1 / 13

Chapter 4: Auditing Information Technology Using Computer-Assisted Audit Tools and Techniques

Chapter 4: Auditing Information Technology Using Computer-Assisted Audit Tools and Techniques. MBAD 7090. Objectives. Audit Productivity Tools Computer-Assisted Audit Techniques (CAATs) Computer Forensics Methods and Techniques. Benefits of Audit Automation. Risk Assessment.

faraji
Télécharger la présentation

Chapter 4: Auditing Information Technology Using Computer-Assisted Audit Tools and Techniques

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 4:Auditing Information Technology Using Computer-Assisted Audit Tools and Techniques IS Security, Audit, and Control (Dr. Zhao) MBAD 7090

  2. Objectives • Audit Productivity Tools • Computer-Assisted Audit Techniques (CAATs) • Computer Forensics Methods and Techniques IS Security, Audit, and Control (Dr. Zhao)

  3. Benefits of Audit Automation Risk Assessment • Increase audit productivity and coverage • Provide responsiveness to the change • Enhance service quality by having a standard set of audit tools and procedures • Better knowledge management Audit Schedule Reporting Audit Results Budget IS Security, Audit, and Control (Dr. Zhao) Audit Program Analysis Audit Tests

  4. Use of software tools • Two categories • Audit productivity tools: automate the audit function and integrate information gathered • Computer-assisted audit tools (CAATs): tools for substantive audit tests such as data and control evaluation • Appropriate use and application of CAATTs relies on appropriate training, sharing of experiences, and supervision. IS Security, Audit, and Control (Dr. Zhao)

  5. Audit productivity tools • Planning and tracking audit activities • Spreadsheets or project management tools • Documentation and presentations • Word, PowerPoint, flowcharting, etc. • Communications • Data management • A central knowledge base, a central repository of historical data • Groupware • For distributed workforces • Information sharing & individual customization • Document-oriented databases • Example: Lotus Notes IS Security, Audit, and Control (Dr. Zhao)

  6. CAATs • Validate the process • Test for the existence and execution of computer controls at all levels • Gather information and data from production cycles • Support audit findings • Gather evidence • Examples: • Audit Command Language (ACL) • Interactive Data Extraction and Analysis (IDEA) IS Security, Audit, and Control (Dr. Zhao)

  7. Application Testing • Submit a set of test data that will produce known results • Both valid and invalid transactions • Parallel simulation • A copy of original program • Reperformthe logic of the application • Could partially duplicate the application logic to test key functions • Continuous monitoring • Extract anomalies in real time IS Security, Audit, and Control (Dr. Zhao)

  8. Sampling • Judgmental sampling • Select the sample based on the auditor’s experience • Item of audit interests • Specify criteria based on amount, time, region, etc. • Statistical sampling • Random selection • Representative of the population • Various methods • Random number samplings • Cluster sampling IS Security, Audit, and Control (Dr. Zhao)

  9. Data Analysis • Goal: using computers to compare and summarize data • Histogram • Graphical representation • Identify relationships among data • Modeling • Identify trends or patterns for evaluating reasonableness • Comparative analysis • Compare same data at different time periods IS Security, Audit, and Control (Dr. Zhao)

  10. Other CATTS • Transaction tagging: • Follow a selected transaction through the entire application (e.g., Trace function) • Snapshot • Examine selected variables • Check the value before and after a certain process • Integrated test facility • Create a fictitious entity, such as a customer, within the context of the regular application • Process test transaction together with live inputs IS Security, Audit, and Control (Dr. Zhao)

  11. Computer Forensics • Computer criminals become more advanced right along with the technology • Fast developing field • A few rules: • Never work on the original evidence • Establish and maintain a continuing chain of custody • Document everything IS Security, Audit, and Control (Dr. Zhao)

  12. Computer Forensics: Challenges • Advancement of encryption • Maintaining credible certifications and industry standards • More standards need to be developed • Hiding data • Various data storage media • Change file extension • Requires high degree of patience and perseverance • A video IS Security, Audit, and Control (Dr. Zhao)

  13. Case: Holt Valley Hospital Services • Holt Valley Hospital Services, Inc., is a large health care services company that acquired W. Wilson Hospital, an acute-acre hospital, this past year. This is a large facility with a typically long collection cycle for its patients’ accounts receivable. During the annual audit, the “Big Four” auditors supplied a year-end aged accounts receivable trial balance to the internal audit staff. Now, three month later, the internal audit team needs to determine subsequent collections on 22,567 patient accounts. • Q1: What is the audit objective? • Q2: Discuss functions in which use of a computer would be helpful to the auditors in meeting that objectives. IS Security, Audit, and Control (Dr. Zhao)

More Related