Matakuliah : A0214/Audit Sistem Informasi
Tahun
: 2007
Pertemuan 7-8
AUDITING INFORMATION TECHNOLOGY USING COMPUTER
ASSISTED AUDIT TOOLS AND TECHNIQUES
Bina Nusantara
AUDIT CYCLE
Bina Nusantara
Auditor Productivity Tools
•
•
•
•
•
Bina Nusantara
Planning and tracking the annual audit schedule
Documentation and presentations
Communication and data transfer
Resource management
Data management
Using CAATs in Audit Process
• Used to evaluate the integrity of an application, determine
compliance with procedures, and continuously monitor processing
result.
• Examples
– Audit Command Language (ACL)
– Interactive Data Extraction and Analysis (IDEA)
Bina Nusantara
Functionality of CAATs
•
•
•
•
•
•
•
•
•
•
Bina Nusantara
Avoidance of a sampling error by addressing 100% of population
Stratification of data
Aging of the transactions and data
Recalculation (reperformance)
Exceptions identification
Fraud detections (via isolated variances)
Extraction of the subsets of data
Linkage of data for analysis
Identification of duplicate transactions
Audit trail analysis
•
•
•
•
•
•
•
•
•
Bina Nusantara
TECHNICAL SKILLS AND TOOLS
Generalized Audit Software
Application Testing
Designing Tests of Controls
Data Analysis
Compliance Testing
Continuous Monitoring
Application Controls
Audit Functions
Sampling
Generalized Audit Software
•
•
•
•
•
•
Bina Nusantara
Analyze and compare files
Select specific records for examination
Conduct random samples
Validate calculations
Prepare confirmation letters
Analyze aging of transaction files
Application Testing
• Submitting a set of test data that will produce known results if the
application functions properly
• Developing independent programs to reperform the logic of the
application
• Evaluating the results of the application
Bina Nusantara
Application Controls
• Spreadsheet Controls
–
–
–
–
–
–
–
–
Bina Nusantara
Analysis
Source of data
Design review
Documentation
Verification of logic
Extent of training
Extent of audit
Support commitment
Application Controls
• Database Controls
–
–
–
–
–
–
–
Bina Nusantara
Referential integrity
Transaction integrity
Entity integrity
Value constraints
Concurrent update protection
Backup and recovery protection
Testing protection
Audit Functions
•
•
•
•
Bina Nusantara
Items of Audit Interest
Audit Mathematics
Data Analysis
System Validation
Sampling
• Types of sampling
– Judgmental sampling
– Statistical sampling
• Applied technique if any change to the characteristics or attributes
of the population under review:
– Random attribute sampling
– Variable sampling techniques
Bina Nusantara
Sampling Process Steps:
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
Bina Nusantara
Determine the objective of the test
Define the population
Determine the confidence level
Determine the precision
Determine the expected standard deviation
Compute the sample size
Document the sampling procedure
Select the audit samples
Evaluate the sample results
Reach an overall conclusion based on the sampling.
Computer Forensics
Methods and Techniques
• The IT auditor can work in the field of computer forensics or work
side by side with a computer forensics specialist, supplying insight
into a particular system or network.
• Computer forensic specialists gather evidence against the individual
who has committed a crime in several ways.
Bina Nusantara