The controls that must be exercised by the auditor include:
1. Back up of files
Backup copies of all audit files kept on the computer should be made regularly at least once per day. These backup copies should be kept in a separate location from the microcomputer or laptop. If the microcomputer is lost or damaged, the copy files will be used to continue work on that client.
When an audit is finished, the client files are taken off the computer to make room for the next clients‘ files, at least two or three backup copies should be made to ensure that if one copy becomes corrupted or lost, then the files can be retrieved from the second copy of the files.
2. Security of files
Audit information on clients can be very sensitive. Adequate procedures must therefore be in force to ensure that only authorized audit staff can gain access to the audit information. All audit computers should therefore be protected by passwords and disks with client data stored in safe locations e.g. in a fireproof safe.
Care must also be taken to ensure that computers holding client data are not stolen.
If a computer is left at a client‘s premises overnight, then it should either be locked in a safe or securely chained and padlocked to a table.
3. Adequacy of information
There is a danger with computers that not all the data or reasoning used to reach a particular decision will be documented. This can arise due to lack of ability to use the system. Adequate documentation must therefore be kept including print outs of all major documents for future reference, together with the reasons for decisions made.
4. Testing of programs
Before any program is used on audits, it should be tested to ensure that it is as far as possible error free.