COMPUTER-ASSISTED AUDIT TECHNIQUES (When developing CAATs, the following…
COMPUTER-ASSISTED AUDIT TECHNIQUES
CAATs documentation should be referenced to the audit program and
clearly identify the audit procedures and objectives being served.
data manipulation by an IS auditor should be applied to copies of production files in a controlled environment
to ensure that production data are not exposed to unauthorized updating.
When requesting access to production data for use with CAATs, an
IS auditor should request read-only access.
When developing CAATs, the following are examples of documentation to be retained
• Description of applicable source documents
• Operating instructions
• Field definitions
• Record and file layouts
• Sample reports
• Commented program listings
• Online reports detailing high-risk issues for review
IS auditor should weigh the costs and benefits of CAATs before doing purchasing or developing efforts ,
Issues that should be considered are
• Confidentiality of the data being processed
•Reliability of the software
• Obtaining permission to install the software on the auditee servers
Recording the time stamp of data downloaded at critical processing points to sustain the credibility of the review
• Ensuring the integrity of imported data by
safeguarding their authenticity
• Effort required to bring the source data into the CAATs for analysis
(especially with a PC CAAT)
• Installation requirements
of uses (multiuser)
• Complexity of coding and
Ease of use
, both for existing and future audit staff
CAATs also enable IS auditors to gather information independently.
provide a means to
gain access and analyze data
for a predetermined audit objective and to
report the audit findings with emphasis on the reliability of the records produced and maintained in the system.
CAATs are important tools that an IS auditor USES TO GATHER AND ANALYZE DATA during an IS audit or review.
include many types of tools and techniques
generalized audit software (GAS)
provides IS auditors an independent means to gain access to data for analysis
provides the ability to use high-level, problem-solving software to invoke functions to be performed on data files.
Enables the reading of different record formats
and file structures
Enables indexing, sorting, merging and
linking with another file
Enables GLOBAL FILTRATION CONDITION AND SELECTION CRITERIA
Enables sampling, stratification and
Enables arithmetic operators
GAS refers to standard software that has the capability to directly read and access data from various database platforms, flat-file systems and ASCII formats.
subset of software-such as report generators
of the DBMS
provides evidence to auditors about SYSTEM CONTROL EFFECTIVENESS .
debugging and scanning software
sample set of data to assess
WHETHER LOGIC ERRORS EXISTS IN PROGRAMS
whether the program meets its objectives.
application software tracing
INFORMATION ABOUT INTERNAL CONTROLS built in the system.
direction and valuable information to all levels of auditors while carrying out the audit
the query-based system is built on the knowledge base of the senior auditors or managers.
These tools and techniques can be used in performing various audit procedures:
•Tests of the details of transactions and balances
• Analytical review procedures
• Compliance tests of IS general controls
• Compliance tests of IS application controls
• Network and OS vulnerability assessments
• Penetration testing
• Application security testing and source code security scans