Please enable JavaScript.
Coggle requires JavaScript to display documents.
COMPUTER-ASSISTED AUDIT TECHNIQUES (When developing CAATs, the following…
COMPUTER-ASSISTED AUDIT TECHNIQUES
CAATs also enable IS auditors to gather information independently.
provide a means to
gain access and analyze data
for a predetermined audit objective and to
report the audit findings with emphasis on the reliability of the records produced and maintained in the system.
CAATs are important tools that an IS auditor USES TO GATHER AND ANALYZE DATA during an IS audit or review.
include many types of tools and techniques
generalized audit software (GAS)
provides IS auditors an independent means to gain access to data for analysis
provides the ability to use high-level, problem-solving software to invoke functions to be performed on data files.
FEATURES
sequence checking
statistical analysis
stratification
mathematical computations
duplicate checking
recomputations
Functions
File access
Enables the reading of different record formats
and file structures
File reorganization
Enables indexing, sorting, merging and
linking with another file
Data selection
Enables GLOBAL FILTRATION CONDITION AND SELECTION CRITERIA
Statistical functions
Enables sampling, stratification and
frequency analysis
Arithmetical functions
Enables arithmetic operators
and functions
GAS refers to standard software that has the capability to directly read and access data from various database platforms, flat-file systems and ASCII formats.
utility software
subset of software-such as report generators
of the DBMS
provides evidence to auditors about SYSTEM CONTROL EFFECTIVENESS .
debugging and scanning software
test data
sample set of data to assess
WHETHER LOGIC ERRORS EXISTS IN PROGRAMS
whether the program meets its objectives.
application software tracing
provide
INFORMATION ABOUT INTERNAL CONTROLS built in the system.
mapping
expert systems
direction and valuable information to all levels of auditors while carrying out the audit
the query-based system is built on the knowledge base of the senior auditors or managers.
These tools and techniques can be used in performing various audit procedures:
•Tests of the details of transactions and balances
• Analytical review procedures
• Compliance tests of IS general controls
• Compliance tests of IS application controls
• Network and OS vulnerability assessments
• Penetration testing
• Application security testing and source code security scans
IS auditor should weigh the costs and benefits of CAATs before doing purchasing or developing efforts ,
Issues that should be considered are
•
Ease of use
, both for existing and future audit staff
•
Training requirements
• Complexity of coding and
maintenance
•
Flexibility
of uses (multiuser)
• Installation requirements
•
Processing efficiencies
(especially with a PC CAAT)
• Effort required to bring the source data into the CAATs for analysis
• Ensuring the integrity of imported data by
safeguarding their authenticity
Recording the time stamp of data downloaded at critical processing points to sustain the credibility of the review
• Obtaining permission to install the software on the auditee servers
•Reliability of the software
• Confidentiality of the data being processed
When developing CAATs, the following are examples of documentation to be retained
• Online reports detailing high-risk issues for review
• Commented program listings
• Flowcharts
• Sample reports
• Record and file layouts
• Field definitions
• Operating instructions
• Description of applicable source documents
CAATs documentation should be referenced to the audit program and
clearly identify the audit procedures and objectives being served.
When requesting access to production data for use with CAATs, an
IS auditor should request read-only access.
Any
data manipulation by an IS auditor should be applied to copies of production files in a controlled environment
to ensure that production data are not exposed to unauthorized updating.