Add to collection(s) Add to saved
  1. Business
  2. Management

A Study on Chinese Online Audit Techniques(China)

advertisement 
A Study on Chinese Online Audit Techniques
By Ms. Cao Hongze Ph.D
IT Center of CNAO
Fulfilling manual audit and PC audit cannot meet demands of audit
works in modern times with the rapid development of IT and economic
globalization. It’s an unassailable trend that applying network computer
techniques to audit supervision because of popularization of network
application in different industries and institutions. Promotion of national
IT systems and e-Government, increasing proportion of financial,
accounting and economic management information transmission via
networks, bring challenges to audit works as well as create opportunities
for auditors to apply audit work using networks.
CNAO is dedicated in researching, realizing, popularizing and
applying online audit supervision techniques and attempts to change the
ways of audit work in recent years. According to online audit logic flow
(shown in Fig.1), online audit supervision techniques can be divided four
aspects as below:
Auditor
Auditee
Data Collection
Technique
Networking
Technique
Data Processing
Technique
Collection
Transmission
Processing
Security Technique
Fig.1 Distribution of online audit techniques in audit logic flow
1
1、Construction techniques of audit networks
In order to implement audit supervision in the networks, network
techniques must be adopted to build up auditing networks to obtain
auditees’ information and data.
Construction method of auditing networks has direct relation with
physical distance between auditors and auditees, and networks
environment under which auditors and auditees coexist. No matter what
degree the online audit has developed to, it is inevitable that auditors have
to perform field audit. Even using online audit techniques, there are two
types, field online audit and distance online audit.
Field online audit is the audit using LAN existed in auditees to
directly or indirectly connect database being audited. The LAN
commonly has broadband condition, and it has been a standard
configuration of LAN that backbone 1000M and 10/l00M access to
desktop.
Distance online audit is the audit using the uniform platform of
national e-Government or national public communication data network,
to directly or indirectly connect database being audited. The uniform
national e-Government network under construction has broadband, the
renting band of national public communication data networks is restricted
by cost or local network environment, maybe has different instance, such
as 56Kbps, 64kbps, 2Mbps and 10Mbps.
2
Reliable transmission of audit data is directly influenced and
restricted by audit networking methods. It is a safe, reliable and relative
simple transmission method when auditees’ data are fully collected
through networks in field online audit. In distance online audit especially
when network band is insufficient, the data obtained through network are
some essential data, such as increment data and query result data etc. And
saving data are obtained by using other methods.
2、Auditees’ data collection techniques
There are some experiences about collecting auditees’ data in single
computer audit work. The primary characteristic of collecting auditees’
data in online audit supervision is the sub-real-time character of time
efficiency. So auditors should not depend on monthly backup data, or
yearly backup data of auditee, the data must be timely collected in the
auditees’ information systems.
Collecting auditees’ data includes techniques in five aspects:
1. Setting prepositive computers. It should be cautious that auditors
directly operate auditees’ database since it will bring audit risk. Audit
prepositive computers can be set at auditees, and all auditors’ query
quests are carried through prepositive computers; When network band is
insufficient the data auditors at long distance obtained through network
are increment data or query data, and data processing prepositive
computers whose access belongs to auditors are set at auditees. The
3
configure of prepositive computers are different according to auditees’
data quantity. The program compiled by auditors is set in a computer in
the auditees’ information system in the administration organizations
which are daily supervised, and this computer is equivalent to a soft
prepositive computers; PC servers with appropriate performance are set
according to the need of data quantity in data concentration organizations.
2 . Extension
of
PC
servers.
Renting
national
public
communication data networks will be adopted while distance online audit
is performed in data concentration organizations. The information sent by
auditors through networks are query information, and real query
processing are performed at auditees. The audit prepositive computers
should have powerful processing ability in order to meet needs of remote
massive data query. The type-selected and tie-in experiments should be
carried out in order to resolve compatibility between hardware PC server
and relative extension database while using server extension techniques
to resolve processing ability problem.
3.Data transfer from large-sized and medium-sized computers to PC
server. Large-sized and medium-sized computers are chosen to process,
store data in data highly concentration organizations’ information systems,
and it’s operation system and type of database are different with PC used
by auditors. Conversion mid products whose batch import and export
performance are appropriate should be bought or researched.
4
4.Audit models in prepositive computers. Audit models installed in
prepositive computers includes: periodically detecting auditees’ data
variance trigged by time; selectively collecting data; synchronously
increasing data( includes local and foreign); verifying integrality of
data; auto audit and pre-alarming new data according to searching
conditions set by system.
5.Data conversion clearance. Auditees’ original data should be
converted to data clearance suited to auditors needs, generally includes:
data type conversion, date and time format conversion, code conversion,
value conversion. Conversion tools for common used goods finance
software should be developed for administration organizations which are
daily supervised by using online audit. Data conversion tools should be
developed for data highly concentration organizations respectively.
3、Auditors’ data processing techniques
The main methods of data processing are browse, selection,
comparison and check when auditors use computers to audit electric data
managed by computers. Audit method of online audit has no distinct
differences with that of single computer audit. However, data processing
methods, processing time and quantities of online audit have notable
differences with that of single computer audit. Data processing of
auditors includes four aspects techniques as below:
1.Data storage. Data obtained by auditors increase massively under
5
the condition of online audit. It should be paid more attention since it
makes a good basis for mastering auditees’ situations and also provides
convenience to support other audit projects and to carry out industry audit
analysis. To improve efficiency of audit supervision under IT
environment, online storage and near-line storage are adopted in auditors
data storage.
2.Audit model. The keys of improving audit efficiency are to collect
auditors’ experience and found audit models. The technique problem
should be resolved at computer stage is to develop tools which can
conveniently and directly convert auditors’ experience to audit models.
3.Audit platform. Since works of data concentration organizations
are complex, the audit operation platforms should be customized. Audit
platform development is mainly used to administration organizations
audit in order to simplify auditors’ studying of audit software. The main
functions of audit platform include: audit projects management, providing
common audit methods such as query, compositor, statistic, summary and
grouping, audit documents generation, external data interface.
4. Parallel processing. Since online audit of data concentration
organizations must face massive data, the constructed audit system is
unpractical if it has not data processing methods with high speed and
large batch. Comparing to small machines, server extension has many
advantages such as small investment in one time, strong expansion ability
6
and abundant technicians. Therefore, sever extension technique should be
adopted at auditors’ data processing.
4、Security techniques of online audit
The security of online audit is necessary in order to avoid audit risks
and to protect interests of auditees. According to the flow of audit data,
security techniques of online audit can be divided to four aspects:
1.Security of data collection. It is forbidden that auditors directly
operate auditees’ database; Strong insulation methods should be adopted
while converting data from auditee to prepositive computers of auditor in
order to prevent auditors access auditees’ information system; Strong
insulation methods should be adopted while non-converting data;
Authorization control mechanism must be found to prevent illegal data
collection; Deploy anti-virus, anti-hacker software at auditees’ prepositive
computers.
2.Security of data transmission. Security of data transmission
should be settled by auditee under the condition of filed online audit in
LAN. Security of data transmission should be settled by platform under
the condition of distance online audit on the uniform e-Government
platform and Auditors should focus on transmission security after
entering buildings. The key of data transmission security is distance
online audit that rent national public communication data networks and
mainly resolve data integrity, no leakage and not to be intercepted and
7
captured.
3.Security of data storage. Accumulative massive data are important
assets of auditors. Methods about computer physical security are suit to
protect data storage security. The primary techniques that resolve security
of online audit data storage are: economic and rational backup; data
recover in moderate time; disaster toleration with moderate strength;
preventing illegal capture; preventing erasing; preventing deny; log.
4 . Security management system.
A perfect system include
computer room management, terminal authorization approve, data backup,
supervision, audit model, log management.
At present, under network environment ,CNAO has made successful
online audit experiments over auditees with different data quantity
management at different network linking conditions. CNAO has decided
that online audit will be the main content of the Second Phase of Golden
Audit Project and it’s aim is to basically implement “three changes”,
namely “change from mere post audit to post audit combined with
mid-term audit, from mere static audit to static audit combined with
mobile audit, from mere field online audit to field online audit combined
with distance online audit” .
Thanks!
8
Related documents
Evolution of an Automated Internal Audit Management System
Evolution of an Automated Internal Audit Management System
Audit Poster - BSG Colonoscopy Audit
Audit Poster - BSG Colonoscopy Audit
Mystery Fraud Training Outline
Mystery Fraud Training Outline
Lutz Internal Audit Director 10 22 2015
Lutz Internal Audit Director 10 22 2015
LGFMA Presentation - Internal Audit Program Model
LGFMA Presentation - Internal Audit Program Model
Title: Audit
Title: Audit
CIS 349 – Information Technology Audit and Control
CIS 349 – Information Technology Audit and Control
Green Impact Auditor
Green Impact Auditor
Download
advertisement