-Performance Audit
It is an objective examination of the financial and operational
performance of an entity. It includes identification of opportunities of
greater economy as well as removal of weaknesses after evaluation.
Actual performance is compared with the standards set by the entity. If
the auditor at the time of evaluation comes across any deviations with
respect to the pre-determined standards, it is further investigated.
Scope of EPA
i. Economy Audit: It ensures that entity has acquired the financial,
human and physical resources economically. It implies that resources
have been procured in appropriate quantity, quality and at minimum
cost.
ii. Efficiency Audit: It ensures the economical execution of various
schemes and policies. It refers to the relationship between inputs and
output i.e. the goods and services produced and resources used to
produce them, yielding the expected results.
21 Recent Trends in Auditing
iii. Effectiveness: It is an appraisal of the performance of schemes and
projects with reference to the overall targeted objectives as well as
efficiency of the ways and methods adopted for the attainment of
objectives.
Approach
Various steps undertaken by the auditor while conducting EPA are
identification of topic, obtain necessary information, preliminary study,
planning and execution of audit, reviewing internal control system and
reporting.
Efficiency Audit is done to measure management efficiency at each level
of functioning. It doesn’t consider the procedures adopted but is
concerned with overall results. For this, it compares actual performance
of company with pre-determined standards and objectives.
It measures the efficiency from the view point of human resources as
well as physical resources.
2.6.2 Propriety Audit
A propriety audit is not just concerned with the truthfulness and fairness
of the Financial Statements and books of accounts of the client, but also
ensures that the transactions entered into by the client, business practices
and activities undertaken are not against public interest. Its objective is to
see that the business lives upto standards of proper conduct. Legal,
economic and financial are all equally important aspects that require to
be looked into during the course of the audit.
It is an essential element of a Government Audit. The Comptroller and
Auditor General examines the propriety of all government expenditures
to ensure that they have been incurred in the interest of the general
public, and are not influenced by personal interests of the government
authorities sanctioning it.
Section 143 of the Companies Act, 2013 requires the auditor to look into
some specified matters to ensure that the Directors of the company do
not engage in misappropriation and illegally drawing of funds.
22 Recent Trends in Auditing
2.6.3 Operational Audit
Operational Audit involves examination of all the operations and
activities of the entity under audit.
Objective
The objects of operational audit include the following:
1. The examination of the control structure of the entity. The relation of
department controls to general policies and its relation with control of
other departments.
2. It provides an appraisal of whether the department is operating in
conformity with prescribed standards and procedures laid down by the
management.
3. It checks whether standards of efficiency and economy are
maintained. It is concerned with formulation of plans and checking of
the implementation of systems and controls in respect of other
departments of the entity.
4. It checks whether capacity utilization in production department and
achievement of short term targets in marketing departments and other
activities are so economically performed to achieve the preset overall
goals of the entity.
Scope
Operational audit, in its initial stages, was developed as a branch of
internal auditing. Internal audit focuses on accounting operations of the
entity but operational audit has a wider scope of working and covers all
other operations, such as production and marketing too.
Advantages
1. Operational audit is one of the management tools to get first hand
information.
2. It is more useful in an entity where the management is at a distance
from actual operations.
3. It is very useful in large organizations where management cannot
control the actual operations due to layers of delegation of
responsibility.
23 Recent Trends in Auditing
4. The management information system has various tools like routine
performance report from department heads, internal audit reports,
surprise checks, periodic inspections and investigation to control the
managers responsible for their departments.
5. The operational audit is also one of the tools used in large or
geographically vast entities to control the operation at first stage and
to fill up the gaps of information provided by department heads
through periodic reports.

2.7 Process of Management Audit

The process is more an audit of management, in order to enhance
corporate profits and financial stability.
The audit follows a logical, step-by-step format, including initial
interviews with key managers.
1. A study team uses the interview process to define the scope of the
audit, including the areas or functions to be studied.
2. Next, the team requests various forms of documentation, including
budgets, planning documents, corporate reports, financial statements,
policy and procedure manuals, biographical material, and various
other documents.
3. Following this stage, the study team then prepares a schedule and
detailed plan of study, all aimed at proceeding to the internal fact
finding step. Fact-finding relies once again on interviews,
documentation, and personal observation of facilities and
organizational work patterns.
4. By the time these steps are completed, the study team develops a
thorough understanding of organizational structure and operations.
5. The team generally turns next to an external review, using interviews
to determine the opinions and attitudes key people outside the
organization have about its operations. Examples of those
interviewed are customers, representatives of financial institutions,
and employees of federal agencies having contact with the audited
organization.
6. These interviews provide the team with more objective evaluations,
and lead to an analysis of all the information and data now gathered.
24 Recent Trends in Auditing
7. Organizational performance is profiled, then efficiency and
effectiveness are evaluated and compared against industry norms.
While many criteria can be measured quantitatively, team members
have to use sound judgment and objectivity when evaluating issues
that cannot be measured. In turn, the organization’s management has
to be receptive to the audit process and demonstrate clear acceptance
of audit findings.
8. The study team then develops conclusions and recommendations
which are communicated to the organization’s management.
9. These final two stages—conclusions/recommendations and
communication—are essential to the management audit process.
10. The audit is expected to identify corporate strengths and weaknesses,
sources of problems, and potential problem areas.
11. Recommendations for correction are presented to top management.
The final report comes in the form of an overall plan of action, which
includes prioritized recommendations, the specific units and
individuals expected to carry out the recommendations, a schedule
for action, and expected results.
Process of Management Audit

Collection of External review

Interview with Detailed plan of
documents and from outside
key managers study
Material personnel

Objective Evaluation of Conclusion and

Communication
analysis and efficiency and recommendatio
of results
analysis effectiveness n

Identification of Recommendati
strengths and ons to top
weaknesses management
25 Recent Trends in Auditing
2.8 Conclusion
When conducted with thoroughness, objectivity, and timeliness, the
management audit becomes a powerful tool for corporate and
organizational executives who seek to improve effectiveness and
efficiency.

2.9 Question Bank

Q.1 Short Questions
1. What is management audit?
2. What is the main objective of management audit?

Q.2 Long Questions

1. Explain the scope of management audit.
2. Discuss the process of management Audit.
3. What is management audit? How does it differ from financial audit?

Q.3 Short Notes

1. Objectives of management audit
2. Difference between management audit and financial audit
3. Various Aspects of Management Audit
4. Operational Audit
5. Process of management audit
6. Efficiency-Cum-Performance Audit VNSGU 02007, 2008, 2012
7. Propriety Audit
8. Difference between Tax Audit and Management Audit VNSGU 2006
9. Importance of Management Audit VNSGU 2005, 2010
10. Management Audit
26 Recent Trends in Auditing

Chapter

3 Tax Audit

3.1 Introduction
The main objective of the tax audit is to compute the taxable income
according to the law and for maintaining transparency in the financial
statements filed by the assessees with the Income-tax department.
The tax audit u/s. 44AB of the Income-tax Act 1961 is significant
practice area for Chartered Accountants.
Since the introduction of tax audit, we have been given responsibilities to
discharge the duties as tax auditors for the proper compliance of tax law
by the assessees.

3.2 What is tax audit?

There are various kinds of audit being conducted under different laws
such as company audit/statutory audit conducted under company law
provisions, cost audit, stock audit etc. Similarly, Income tax law also
mandates an audit called ‘Tax Audit’. As the name itself suggests, Tax
audit is an examination/review of accounts of any business /profession
carried out by the taxpayer from an income tax viewpoint. A Tax audit
makes the process of income computation for filing of return of income,
much easier.

3.3 Objectives of tax audit

Tax audit is conducted to achieve the following objectives:
 Ensure proper maintenance and correctness of books of accounts and
certification of the same by tax auditor
 Reporting of observations/discrepancies noted by tax auditor after a
methodical examination of books of account
27 Recent Trends in Auditing
 Reporting prescribed information such as tax depreciation,
compliance of various provisions of income tax law etc. This in turn
enables and also saves time of tax authorities in verifying the
correctness of income tax return filed by the taxpayer such as total
income, claim for deductions etc.

3.4 Provisions of Tax Audit (Section 44AB)

Section 44AB
Audit of accounts of certain persons carrying on business or
profession.
Every person,—
(a) carrying on business shall, if his total sales, turnover or gross
receipts, as the case may be, in business exceed or exceeds one crore
rupees in any previous year; or
(b) carrying on profession shall, if his gross receipts in profession exceed
twenty-five lakh rupees in any previous year; or
(c) carrying on the business shall, if the profits and gains from the
business are deemed to be the profits and gains of such person
under section 44AE or section 44BB or section 44BBB, as the case
may be, and he has claimed his income to be lower than the profits or
gains so deemed to be the profits and gains of his business, as the
case may be, in any previous year; or
(d) carrying on the business shall, if the profits and gains from the
business are deemed to be the profits and gains of such person
under section 44AD and he has claimed such income to be lower
than the profits and gains so deemed to be the profits and gains of his
business and his income exceeds the maximum amount which is not
chargeable to income-tax in any previous year,
get his accounts of such previous year audited by an accountant before
the specified date and furnish by that date the report of such audit in the
prescribed form duly signed and verified by such accountant and setting
forth such particulars as may be prescribed:
Provided that this section shall not apply to the person, who declares
profits and gains for the previous year in accordance with the provisions
of sub-section (1) of section 44AD and his total sales, turnover or gross
28 Recent Trends in Auditing
receipts, as the case may be, in business does not exceed two crore
rupees in such previous year:
Provided further that this section shall not apply to the person, who
derives income of the nature referred to in section 44B or section
44BBA, on and from the 1st day of April, 1985 or, as the case may be,
the date on which the relevant section came into force, whichever is later.
Provided also that in a case where such person is required by or under
any other law to get his accounts audited, it shall be sufficient
compliance with the provisions of this section if such person gets the
accounts of such business or profession audited under such law before
the specified date and furnishes by that date the report of the audit as
required under such other law and a further report by an accountant in
the form prescribed under this section.
Explanation:- For the purposes of this section,
(i) "accountant" shall have the same meaning as in the
Explanation below sub-section (2) of section 288;
(ii) "specified date", in relation to the accounts of the assessee of the
previous year relevant to an assessment year, means the due date for
furnishing the return of income under sub-section (1) of section 139.

3.5 Who is mandatorily subject to tax audit?

Following categories of taxpayers are required to get tax audit done:
Category of person Threshold

Carrying on business (not opting for Total sales, turnover or

presumptive taxation scheme) gross receipts exceed ₹ 1
crore

Carrying on business (opting Declares taxable income

presumptive taxation scheme below the limits prescribed
under section 44AD) under the presumptive tax
scheme and has income
exceeding the basic
threshold limit
29 Recent Trends in Auditing

Carrying on profession Gross receipts exceed ₹ 50

lakhs

Carrying on the profession eligible Claims profits or gains

for presumptive taxation under lower than the prescribed
Section 44ADA limit under presumptive
taxation scheme and
income exceeds maximum
amount not chargeable to
tax

Carrying on the business and is not If income exceeds

eligible to claim presumptive
taxation under Section 44AD due to
opting for presumptive taxation in
one tax year and not opting for
presumptive tax for any of the the
subsequent 5 consecutive years
maximum amount not
chargeable to tax in the
subsequent 5 consecutive
tax years from the tax year
where presumptive taxation
is not opted for

3.6 Tax Audit Report

3.6.1 What constitutes Audit report?
Tax auditor shall furnish his report in a prescribed form which could be
either Form 3CA or Form 3CB where:
 Form No. 3CA is furnished when a person carrying on business or
profession is already mandated to get his accounts audited under any
other law.
 Form No. 3CB is furnished when a person carrying on business or
profession is not required to get his accounts audited under any other
law
In case of either of the audit reports mentioned above, tax auditor is also
required to furnish the prescribed particulars in Form No. 3CD which
forms part of audit report.
30
Particulars of Form 3CA and 3CB
Particulars of Form 3CA
Point 1
 Name and address of the taxpayer
along with Permanent Account
Number,
 Name of the Auditor (Individual/
Firm as the case may be)
 Law under which accounts have
been audited (eg: Companies Act)
 Date of Audit Report
 Period of Profit & Loss Account/
Income & Expenditure Account
(Beginning Date & End Date)
 Date of Balance Sheet
Point 2
 Declaration of attaching Form
3CD along with the audit report
Point 3
 Audit Observations/
Qualifications found in the details
related to Form 3CD
Point 4
 Place & Date of signing audit
report
 Name, Address, and Membership
Number of the Auditor
 Stamp/ Seal of the Auditor
Recent Trends in Auditing
Particulars of Form 3CB
Point 1
 Date of Balance Sheet
 Period of Profit & Loss Account/
Income & Expenditure Account
(Beginning Date & End Date)
 Name and address of the taxpayer
along with Permanent Account
Number,
Point 2
 Address, where the books of
accounts are kept
 Address of branches (if books are
kept at branches also)
Point 3(a)
 Audit Observations/
Qualifications/ Comments/
Discrepancies
Point 3(b)
 Declaration by the auditor
regarding –
o Obtaining all the information and
explanations necessary for the
audit,
o Assurance that the organization
(including branches) maintains
proper books of accounts,
o Balance sheet and Profit & Loss
Account gives a true and fair view
Point 4
 Declaration of attaching Form
3CD along with the audit report
31 Recent Trends in Auditing
Point 5
 Audit observations/ discrepancies
found in the details related to Form
3CD
Point 6
 Place & Date of signing audit
report
 Name, Address, and Membership
Number of the auditor
 Stamp/ Seal of the auditor
Particulars of Form 3CD
The statement of particulars would be as per Form 3CD and is also the
focus of our article. This Form has a total of 44 clauses where the auditor
has to report on the various matters contained therein. These clauses have
been divided into two parts – Part A covers the basic factual details about
the assessee and Part B contains the particulars of various compliances
under the income tax laws that need to be furnished.
(a) Part A covers the basic factual details about the assessee and
(b) Part B contains the particulars of various compliances under the
income tax laws that need to be furnished.
Details to be furnished in form 3CD:
1. Details of the assessee i.e. Name, address, PAN;
2. Date of audit report;
3. Annexure (Balance Sheet, Profit and Loss Account, Form 3CD)
4. A declaration by the auditor that they have obtained all the
information required for Audit;
5. Reporting of detailed observations, discrepancies mentioned in form
3CD;
6. A declaration that the accounts are maintained at the branch and head
office;
7. A declaration that the details filled by the auditor are true to his
knowledge;
8. Auditor’s name, Address, Membership No, FRN No. And signature
with seal/stamp
32 Recent Trends in Auditing
3.6.2 Tax Audit Report Format
FORM NO. 3CB
[See rule 6G(1)(b)]
Audit report under section 44AB of the Income -tax Act 1961, in the case of a
person referred to in clause (b) of sub - rule (1) of rule 6G
1. *I/we have examined the balance sheet as on, ………, and the *profit and loss
account/income and expenditure account for the period beginning from
…………to ending on ………., attached herewith, of …………… (Name),
…………………….………(Address), …..… (Permanent Account Number).
2. *I/we certify that the balance sheet and the *profit and loss/income and
expenditure account are in agreement with the books of account maintained
at the head office at …………and ** ……………branches.
3. (a) *I/we report the following observations/comments/discrepancies/
inconsistencies; if any:
(b) Subject to above, -
(A) *I/we have obtained all the information and explanations which, to
the best of *my/our knowledge and belief, were necessary for the
purpose of the audit.
(B) In *my/our opinion, proper books of account have been kept by the
head office and branches of the assessee so far as appears from*my/
our examination of the books.
(C) In *my/our opinion and to the best of *my/our information and
according to the explanations given to *me/us, the said accounts, read
with notes thereon, if any, give a true and fair view :-
(i) in the case of the balance sheet, of the state of the affairs of the
assessee as at 31st March; and
(ii) in the case of the *profit and loss account/income and expenditure
account of the *profit/loss or *surplus/deficit of the assessee for
the year ended on that date.
4. The statement of particulars required to be furnished under section 44AB is
annexed herewith in Form No.3CD.
5. In *my/our opinion and to the best of *my/our information and according to
explanations given to *me/us, the particulars given in the said Form No.3 CD
are true and correct subject to following observations/qualifications, if any:
**(Signature and stamp/Seal of the signatory)
Place: …………… Name of the signatory …………………
Date: …………… Full address ……………………………
Notes:
33 Recent Trends in Auditing
1. *Delete whichever is not applicable.
2. **Mention the total number of branches.
3. ***This report has to be signed by person eligible to sign the report as per the
provisions of section 44AB of the Income-tax Act, 1961.
4. The person, who signs this audit report, shall indicate reference of his
membership number/certificate of practice number/authority under which he
is entitled to sign this report.

3.6.3 How and when tax audit report shall be furnished?

Tax auditor shall furnish tax audit report online by using his login details
in the capacity of ‘chartered accountant’. Taxpayer shall also add CA
details in their login portal. Once audit report is uploaded by tax auditor,
same should either be accepted/rejected by taxpayer in their login portal.
If rejected for any reason, all the procedures need to be followed again
till the audit report is accepted by the taxpayer.
Tax audit report shall be filed on or before the due date of filing the
return of income i.e., 30 November of the subsequent year in case
taxpayer has entered into an international transaction and 30 September
of the subsequent year in case of other taxpayers.

3.7 Consequences of non-compliance

If any taxpayer who is required to get tax audit done but fails to do so,
lower of 0.5% of total sales, turnover or gross receipts or ₹ 1,50,000 may
be levied as penalty. However, if reasonable cause is established for non-
compliance, no penalty would be imposed.
34 Recent Trends in Auditing
3.8 Question Bank

Q.1 Short Questions

1. What is Tax Audit?

2. State the four particulars to be mentioned in the statement 3CD.
3. What are the consequences of non-compliance of tax audit
provisions?
4. When shall tax audit report be furnished?

Q.2 Long Questions

1. What is Tax Audit? Explain the provisions of Tax Audit in brief.

2. State which particulars an auditor is required to give in respect of a
person carrying on business as per form no. 3CD. VNSGU 1999
3. Provisions of Section 44AB relating to Tax Audit
VNSGU 2000,01,03,08
4. State the provisions of Income Tax Act in respect of Tax Audit.
5. Describe the Objects of Tax Audit. VNSGU 2000,03,07,08,11
6. Who is mandatorily subject to tax audit?

Q.3 Short Notes

1. Objects of Tax Audit VNSGU 2009,11,13

2. Difference between Tax Audit and Financial Audit VNSGU 2012
3. Particulars of form 3CD
4. Particulars of Form 3CA and 3CB
5. Tax Audit Report
35 Recent Trends in Auditing

Chapter

4 EDP Audit

4.1 Introduction
Electronic Data Processing in accounting involves computers and other
electronic devices in accounting. In 21st century, the use of computers
has become inevitable in business organization. Almost all businesses
use electronic data processing (EDP) in one or more activity in business.
Computerised softwares are used for the purpose. And as computers and
softwares are involved in accounting, the limitations and threats related
to these systems are also involved in Accounting. EDP Audit is therefore
necessary to evaluate the efficiency of EDP system. EDP Audit is
nowadays known as Information Security (IS) Audit.
Every business process can experience events that can hamper and in
some cases may stop normal operations of business. Even best designed
system can’t control the prevention of natural disaster. In today’s ever-
changing world of information assurance and network security, it can
become extremely difficult to keep up on the latest vulnerabilities,
viruses, patches, trends, technology, hacker behaviors and activity. It’s
easy for the information systems security professional to get caught up in
attending the logical aspects of security such as reviewing log files,
making configuration changes, troubleshooting, and other technical
duties.

4.2 Definition
This is an assessment of a computer system (an information system)
performed by an information systems professional or IS auditor to
provide recommendations and advice to improve system performance
and security. Audit should be done regularly and the result should be
used to refine the system.
36 Recent Trends in Auditing
IS auditors are those people who make it sure that the system does what
it is supposed to do. Although the audit can be carried out by the internal
team of IT professionals, it is advisable that the audit is carried out by
external auditors as they are neither stakeholders nor friendly with the
stakeholders. Above all there is nothing like an unbiased opinion.
Information System auditor is a person who engages in Information
system audits with the following knowledge and abilities:
 Basic knowledge of information systems.
 Knowledge of system audits.
 Ability to perform system audits.
4.3 Objectives of Audit
The following are the objectives of Audit:
 To improve the quality of information systems, prevent failure and
minimize the effects of failure, and speed up the process of recover,' in
the event of a failure. This will help Information System to be more
reliable.
 To make an information system more secure from natural as well as
manmade disasters, unauthorized access, and other destructive actions.
 To improve the cost performance of an information system by
optimum utilization of its resources, which leads to increase in
efficiency.
During the course of audit, the Information Systems Auditor will obtain
sufficient, reliable, relevant and useful evidence to achieve the audit
objectives effectively. The audit findings and conclusions are to be
supported by appropriate analysis and interpretation of this evidence.

4.4 Responsibility and Authority of the System Auditor

The system auditor shall make the basis for each of his or her assessment
clear. The system auditor may demand data and materials from the
division being audited. The system auditor may also demand the head of
an organization to issue a report on the implementation of improvement
to an audited division as suggested by him.
37 Recent Trends in Auditing
The system auditor shall firmly maintain professional ethics as an
impartial evaluator. The system auditor shall be aware of the ethical
demands on himself or herself and meet the internal and external trust by
performing an accurate and sincere system audit.
Confidentiality
The system auditor with strict adherence to professional ethics must
maintain confidentiality of the information provided to him to carry out
his or her activity and should not, without sufficient reason, divulge any
information that is classified as confidential information by the audited
organization.
Audit Planning
The Information Systems Auditor has to plan the information systems
audit work to address the audit objectives and must comply with
applicable professional auditing standards.

4.5 EDP Audit (IS Audit)

Audit can be broadly of two types namely auditing manual processes and
audit through computer. Audit through computer (EDP Audit) is
important to find out the accuracy and integrity of information system
output. This type of audit are done by information system expert and use
test data to check the adequacy and accuracy of control mechanism built-
in to the system.
Such audit looks at the following factors:
1. Audit of response time: In this audit the actual response time of the
system verses the desired response time is compared to the
performance of the system
2. Audit of broken links: This is applicable to web site and other
intranet applications. The most irritating things on a web site is not
finding a link document. There are automated software to find broken
unavailable links on web site.
3. Database Audit: Database audits involve checking the database
integrity and availability. The information that is sent to the database
38 Recent Trends in Auditing
should be checked with the information actually stored on the
database.
4. Network audit: Network audit involves checking the venerability of
network. It checks whether the network configuration is giving
optimal performance or not.
Such as IS Audit include three audits.
1. Transaction Audit
2. Computer Security Audit
3. Audit of Application
1. Transaction Audit
Transaction audit is a process to find -
 Who did changes?
 What changes are made?
 Whether the changes are authorized or not as per the security policy of
the Organization?
The details of the above transactions are written to either a media or
printed. This allows Database Administrators to track changes and helps
the organization to satisfy regulatory requirements such as tracking
specific users actions, general security screening, validating user
permissions etc.
2. Audit of Computer Security
Issues of security of computer involve both physical and logical security.
The audit of computer security involves review of physical and logical
security measures.
Physical security involves restricting physical access to the computing
resources from unauthorized person.
Logical security involves restricting the use of computing resources by
unauthorized person by providing logical control mechanism (e.g.
password protection).
Review of parameters, plans, practices, and policies that are developed
and implemented by the organization over the computer resources, and
how security measures are followed for Computers. Networks and Data
communication. They are also included in the Audit.
39 Recent Trends in Auditing
3. Audit of Application
Here, both manual and programmed internal controls related to
information systems are assessed. Primarily, there are four areas of audit
coverage for an application being reviewed.
The four areas are given below:
Control environment: This includes reviewing the system's security, its
operating platform, system documentation and the interaction it has with
other systems.
Data Input Controls: This involves reviewing the controls which ensure
that data that enters into the system is accurate, complete and valid as per
the standard. Examples include verifying system tables, limit checks,
range checks and redundant data checks.
Processing Controls: These controls ensure that the data is properly
processed and that automatic calculations performed by the system are
accurate. This is tested by assessing controls built into the programs and
by processing test data through the system and comparing the results of
processing with expected results. Also, there will be checks on currency
of stored data, default values and reporting exceptions.
Output Controls: In this, review of the system generated reports to
ensure that they are accurate and the reports produced are reliable, timely
and relevant is done. Also, it is checked whether cost savings can be
achieved by reducing the number of reports produced. Data control
personnel perform visual review of computer output and reconciliation of
totals.

4.6 Benefits of Audit

Information system audit is increasingly becoming the focal point of the
independent audit, compliance audit, and operational audits. An
information system audit can help the organizations in many ways:
 Improve system and process controls.
 Prevent and detect errors as well as fraud.
 Reduce risk and enhance system security.
 Plan for contingencies and disaster recover,-.
40 Recent Trends in Auditing
 Manage information & developing systems.
 Prepare for the independent audit.
 Evaluating the effectiveness and efficiency related to the use of
resources.
 Standardization.
 Improve business efficiency.
 Cost control.
 Competitive advantage.
4.7 Computer Assisted Audit Techniques (CAAT)
The auditors use various types of automated audit software to carryout IS
audit. The use of Computer Assisted Audit Tools (CAATs) should be
controlled by the IS Auditor to provide reasonable assurance that the
audit objectives and the detailed specifications of the CAATs have been
met. There are two major types of CAATs namely audit software and
test data.
1. Audit Software
This is a computer program used to process data of significance for audit
from entity's accounting system. The auditor should substantiate their
validity for audit purposes before making use of these tools. These
include:
1. Package programs: Generalized computer programs to perform data
processing functions like reading computer files, selecting info,
performing calculations, etc.
2. Special purpose programs: Computer programs designed to perform
audit tasks in specific business circumstances.
3. Utility tools: Used by die auditors to perform common data
processing functions like sorting, creating and printing files. These
tools are not designed for audit purposes specifically.
Various commercial Audit Software are available to carry out System
Audit. Some of them are:
1. Visual Audit Pro
2. IDEA
3. E-Z Audit
Visual Audit Pro: It audits automatically over a network. It audits
activities like, use log on off, collects information about software and its
version, collects information about hardware inventory like serial
41 Recent Trends in Auditing
number. Model, memory and associated peripheral devices, user
information, registry information etc.
E-Z Audit: With this software one can know information on capacity of
RAM. name of network card with its connect speed, MAC address and
TCP IP information. You can also find out how many local, removable
and network drives are there on the system, what printers are connected,
both networked and local, etc. On software front, it gives information on
name and version of OS running on the system with service packs,
installed programs and their names. EXE files and DLL versions.
IDEA (Interactive Data Extraction and Analysis): IDEA can be used
to import information from database to be audited for further analysis to
auditor. It helps to corroborate audit evidence effectively. For example it
can check for duplicate payment on a single invoice. It is useful to
analyze system log for fraud detection.
Consider the audit of a Payroll Package. The potential fraud that can
occur in a payroll system is very high. Therefore, audit software is used
as detection tool for fraud. The Audit software looks for salary-
unusually high, extracting information without a department number,
extract information on bank account number. It also can extract
information on fictitious employee, compare it with personnel database.
It can also compare payment details of two different months.
2. Test Data
Test data is used to test the correctness of the software. When test data is
processed with the entity's normal processing systems, the auditors
should ensure that the test transactions are subsequently eliminated from
the system. When using the test data, the IS auditors should be aware that
the test data should only point out the erroneous processing and should
not change the data that is produced by the system during real life.
3. Audit Expert Systems
Some IS auditors make use of Expert Systems to assist in auditing. When
using these audit expert systems, the IS Auditor should be thoroughly
knowledgeable of the operations of the system to confirm that the
42 Recent Trends in Auditing
decision paths followed are appropriate to the given audit environment or
situation.
4. Audit Trail
Audit trail is a log of changes made in the data, settings and related
changes. A security subsystem should maintain detailed logs of who did
what and when and also if there are any attempted security violations.
The availability of the log is extremely valuable. Log provides
information for the system auditor to be able to determine who initiated
the transaction, the time of the day, date of entry, the type of entry, fields
of information that were affected and the terminal used.
System log should be analyzed to provide detailed information on all
normal and abnormal transactions during each processing period. System
access and attempted access violations can be automatically logged by
the computer and can be reported for check & review. Listing of terminal
addresses and locations can be used to look for incorrectly logged,
missing or additional terminals.
Applying the principles of Information System Security and Audit raised
in this write up will ensure that an organization's information assets and
systems are adequately controlled, monitored and assessed.
43 Recent Trends in Auditing
4.8 Question Bank

Q.1 Short Questions

1. What is EDP Audit?
2. What is CAATs?
Q.3 Short notes:
1. Explain the objectives of IS Audit
2. Computer Aided Audit Assistance
3. EDP Audit VNSGU 2007, 2011, 2012, 2013
4. Benefits of EDP Audit
5. Responsibility and Authority of the System Auditor
6. Objectives of EDP Audit