Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
LBYMODT
OVERVIEW
Introduction to CAATTs
Audit Productivity Software
Generalized Audit Software
Computer Assisted IT Audit Techniques
Continuous Auditing Techniques
DEFINITION
CAATTS (Computer Assisted Auditing Tools and
Techniques)
Software used to increase an auditors personal productivity and
software used to perform data extraction and analysis
CAATS (Computer Assisted Auditing Techniques)
Techniques to increase the efficiency and effectiveness of the audit
function
Tools (Productivity tools)
E-workpapers
Groupware
Time and Billing Software
Reference Libraries
Document management
DEFINITION
Tools
Generalized audit software tools
ACL (Audit Command Language)
Audit Command Language (ACL) is one of the most popular Computer
Aided Audit Tools (CAATs) among auditors
enables auditors to identify trends, highlight exceptions, locate errors and
potential fraud, analyse financial and time-sensitive transactions, cleanse
and normalize data to ensure consistency and accuracy
Audit Expert Systems
Expert systems are computer programs that are built to mimic human
behavior and knowledge
Utility Software
system software designed to help analyze, configure, optimize or maintain
a computer
Statistical Software
specialized computer programs for statistical analysis and econometric
analysis.
DEFINITION
Techniques
CAATS to verify data integrity
CAATs for Data Extraction and Analysis
CAATs to Detect Fraud
Continuous Auditing Techniques
CAATs to Validate Application Integrity
Test Decks
Integrated Test Facility
Parallel Simulation
TOOLS: Types of CAATTs
Audit Productivity Software
Any software that facilitates the auditors personal
productivity
Electronic Working papers (ex. GAMx, MS office)
Import clients raw data from legacy systems
Automatically generate working papers and their references
Export to Excel and other file formats
Drill down and see underlying transactions from financial
statements
Enter adjusting journal entries
Breakdown accounts into subcomponents
TOOLS: Types of CAATTs
Create consolidated FS
Map accounts from ead to detailed schdues to the
clients GL
Populate report templates
Calculate predefined ratios
Compare versions of a document and highlight changes
Generate risk analysis and business cycle analysis
Conduct file interrogation
Share files among other members of engagement
Generate audit programs from predetermined audit
objectives
Generate internal control questionnaires
TOOLS: Types of CAATTs
Groupware (ex. LN, Sametime, Groove) multi-
user calendaring, scheduling and file sharing
Time and billing software
Reference libraries (ex. GAIIT-PE)
Document manager (ex. RMS record keeping
systems)
TOOLS: Types of CAATTs
Generalized Audit Software (GAS) Tools (ex.
ACL and IDEA)
Data Extraction and Analysis
Statistical Analysis
Audit Expert Systems
if-then production rules
inference engine runs the commands and returns an
answer
TOOLS: Types of CAATTs
Audit Experts Systems
Advantages:
unbiased decision making
incorporation of expertise of multiple experts
constant availability
Disadvantages:
Difficulty in eliciting the decision-making process and criteria from the
experts
Difficulty in updating the knowledge base and rules contained therein
Time required to develop and test the system
Expense develop and maintain the system
Difficulty in modeling uncertainty in decisions
Mechanical adherence to the process no room for intuition or human
reasoning
COMPUTER ASSISTED IT AUDIT
TECHNIQUES
Professional Standards and Guidelines
1. Planning
2. Performance of Audit Work
3. Documentation
4. Reporting
PLANNING
Determining whether to use CAATs, the following
should be considered:
Computer knowledge, expertise, and experience
Availability of suitable CAATs and IS facilities
Efficiency and effectiveness of using CAATs over
manual techniques
Time constraints
Integrity of information system and IT environment
Level of audit risk
PLANNING
Steps in preparing for application of CAATs:
Set the audit objective of the CAATs
Determine the accessibility and availability of the
organizations IS facilities, system and data
Define the procedures to be undertaken
Define output requirements
Determine resource requirements
Obtain access to the organizations IS facilities
Document CAATs to be used
Performance of Audit Work
CAATs should be controlled by:
Performing a reconciliation of control totals
Review output for reasonableness
Perform a review of logic, parameters, or other
characteristics of the CAATs
Review the organizations general IS control
Documentation
Step-by-step CAATs should be sufficiently
documented
Planning
CAATs objectives, CAATs be used, controls to be
exercised, staffing and timing
Execution and Audit Evidence
CAATs preparation and testing procedures and
controls
Details of the tests performed by the CAATs
Details of inputs, processing and outputs
Listing of relevant parameters or source codes
Reporting
The objectives, scope and methodology
section should contain a clear description of
the CAATs used.
The description of the CAATs used should be in
the report, where the specific finding relating
to the use of the CAATs discussed
10 Steps to Using CAATs
1. Set key audit objectives during audit planning
based on risk assessment
2. Identify which CAATs will help achieve key audit
objectives
3. Identify which data files are needed from the
client
4. Determine in which format you prefer to receive
the data
5. Request data files from client in the preferred
format
10 Steps to Using CAATs
6. Import the data into ACL
7. Use CAATs to verify the integrity of the data
import process
8. Perform specific CAATs as planned to meet
key audit objectives
9. Investigate and reconcile exceptions
10.Document results in the audit working
papers
TESTING COMPUTER APPLICATION
CONTROLS
Black-box approach
Understand the functional characteristics of the
application by analyzing flowcharts and interviewing
knowledgeable personnel in the clients organization
Input
Output
TESTING COMPUTER APPLICATION
CONTROLS
Advantages of the Black-box approach
The application need not be removed from service
and tested directly.
This approach is feasible for testing applications
that are relatively simple.
However, complex applications require a more
focused testing approach to provide the auditor
with evidence of application integrity.
TESTING COMPUTER APPLICATION
CONTROLS
White-box approach
Relies on an in-depth understanding of the internal logic
of the application being tested.
Authenticity tests (IDs, passwords, valid vendor codes, and
authority tables)
Accuracy tests (range tests, field tests, and limit tests)
Completeness tests (field tests, record sequence tests, hash
totals, and control totals)
Redundancy tests (reconciliation of batch totals, record
counts, hash totals, and financial control totals)
Access tests (passwords, authority tables, user defined
procedures, data encryption, and inference controls)
Audit trail tests (transaction logs, transaction listings,
exception reports)
Rounding error tests
CAATTS
FOR TESTING CONTROLS
Test data
Integrated Test Facility (ITF)
Parallel simulation
TEST DATA METHOD
Used to establish application integrity by processing specially
prepared sets of input data through production applications
that are under review.
TEST DATA METHOD
TEST DATA METHOD
Creating Test Data
auditors must prepare a complete set of both valid and
invalid transactions
test every possible input error, logical process, and
irregularity
Base Case System Evaluation
conducted with a set of test transactions containing all
possible transaction types
Tracing
performs an electronic walkthrough of the applications
internal logic
TEST DATA METHOD
Advantages of Test Data Techniques
Provides the auditor with explicit evidence concerning
application functions.
Test data runs can be employed with only minimal disruption
to the organizations operations.
Require only minimal computer expertise on the part of
auditors.
Nepotism
Same department, same address
EXPENDITURES / PAYABLES
Duplicate Claims
Conflict of Interest
Fraudulent Vendor
Vendor Kickbacks / Bid Rigging
Theft of Services
REVENUE/RECEIVABLES
Skimming
The process by which cash is removed from the
entity before it enters the accounting system.
Lapping Receivables
the recording of payment on a customers account
sometime after the payment has been received
Borrowing
Writing Off Debts Collected
Kickbacks/Conflict of Interest