THE IMPACT OF INFORMATION TECHNOLOGY ON AUDIT PROCESS pic_mind_map…
THE IMPACT OF INFORMATION TECHNOLOGY ON AUDIT
The Use of Computer as an Audit Tool
Auditor take laptops to the client’s premises for use as an audit tool to perform various audit task, such as:-
Trial balance and lead schedule
Time and cost budgeting
e.g. audit confirmation
Audit programme preparation
Documentation of internal control –
Preparation of flowchart
Communication and Reports
Analyze result, by means of explanation to population as a whole
Select sample for testing
Computer-assisted audit techniques (CAATs) make use of computer applications, such as ACL, IDEA, VIRSA, SAS, SQL, Excel, Crystal Reports, Business Objects, Access, and Word, to automate and facilitate the audit process.
The use of CAATs helps to ensure that appropriate coverage is in place for an application control review, particularly when there are thousands, or perhaps millions, of transactions occurring during a test period.
Because CAATs provide the ability to analyze large volumes of data, a well-designed audit supported by CAAT testing can perform a complete review of all transactions and uncover abnormalities (e.g., duplicate vendors or transactions) or a set of predetermined control issues (e.g., segregation of duty conflicts).
CAATs include many types of tools and techniques, such as generalised audit software, customised queries or scripts, utility software, software tracing and mapping, and audit expert systems.
CAATs may be used in performing various audit procedures including:
Tests of details of transactions and balances
Analytical review procedures
Compliance tests of IS general controls
Compliance tests of IS application controls
Decision Factors for Using CAATs
When planning the audit, the IS auditor should consider an appropriate combination of manual techniques and CAATs. In determining whether to use CAATs, the factors to be considered include:
Availability of suitable CAATs and IS facilities
Level of audit risk
Computer knowledge, expertise, and
experience of the IS auditor
Integrity of the information system
and IT environment
Efficiency and effectiveness of using
CAATs over manual techniques
Pre-requisites of Using CAATs
Connectivity and Access to Data
The auditor needs to obtain access to the “live” production data.
This is access to the files/tables that hold the data and can transfer the data files to the notebook computer.
Once this is done, the audit software can use the data files and perform the audit. It is necessary to ensure that the data that are downloaded are the actual copy from the real production data.
Knowledge of the Application and Data
The auditor needs to know technical details of the platform on which the application is built. Knowledge of the files or tables in which the data reside also is necessary.
The auditor needs to get the file description and the data field types. If certain codes are used in the tables, the corresponding description of the codes also needs to be known.
Audit Skills and Identifying the Concerns
After the data are downloaded and ready for analysis by the audit software, the auditor needs to know what control concerns are to be tested and validated.
This is probably even more basic than the skill needed to download the data. Audit software has many features but the features cannot perform an audit on their own.
The auditor has to design the procedures and tests. The tests that the auditor carries out are designed using the knowledge of the application, the business rules behind the function and the findings of the application review.
CAAT - Computer-assisted Audit Technique