Content deleted Content added
Balloonman (talk | contribs) m →Other uses of CAATS: standardized italics to bold |
Balloonman (talk | contribs) m →Traditional Auditing vs CAATS: added subheadings |
||
Line 2:
==Traditional Auditing vs CAATS==
===Traditional Audit Example===
Traditionally auditors have been criticized because they reach conclusions based upon limited samples. It is not uncommon for an auditor to sample 30-50 transactions and declare a problem or conclude that "controls appear to be effective." Management upon hearing the verdict of the auditors will question the validity of the audit. Management realizes that they conduct thousands or perhaps millions of transactions a year and the auditor only sampled a handful. The auditor will then state that the conducted the sample based upon Generally Accepted Audit Standards (GAAS) and that their sample was statistically valid. The auditor is then forced to defend their methodology.
Line 7 ⟶ 9:
Another common criticism of the audit profession occurs after a problem emerges. Whenever a problem emerges within a department, management asks, "Where was audit." If audit had reviewed the area recently it becomes a sticky situation as the Audit Manager attempts to explain that the reason the problem wasn't identified was because the problem was outside of the scope of the audit. The Audit manager might also try to explain that the sample was "a statistically valid sample with a 95% confidence level." The Audit Committee doesn't care that the audit was conducted according to GAAS, they only care that a problem went unnoted by the audit department.
===CAATS Alternative===
CAATS addresses these problems. CAATS, as it is commonly used, is the practice of analyzing large volumes of data looking for anomalies. A well designed CAATS audit will not be a sample, but rather a complete review of all transactions. Using CAATS the auditor will extract every transaction the business unit performed during the period reviewed. The auditor will then test that data to determine if there are any problems in the data. For example, using CAATS the auditor can find invalid Social Security Numbers (SSN) by comparing the SSN to the issuing criteria of the Social Security Administration. The CAATS auditor could also easily look for duplicate vendors or transactions. When such a duplicate is identified, they can approach management with the knowledge that they tested 100% of the transactions and that they identified 100% of the exceptions.
===Traditional Audit vs CAATS on Specific Risks===
Another advantage of CAATS is that it allows auditors to test for specific risks. For example, an insurance company may want to ensure that it doesn't pay any claims after a policy is terminated. Using traditional audit techniques this risk would be very difficult to test. The auditor would "randomly select" a "statistically valid" sample of claims (usually 30-50.) They would then check to see if any of those claims were processed after a policy was terminated. Since the insurance company might process millions of claims the odds that any of those 30-50 "randomly selected" claims occurred after the policy was terminated is extremely unlikely. Even if one or two of those claims was for a date of service after the policy termination date, what does that tell the auditor?
| |||