Auditing through the computer and auditing the around computer are two phrases that are often misunderstood by very many people. The increased reliance on computers and computer applications for business processes created the need for auditing to be done in a computerized environment. In fact, auditing is gradually becoming synonymous to IT auditing. This no doubt increased the need for auditors to carryout an IT Audit Risk Assessment.  In this article, I will explain what the above two phrases means, pointing out reason why one should be used in favour of the other.


Auditing through the computer describes the various steps taken by auditors to evaluate client’s software and hardware to determine the reliability of operations that is hard for human eyes to view and also test the operating effectiveness of related computer controls, e.g., access control.

Auditing through the computer is common in practice today as many companies/ businesses make use of computerized information systems and these in turn have significant controls embedded in them. Ignoring these computer controls will make auditors not to have the required insight into the effectiveness and reasonableness of the client’s internal control. And will not be reporting in compliance with the relevant laws and regulations that govern auditing as a profession.

 Though, external auditors most times uses this technique to test the controls in simple applications, but, internal auditors more frequently uses auditing through the computer technique to ensure that errors that may not be easily detected from the output are discovered and corrected.


Auditing around the computer is one of the several methods that auditors can use to evaluate a client’s computer controls. It involves picking source documents at random and verifying the corresponding outputs with the inputs. The client’s computerized information system processes the ‘test transaction’. For example, multiplying unit price with the number of products sold to ensure that the total revenue figure is correct.

No attempt is made to establish and evaluate the existence of controls. Auditing around the computer is appropriate in situations where significant computer controls are not required. For example, auditing around the computer can be used when computers are only used for calculation purposes.


Though, nothing is technically wrong with auditing around the computer if the auditor is satisfied with the control system in place and is able to gather sufficient evidence in this regard, but, in order to meet with the requirement of gaining sufficient understanding of a system (internal control), auditing through the computer will be the best bet for auditors to follow. Again, AS 5 (Auditing Standard) did not permit auditors to issue opinions on the operating effectiveness of internal control of a business if auditing around the computer approach is used.

To reduce auditor’s liabilities, auditors should assess control risk in a computerized system and, if appropriate, should evaluate the design and operating effectiveness of related controls. To ensure that the client’s management operates according to the generally accepted auditing standards (GAASs) and SOA (Sarbanes-Oxley’s Act of 2002) which is to establish and maintain an operational and functional internal control, auditors should employ auditing through the computer and not auditing around the computer.

Happy auditing!!


  1. State what you understand by the term auditing round the computer and briefly consider why this is not adequate from the auditing viewpoint

  2. I am a grad student and wish to use your article as a reference for my studies. I’m getting nasty pop ups that I’m being watched when all I want to do is print the article so that I may give the author proper credit and give the correct APA reference for the material.

  3. Hello! I liked very much this information, I used it for academical homework, but I need to know who wrote this?? who is the author? Because is necessary to add this in my bibliographic reference.

    Thank you for your help.

  4. Would love to print this article. I will cite your site if anything form the article is used in my paper.
    Thank you

  5. So what I understand is.

    Suppose i have to check the stock on a particular day. I take out the prinout from the system and physically verify…that is auditing around the system. Now i decide to check if the system of stock taking in the computer is correct.. that is auditing through the system.

    Please clarify if i am right?

  6. Could you please help me answering a question. “Auditing around the computer” is
    a. checking program input against reports that are generated
    b. running the old and the new computer system together
    c. using procedures such as computer assisted auditing techniques (CAAT)
    d. none of the above.

  7. why are u watching sb making use of the info. u can’t copy or email it why? is it for sale?

  8. Hello Madrigho,
    Sorry for the late response. I have been very business pursue so many things that I have not even checked this blog for about 5 years now. But I am back for good now.
    I will do an article this weekend to answer your question.
    Thank you

  9. Sorry about that Juanita Schmitz,
    the article is protected from being copied. I know I am replying late but if you still want it I can send a copy to your email. Thank you

  10. Hi Bose Joy,
    It’s not for sale, just protecting the content from being easily duplicated all over the net

Comments are closed.