Chapter 12/2Audit Software Techniques

Dr. Mohamed A. Hamada

Audit Software Techniques

Information technology gives auditors a new set of techniques for examining the automated business environment, Audit software provides auditors with the ability to extract information from several files, with different database management systems, in order to search for underlying patterns or relationships among data. Audit software is computer programs that help auditors achieve the various tasks of auditing process.

Computer Assisted Audit Techniques (CAATs),

Consist of package of programs; purpose written programs, utility programs or system management programs• Generalized Audit Software (GAS)• Test data• Integrated Test Facilities (ITF)• Parallel Simulation• Snapshot• Mapping• Embedded audit module EAM

A. Review of Systems Documentation

The auditor reviews documentation such as narrative descriptions, flowcharts, and program listings. In desk checking the auditor processes

test or real data through the program logic.

B. Test Data

The auditor prepares input containing both valid and invalid data. Prior to processing the test data, the input is manually processed to determine what the output should look like.

The auditor then compares the computer-processed output with the manually processed

results.

Illustration of Test Data ApproachComputer Operations

Prepare TestTransactionsAnd Results

Prepare TestTransactionsAnd Results

Auditors

ComputerApplication

System

ComputerApplication

System

ComputerOutput

ComputerOutput

Auditor Compares

TransactionTest Data

TransactionTest Data

Manually Processed

Results

Manually Processed

Results

Test Data Approach

1. Test data should include all relevantconditions that the auditor wants tested.

2. Application programs tested by theauditors’ test data must be the same asthose the client used throughout the year.

3. Test data must be eliminated from theclient’s records.

Test Data Approach

Application programs(assume batch system)

Control testresults

Master files

Contaminatedmaster files

Transaction files(contaminated?)

Input testtransactions to test

key controlprocedures

Test Data Approach

Auditor-predicted resultsof key control proceduresbased on an understandingof internal control

Control testresults

Auditor makescomparisons

Differences betweenactual outcome and

predicted result

C. Integrated Test Facility (ITF) Approach

A common form of an ITF is as follows:1. A dummy ITF center is created for the auditors.2. Auditors create transactions for controls they

want to test.3. Working papers are created to show expected

results from manually processed information.4. Auditor transactions are run with actual

transactions.5. Auditors compare ITF results to working papers.

Illustration of ITF Approach

ComputerApplication

System

ComputerApplication

System

ReportsWith Only Actual Data

ReportsWith Only Actual Data

AuditorsComputer Operations

Prepare ITFTransactionsAnd Results

Prepare ITFTransactionsAnd Results

ActualTransactions

ActualTransactions

ITFTransactions

ITFTransactions

Data FilesData FilesITF Data

ReportsWith Only

ITF Data

ReportsWith Only

ITF Data

Manually Processed

Results

Manually Processed

Results

Auditor

Compares

Parallel Simulation

The auditor uses auditor-controlled softwareto perform parallel operations to the client’ssoftware by using the same data files.

Parallel Simulation

Auditor makes comparisons betweenclient’s application system output andthe auditor-prepared program output

Exception reportnoting differences

Productiontransactions

Auditor-preparedprogram

Auditorresults

Masterfile

Client applicationsystem programs

Clientresults

Illustration of Parallel SimulationComputer Operations Auditors

ActualTransactions

ActualTransactions

ComputerApplication

System

ComputerApplication

System

Auditor’sSimulationProgram

Auditor’sSimulationProgram

Actual ClientReport

Actual ClientReport

Auditor Simulation

Report

Auditor Simulation

Report

Auditor Compares

Embedded Audit Module Approach

Auditor inserts an audit module in theclient’s application system to identifyspecific types of transactions.

Embedded Audit Modules. EAMs are subroutines embedded in the client’s information system that perform control and audit procedures at the same time as the normal application processing

Example of EAMs : (Debreceny et, al., 2005)

JOIN INVENTORY to SUPPLIER, PURCHASES SELECT supplier ID, [(purchase Price- standard Price)

purchase Volume] FROM INVENTORY-SUPPLIER-PURCHASES IF purchase Price/standard Price > 1.05 OR purchase

Price/standard Price < 0.95 RUN E-mail trigger

End of chapter