Wikipedia

Computer-aided audit tools: Difference between revisions

Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
m sp: Techiniques->Techniques, imbedded->embedded, theere->there
WinBot (talk | contribs)
39,167 edits
m BOT - Unicodifying
Line 1:
'''Data analysis''' is the means by which the information systems auditor determines the completeness and accuracy of an organization’sorganization’s data. [[Auditor]]s perform data analysis to determine where it is best to focus audit tests.
 
Along with manual audit procedures, the auditor can employ [http://www.isaca.org/Content/ContentGroups/Standards2/Standards,_Guidelines,_Procedures_for_IS_Auditing/IS_Auditing_Guideline_G3_Use_of_Computer-Assisted_Audit_Techniques1.htm computer assisted auditing tools and techniques (CAATT’sCAATT’s)] to perform data analysis throughout the audit engagement. Generalized Audit Software (GAS), also known as Data Analysis Software, is the most popular form of CAATT used in the data analysis process.
 
==Data analysis process==
Line 9:
#*The auditor determines audit objectives and identifies organizational systems containing potentially relevant data.
#'''Requesting Data from the Organization'''
#*In order to obtain sufficient, reliable, and relevant evidence to achieve their audit objectives, the auditor attempts to determine relevant data used to perform audit tests. The data is then requested from the organization’sorganization’s IT department.
#'''Extracting Data'''
#*When data is extracted from an organization, the auditor must verify the integrity of the organization’sorganization’s information system and IT environment from which the data is extracted.
#'''Data Importation'''
#*The auditor must determine the completeness and relevancy of data obtained by the organization.
#'''Data Profiling'''
#*The auditor performs relevancy checks on data. For example, checking an organization’sorganization’s data to determine if there are any negative invoice amounts, debits don’tdon’t equal credits, or if there is omitted data.
#'''Data Analysis'''
#*The auditor analyzes the data to determine if sufficient evidence has been obtained to support their overall conclusions and findings of the audit.
Line 21:
#*The auditor must summarize the findings and then determine which type of audit report is most suitable to describe the outcome of the audit results. For example, an unqualified audit report vs. a qualified audit report.
#'''Documentation of Research Findings'''
#*The auditor must document their research findings in the forms of work papers, spreadsheets, flowcharts, and results of observations, to name a few. Audit documentation is essential to support the auditor’sauditor’s findings and recommendations as stated in the audit report.
 
[[Image:Data_analysis.JPG]]
Line 30:
 
Benefits of audit software include:
*They are independent of the system being audited and will use a read-only copy of the file to avoid any corruption of an organization’sorganization’s data.
*Many audit-specific routines are used such as sampling.
*Provides documentation of each test performed in the software that can be used as documentation in the auditor’sauditor’s work papers.
 
===Data analysis software===
 
The most popular form of CAATTs, [http://www.isaca.org/Content/ContentGroups/Member_Content/Journal1/20033/Using_CAATs_to_Support_IS_Audit.htm data analysis software] is used to extract data from commonly used file formats and the tables of most database systems. This audit software can perform a variety of queries and other analyses on an organization’sorganization’s data.
 
 
Line 51:
The following are types of query and analysis tools used by auditors while performing data analysis.
 
*'''Access''' &#8211ndash; A database program that provides data selection, analysis, and reporting.
*'''[[Audit Command Language|ACL]] & IDEA''' &#8211ndash; General audit software that reads files from most formats and provides data selection, analysis, and reporting.
*'''Excel''' &#8211ndash; Spreadsheet software that provides analysis, calculation, graphing, and reporting.
*'''CA-Examine''' &#8211ndash; A programming language that provides data selection, analysis, and reporting. Additional programming languages include: CA-Easytrieve, Vbasic, C, C++, JAVA, SQL, Perl, SAS, and SPSS.
*'''SAS Base''' &#8211ndash; A business intelligence platform that is sometimes used for it's strong ETL capabilities and ability to interface with major ERP.
*[http://www.categoric.com Categoric] Continuous Auditing technology. Connects to anything and provides real time monitoring of controls and KPIs
 
Data analysis programs use such techniques as:
*'''Histograms''' &#8211ndash; provides the auditor with a “snapshot”“snapshot” of the substance, makeup, and distribution of data within an organization’sorganization’s accounting system.
*'''Modeling''' &#8211ndash; allows the auditor to determine the reasonableness of an organization’sorganization’s data by comparing current data with a trend or pattern as established by evaluating data from previous years.
*'''Comparative Analysis''' &#8211ndash; Allows the auditor to compare sets of data to determine areas of audit interest.
 
===Other uses of CAATT's for data analysis===
Line 77:
CAATTs can assist the auditor in detecting fraud by performing and creating the following, respectively:
 
#<u>''Analytical Tests''</u> &#8211ndash; evaluations of financial information made by studying plausible relationships among both financial and non-financial data to assess whether account balances appear reasonable (AU 329). Examples include ratio, trend, and [http://www.nist.gov/dads/HTML/benfordslaw.html Benford's Law]tests.
#<u>''Data Analysis Reports''</u> &#8211ndash; reports produced using specific audit commands such as filtering records and joining data files.
 
 
Line 84:
*[http://www.theiia.org/itaudit/index.cfm?fuseaction=print&fid=5404 Continuous Monitoring]is an ongoing process for acquiring, analyzing, and reporting on business data to identify and respond to operational business risks. For auditors to ensure a comprehensive approach to acquire, analyze, and report on business data, they must make certain the organization continuously monitors user activity on all computer systems, business transactions and processes, and application controls.
 
Additionally, the auditor can install audit procedures into their audit software called embedded audit routines, which can continuously capture and analyze an application&#8217;sapplication’s processing results. The audit routines can capture transaction data, statistics, and continuously evaluate the organization&#8217;sorganization’s computer system for processing errors. For example, evaluating whether fields that should only have alpha characters have no null data values and amount fields have no alpha characters.
 
 
Retrieved from "https://en.wikipedia.org/wiki/Computer-aided_audit_tools"