Need for More and Better Computer Auditing

Comments were presented on the role of the auditor in the area of computer auditing. Auditors who confront automatic data processing (ADP) systems must be technically equipped to test the workings of the management's information and control systems and to recommend improvement or correction of any serious problems encountered, actual or potential. GAO places great emphasis on having auditors who have the capability to audit ADP systems in the financial, operational, personnel, logistics, or other management areas. The role of GAO is to evaluate Federal agency systems and promote whatever changes are necessary to make them as effective as possible. Auditors must acquire the specialized experiences, new and demanding training, and an ability to shift to using the computer itself as a tool for carrying out audit procedures. Not enough is being done in the area of computer auditing. Auditors are accountable when computer systems lack controls, are used inefficiently or uneconomically, or are tools for criminal activity. The magnitude of Federal spending on ADP and the existing and potential problem areas compel evaluating the impact of ADP on programs, operations, and resources use. Too many audit organizations have avoided examining computer systems and applications. They should also identify the types of ADP audit tasks they might confront in the next 3 years to identify the knowledge and skills they will need to perform these tasks. Internal auditors must participate in the system development process. Controls must be verified both before and after installation of computer-based systems. Top management should initiate a periodic assessment of its audit and control programs. Internal auditors must evaluate the computer application, the system design, the system need, computer efficiency, documentation, user satisfaction, the computer configuration, and the training level of the staff. Managers and auditors have to be alert to test systems to detect fraud and tighten them when fraud is found.