AUDITING INFORMATION
TECHNOLOGY USING
COMPUTER ASSISTED AUDIT
TOOLS AND TECHNIQUES
AUDIT CYCLE
Auditor Productivity Tools
• Planning and tracking the annual audit
schedule
• Documentation and presentations
• Communication and data transfer
• Resource management
• Data management
Using CAATs in Audit Process
• Used to evaluate the integrity of an
application, determine compliance with
procedures, and continuously monitor
processing result.
• Examples
– Audit Command Language (ACL)
– Interactive Data Extraction and Analysis
(IDEA)
TECHNICAL SKILLS AND TOOLS
•
•
•
•
•
•
•
•
•
Generalized Audit Software
Application Testing
Designing Tests of Controls
Data Analysis
Compliance Testing
Continuous Monitoring
Application Controls
Audit Functions
Sampling
Generalized Audit Software
•
•
•
•
•
•
Analyze and compare files
Select specific records for examination
Conduct random samples
Validate calculations
Prepare confirmation letters
Analyze aging of transaction files
Application Testing
• Submitting a set of test data that will
produce known results if the application
functions properly
• Developing independent programs to
reperform the logic of the application
• Evaluating the results of the application
Application Controls
• Spreadsheet Controls
– Analysis
– Source of data
– Design review
– Documentation
– Verification of logic
– Extent of training
– Extent of audit
– Support commitment
Application Controls
• Database Controls
– Referential integrity
– Transaction integrity
– Entity integrity
– Value constraints
– Concurrent update protection
– Backup and recovery protection
– Testing protection
Audit Functions
•
•
•
•
Items of Audit Interest
Audit Mathematics
Data Analysis
System Validation
Sampling
• Types of sampling
– Judgmental sampling
– Statistical sampling
• Applied technique if any change to the
characteristics or attributes of the
population under review:
– Random attribute sampling
– Variable sampling techniques
Computer Forensics
Methods and Techniques
• The IT auditor can work in the field of
computer forensics or work side by side
with a computer forensics specialist,
supplying insight into a particular system
or network.
• Computer forensic specialists gather
evidence against the individual who has
committed a crime in several ways.