Automation of audit activities. Self-test questions Self-test questions

Earnings  16.12.2023
Earnings 



AuditModern SYSTEM SOLUTION FOR INTERNAL AUDIT AND CONTROL SERVICES Developer: AKG “Integrated Business Service” AuditModern is a Russian program for automating the activities of Internal Audit and Control Services: Provides risk-oriented internal audit using the principles and conceptual approach of the COSO model. Assists Internal Audit to operate in compliance with International Standards on Internal Auditing and Internal Control to conduct activities to ensure compliance with Sections 302 and 404 of the Sarbanes-Oxley Act (SOX). Takes into account the features of internal audit, internal control and the specifics of doing business in Russia and the countries of the post-Soviet space. Accumulates the experience of internal auditors of leading companies, financial institutions, banks of Russia and the CIS countries (the System already contains methods and specifics of more than 160 technical assignments for the automation of internal audit and internal control services). Offers a conceptually new approach to internal audit.


Why did the task of automation arise? Increasing information flows. Requirements for the speed of information processing and decision-making are increasing every day. The lack of trained and competent specialists poses the task of typing and preserving previous experiences. The requirements of regulators and management companies require a large volume of reporting documentation and a quick response to requests.


In the context of international integration, there is a need to follow the strict requirements of international internal audit standards. Compliance with them is impossible without the use of specialized automated systems. Why is automation necessary?




Selection of automation system parameters Correct setting of automation goals and selection of automated functionality Platform / programming language Possibility and depth of integration with external applications and databases Implementation of automation on your own or use of a ready-made product Cost of purchasing or creating a system




A specialized system - unlike Excel or Access: This is a life-supporting system for a company, which stores a complete history of customer relationships and is capable of simultaneously managing the quality and results of employee work. Online and off-line reports at any time in any sections. Concurrent users. Friendly interface. Possibility to raise information at any time. Automation of activities through business processes. Integration with other company systems. A single information repository with high levels of information security. The most powerful data protection analytics. Application Automation Tools


Automation of internal audit and internal control systems as a component of company automation: The tasks of internal audit include: Checking and assessing the effectiveness of the internal control system (i.e. “control over control”). The principles of internal audit independence make it impossible to audit within the system. In order to search and find violations, errors and distortions for a valid assessment of the actual effectiveness of the internal control system, the auditor must be “outside the system”, with his own tools not related to the system.


Over the 9 years of experience of our company, we have been contacted more than once after unsuccessful experiences in creating their own programs by companies that are not specialized software developers (large auditing companies tried to create a program to automate their activities based on their own experience, IAS of large holdings created a program for their service) . Companies have spent significant resources, but no ready-made solutions have emerged that can satisfy all users, even within the same company. The development of the AuditModern system took more than three years, taking into account the allocation of resources of auditors, methodologists and programmers. In order to create the System, a large amount of experience from various companies and different approaches has been reworked. Further work is being carried out to improve and improve the System, which is being released in new versions as part of user updates. Own development within the company


In Russia and the CIS countries, AuditModern is currently the only program for automating VA and VC services, adapted to our national specifics. Specialized software In the West, the number of users of systems of this level is more than 120 thousand.




The cost of owning AuditModern is several times cheaper (purchase, updates, implementation, support). The initial acquisition cost of AuditModern is 3 times cheaper than similar Western models. User support (a large number of partners in Russia and the CIS countries). The specifics and realities of the conditions of the post-Soviet space are taken into account. Contains methods and practical developments of more than 160 technical topics. assignments of NEA Russia and CIS countries. Western systems that automate internal audit activities






Activity planning Business surveys - identifying risks: In the System, by software, or Web form
















Basic principles Risk-based approach to internal audit Audit scheduling, resource allocation Use of audit engagement templates, briefs and working papers Shared knowledge base, archiving Management reports and schedules




Development Using numerous past experiences and knowledge to conduct an audit Introducing changes to the System of new regulations and instructions regulating the activities of the Internal Audit Service Easy and convenient customization of any reports, graphs and diagrams Rigid assignment of roles, rights and powers


The system ranks the risk as high/medium/low depending on its significance. Risks that exceed the risk appetite are flagged for inclusion in the annual/quarterly audit plan. Next, the head of the Internal Audit Service edits the annual/quarterly audit plan, indicating the objectives of the audit, timing, volume, employment of specialists and other necessary parameters. Risk map and annual plan The risk manager (risk management department), and in the absence of such positions - the internal auditor himself (Internal Audit Service) in accordance with past experiences (reports on past audits) - identifies the main risks present in the Organization (Holding) . Next, it classifies them and assesses the likelihood of occurrence and the consequences/impact of these risks, sending questionnaires to the owners of these risks.


Planning an audit assignment The audit manager creates audit assignments using templates for audit assignments (from the Methodology section). Next, he assigns performers to work and details the execution of the work in accordance with the skill level of the performer (or removes unnecessary details added automatically from the audit template).


The auditor carries out the audit procedures assigned to him and records the results (saves audit evidence in any format in the appropriate folder: Word document, Excel, audio, video recording, scan of a document, photo, link to a file posted in public resources). Auditing






Necessary correspondence with officials and employees of the organization, as well as with external organizations (except personal) are automatically saved in a common database for use and further work by a specialist whose access level allows the use of this information. Sync data with Outlook


Among other auditor tools in the System, it is possible to formalize questions and answers in a questionnaire, which can be filled out both by the auditor himself, interviewing employees of the Enterprise, and by the employees to whom the questions are intended, using the System independently. Questionnaires, risk assessment In this case, the result of filling out the questionnaire will be a risk assessment: high/medium/low, or another gradation depending on your internal standards. In addition, when surveying more than one person, it is possible to combine responses into majority response graphs.


If it is necessary to convey relevant homogeneous information to the right people, the System provides templates for letters that are automatically generated and filled with information on the situation, as well as a mass mailing module: Alerts and mass mailings And the most important tasks will be highlighted in reminder mode at the appropriate time to the appropriate executor - user of the System .


Recording violations, deviations, shortcomings and comments The auditor records shortcomings identified in the process of performing audit procedures. Defects are classified in a certain way and, if necessary, added to the database of defect templates for further use. When identifying a deficiency, a potential (existing) risk is determined. The auditor identifies the risk associated with the identified violation, thereby supplementing (correcting) the risk map. Upon completion of the project, the audit manager assesses the impact and consequences of the occurrence of the risk(s).


Next, the auditor writes recommendations for correcting violations, addressing the recommendation to the official responsible for this business process. Following the recommendation, the official notes the result of its implementation in the System. Monitoring the implementation of recommendations allows you to receive feedback from the Enterprise in order to revise the risk map and the annual audit plan for the following periods. Auditor's recommendations







The auditor enters all agreed upon questions on various types of risks and business processes into a common knowledge base, ready-made phrases from which are then used when writing recommendations, comments, and for the audit report. Consensus questions, knowledge base


All norms and rules, in order to streamline the work and quickly enter the position of a new employee, are entered into the audit library, excerpts and quotes from which auditors use during their work. The quick search and filtering system allows you to quickly find the desired typical phrase from a huge knowledge base. In-house teaching materials




The auditor's report is generated upon completion of the audit in the form in which managers are accustomed to seeing the report, while its generation by the auditor takes no more than a minute: after all, all the text has already been written when performing the procedures. The system only automatically reduces record to record sequentially. If necessary, you can generate reports: Separately on completed / not implemented recommendations; Significant / non-significant shortcomings; In terms of the company's business processes; With the total amount of financial consequences for the Enterprise (subject to entering this information at the time of verification); Another filter that is necessary to perceive the text. Auditor's report


Services Consulting and methodological services for audit companies. Sales, implementation and support of software products for auditing activities. Setting up software to in-house standards, updating products. Organizing and conducting seminars and round tables to familiarize staff with software for auditors. Training of personnel to work with programs in the client’s office, support in the form of on-line consultations. Conducting various seminars and trainings on current topics in auditing.

Country support:
Operating system: Windows
Family: Universal Accounting System
Purpose: Business automation

Audit automation

Main features of the program:

    Work with money in any currency is supported

    All departments of the organization can work in a single information system via the Internet

    The program shows current balances in real time for any cash register or bank account

    You will be able to keep full financial records: post income, any expenses, see profits and view various analytical reports

    You will have a unified database of clients and suppliers with all the necessary contact information

    You can plan cases for any client

    The program will allow you to plan expenses for a certain period

    You will always have all detailed reporting for each cash register or account in any currency “at your fingertips”

    All financial movements will be under your complete control. You can easily track what you spend the most money on for any period

    The program will show you statistics on savings or excess costs for your items

    A clear visualization of profit dynamics will help you easily analyze the company’s activities and profitability

    Separation of access rights is supported. Each employee will see only what he is supposed to see

    Integration with the latest technologies will allow you to shock your clients and deservedly gain the reputation of the most modern company

    A special program will save a copy of all your data in the program on a schedule without the need to stop working in the system, automatically archive and notify you when it is ready

    Reserve
    copying

    Connection with payment terminals so that customers can pay at the nearest terminal. Such payments will be automatically displayed in the program

    Payment
    terminals

    The scheduling system allows you to set up a backup schedule, receive important reports strictly at a certain time, and set any other program actions

    Reliable control will be ensured by integration with cameras: the program will indicate data on payments made, payments received and other important information in the captions of the video stream

    You can quickly enter the initial data necessary for the program to work. This is done using convenient manual data entry or import.

    The program interface is so easy that even a child can quickly figure it out.


We have completed business automation for many organizations:

Language of the basic version of the program: RUSSIAN

You can also order an international version of the program, into which you can enter information in ANY LANGUAGE of the world. You can even easily translate the interface yourself, since all the names will be placed in a separate text file.


All enterprises and organizations in modern conditions of rapid exchange of information and an ever-growing market, the regular emergence of new competitors need to conduct their business clearly and efficiently. Unfortunately, it is no longer possible to be successful without audit automation. Therefore, we propose to consider our new software product - the Universal Accounting System. It is superior to its competitors in that it does not require large amounts of resources to use. USU is a software product for accounting and audit automation, suitable for the activities of large, medium and small organizations. In this audit automation program, you can keep all records, from creating an extensive client database to generating reports for tax and government authorities. Several users can work simultaneously in the audit automation program and exchange the necessary data in real time, which makes it easier to control all business processes.

Audit automation is a labor-intensive process that requires special vigilance in transferring all the data needed in audit activities into one audit automation program. But the result is worth the effort, because automation of accounting and audit processes will dramatically speed up all the company’s business processes. Acceleration due to audit automation can lead to a reduction in the organization’s costs by at least 10%, especially this process will affect the administrative and business expenses of the enterprise. Do not be intimidated by the amount of work involved in automating all processes of core and audit activities, because our technical support for the audit automation program will help you in its implementation. Our specialists will easily customize the program to suit the specifics of your business, help you install and configure the audit automation technology program, and explain everything so that you can immediately start using it. The interface of the internal audit and accounting automation program is clear and convenient; even a new employee with no work experience can easily use it.

Automation of audit and document flow will help management make the right management decisions on further activities based on information about all transactions performed, cash flow, and the state of the company’s assets and liabilities. After all, audit automation will help you regularly analyze and audit the activities of your organization, calculate the necessary solvency ratios of the company, prospects for its further development, plan future expenses and income, and draw up a budget. And also the internal audit automation program will help control the company’s inventory, all cash flows from the main and operating activities of the organization, generate reports and check employees.

The monitoring and control program can be used by:

  • Any government company;
  • Private company;
  • Individual entrepreneur;
  • Self employed;
  • and so on.

By watching the following video, you can quickly familiarize yourself with the capabilities of the USU program - the Universal Accounting System. If you do not see the video uploaded to YouTube, be sure to write to us, we will find another way to show the demo video!

Audit control and management capabilities

  • The external and internal audit automation program provides complete control over the processes of the enterprise;
  • USU for automation of audit processes and internal audit activities allows the use of various audit tools within the enterprise;
  • The USU program for audit automation can generate various coefficients intended for the analysis and audit of your business;
  • You can install any additional settings necessary for audit activities in the USU audit automation program;
  • Automation of audit activities using the USU produces all types and forms of reports based on data systematically entered into the program;
  • The program for automating the audit of the management system allows you to use a multi-level system of access to information depending on the user;
  • The audit automation control system operates in multitasking mode and can be used by all company employees on their personal computers simultaneously;
  • The USU is equipped with a security system; each user of the audit automation program has his own login and password for work;
  • The audit automation program has the function of sending notifications, reminders, and SMS messaging;
  • A special feature of the enterprise audit automation system is its accessible and understandable interface, which all users can quickly understand;
  • After installing an audit automation software product in your business, technical support will provide training to each user;
  • An audit of your business will help to fully identify shortcomings in work processes, financial planning and other aspects of the business;
  • For a trial run, you can download the audit automation software product absolutely free on the website;
  • If you have any questions related to audit automation in your company, you can contact the contact information listed on the website;
  • Take advantage of audit automation, and your business management decisions will systematically increase profits.

3. Normative references

ISO 9000:2005 – “Quality management systems. Fundamentals and vocabulary."

ISO 9001:2008 – “Quality management system. Requirements".

ISO 19011:2002 – “Guidelines for the audit of quality and/or environmental management systems.”

4. Terms, abbreviations and symbols

Terms and Definitions:

Audit (verification) is a systematic, independent and documented process of obtaining audit evidence and evaluating it objectively in order to determine the degree of fulfillment of agreed criteria (ISO 9000:2005).

An auditor is a person who has demonstrated the personal qualities and competence required to conduct an audit (ISO 9000:2005).

Group of auditors - one or more auditors conducting the audit with the assistance (if necessary) of technical specialists.

Abbreviations used:

DP – documented procedure

QMS – quality management system

Legend:

Branching/merging process operations

5. Process description

5.1 Fundamentals

The QMS audit at KPMS is carried out with the aim of:

  • determine the level of compliance of the QMS with the requirements of the ISO 9001:2008 standard;
  • determine the level of compliance of the QMS with the requirements of internal regulatory documents.

The audit can be carried out scheduled (based on the annual audit plan) and unscheduled (based on the order of the general director).

The frequency of scheduled audits should be at least once every six months.

The quality officer is responsible for organizing audits.

The lead auditor is responsible for conducting audits.

The annual internal audit plan is developed and approved no later than December 20. The annual internal audit plan is developed by the quality officer. When planning internal audits of the QMS, a mandatory audit of each of the departments, each of the processes and each of the requirements of ISO 9001:2008 is provided.

Before the start of each audit, an audit schedule is developed. The schedule is developed one week before the audit date.

To conduct internal audits, a leading auditor, auditors and technical specialists are appointed from among the company's employees. The candidacies of the lead auditor and auditors are determined by the Quality Commissioner. The appointment of the lead auditor and auditors is carried out by order of the General Director for Personnel. The order may indicate the duration of the appointment. If the term is not specified, then the lead auditor (auditors) are considered to be appointed for an indefinite period and lose their status as an auditor only on the basis of an order from the general director to appoint a new lead auditor (auditor) or upon dismissal from the company.

Technical specialists are assigned (if necessary) to each audit upon the recommendation of the lead auditor. The appointment of technical specialists is carried out in an order for the organization to conduct an internal audit.

When drawing up an audit schedule, the distribution of auditors and technical specialists among the objects of inspection should exclude the possibility of them inspecting the units in which auditors and technical specialists work.

Implementation of an IT solution for internal audit will help cope with a large volume of data from the accounting system

Any automation allows you to save labor costs on standard operations. Internal audit is no exception. It can be automated in the following ways:

  • specialized domestic developments - "Complex Audit" (developed by Goldberg-Soft), "IT Audit: Auditor" (Master-Soft), "Express Audit" (Termika), AuditNET of the company of the same name;
  • in practice, modules of ERP systems are most often used, from foreign SAP, Oracle and Microsoft to domestic ones “1C”, “Compass”, “Parus”.

Fundamentally, internal audit automation involves obtaining data and creating reports based on it. The approach to automation is similar to any IT implementation project. At the beginning, the goals and objectives that the internal audit department solves are established, then its functional responsibilities are revealed. All business processes accompanying the solution of these problems are prescribed. It immediately becomes clear which department functions are standardized and therefore amenable to automation. Based on the received descriptions, a technical specification is drawn up.

The functional responsibilities of the internal audit department, including its standard functions, are primarily determined by positions in the company:

  • in Russia, the most common subordination is to the financial director (see diagram No. 1);
  • much less often, he reports directly to the general director (see diagram No. 2);
  • in public companies, the internal audit department must report directly to the audit committee of the board of directors (see diagram No. 3). Moreover, committee members should not hold management positions in the company.

Only the third option for the location of the audit department in the company's hierarchy ensures independence of judgment.
The data sources for the software solution that automates the activities of the department will be department databases without the possibility of making changes to them. Since there are no standards and recommendations for the construction of internal audit, each company composes them independently.

Explains the situation GALINA SHAFRONSKAYA, Chief Methodologist of the Department of Audit Methodology and Quality Control at BDO Unicon:
“There are recommendations from the Federal Financial Markets Service regarding a code of corporate conduct and the creation of internal audit departments in all public companies. But if in the USA there is an institute of internal auditors and corresponding standards for their work, then in Russia this process is at the stage of development.”

Control it yourself

Distancing from the issue of objectivity of control, if the internal audit department is subordinate to a financial department, then the source of data for it will be the accounting system of the “heading” department. In practice, the real needs of the enterprise will elude the auditor.

EXAMPLE 1
The Korovushka dairy plant experienced difficulties with reporting due to untimely reflection of transactions in the accounting system. An internal audit department was created, which reports to the financial director. The main task of the department is to control the timeliness of receipt of primary reports. Standard control points in this situation are the date of preparation of the primary document and the date of its entry into the accounting system. Thus, the primary document from the workshop where raw materials are released into production must enter the accounting system at a certain time, preferably on-line. The source of data for the software solution that automated the work of the internal audit department was the indicators of the document flow system and the financial accounting system. The tasks of the department that cannot be automated included issues of methodological development and issuing recommendations.

Here, automation helped save department labor costs. However, with this formulation of the task, the internal audit department ceases to be the body that controls the correctness of the preparation of financial statements. The results of its activities will not be useful to external auditors. While maintaining subordination to the financial director, such a department cannot be tasked with verifying the truth of the statements.

EXAMPLE 2
The general director of the Ivushka company wanted to establish timely release of reliable reporting. An internal audit department was created within the financial division. Standard control points are items of planned and actual budgets. The source of data for the program that automated the audit was budgeting and accounting systems.

The company's budget for the quarter included, among other things, the following:
– current expenses in the amount of 100 thousand rubles. However, an unexpected equipment breakdown increased them to 200 thousand rubles. In order for the fact to correspond to the plan, the accounting department recorded 100 thousand rubles in the current statements as expenses of the period, and the remaining 100 thousand rubles remained in advances issued and were reflected in the costs of the next quarter. The error was identified by the audit department during fact verification with primary documents;
– revenue of the Product Sales division in the amount of 2 million rubles. If the plan was fulfilled, the management of the company's functional divisions was rewarded with a percentage of revenue. Actual management and accounting reporting showed the fulfillment of this indicator. The internal audit department, checking the primary payment documents with the reporting, revealed that the accounting department reflected in the current quarter as the actual shipment of the current quarter 1.89 million rubles and the shipment of the next quarter in the amount of 110 thousand rubles.

Thus, the audit department verified the correctness of the fact, but not the plan. It turned out to be impossible to assess the objectivity of planned indicators, since data on the performance of functional units is not transmitted to auditors.

Tells TATYANA KOLODCHENKO, financial controller of the company "Medical Russia and CIS":
“My division is functionally subordinate to the company’s financial director and controls the correctness of the formation of financial statements both under RAS and IFRS, as well as the planning process. To manage planning, the Cognos EP product is used; fact reconciliation occurs in Excel. The company is now planning to automate this process.”

General Accountability

The option of reporting to the general director provides for greater control. However, then the activities of the head of the company fall out of the sphere of influence of the internal audit department - the audit concerns only lower-level managers. In this case, control points are located in all departments, which significantly increases the amount of information processed compared to the previous version. It is not the quality of company management that is assessed, but the diligence of subordinates. Here the critical points may be:

  • targeted spending of funds;
  • objectivity in the selection of suppliers and clients;
  • formation of product prices.

In other words, all those areas where management has opportunities for abuse. During control, the internal audit department will periodically review primary information, analyze the plan-fact, check the presence of permitting signatures, the correctness of closing the period, monitor the marketability of prices and competitive conditions. In this case, plan-actual reconciliation and monitoring of external data can be automated, for example, using systems for searching unstructured information on the Internet. What will remain outside the system is checking the originals of primary documents and searching for the reason for choosing not the most profitable supplier.

Tells OLGA SEMENKOVA, Head of the control department of the Bryansk medical center "Paracelsus":
“The main reason for creating my department, reporting directly to the CEO, is the lack of transparency in the process of selecting suppliers of medicines and consumables. As a result, overexpenditure on these items amounted to 20%. In addition, lack of control provoked abuse, and in business conditions the system of kickbacks has no right to exist.”

Life by the rules

If the internal audit department reports to the board of directors, then most often this means that the company is public or is preparing to become so. Audit automation not only saves the labor costs of internal auditors, but also simplifies the external audit procedure.

Explains GALINA SHAFRONSKAYA:
“International Standard on Auditing ISA 610, Use of the Work of Internal Audit, states that external auditors, in determining the scope of their procedures, and therefore the cost of the audit, may examine the client's control system, including the independence, functions and output of internal audit. If external auditors find that the tasks performed by their “internal” counterpart, the goals it achieves, and management's response to internal audit reports are acceptable to the external auditor's work, then the external auditor may rely on the internal audit findings and reduce the scope of its detailed procedures. But so far the functions of Russian internal auditors and what they do do not allow us to rely on their work or take it into account when planning external audit procedures.”

Automation leads to a reduction in labor costs for employees of the internal audit department, helping the company save resources. But under certain conditions, the implementation of an IT product is simply necessary. For example, one of the company's activities, controlled by the internal audit department, is characterized by too much data. It is not possible to check the information manually. A similar situation arises among telecommunications service providers, where a huge amount of data from billing systems serves as a source of information about the services provided.

EXAMPLE 3
MTS shares are traded on the New York Stock Exchange, so the company is required to comply with the requirements of the Sarbanes-Oxley Act. MTS works in the ERP system Oracle e-Business Suite. To automate internal audit, the Oracle ICM module was introduced. It provides department employees with access to various databases generated using specialized modules and business applications. Including the billing system.

Automation of internal audit in companies operating within a complex corporate information environment will include points of control over the operation of information systems.

Errors in selection

When choosing a software product, the most common mistake is the lack of strict system requirements. The variety of offers and the low cost of domestic solutions can provoke a hasty choice and purchase.

The auditor tells EVGENY MURMANTSEV:
“My company acquired the domestic software product “Complex Audit”. All reporting forms, including Form 1 of the balance sheet (OKUD 0710001), profit and loss statement, statement of changes in capital, statement of changes in cash, Form 5 of the appendix to the balance sheet, are built for non-budgetary organizations. We check mainly budgetary enterprises, therefore the balance sheet and reporting forms must be generated according to OKUD 0503001: balance of execution of the estimate of income and expenses F.1 OKUD 0503001, balance of execution of the estimate of income and expenses F.1.1 OKUD 0503003, report on execution of the estimate of income and expenses of institutions and organizations financed from the budget of the constituent entities of the Russian Federation and local budgets F.1nn OKUD 0503010. Now we want to add these forms to the program.”

A representative of the developer company Goldberg Soft explains the situation:
“The program is focused on conducting audits of commercial organizations. Adding reporting from budgetary organizations to it is possible, but this will lead to a serious change in the audit methodology. The solution automatically forms an opinion on the reliability of a particular reporting line and checks the compliance of the balance sheet data of the audited entity with the data of its accounting database. Obviously, when the reporting form changes, these algorithms must also change. Otherwise, the audit automation program will simply turn into a set of automatically filled out forms and nothing more.”

Another common mistake is lack of forethought. When installing such software, not all companies think about further support for its functionality. It is important to make a practical move - to include an employee in the project team who will subsequently continue working with the system.

The Express Audit system is a software package designed to automate the audit of the financial and economic activities of commercial enterprises and organizations, as well as the efficient and convenient creation and storage of working audit documentation.

The developers of the system are the Termika consulting group and N.P. Baryshnikov, a practicing auditor, general director of the auditing firm Baryshnikov and Co. The automated system "ExpressAudit" in accordance with the Rules (standards) of auditing activities in the Russian Federation can be used by audit organizations for:

  • a) developing a general audit plan and program;
  • b) creating working documentation for the audit;
  • c) studying and assessing the accounting and internal control systems of audited economic entities;
  • d) obtaining audit evidence about the reliability of financial statements;
  • e) obtaining a reliable representation of the economic entity’s compliance with the requirements of regulatory acts;
  • f) organizing internal audit quality control;
  • g) conducting an initial audit of the initial and comparative indicators of the financial statements;
  • h) preparation of written information from the auditor and the audit report based on the audit results.

The material is structured into sections (19 in total) and presented in the form of questions and answers to them on all aspects of the financial and economic activities of enterprises and organizations. Moreover, in addition to issues of general organization of accounting and taxation, including:

  • - organizational matters;
  • - accounting policy of the organization;
  • - accounting and taxation of transactions with fixed assets, intangible assets, materials;
  • - production costs
  • - cash;
  • - accounting of finished products;
  • - calculations;
  • - capital, financial results, securities;
  • - the procedure for generating accounting and tax reporting indicators, etc.

In addition, tables are provided for the analysis of the financial and economic activities of commercial organizations. The basic version of the system also reflects the specifics of accounting and taxation in trade. Currently, the system contains a separate block of the section “Auditor's working documents”, which are required by a specialist not only at the time of the audit, but also during the entire audit activity.

Working with this system, which is based on the Code for Windows software package, consists of four stages:

  • - filling out the survey card;
  • - choosing a survey topic (registration site);
  • - answers to questions on the selected topic;
  • - generating a report.

Filling out the survey card. The survey card may include data about both the audit firm and the audited entity. All information on the card is included in the protocol and then the report.

Selecting a survey topic. The next step is to select an object to check from the presented 19 blocks. Each block is presented in the form of a chapter with sections in which this topic is detailed in a certain direction. To select a survey topic, you need to move one heading at a time from the left side of the plate to the right. If desired, any number of chapters and sections can be selected depending on the volume of planned activities.

Answers on questions. The number of questions varies depending on the chapter chosen. The structure of the question consists of three elements: text, the normative basis of the question and the author's comment. The program provides four possible answer options:

  • - compliance with the regulatory framework;
  • - inconsistency;
  • - incomplete compliance;
  • - the auditor's opinion about the appropriateness of the question in the given situation.

When identifying violations of standards and selecting the appropriate answer option, you must fill out a “Comment” card in order to reflect information that may be necessary in the subsequent analysis of this issue.

Generating a report. The final document of the audit is the report. However, before drawing it up, it is necessary to familiarize yourself with the protocol, which contains information about the object being audited, the date of the audit, and the number of questions that the auditor had to answer or answered. If the answers to the questions are compiled sequentially, the protocol will be generated automatically after answering the last question proposed on the topic. You can also review the preliminary protocol at any time or change the answer to a previously reviewed question by pausing the current survey.

Based on the protocol, at the user’s request, a report is generated, which is identical in content and structure to the analytical part, and also contains elements of the final part of the audit report. The report includes data about the audited object, general results of checking the state of internal control of an economic entity, accounting and reporting, compliance with legislation when carrying out financial and business transactions, as well as an indication of the normative act to which the accounting statements must comply. The generated report can be imported into a text editor MS Word and, after finalization, look like an audit report.

In the system, each section of accounting corresponds to certain questions that need to be answered; for each question, a corresponding extract from regulatory documents is necessarily provided, and for sections that require special attention, there are author’s comments. Thus, the auditor can check the statements without wasting time searching for regulatory documents to clarify any controversial issue. Information services are provided, consisting of monthly additions and updates of materials set out in ExpressAudit.

This version of the program is intended for generating auditor working documents in the process of auditing commercial enterprises and organizations. The developers intend to develop the program in at least four directions:

  • - creation of versions that take into account the industry characteristics of the organizations being audited;
  • - reflection of regional audit features;
  • - improving the interface and other characteristics to ensure the most convenient work with the program;
  • - development of new sections.

Russian scientists Odintsov B.E. and Romanov A.N. believed that the main attention should be paid to the creation of some kind of computer information system that provides a “human-machine” approach to conducting an audit. This system assumes a significant separation of functions: a person, i.e., a decision maker (DM), performs the functions of logical analysis, and a computer performs the functions of organizing and conducting quantitative calculations, the logical structure of which is implemented by software created on the basis of algorithms developed by the decision maker ( procedural method for solving a problem).

According to I.I. Pilipenko, all kinds of surveys and questionnaires regarding the use of information systems in auditing activities indicate that practicing auditors and audit firms do not sufficiently use specialized programs for auditing. There are factors limiting the use of specialized automated programs in auditing activities. One important factor is the use of general-purpose software products by audit firms: word processors, spreadsheets, database management systems. Another factor is the lack of awareness of audit companies about automation systems intended for audit activities. The relevance necessitates research into the market for audit programs to determine the need and possibility of their implementation in audit firms.

In the opinion of E.Ya. Goldberg, the “Auditor’s Assistant” program is the first attempt to create a really working audit system, with the aim of solving audit problems at all stages of its implementation is the “Auditor’s Assistant” program. In the literature known to the authors, the audit system model has the following structure:

  • a) a knowledge acquisition module, which is intended to form a knowledge base. The knowledge base has two components: rule bases and fact bases.
  • b) rule base, contains procedural knowledge in a standard form.
  • c) fact base.
  • d) audit execution module, used to initialize the system and generate audit reports.

In general, there are two strategies in creating audit systems: minimizing the cost of inputting source data; minimizing the risk of missing erroneous actions in financial documentation. The creators of this software application are aware of the complexity of the task undertaken and the inevitable imperfection of its individual parts for the first version. Nevertheless, given the urgent need for such a program, they take the liberty of offering it for practical use.

Currently, the following full-featured audit automation programs are presented on the Russian market: “IT Audit: Auditor” (Master-Soft), “ExpressAudit: PROF” (TERMIKA Consulting Group), AuditXP “Complex Audit” (Goldberg-Soft ").

Table 3.1 Popular programs for complex automation of audit activities

Forms of audit risks that arise as a result of the use of computer data processing programs:

  • - technical risks - risks associated with technical issues, methods of processing accounting information that is directly used, the organization of accounting and internal control during the implementation and use of automated information systems. Caused by poor-quality work of technical means, the use of unofficial software, differences in the characteristics of hardware and software, lack of proper general technical service and control.
  • - risks associated with the procedure for processing accounting data - may be associated with errors in the development of the system, its small circulation, or misuse. Cases of using programs not intended for accounting cannot be excluded. It is the auditors' responsibility to determine whether the client's system is being applied correctly.
  • - risks associated with accounting and control - caused by insufficient organization of the client’s employees to use the information processing system for accounting data, lack of clear differentiation of the obligations and responsibilities of the client’s employees, dissatisfaction with the formation of the internal control organization, ineffective system of protection against unauthorized access to the database information (lack), loss of data.
  • - risks associated with the professionalism of the auditor - associated with an incorrect assessment of the system for processing accounting and analytical data, incorrect construction of a test system, and distorted interpretation of facts.

Under different conditions, risks may increase or decrease. It is possible to distinguish between these factors influencing the level of audit risk in the context of automated data processing:

  • a) The risk of errors and deviations in accounting increases when:
    • 1) dispersal of a computer automated network;
    • 2) large-scale remoteness of computer devices;
    • 3) low level of acquired knowledge of accounting personnel in the field of information technology;
    • 4) lack of an internal control system over the functioning of the environment for computer processing of analytical and accounting data;
  • b) The risk of deficiencies and deviations in accounting is reduced when:
    • 1) implementation of licensed accounting automation programs;
    • 2) implementation and development of timely software;
    • 3) use of special software for automated processing of accounting data;
    • 4) the use of a possible modification of some forms of control through the use of audit automation software specially developed for audit firms;
    • 5) coordinated information policies of the subject with the main use of a computer data processing system;
    • 6) development of a strategic plan and strategy for the development of a system for automated data processing of an economic entity.

The ability to avoid possible errors allows the auditor in his practice to expose the cause of their occurrence, pay attention to some existing issues, and eliminate the impact on the quality and reliability of information.

To implement the above tasks, the auditor must have additional knowledge and skills in the field of computer processing systems for audit data. The minimum requirements for auditors should be knowledge of computer terminology and the ability to understand the sequence of computer operations performed.

Not many auditors believe that computer skills are not necessary in many cases, especially when technical professionals and specialists are involved in the work. Lack of such experience can lead to incorrect formation of conditions for technical specialists and incorrect interpretation of the results obtained. Practical skills in working with numerous automated computer data processing systems are necessary for auditors to support their assessment of the auditee's use of the system.

Among the negative aspects of the Russian computer program market are the conditions that their development occurs without appropriate expertise on the possibility of optimizing control operations; The issue of managing the accounting software market has not been addressed at all. The definition of the problem is that all automated programs that provide accounting must undergo free or independent examination, as well as certification by licensing authorities. After the document is issued by this authority, the computer program can be used in practice. Such a procedure can contribute to the legalization of the Russian accounting software market, determine the potential for using audit operations within a specific program, and reduce the likelihood of errors by program authors and programmers. In addition, this approach will create a real opportunity for organizing auditors to implement control actions in the conditions of automated processing of accounting data, since it will be possible to build an audit methodology in advance, implementing it for a specific program.

Special audit software is developed by audit organizations to carry out various audit tasks. There are three approaches to organizing these programs:

  • - the first approach carries the greatest risk, it uses a set of texts (worksheets) that boil down to choosing a “yes/no” answer (test mode), while the client’s accounting information is ignored;
  • - the second approach requires significant time to enter the client’s accounting information; the program is focused on primary accounting information of a synthetic and analytical level;
  • - the third approach combines the previous approaches.

We have reviewed the main methods of automating the audit process, however, despite their diversity, this problem is quite relevant and unsolved; software creators are currently faced with the task of automating and standardizing the activities of auditors at all stages of the audit: from preparation and planning a general audit to the collection, systematization and execution of final documents in accordance with current standards, while taking into account the industry specifics of domestic enterprises.

For the highest quality, accurate audit of Russian enterprises in modern conditions, we propose to use the AuditXP “Audit Complex” program, which is based on the “Auditor Assistant” program by E. Ya Goldberg, which allows you to create a really working audit system aimed at solving audit problems at all stages its implementation.

Using the AuditXP “Audit Complex” software product, from our point of view, has a number of advantages compared to others:

  • - automation of audit activities not only of large, but medium-sized, small audit organizations, as well as individual auditors, in accordance with the current federal audit rules (standards) and International Auditing Standards;
  • - increases the efficiency of quality control of working documentation;
  • - ensures compliance of activities with auditing and corporate standards;
  • - application of the standards proposed by this program allows you to improve the professional level and quality of work of auditors through the proper organization of their work;
  • - the ability to import and export procedures at all stages of the audit has been introduced, allowing auditors to share responsibilities for conducting audits of different sections and work on the road using laptop computers;
  • - contains more than 500 procedures, forms, reference tables, reports on all stages of the audit.
  • - proposes to use an original audit methodology, which contains built-in algorithms for calculations, planning, sampling and analysis, selection of types of identified violations and automatic drawing of conclusions for sections of the audit and the final conclusion;
  • -includes audit quality control methodology, a block of analytical procedures and financial analysis;
  • -the built-in form editor makes it possible to create new, modified existing forms of audit procedures, as well as completely change the audit program to the internal standards of the organization.

We propose to supplement it with the following materials in future versions:

  • - a list of common errors during an audit;
  • - reference information for the most complex sections of the audit;
  • - section “Analytical part of the conclusion”.

Modern conditions dictate the transition to automated performance of auditor functions, which significantly saves labor costs and auditor time. The implementation of automated audit is based on extensive software that is constantly updated and improved over time. All the special audit programs discussed above were developed by Russian companies and are widely used today. Each of them is able to ensure the effective implementation of audits, both external and internal (with the exception of AuditModern, since the program is intended only for internal audit). Based on this, when choosing a software product, the main criterion is its cost. Thus, the cost of the products we have considered today is presented in Table 3.2. According to the table, we can say that the most accessible software products for companies are “IT Audit: Auditor” and Audit XP “Audit Complex”.

Table 3.2

Cost of software products in the field of audit automation

Thus, in conclusion, I would like to note that the introduction of automated systems into the activities of audit firms is a necessity. The use of specialized licensed software will help improve the efficiency and quality of work provided by the audit firm.

Conclusion

In our work we considered the issues of automation of audit activities. Based on what we have studied, we can draw the following conclusions. When conducting an audit in a computer data processing system, the purpose and main elements of the audit methodology are preserved, but the requirements for audit tasks change and new tasks appear. In the practice of designing a computer information system for audit activities, two fundamentally different approaches to their creation can be traced: using a set of tests (worksheets) and focusing on the client’s primary information; within the framework of the second approach, audit computerization systems are created by stages and audit computerization systems by sets of tasks.

There are three stages of the auditor’s work technology in the conditions of the CIS AD: the preparatory stage, the audit and the final stage. Machine-oriented audit procedures use methods of testing the code system, arithmetic verification, i.e. independent selective recalculation of the accuracy of document sources and accounting records, as well as control methods based on program analysis. In auditing activities, office programs, legal reference systems, accounting programs, financial analysis programs, and special software are used.

The software products discussed in this work are very attractive to auditors because they significantly reduce the labor intensity of audit procedures, allow you to systematize audit evidence and generate the necessary reporting. These software products were developed by development companies together with practicing auditors, which allows us to count on their compliance with the actual practice of internal and external auditing.

We recommend reading