Chapter 12/2 Audit Software Techniques Dr. Mohamed A. Hamada.
-
Upload
debra-bridges -
Category
Documents
-
view
215 -
download
3
Transcript of Chapter 12/2 Audit Software Techniques Dr. Mohamed A. Hamada.
Chapter 12/2Audit Software Techniques
Dr. Mohamed A. Hamada
Audit Software Techniques
Information technology gives auditors a new set of techniques for examining the automated business environment, Audit software provides auditors with the ability to extract information from several files, with different database management systems, in order to search for underlying patterns or relationships among data. Audit software is computer programs that help auditors achieve the various tasks of auditing process.
Computer Assisted Audit Techniques (CAATs),
Consist of package of programs; purpose written programs, utility programs or system management programs• Generalized Audit Software (GAS)• Test data• Integrated Test Facilities (ITF)• Parallel Simulation• Snapshot• Mapping• Embedded audit module EAM
A. Review of Systems Documentation
The auditor reviews documentation such as narrative descriptions, flowcharts, and program listings. In desk checking the auditor processes
test or real data through the program logic.
B. Test Data
The auditor prepares input containing both valid and invalid data. Prior to processing the test data, the input is manually processed to determine what the output should look like.
The auditor then compares the computer-processed output with the manually processed
results.
Illustration of Test Data ApproachComputer Operations
Prepare TestTransactionsAnd Results
Prepare TestTransactionsAnd Results
Auditors
ComputerApplication
System
ComputerApplication
System
ComputerOutput
ComputerOutput
Auditor Compares
TransactionTest Data
TransactionTest Data
Manually Processed
Results
Manually Processed
Results
Test Data Approach
1. Test data should include all relevantconditions that the auditor wants tested.
2. Application programs tested by theauditors’ test data must be the same asthose the client used throughout the year.
3. Test data must be eliminated from theclient’s records.
Test Data Approach
Application programs(assume batch system)
Control testresults
Master files
Contaminatedmaster files
Transaction files(contaminated?)
Input testtransactions to test
key controlprocedures
Test Data Approach
Auditor-predicted resultsof key control proceduresbased on an understandingof internal control
Control testresults
Auditor makescomparisons
Differences betweenactual outcome and
predicted result
C. Integrated Test Facility (ITF) Approach
A common form of an ITF is as follows:1. A dummy ITF center is created for the auditors.2. Auditors create transactions for controls they
want to test.3. Working papers are created to show expected
results from manually processed information.4. Auditor transactions are run with actual
transactions.5. Auditors compare ITF results to working papers.
Illustration of ITF Approach
ComputerApplication
System
ComputerApplication
System
ReportsWith Only Actual Data
ReportsWith Only Actual Data
AuditorsComputer Operations
Prepare ITFTransactionsAnd Results
Prepare ITFTransactionsAnd Results
ActualTransactions
ActualTransactions
ITFTransactions
ITFTransactions
Data FilesData FilesITF Data
ReportsWith Only
ITF Data
ReportsWith Only
ITF Data
Manually Processed
Results
Manually Processed
Results
Auditor
Compares
Parallel Simulation
The auditor uses auditor-controlled softwareto perform parallel operations to the client’ssoftware by using the same data files.
Parallel Simulation
Auditor makes comparisons betweenclient’s application system output andthe auditor-prepared program output
Exception reportnoting differences
Productiontransactions
Auditor-preparedprogram
Auditorresults
Masterfile
Client applicationsystem programs
Clientresults
Illustration of Parallel SimulationComputer Operations Auditors
ActualTransactions
ActualTransactions
ComputerApplication
System
ComputerApplication
System
Auditor’sSimulationProgram
Auditor’sSimulationProgram
Actual ClientReport
Actual ClientReport
Auditor Simulation
Report
Auditor Simulation
Report
Auditor Compares
Embedded Audit Module Approach
Auditor inserts an audit module in theclient’s application system to identifyspecific types of transactions.
Embedded Audit Modules. EAMs are subroutines embedded in the client’s information system that perform control and audit procedures at the same time as the normal application processing
Example of EAMs : (Debreceny et, al., 2005)
JOIN INVENTORY to SUPPLIER, PURCHASES SELECT supplier ID, [(purchase Price- standard Price)
purchase Volume] FROM INVENTORY-SUPPLIER-PURCHASES IF purchase Price/standard Price > 1.05 OR purchase
Price/standard Price < 0.95 RUN E-mail trigger
End of chapter