Pertemuan 7-8

Matakuliah : A0214/Audit Sistem InformasiTahun : 2007

Bina Nusantara

AUDITING INFORMATION TECHNOLOGY USING COMPUTER ASSISTED AUDIT

TOOLS AND TECHNIQUES

Bina Nusantara

AUDIT CYCLE

Bina Nusantara

Auditor Productivity Tools• Planning and tracking the annual audit schedule• Documentation and presentations• Communication and data transfer• Resource management• Data management

Bina Nusantara

Using CAATs in Audit Process• Used to evaluate the integrity of an application,

determine compliance with procedures, and continuously monitor processing result.

• Examples– Audit Command Language (ACL)– Interactive Data Extraction and Analysis (IDEA)

Bina Nusantara

Functionality of CAATs• Avoidance of a sampling error by addressing 100% of population• Stratification of data• Aging of the transactions and data• Recalculation (reperformance)• Exceptions identification• Fraud detections (via isolated variances)• Extraction of the subsets of data• Linkage of data for analysis• Identification of duplicate transactions• Audit trail analysis

Bina Nusantara

TECHNICAL SKILLS AND TOOLS• Generalized Audit Software• Application Testing• Designing Tests of Controls• Data Analysis• Compliance Testing• Continuous Monitoring• Application Controls• Audit Functions• Sampling

Bina Nusantara

Generalized Audit Software• Analyze and compare files• Select specific records for examination• Conduct random samples• Validate calculations• Prepare confirmation letters• Analyze aging of transaction files

Bina Nusantara

Application Testing• Submitting a set of test data that will produce

known results if the application functions properly• Developing independent programs to reperform

the logic of the application• Evaluating the results of the application

Bina Nusantara

Application Controls• Spreadsheet Controls

– Analysis– Source of data– Design review– Documentation– Verification of logic– Extent of training– Extent of audit– Support commitment

Bina Nusantara

Application Controls• Database Controls

– Referential integrity– Transaction integrity– Entity integrity– Value constraints– Concurrent update protection– Backup and recovery protection– Testing protection

Bina Nusantara

Audit Functions• Items of Audit Interest• Audit Mathematics• Data Analysis• System Validation

Bina Nusantara

Sampling• Types of sampling

– Judgmental sampling– Statistical sampling

• Applied technique if any change to the characteristics or attributes of the population under review:– Random attribute sampling– Variable sampling techniques

Bina Nusantara

Sampling Process Steps:1. Determine the objective of the test2. Define the population3. Determine the confidence level4. Determine the precision5. Determine the expected standard deviation6. Compute the sample size7. Document the sampling procedure8. Select the audit samples9. Evaluate the sample results10. Reach an overall conclusion based on the sampling.

Bina Nusantara

Computer Forensics Methods and Techniques

• The IT auditor can work in the field of computer forensics or work side by side with a computer forensics specialist, supplying insight into a particular system or network.

• Computer forensic specialists gather evidence against the individual who has committed a crime in several ways.