Audit dan EvaluasiTeknologi Informasi

Sesi 6

MTI-CIO2012

CAATT

Computer-Assisted Audit Tools and Techniques• Increased productivity, complete routine tasks faster (24–

75%)• Reduced cost due• Improve consistency and focus more on significant issues• Impractical or impossible tasks (manually) can be completed• Competitive advantage gained and client perception of the

auditor, the firm, and quality of the services provided improved

• Ability to cope with difficult tasks without corresponding staff increases

Tool Categories

• General Automation and data processing– Audit productivity tools that help auditors to reduce the

amount of time spent on administrative tasks by automating the audit function and integrating information gathered as part of the audit process

• Specific Auditing tools– Computer-assisted audit tools (CAATs) that help auditors

evaluate application controls, and select and analyze computerized data for substantive audit tests

Audit Process Activities

• Planning and tracking the annual audit schedule using spreadsheets, database, and project management software

• Documentation and presentations using word processing, flowcharting, and graphics software

• Communication and data transfer using electronic connectivity and a centralized server

• Resource management using online work papers review and e-mail

• Data management using database, groupware, and intranet software

Audit Planning and Tracking

• Risk assessment, audit schedule preparation and tracking, and budget preparations are necessary tasks in audit planning.

• Spreadsheets or database software can be used to record risk values, develop an “ audit universe,” and prepare a budget. Project management software can be used to schedule audits and track the current status. Each of these solutions is a standalone. An integration may not even be possible. Because planning tasks are interdependent, an integrated application would provide quicker update and ensure that all phases of planning are kept in sync.– For example, the budget should provide sufficient costs to accomplish

the audit schedule, or the audit schedule should not exceed the resources available.

Documentation and Presentations

• A use of packages such as Office Suite provides “ cut and paste” and linking functionality.

• These features facilitate the creation of consistent, accurate documents.– For example, spreadsheet data containing functional testing results

can be incorporated into a report document with a few clicks of a mouse. As same data can then just as easily be copied to a presentation slide and also be “linked,” so that changes to the source documents will be reflected in any of the related documents.

• Software suite functionality saves time and ensures consistency and accuracy.

Groupware

• Groupware is a specialized tool or assembly of compatible tools that enables business teams to work faster, share more information, communicate more effectively, and do a better job of completing tasks. Groupware systems vary greatly. Today, we are seeing desktop conferencing, videoconferencing, coauthoring features and applications, e -mail and b-boards, meeting supports systems, paging and voice applications, workflow systems, and group and subgroup calendars as examples of groupware products and support systems.

Auditor Skills

• Requirement to use computer-assisted auditing techniques lies in understanding and applying the appropriate audit functions.

• By way of illustration, four broad categories of computer auditing functions can be identified:– Items of audit interest– Audit mathematics– Data analysis

• Histogram• Modeling• Comparative Analysis

– System validation

Flowcharting Techniques

Flowcharting as an Analysis Tool• A method for identifying and evaluating control strengths and weaknesses within a

system under examination. It can be time consuming to build an understanding of strengths and weaknesses within a system to be audited.

• Evaluation of a number of elements of a system:– Quality of system documentation– Adequacy of manual or automated controls over documents– Effectiveness of processing by computer programs (i.e., whether the processing is

necessary or redundant and whether the processing sequence is proper)– Usefulness of outputs including reports and stored fi les

• Steps followed in the development of flowcharts and their use as audit evaluation tools include– Understanding how data is processed by computers– Identifying documents and their flow through the system– Defining critical data– Developing audit data flow diagrams– Evaluating the quality of system documentation– Assessing controls over documents– Determining the effectiveness of processing under computer programs– Evaluating the usefulness of reports

Defining Critical Data

• An auditor must build a clear understanding of the data being recorded within the system under study. Therefore, the individual elements of data must be defined. Titles can be deceptive.– For example, is a cost derived from the current period or is

it cumulative? Is the cost accrued or incurred? What are the components of a cost? Has the composition of cost changed during the fiscal periods under review?

• Determining the Effectiveness of Processing under Computer Programs• A e audit staff should identify any problem areas in the processing cycle including but not limited to

• Redundant processing of data or other forms of duplication• Bottlenecks that delay processing• Points i n t he o perating c ycle at w hich c lerks do n ot h ave en ough t ime to re view o utput• reports and make corrections• Evaluating the Usefulness of Reports• A e aud it s taff sh ould re view t he k ey o r m ajor o utputs ( such a s e dit l istings, er ror l istings, a nd• control of hours listings) of the application system and determine if the outputs are

• Accurate• Usef ul a s i ntended• A e auditor should confi rm fi ndings by interviewing t he users of t he output reports. One appropriate• te• chnique m ight b e t he c ompletion o f a q uestionnaire o r su rvey, p erhaps c onducted b y• e-mail on user satisfaction with output reports.

Sampling

System Validation

• System validation is a method for testing the reliability of programs through simulation with either the test data or actual data. With parallel simulation techniques, the auditor may be able to satisfy both compliance and substantive testing needs in one process.

Generalized Audit Software

• Use of generalized audit software makes it possible to perform required functions directly on application files. Audit software can be used to:– Analyze and compare files– Select specific records for examination– Conduct random samples– Validate calculations– Prepare confirmation letters– Analyze aging of transaction files– IT auditors can also use the same software tools as the

programming staff or additional tool s used

Query and Analysis Tools

Application Testing

• Once controls have been identified, the next step in an audit is to verify the control’s effectiveness. This can be accomplished by submitting a set of test data that will produce known results if the application functions properly.

• Evaluating the results of the application• In any case, the auditor will need to understand the

processing logic of the application to simulate the application or evaluate the application’s results.

• Database controls– Access rights

Other (Online) CAATs• Webmetrics:

– Web Static Analyzer Tool (Web SAT), Web Category Analysis Tool (WebCAT), Web Visual Instrumenter Program (WebVIP), VISVIP, FLUD, FLUDViz Tool, and TreeDec.

• Manually checking that all posted data is current will be time consuming. Discovering broken links, missing pages, and page components manually are almost impossible.

• Webmetrics provided by Information Technology Laboratory (ITL) of National Institute of• Standards and Technology (NIST) is one of t he CAATs that can assist IT auditors in evaluating

the usability of a Web site.– Reduces the time to complete audit analysis, test, and reports– Increases audit coverage by reducing the amount of time spent on manual processes– Provides quality audit services by having a standard set of audit tools and procedures– Leverages the knowledge gathered as a result of audit projects to provide immediate

metric/data quality feedback to management• Benefits

– Reduced advertising costs– Equal access to new markets– Increased sales– More opportunity for niche marketing– Reduced delivery cost for goods that can be delivered electronically

Example Tools (Non-Commercial)

Infrastructure (network) related auditing tools• Open-AudIT• OCS Inventory NG

Network CAAT Example

Network CAAT Example

CAAT Example

• OCS Inventory NG Global Diagram(http://www.ocsinventory-ng.org)

CAAT Integration Example

• Global diagram detailed how OCS can be integrated in a complex network architecture.

Tugas

Dari berkas “Understanding Fraud and Corruption”• Pertanyaan-pertanyaan yang harus dijawab:– Jelaskan perbedaan Fraud dan Corruption– Definisikan Fraud– Definisikan Corruption menurut ADB 1998– Sebutkan 7 elemen Fraud and Corruption– Sebutkan 15 jenis Fraud and Corruption beserta

definisinya– Sebutkan daftar perilaku korup (12 item)– Apa penyebab Fraud and Corruption?