Auditing and Financial Management: Federal Agencies Still Need to Develop Greater Computer Audit Capabilities

Citation
General Accounting Office, Auditing and Financial Management: Federal Agencies Still Need to Develop Greater Computer Audit Capabilities (AFMD-82-7) (Oct. 16, 1981) (full-text).

Overview
A growing reliance on computers, coupled with increasing cost, requires that Federal managers assure themselves that computers support management goals and objectives, operate efficiently and economically, and encompass adequate controls to prevent errors, fraud, waste, and abuse. Internal auditing is an important management tool to help provide such assurance. The GAO conducted a review to evaluate the progress of Federal internal audit organizations and provided guidance for agencies in establishing proper computer audit coverage.

Some of the 19 Federal audit organizations which the GAO reviewed cannot be sure that they have adequately identified their agencies' computer audit needs. The GAO found that nine organizations had limited, outdated, or no inventories of their agencies' computer systems to aid in planning audit coverage. The GAO also found that many organizations have not developed and maintained the skilled staff necessary to meet computer audit responsibilities for their agencies. Six organizations had little or no computer audit capabilities at the time of the review.

Although the GAO found examples of effective computer auditing, insufficient computer audit capabilities generally resulted in only limited compliance with the standards issued by the GAO for auditing computer-based systems. Some organizations were hindered in acquiring computer audit staff because of personnel ceilings, Federal hiring restrictions, and a lack of management support for computer auditing. The GAO also found that many organizations did not have formal training programs to help develop computer audit skills. Despite an increased emphasis on the need for proper computer-related controls, the GAO found little overall direction, other than the GAO audit standards, requiring Federal internal audit organizations to specifically evaluate computer-related controls. Such evaluations could help minimize error, fraud, waste, and abuse, but are also necessary if Government auditors are to fulfill their professional audit responsibilities.

The GAO recommended that the heads of Federal agencies should help ensure that their inspector general and internal audit organizations properly consider agency computer operations in providing internal audit coverage by requiring them to consider computers in fulfilling audit responsibilities to review for efficient, effective, and economical operations.