a. Application of information technology to audit process

The following indicate how information technology can be applied to the audit process and the areas of audit and assurance likely to be affected by the emerging technologies:

i. Audit engagement planning – Audit planning involves identifying the areas to be audited, audit team set up, assigning responsibilities to each audit staff; time allocation, establishing the materiality threshold etc. There are many aspects of these activities that could be automated and made more efficient with the use of technology. Most available off-the- shelve audit software have capabilities and inbuilt tools to enhance audit planning activities;

ii. Audit risk assessment – Audit software and advanced data analytic solutions can be used to conduct audit risk assessment – both qualitative and quantitative risk assessment. For instance, in conducting quantitative risk assessment all that is required is to upload the financial information of the client into the audit software and use existing functions to select and compute the relevant ratios, percentages and proportions for the auditor to interpret. In some cases, the results from the computations are given interpretation by the software and made available for the auditor to review and exercise human judgement;

iii. Evaluation of internal controls – After planning and risk assessment, the external auditor is expected to evaluate the operating effectiveness of internal controls which would most likely include computer controls. The only viable means to evaluate computer or IT controls is through the use of computer assisted audit techniques (CAATs). Many audit software are built with the capacity to test IT controls to ascertain their level of adequacy and operating effectiveness;

iv. Audit substantive testing – Substantive testing involves the use of analytical procedures and test of details to confirm the completeness, accuracy and validity of financial statements‟ amounts and disclosures. Ratios and trend analysis can easily be carried out by auditors using relevant software. Also automated audit solutions could be used to prepare and serve circularisation letters to obtain third party confirmations; and

v. Audit reporting – Auditors normally use word processors and spreadsheets to compile their reports at the end of the exercise. However, modern audit software has embedded reporting modules that could be used by the auditor to put together relevant reports to users. With the help of the reporting modules of these applications, the auditor could convert aspects of his findings into diagrams and pictures which are easier to understand by the executives.

b. Information technology tools necessary for effective provision of assurance services i. Gantt chart software

A Gantt chart is originally a project planning tool which is primarily a bar chart to provide a schedule of tasks involved in a project with timelines. Auditors have found Gantt Chart useful in planning the audit engagement project. With this tool, auditors can view the start and end dates of an audit engagement in one simple chart, with clear list of audit activities. At a glance, the auditors can see:

• The start date of the audit engagement;

• The audit activities;

• The audit team members and tasks assigned to each of them;

• The start and finish date of each audit activity;

• The link and relationship between audit activities;

• Engagement dependencies;

• The end date of the audit engagement; and

• Identify the critical path of an engagement.

With Gantt chart software, auditors can create work breakdown structure; assign activities to team members, track the progress of work and make necessary changes in real time. As the auditor inputs the audit activities, their start dates, end dates and their dependencies, the bars will be populated automatically. Please note that the vertical axis of a Gantt chart shows the activities that need to be completed, while the horizontal axis represents time.

ii. Risk analysis tool pack

Managing risk is a necessity of life and should be taken seriously in all human endeavours with predetermined objective. Risk is evidently present in every audit engagement and ISA 315, explains the concept of business and audit risk in detail. The risks (positive and negative) that auditors face in the course of their work must be anticipated, identified, evaluated, prioritised and addressed. To enable auditors manage this process more efficiently and effectively, several automated tools have been developed and made available in the market. The assessment of a risk can either be done qualitatively or quantitatively. The tools which handle these are risk management tools and some of the popular risk management tools and:

• GRC Cloud Resolver;

• Spira Plan;

• Enablon;

• Checkit;

• Analytica;

• Risk Management Studio; and

• A1 Tracker.

It is important to note that most advanced audit software such as audit command language (ACL) and CaseWare IDEA are built with risk management capabilities. In other words, an auditor who purchases topnotch audit software might not need any other independent risk management tool.

Some of the features of these risk management tools include:

• Web-based application and good interface (GUI);

• Scalability and ease of integration with other solutions;

• Risk dashboard(quick snapshot of risk issues in a single view);

• Inbuilt support for risk mitigation activities:

• Risk audit trail (traceability);

• Support for electronic signatures;

• Support for generation of reports in MS Word; MS Excel; PDF; XML; HTML formats;

• Supports printing and emailing the risk reports to various stakeholders;

• Supports import and export functions;

• Supports auto-alert system on risk related updates;

• Support for both qualitative and quantitative risk assessment; and

• Data entry supported by paper, browsers and mobile app.