30
COMPUTER ASSISTED AUDIT TOOLS Chap-04
COMPUTER ASSISTED AUDIT TOOLS
Chap-04
Internal Auditors are advising organizations on internal control attributes and ways to gain assurance from information.
The compliance efforts have led companies to delve more deeply into their financial statement reporting elements and into the data that feeds and supports the financial data.
Today’s Environment
Internal Audit groups faced with growing workloads and heightened accountability
Discovering that Computer Assisted Auditing Tools (CAATs) offer much needed help Audit technology tools facilitate more granular
analysis of data and help to determine the accuracy of the information
Today’s Environment
Computer-assisted audit techniques (CAATs) or computer-assisted audit tools and techniques (CAATTs) is a growing field within the audit profession.
CAATs is the practice of using computers to automate the audit processes.
CAATs normally includes using basic office productivity software such as spreadsheet, word processors and text editing programs and more advanced software packages involving use statistical analysis and business intelligence tools.
Issues of CAATs
Comprehensive approach of testing contrasts with traditional audit sampling methods (extracting small data sets and extrapolating conclusions about the population of transactions) Sampling techniques require audit judgment and
confidence levels; whereas CAATs deliver more definitive results because the entire population of data can be tested
CAATs- Review 100% of data
Filtering large volumes of data is much more practical and effective Work with greater quantities of data Work with data that is more complex Ability to identify financial leakage, policy
noncompliance, and mistakes or errors in data processing For example: duplicate vendor payments; fraudulent
transactions, circumvention of invoice approval limits
CAATs- Review 100% of data
Generalized packaged programs: however they need to be tailored to each specific case by defining the format of the files to be interrogated by specifying the parameters required and the form of that output.
Purpose written programs: these are specially written programs where it is not possible to adapt a package program because of the type of machine, processing or file organization used.
Utility programs used by the client: used by the entity to perform data processing functions such as sorting and printing of files e.g. excel.
Types of audit programs
THE USES OF AUDIT SOFTWARE
Calculation checks: e.g. program gives the total amount of individual entries in purchases day book in a particular period. Auditor then agree this total amount to the amount posted in purchases ledger control a/c.
Detecting system violation rule: e.g. program checks that no customer has balance above specified credit limit.
THE USES OF AUDIT SOFTWARE
Detecting unreasonable items: programs checks that no customer has discount of 50% or sales ledger balance (i.e. debtors balance) is more than the amount of sales made to that customer. New calculation and analysis: e.g. statistical analysis of inventory movements to identify slow moving items.
Selecting items for audit testing: e.g. obtaining a stratified sample of sales ledger balances to be used as a basis for a circularization of debtors.Completeness checks: e.g. checking continuity of sales invoices to ensure that they are all accounted for.
DIFFICULTIES IN USING AUDIT SOFTWARE
Over elaboration: tendency to produce over elaborate enquiry programs which are expensive to develop, time consuming in processing and reviewing. Hence audit cost goes up and its difficult to justify its use.Quantities of output: it may arise that output is too large either due to poor design of the software or using inappropriate parameters on a test.Live database: the audit program need to be run on the live database (i.e. actual files) of the client because the auditor is testing the actual system of the client.
DIFFICULTIES IN USING AUDIT SOFTWARE
Over elaboration: tendency to produce over elaborate enquiry programs which are expensive to develop, time consuming in processing and reviewing. Hence audit cost goes up and its difficult to justify its use.Quantities of output: it may arise that output is too large either due to poor design of the software or using inappropriate parameters on a test.Live database: the audit program need to be run on the live database (i.e. actual files) of the client because the auditor is testing the actual system of the client.
TEST DATA
Audit test data is data submitted by the auditor for processing by the clients computer based accounting system in order to test the operation of the enterprise’s computer programs
There are three main approaches to the use of test data:
Using live data: process client real live data and then check that the controls and processing are OK. Dummy data in a normal production run: however output of dummy data processing should not be released in the live database general ledger. Dummy data in a special run: dummy data is run back up/ image copy of database.
TEST DATA
Difficulties in using audit test dataCost: for constructing test data, predetermine the results manually and ascertaining which controls to be tested. Confined to test of control only. Live testing is dangerous as it may affect live database is used for special run. No visible evidence of audit work performed: need to record in the working papers of work done
Advantages of CAAT to the auditor
Test programmed controls: in a computer based accounting system, there are large volume of transactions which the auditor will have to audit. The auditor will have to check if the programmed controls are functioning correctly. The only effective way of testing programmed controls is through CAAT. Test on large volume of data: CAAT enable auditors to test large amount of data quickly and accurately and therefore increase the confidence they have in their opinion.
Advantages of CAAT to the auditor
Test on source location of data: CAAT enables auditors to test the accounting systems and its records (e.g. disk files) at its source location rather than testing the printouts of what they believe to be a copy of those records. Cost effective: once set up CAAT are likely to be cost effective way of obtaining audit evidence year after year provided that the client does not change the accounting system regularly.Comparison: allows results from using CAAT to be compared to traditional testing. Where the two results agree this increase the overall audit confidence.
The challenge Make sure you are looking at the right tools to
deliver the benefits your company needs It is the user’s responsibility to become
familiar with the tools available in order to pick the right one
Have a solid knowledge of your business, your data, and the accounting practices in your industry
Tool selection
The IIA conducted an audit software analysis and reported several key recommendations for internal auditors to consider in the selection of CAATs:1. Determine the enterprise’s audit mission,
objectives and priorities2. Determine the types and scope of audits3. Consider the enterprise’s technology
environment4. Be aware of the risks
Tool selection
Auditors must consult with management regarding what audit functions are of the highest priority and where computer audit tools may be applied to help meet those priorities.
1. Determine the enterprise’s audit mission, objectives and
priorities
What is the stated objective of the audits? What kinds of questions will auditors be asking
and what will be the boundaries? Arriving at answers to these questions will be
critical in making an appropriate software decision.
2. Determine the types and scope of audits
Any audit tools selected will have to mesh with the other software, hardware and network systems already in place.
In some cases, the existing IT infrastructure may incorporate tools that auditors can use in concert with automated software tools for improved effect.
3. Consider the enterprise’s technology environment
Applying software to any mission-critical function carries some risks, and auditing software is no different.
Automated software tools can prompt auditors to jump to faulty conclusions or make assumptions that run counter to enterprise operations.
4. Be aware of the risks
Consider: How many data sources you have Volume of transactions
Characteristics to look for in CAATs: Ease of use Ease of data extraction Ability to access a wide variety of data files from different
platforms Ability to integrate data with different format Ability to define fields and select from standard formats Menu-driven functionality for processing analysis commands Simplified query building and adjustments Logging features
Tool Selection
Execute tests for virtually all industries and almost all types of data:
Accounts Receivable Payroll Cash Disbursements Purchasing Sales General Ledger Work in Progress Loss Prevention Asset Management
Limiting factors: Access to data Understanding of the data fields Creativity of the auditor
Audit data analysis techniques
Data is locked down as read-only No chance of inadvertently changing the data Much higher risk when using spreadsheets
Commands are auditor-friendly Fairly easy to grasp what the commands will
do once explained Reasonably short learning curve
ACL (Generalized Audit Software)
Automatically records all of the commands that are run and the results of the procedures in its log LOG feature enables automation of workpapers Export the log to a word processor or other file
type
ACL
Batch feature (Writing Scripts) Develop audit procedures to run in ACL Auditor puts together the various routines in a
batch (similar to a macro) Next time the auditor can run one command (push
a button), and all of those procedures will run on autopilot with ACL dumping the results into the log
Become much more efficient over time by running same tests periodically, adding new procedures to the batch
ACL
Identify a Champion- person with ability to motivate, supervise, and generally make sure the technology is employed and becomes successful
General Training- for the users of the software (www.acl.com)
Identify power users- given more specific training and become leaders of implementing the chosen software; assist other auditors; conduct in-house training.
Additional Keys to Success
CAATs especially valuable in environments that have:
High volumes of transactions Complex processes Distributed operations Unrelated applications and systems
Audit data analysis techniques
Management can use such information to proactively identify exceptions to controls and compliance policies and take immediate action.
Implementing these programs can lead to increased confidence in the corporate data underlying financial reporting.
Advantage to Management
THE END
