## Automated Business Environment: Features and IT Risks
### Key Features of an Automated Environment
An automated (IT-driven) business environment has the following characteristics:
| Feature | Significance |
|---|---|
| Faster business operations | Transactions processed at high speed |
| Accuracy in data processing | Reduces arithmetic errors |
| High-volume transaction processing | Can handle large datasets consistently |
| Integration of business operations | Modules share data seamlessly |
| Better security and controls | Programmed access restrictions |
| Less prone to human errors | Rules enforced by the system |
| Provides latest/real-time information | Dashboards, live reports |
| Connectivity and networking | Multi-location, multi-user access |
---
### Understanding and Documenting the Automated Environment
Before assessing risks, the auditor must understand and document:
- Information systems in use – which application systems and their purpose (financial vs. non-financial)
- Location – local servers vs. global/cloud
- Architecture – desktop-based, client-server, web application, cloud-based
- Version – functions and risks differ across versions of the same application
- Interfaces – how multiple systems communicate with each other
- In-house vs. Packaged – custom-built or vendor-supplied (e.g., SAP, Oracle)
- Outsourced activities – IT maintenance and support handled externally
- Key persons – CIO (Chief Information Officer), CISO (Chief Information Security Officer), system administrators
---
### IT-Related Risks
The use of IT introduces specific risks that may not exist in manual systems:
1. Inaccurate processing of data – erroneous outputs from flawed logic or bad input
2. Unauthorized access to data – data breaches, privacy violations
3. Direct data changes (backend changes) – bypassing the application layer to alter data directly in the database
4. Excessive / Privileged access (super users) – users with more rights than required
5. Lack of adequate segregation of duties – same person can initiate and approve
6. Unauthorized changes to systems or programs – uncontrolled code changes
7. Failure to make necessary changes – outdated programs not updated for regulatory or business changes
8. Loss of data – due to system failures, disasters, or cyber attacks
---
### Auditor's Response to IT Risks
| Risk Area | Audit Impact |
|---|---|
| Inaccurate processing | Increases scope of substantive testing |
| IT control weaknesses | Affects reliance on controls |
| Reporting reliability | Affects evaluation of financial statement assertions |