4 SUBTHEME II HOW DO AUDITORS EXAMINE AND TEST

4 SUBTHEME II HOW DO AUDITORS EXAMINE AND TEST
G RADE TRANSDISCIPLINARY THEME SUBTHEME CENTRAL IDEA CENTRAL IDEA
SUBTHEME III HOW DO AUDIT INSTITUTIONS DEVELOP AUDIT PLATFORMS

SUGGESTED SUBTHEMES FOR RESEARCH UNDER THE UNESCOKEIZO OBUCHI RESEARCH


Sub-theme II:_How do auditors examine and test the audited body´s financial data information system

4


Sub-theme II: How do auditors examine and test the audited body's financial data information system



1. What aspects of the computer systems of audited bodies do auditors check



(1) Background


The audit work conducted by the Bundesrechnungshof concerns two types of payment procedures:


1. The centralised budgetary, cash management and accounting IT system (known by its German abbreviation as HKR system) of the Federal Ministry of Finance and


2. the preliminary financial management procedures which comprise functions that are not covered by the centralised budgetary, cash management and accounting IT system.


Federal budget managers use these procedures notably to

- compute and determine payments,

- establish vouchers justifying payment,

- establish payment orders or to

- transfer payments.


The IT procedures are designed to help budget managers computing fees and completing on-line forms. These procedures are used to furnish data to the federal cash offices, which are entered into the centralised budgetary, cash management and accounting IT system and eventually lead to payments or receipts.



(2) Cash security arrangements


Compared to traditional non-IT procedures, IT procedures require changes in the allocation of responsibilities for certifying the accuracy of amounts receivable or payable and for ordering payments as precisely defined in the cash security provisions laid down in the Federal Budget Code,

Data are no longer forwarded on paper forms but on data media such as magnetic tapes, cassette tapes and diskettes, or are passed on via remote data transmission. Since these data can be altered without leaving any trace, data security measures need to be taken. In addition the data transmitted to the federal cash offices on-line or via data media need to be in a format (overall payment order, data records) that they are able to process and need to be stored to ensure visibility for the purposes of external auditing.


(3) Cash security criteria


The procedures used need to meet the basic requirements of procedural and cash security. These include above all:


- security: delimitation and allocation of responsibilities

- review of each financial management action by a second
official,

- certification and ordering of payments,

- unchangeability of payments determined or ordered.

- processability:- compliance with requirements of form

- use of standardised prints

- format of data files

- auditability: availability and storage of records for audit purposes

unambiguous matching of auditable records to the payments made

visibility and documentation of individual areas of responsibility




(4) Information on which the Bundesrechnungshof can base its audit work


Until two years ago, IT assisted financial management procedures had to be submitted to the approval of the Federal Ministry of Finance in conjunction with the Bundesrechnungshof. This obligation has been replaced by a mere notification procedure to encourage decentralised financial management and responsibilities.

However, to keep the Bundesrechnungshof informed of the various IT assisted procedures used, budget managers need to inform the Federal Ministry of Finance and the Bundesrechnungshof of any

- IT procedures proposed for operation at the federal departments and agencies level but also at federal state and local government level and of

- the inception of operation of any such new procedures.



The notification of when actual operation starts is a declaration stating i.a. that the minimum requirements applicable to IT assisted financial management procedures will be complied with.

In addition specified organisational frameworks need to be observed such as

- technical and procedural programme structure,

- compliance with the review function under which each payment action needs to be
verified by a second official

- carrying out sample checks.




(5) Audit criteria


When auditing IT assisted payment procedures the Bundesrechnungshof verifies whether and to what extent the general criteria listed under (4) have been fulfilled focusing audit work especially on:





2. What legal basis, standards or guidelines do auditors follow in testing the computer systems.


The administrative guidance on section 79 para 4 and section 34 of the Federal Budget Code lays down the basic requirements to be met by the security framework for data processing as part of IT assisted financial management procedures.

It includes regulations for example on

- procedural organisation in view to

- the review of any payment procedure by a second official and

- sample checking as well as

- requirements for data entry, data processing, data privacy and

- the development of procedures.


Audit Unit VII 2 does not comment on the following issues of sub-theme II:


2. What software package or tools do auditors use in testing the computer systems of audited bodies;


3. What approach and methods do auditors adopt in testing the computer systems;


4. If auditors have discovered problems of accuracy, security and applicability in the audited computer systems, how do auditors prepare working papers and collect evidence.







Tags: auditors examine, do auditors, auditors, examine, subtheme