Scribd Logo
Carica

Benvenuto in Scribd!

  • Concurrent Audit Techniques

    Caricato da

    Shibsankar Roy
    2K visualizzazioni18 pagine
    lesson for concurrent audit

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Formati disponibili

    PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    lesson for concurrent audit

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    2K visualizzazioni18 pagine

    Concurrent Audit Techniques

    Caricato da

    Shibsankar Roy
    lesson for concurrent audit

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 18

    Concurrent Audit Techniques

    Cdr MK Paul B Tech, CISA


    Indian Navy

    What is concurrent auditing ?


    Concurrent auditing are techniques used to

    collect audit evidence at the same time as an application system undertakes processing of production data.

    Cdr MK Paul B Tech, CISA


    Indian Navy

    Why concurrent auditing ?


    Progressive disappearance of paper based

    audit trail. To prevent / detect material loss due to rapid propagation of errors to other connected / dependent systems in a computerised environment. Difficulty in performing transaction walkthrough in a computerised environment
    Cdr MK Paul B Tech, CISA
    Indian Navy

    Why concurrent auditing (contd..)?


    For timely detection of entropy in a

    computerised data processing system.


    Entropy is the tendency of any system to move towards internal disorder and eventually collapse.

    Problems of gathering audit

    evidence in an outsourced and distributed information system environment.


    Physical presence at every site may be cost prohibitive and impractical
    Cdr MK Paul B Tech, CISA
    Indian Navy

    Types of concurrent auditing


    Two types

    Special audit modules embeded in application / system software to collect evidence. Special audit records to store the audit evidence collected.

    Cdr MK Paul B Tech, CISA


    Indian Navy

    Concurrent Auditing Techniques


    Integrated Test Facility (ITF) Snapshots

    Extended Record Technique


    System Control Audit Review File (SCARF) Continuous and Intermittent Simulation (CIS)

    Cdr MK Paul B Tech, CISA


    Indian Navy

    Integrated Test Facility (ITF)


    Involves establishing a dummy entity in the

    application systems files and processing audit test data against this entity. Verifies application systems processing authenticity, accuracy and completeness

    Cdr MK Paul B Tech, CISA


    Indian Navy

    ITF
    Test data used in ITF

    Tagged live production transactions Specially designed by auditors according to a test plan
    These specially designed test data are submitted for

    processing along with the normal production data.

    Cdr MK Paul B Tech, CISA


    Indian Navy

    ITF
    Tagged Live Transactions

    Transaction Input

    ITF Application system

    Database with Dummy Entity

    Live Data Transaction Input ITF Application system Transaction Input Test Data Database with Dummy Entity

    Cdr MK Paul B Tech, CISA


    Indian Navy

    ITF
    Problem with using ITF is that it affects the output

    of the application system. Effects of ITF transactions should be removed by the application software prior to producing output.
    Modify application program to ignore their effects while preparing outputs Submit additional inputs for removing their effects. Submit trivial entries as test data so that their effect on the output is minimal.

    Cdr MK Paul B Tech, CISA


    Indian Navy

    Snapshots
    Involves taking pictures of a transaction as it flows

    through various points in the application

    Embedded audit module used to take pictures


    Snapshots either printed immediately or saved to

    a file for later printing Auditors determine

    Where to take snapshots Which transactions will be subject to snapshot How and when the snapshot data will be presented for evaluation
    Cdr MK Paul B Tech, CISA
    Indian Navy

    Snapshots
    Extended Record Technique

    Modification of Snapshot technique


    Snapshot technique involves writing a

    record for each snapshot point. Snapshots usually stored where it is taken Extended record technique appends data for each snapshot point to a single record. Thus all data relating to a transaction is kept in one place.
    Cdr MK Paul B Tech, CISA
    Indian Navy

    Snapshots
    Input Transaction Input Validation Program Snapshots 1,2,3 Snapshot Report / File Report Program Snapshots 8,9 Update Program Snapshot Report / File Snapshots 4,5,6,7

    Snapshot Report / File


    Snapshots 1,2,3

    Snapshots 4,5,6,7

    Snapshots 8, 9

    Extended Record
    Cdr MK Paul B Tech, CISA
    Indian Navy

    System Control Audit Review File (SCARF)


    Most Complex of all techniques Involves embedding audit modules in an application system to provide continuous monitoring of a systems transactions.
    Embeded audit modules placed at predetermined points to gather info about transactions or events that auditors deem to be material

    Data collected via these routines includes errors and irregularities, policy and procedural variances, system exceptions, statistical samples, snapshots etc Written to a special SCARF file for immediate or subsequent audit evaluation

    Cdr MK Paul B Tech, CISA


    Indian Navy

    SCARF
    Input Transaction Update Program Containing SCARF Embedded Audit routines

    SCARF

    Snapshot Report / File

    SCARF Reporting System

    Audit Reports
    Cdr MK Paul B Tech, CISA
    Indian Navy

    Continuous Intermittent Simulation (CIS)


    Used whenever application systems use a

    database management system. Transactions of interest to the auditors are trapped by the DBMS and passed to CIS. CIS replicates the application systems processing Result of application system processing and CIS processing compared and data about discrepancies written to a special audit file
    If discrepancies are material, CIS can instruct DBMS to reject updates
    Cdr MK Paul B Tech, CISA
    Indian Navy

    CIS
    Advantage

    CIS does not require modification to the application system (DBMS needs to be modified to trap CIS transactions)
    Disadvantage

    Cannot collect evidence at processing points other than DBMS

    Cdr MK Paul B Tech, CISA


    Indian Navy

    Parallel Simulation
    Input Transactions Test Data Parallel Simulation Of Application Program

    Application Program

    Written using Generalised Audit Software

    Output File Compare

    Output File Discrepancies


    Cdr MK Paul B Tech, CISA
    Indian Navy

    Potrebbero piacerti anche