Looks like no one added any tags here yet for you.
Around the Computer Approach (Black Box Approach)
In this approach the auditor does not examine the computer processing but instead the auditor put emphasis on the following matters:
Ø To ensure the completeness, accuracy and validity of information by comparing output reports with the input documentation
Ø To ensure effectiveness of input controls and output controls.
Ø To ensure the adequacy of segregation of duties.
“Through the Computer Approach” (White Box Approach)
In this approach requires the auditor to examine the detailed processing routines of the computer to determine whether the controls in the system are adequate to ensure complete and correct processing of all data.
Therefore, the auditor will use the Computer Assisted Audit Techniques (CAATs).
Computer Assisted Audit Techniques (CAATs)
These are the tools used by the auditor with the computer to aid in the effective and efficient performance of an audit whereby the computer programs allow the auditor to test files and database.
Need for CAATs
Absence of key documents or lack of visible paper trail may require the use of CAATs in the application of compliance and substantive procedures.
Need for CAATs
Ensuring audit findings and conclusion are supported by appropriate analysis and interpretation of evidence.
Need for CAATs
Need for obtaining sufficient, relevant, and useful evidence from the IT applications or database as per audit objectives.
Need for CAATs
Need to identify materiality, risk, and significance in an IT environment.
Need for CAATs
Need to increased audit quality and comply with auditing standards.
Need for CAATs
Improving the efficiency and effectiveness of the audit process.
Need for CAATs
Ensuring better audit planning and management of audit resources.
Need for CAATs
Need to access information from systems having different data structure, record formats, processing functions in a commonly usable format.
Key Steps for Obtaining Data
Discuss with clients about the requirement of raw data for audit and issue a request for getting the requested data in specified form as per audit objectives.
Key Steps for Obtaining Data
Discuss with IT personnel responsible for maintain data/application software and obtain copies of record layout and definition of all fields and ensure that you have an overall understanding of the data.
Key Steps for Obtaining Data
Print sample list of the first 100 records in the data file and compare this to a printout of the obtained data to confirm they are correct.
Key Steps for Obtaining Data
Verify data for completeness and accuracy by checking the field types and formats, such as identifying all records with an invalid date in a date field.
Key Steps for Obtaining Data
Obtain control totals of all key data and compare with totals from the raw data to ensure all records have been properly obtained. This can be performed by importing the data in audit software and reviewing the statistics of all key field.
Key Capabilities of CAATs
File access
Key Capabilities of CAATs
File reorganization
Key Capabilities of CAATs
Data selection
Key Capabilities of CAATs
Statistical functions
Key Capabilities of CAATs
Arithmetical functions
Key Factors to be Considered in Using CAATs
His computer knowledge, expertise and experience
Key Factors to be Considered in Using CAATs
Availability of CAATs and suitable computer facilities
Key Factors to be Considered in Using CAATs
Impracticability of manual tests
Key Factors to be Considered in Using CAATs
Effectiveness and efficiency
Key Factors to be Considered in Using CAATs
Timing
Stages of Control Procedures in an EDP Environment: Manual Procedures
The clerical work done up to the translation of data into machine- sensible form.
This stage, being manual, is subjected to usual internal control conditions and the auditor will have little difficulty in appraising them by means of “compliance test” and “substantive test”
Stages of Control Procedures in an EDP Environment: Computer Procedures
The computer processing work.
Auditing in this area is a complex activity, for which the auditor as a prudent person should develop himself for adequate EDP knowledge.
Before he starts to conduct his audit in EDP environment, he should envision to maintain an “Audit Control File” as his valuable kit.
Detailed Contain of the Computer Audit Control File
Copies of all documents and the details of the checks that have been done to ensure their accuracy.
Detailed Contain of the Computer Audit Control File
Details of the physical control over source documents and any control totals on numbers, quantities, values, including the names of the personnel keeping these controls.
Detailed Contain of the Computer Audit Control File
Full description of how the source documents are to be converted into input media, and the check-cum-control device.
Detailed Contain of the Computer Audit Control File
A detailed account of the manual internal controls contained in the system, e.g. separation of programmers from operators, control of assets from record keeping, etc.
Types of Computer Assisted Audit Techniques
Generalized Audit Software Programs (GASPs)
Types of Computer Assisted Audit Techniques
Custome audit software
Types of Computer Assisted Audit Techniques
Test data
Types of Computer Assisted Audit Techniques
Integrated test facility
Types of Computer Assisted Audit Techniques
Parallel simulation
Types of Computer Assisted Audit Techniques
Concurrent auditing techniques
Generalized Audit Software Programs (GASPs)
Readily available computer programs that read the client’s data, process the data, performed the indicated audit procedures, and require little programming effort and technical knowledge of auditor.
Used by auditor during substantive test to determine reliability and integrity of the computerized accounting records.
Its ability includes:
Can select sample for confirmation of balances.
Can provide detailed schedule of what are the items that make up account balance
Can rearrange information in a manner suitable for the auditor to study and evaluate. ØCan calculate ratio and trend analysis
Custom Audit Software
Is generally written by auditors for specific audit tasks.
It is necessary when the entity’s computer system is not compatible with the auditor’s Generalized Audit Software (GAS) or when the auditor wants to conduct some testing that not be possible with the GAS.
Test Data
Development of imaginary data by auditor that are subsequently processed using the client’s computer system
Results obtained are then compared with predetermined results
Used by auditor during test of controls
Its ability include:
Can verify the correct functioning of a program.
Can ensure computer responds correctly to deliberate errors on data.
Error or exception report is generated by computer.
Can verify computed generated total balance and analysis.
Computer will do the adding and subtracting, and analysis will be compared against the input.
Test Data Approach
Test Data Approach
Integrated Test Facility
Computer Assisted Audit Techniques (CAAT) that uses fictitious data and processes it with real data to test the computer system while the client’s personnel are unaware of testing process.
Parallel Simulation
Computer Assisted Audited Techniques (CAAT) that uses client input data and processes it on a duplicate program to test the computer system.
Concurrent Auditing Techniques
Advanced computer system may require the auditor use concurrent auditing techniques, which may be conducted by internal auditors.
Snapshot
System Control Audit Review
Expert System
Three (3) concurrent auditing techniques
Snapshot
This techniques involves taking picture of a transaction as it flows through the computer system.
Audit software routines are embedded at different points in the processing logic to capture images of the transaction as it progresses through the various stages of processing.
Such a technique permits an auditor to track data and evaluate the computer processes applied to the data.
Systems Control Audit Review Files (SCARF)
This involves embedding audit software modules within an application system to provide continuous monitoring of the system transactions.
The information is collected into a special computer file that the auditor can examine.
Expert System
This techniques is a computer program that uses artificial intelligence (AI) technologies to simulate the judgement and behavior of a human or an organization that has expert knowledge and experience in a particular field.
Typically, an expert system incorporate a knowledge base containing accumulated experience and an inference or rules engine – set of rules for applying the knowledge base to each situation that is described to the program.
The system’s capabilities can be enhanced with additions to the knowledge base or to the set rules.
Current system may include machine learning capabilities that allow them to improve their performance based on experience, just as humans do.
Major Steps in Applying CAATs
Set the objective of the CAAT application.
Major Steps in Applying CAATs
Identify the specific files or database to be examined.
Major Steps in Applying CAATs
Determine the accessibility of the entity’s files.
Major Steps in Applying CAATs
Define the specific tests or procedures and related transactions and balances affected.
Major Steps in Applying CAATs
Define the output requirements.
Major Steps in Applying CAATs
Identify the personnel who will participate in the application of the CAAT.
Major Steps in Applying CAATs
Ensure the use of the CAAT is properly controlled and documented
Major Steps in Applying CAATs
Reconcile data to be used for the CAAT with the accounting records
Major Steps in Applying CAATs
Evaluate the results after execution of the CAAT application.
Step by Step Methodology for Using CAATs
Identify the scope and objectives of the audit. Based on this, the auditor can decide about the need and the extent to which CAATs could be used.
Step by Step Methodology for Using CAATs
Identify the critical data which is being audited as per audit scope and objectives.
Step by Step Methodology for Using CAATs
Identify the sources of data from the enterprise information system/application software. These could be relating to general ledger, inventory, payroll, sundry debtors, sundry creditors.
Step by Step Methodology for Using CAATs
Identify the relevant personnel responsible for the data information system. These personnel could be from the IT Department, vendors, managers, etc.
Step by Step Methodology for Using CAATs
Obtain and review documents relating to data/information system. This should provide information about data types/data structures and data flow of the system.
Step by Step Methodology for Using CAATs
Understand the software by having a walk-through right from user creation, grant of user access, configuration settings, data entry, query and reporting features.
Step by Step Methodology for Using CAATs
Decide what techniques of CAATs could be used as relevant to the environment by using relevant CAAT software as required.
Step by Step Methodology for Using CAATs
Prepare a detailed plan for analyzing the data. This includes all the above steps.
Step by Step Methodology for Using CAATs
Perform relevant tests on audit data as required and prepare audit findings which will be used for forming audit report/opinion required.