Back

Audit of Investment Funds Appraisal System and Related Computer Business by CNAO

SAI- China

1.    Audit of Appraisal System. The appraisal system refers to a financial calculation system adopted by most funds management corporations. It is usually designed according to the practical business and supported by computer technology. Due to the importance of appraisal system in stock investment and financial management, audit of appraisal system plays a key role in auditing investments and financial statements. The emphasis should be laid on the following aspects

  1. The internal control system in which the appraisal system, investment system and financial system are interacted. Auditing should be focused on perfection of circle control and division of duties. Relevant processes should be taken charge of by appropriate individuals.
  2. Whether calculating process and methods are in compliance with professional regulations and common financial principles;
  3. Whether appraisal system has taken into account necessary investment and financial elements such as stock purchase price, quantity, amount, accumulated costs, current market price, position's balance, unrealized profits and losses, accumulated profits and losses, etc. The interrelations among those elements should also be taken into consideration;
  4. Apart from the daily data and appraisal charts, audit on appraisal system may also adopt temporary data testing method, i.e. designing some wrong data along with several groups of correct data and inputting them into the appraisal system, and observing the influences of wrong information and appraisal results on equilibrium relations of appraisal charts;
  5. Making an analysis of man-made and systematic elements giving rise to the mistakes, and improve these elements through systematic reviewing functions and computer programs respectively; and
  6. Finding out potential frauds and collaborated frauds in financial departments through data testing of appraisal system.

2.    Audit of related computer business. Due to the timeliness and accuracy of funds business, a lot of IT equipment are used in its process. Review of computer business requires auditors to be very familiar with computer technology and professional IT auditors to be employed when necessary. Audit of computer business usually falls in the following categories:

1)    Audit on division of functions in IT departments:-

  1. Whether positions are clearly defined with operations carried out separately and independently;
  2. Whether the systems engineering personnel are directly engaged in information input and computer operations; and
  3. Whether the setting and controlling of cipher code for every position are reasonable

2)    Audit of program development and program modification:

  1. Whether program development and program modification meet the needs of professional departments and go through the established procedure of authorizations
  2. Whether the programs are applicable and advanced; and
  3. Whether the risk control mechanism has been included in programs developed, such as quantity control in dealing of stocks;

3)    Audit of control of access to programs and information:

  1. Whether PCs set up passwords with actual function of keeping confidentiality;
  2. Whether the modification of programs and databases comply with the related regulations and get the right authorization;
  3. Whether old passwords are cancelled and replaced by new passwords when the responsible persons change; and
  4. Whether necessary control methods have been found to monitor external software.

4)    Audit of control of input and output of information:

  1. Whether the input and output of information are dealt with in accordance with concerned regulations;
  2. Whether notes have been made during inputting and outputting, which leave the trails for auditing;
  3. Whether a prompt function has been designed to correct human input and output error; and
  4. Whether appraisals have been given on systematic errors and what improvement has been made.

5)    Audit of protection and recovery of information:

  1. Whether programs and information have regular backups and whether the backups are kept at safe places;
  2. Whether information protection methods have been established for emergencies such as power cut, equipment breakdown etc; and
  3. Whether anti-virus methods have been set up;

6)    Audit of purchase of computer equipment and software:

  1. Whether the purchase meets the needs of business and gets the right authorization;
  2. Whether the equipment and software purchased are advanced and of high quality;
  3. Whether purchasing contracts are completed and whether more than two persons have participated in the negotiation procedure;
  4. Whether purchasing procedures follow the regulation and whether bribes may take place;
  5. Whether maintenance contracts have been signed with suppliers; and
  6. Whether computer equipment and software have been tested;

7)    Audit of regular maintenance and repair of equipment

  1. Whether there is a strict system to standardize usage and maintenance of computers;
  2. Whether computers have been locked to avoid casual access
  3. Whether the access to computers during repair and maintenance are in compliance with certain procedures; and
  4. Whether there are misuse of computer equipment and software for personal gains.