Some definition defines audit as a process to compare between fact in financial statement and the general accepted criteria that should be obeyed. By the growth of the nature of the business auditing is used as a tool to measure the effectiveness and the efficiency of the internal control and activity held by the management. Auditing itself divide into several types, such as financial audit, operational audit, forensic audit, medical audit, and compliance audit.
Recently, economic activity of the entity become more complicated and complex. Growth of the information and communication technology becomes a strong trigger for the entity to change or maybe develop their economic activity in line with the technology. Gore and Stubbe (1979) data processing history begin with the pen and paper, second phase data is processed mechanically using a calculator and cash register, third phase data is processed by the electro-mechanical tools like an advance calculator and book keeping machine. The final phase, nowadays, is using an Electronic Data Processing (EDP) like computer and internet, Basalamah in his book define EDP itself as a sequences activity in changing data into useful information for the user. Auditing as a control tool, just like I define before, is also needed to develop with the technology. By this case some auditing expert defines new way of auditing, known as Electronic Data Processing Audit or EDP Auditing. Ron Weber an EDP Audit expert define an EDP audit as a process on collecting evidences to determine whether computer system can secure all of the asset of the organization, keep the fact and data, and reach organizational goal effectively and efficiently by using the recent asset.
There is no difference how we define audit, auditor, and Audit Standards in conventional audit and in computer or EDP Audit. But, there are also several significant differences between them. First difference is on nature of the conventional and computer audit. Conventional audit using a physical document to begin a manual process of the audit, it is also not automatically influence the financial report. Conventional audit can’t also do a multi purposes audit. In other hand computer or EDP audit do not need a physical document and the process is begin and finish automatically. The real – time processing in computer audit make possible for the process of the audit to make a direct influence to the financial statement.
Second different is about the internal control of the audit. Conventional audit is commonly only using the general control in their process and system. Computer or EDP audit is not only using the general control but also an application control in their process and method. A purpose of the general control is to make a control framework for whole activity of the company or organization and also to make sure that the purposes of the internal control has been reached. Application control, which is only use in EDP Audit, is use to determine a special procedure and control for the accounting software that used by the organization and to make sure that every single transaction has been authorized, recorded, and processed correctly and on time.
Third different is on the Audit trail point of view. Audit trail is a process that records every single activity of the audit using the physical document. It contains time, users, supervisor and the fact about the audit. In conventional audit, it becomes truly important because it will be the only evidence of the auditing process. But the automatic process of the computer or EDP audit make the manipulation during the process of audit is impossible so that audit trail is not needed. The automaticity of the process of the computer audit is also has some weakness. In computer audit, error, if not be found, will happens sequentially. It happens because computer or software generally uses some repetitive command so that they will repeat the command and input they have.
Fourth difference is on “how to audit?” in conventional audit, audit held by test some physical document and doing some analytical test such as: interrogation, interview and confirmation. In computer audit there are some methods to do the audit such as: Audit through the computer, Audit around the computer, and Audit with the computer.
Fifth difference is on the needed of the responsibilities separation. In conventional audit there has to be separation of duties and responsibilities to reduce a risk of a fraud and manipulation. In computer audit, once again with their automaticity, it will be no needed to have a separation of responsibilities and duties. Beside the five differences we have above we also have several small differences such as: conventional audit is less risky than computer audit, conventional audit is more simple than computer audit, conventional audit is need more time and less complex than computer audit, conventional audit do not depend on the special hardware and software while the computer audit does, and conventional auditor do not need computer and EDP skill while computer audit does.