SAS No. 31 Auditing in a Computer Information Systems Environment 　 　

Status

Issued by Auditing Standards Committee in Taiwan on 9 September, 1997.

Summary

The auditor should obtain an understanding of the accounting and internal control systems in order to plan and develop an effective audit approach. In planning the portions of the audit which may be affected by the client’s computer information systems environment, the auditor should obtain an understanding of the significance and complexity of the computer information systems activities and the availability of data for use in the audit. The understanding would include:

• The significance and complexity of computer processing in each significant accounting application.
• The organizational structure of the client’s computer information systems activities and the extent of concentration or distribution of computer processing throughout the entity, particularly as they may affect segregation of duties.
• The availability of data.

When the computer information systems is significant, the auditor should also obtain an understanding of the computer information systems environment and whether it may influence the assessment of inherent and control risks.

The auditor should make an assessment of inherent and control risks for material financial statement assertions. The inherent and control risks in a computer information systems environment may have both a pervasive effect and an account-specific effect on the likelihood of material misstatements.　

The auditor should consider the computer information systems environment in designing audit procedures to reduce audit risk to an acceptable low level.

Effective date

This Statement is effective for audit of financial statements with fiscal years ending on or after 31 December, 1997.