1 / 35

Computer Assisted and Audit Tools and Techniques

Pics from : http ://www.pragroup.ca/Services/InformationTechnology/tabid/70/Default.aspx. Computer Assisted and Audit Tools and Techniques. Drs. Haryono , Ak . M.Com & Dimas M. Widiantoro, SE., S.Kom ., M.Sc. Agenda.

ursa-schmidt
Download Presentation

Computer Assisted and Audit Tools and Techniques

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Pics from : http://www.pragroup.ca/Services/InformationTechnology/tabid/70/Default.aspx Computer Assisted and Audit Tools and Techniques Drs. Haryono, Ak. M.Com & Dimas M. Widiantoro, SE., S.Kom., M.Sc.

  2. Agenda • This chapter discusses data extraction tools that are used to analyze the data processed by an application rather than the application itself. • By analyzing data retrieved from computer files, the auditor can make inferences about the presence and functionality of controls in the application that processed the data.

  3. List of Agenda • Definition • Data structures • EAM • GAS • ACL Software

  4. Definition • What is CAAT? • Computer Assisted Auditing Techniques Techniques and computer programs that are developed to audit electronic data. • Computer Assisted Audit Techniques, with respect to the Information technology audit process.

  5. Example of CAAT • http://www.youtube.com/watch?v=ysLyBBN9Rj4 • http://www.youtube.com/watch?v=-_8J6LLbivs

  6. The Usage CAATTs • Auditors make extensive use of CAATTs in gathering accounting data for testing application controls and in performing substantive tests.

  7. Data Extraction Software • An important use of such software is in performing substantive tests. • Most audit testing occurs in the substantive-testing phase of the audit. • These procedures are called substantive tests because they are used to substantiate dollar amounts in account balances.

  8. Substantive test? • Substantive procedures (or substantive tests) are those activities performed by the auditor to detect material misstatement or fraud at the assertion level.

  9. Substantive tests • Include, but are not limited to, the following: • Determining the correct value of inventory • Determining the accuracy of prepayments and accruals • Confirming accounts receivable with customers • Searching for unrecorded liabilities

  10. Substantive tests (Cont) • In an IT environment, the records needed to perform such tests are stored in computer files and databases. • Before substantive tests can be performed, the data need to be extracted from the host system and presented to the auditor in a usable format.

  11. Data Structures • Consist of two fundamental component • Organization • The way records are physically arranged on the secondary storage device. • Sequential • Random • Access Method • Technique used to locate records and to navigate through the database of file.

  12. File Processing Operations • Retrieve a record from the file based on its primary key • Insert a record into a file • Update a record in the file • Read a complete list of records • Find the next record in the file • Scan a file for records with common secondary keys • Delete a record from a file

  13. Sequential Structure • Sequential storage and access method

  14. Indexed Structure • Indexed Structure

  15. Weakness of Index

  16. Hashing Techniques • Hashing Techniques • A hashing structure employs an algorithm that converts the primary key of a record directly into a storage address. Hashing eliminates the need for a separate index. By calculating the address, rather than reading it from an index, records can be retrieved more quickly.

  17. Relational Database Structure, Concepts, and Terminology • Relational databases are based on the indexed sequential file structure.

  18. Accordingly, a system is relational if it: • 1. Represents data in the form of two-dimensional tables. • 2. Supports the relational algebra functions of restrict, project, and join.

  19. Data Extraction Software • Two types: • embedded audit modules (EAM) • general audit software (GAS)

  20. Relational Database

  21. Linkages Relational Dtabase

  22. Anomalies Database • This section deals with why database tables need to be normalized. In other words, why is it necessary for the organization’s database to form an elaborate network of normalized tables linked together like those illustrated in Figure below • ? Why, instead, can we not simply consolidate the views of one user (or several) into a single common table from which all data needs may be met?

  23. 1. All non-key (data) attributes in the table are dependent on (defined by) the primary key. • 2. All non-key attributes are independent of the other non-key attributes.

  24. Embedded Audit Module • The objective of EAM is to identify important transactions while they are being processed and extract copies of them in real-time. • An EAM is a specially programmed module embedded in a host application to capture predetermined transaction types for subsequent analysis.

  25. Embedded Audit Module (Cont) • As the selected transaction is being processed by the host application, a copy of the transaction is stored in an audit file for subsequent review. • The EAM approach allows selected transactions to be captured throughout the audit period, or at any time during the period, thus significantly reducing the amount of work the auditor must do to identify significant transactions for substantive testing.

  26. Embedded Audit Module (Cont) • To begin data capturing, the auditor specifies to the EAM the parameters and materiality threshold of the transactions set to be captured. • For example, let’s assume that the auditor establishes a $50,000 materiality threshold for transactions processed by a sales order processing system. • Transactions equal to or greater than $50,000 will be copied to the audit file. • From this set of transactions, the auditor may select a subset to be used for substantive tests.

  27. Risks in using EAM • Operational efficiency: EAM may decrease operational performance because executing EAM incurs extra system overhead. • Verifying EAM integrity: When application logic is modified, corresponding EAM logic may also need to be changed.

  28. Generalized Audit Software (GAS) • Most widely used CAATT for IS auditing. • GAS allows auditors to access electronic coded data files and perform various operations on their contents. • Some of the more common uses for GAS are shown in page 274….

  29. GAS is popular • GAS languages are easy to use and require little computer background on the part of the auditor. • Many GAS products can be used on both mainframe and PC. • Auditors can perform their tests independent of the computer service’s staff. • GAS can be used to audit the data stored in most file structures and formats.

  30. ACL software • Designed as a meta-language for auditors to access most data stored by electronic means and test them comprehensively • Many of the problems associated with accessing complex data structures have been solved by ACL’s Open Data Base Connectivity (ODBC) interface. • Definition of ODBC

  31. ODBC Illustration ODBC-compliant DBMS MS SQL Application Program Driver SQL commands Oracle Driver Driver DB 2

More Related