Computer Assisted Audit Techniques (CAAT’s)
Definition:
“Computer assisted audit techniques are the method of using a computer to
assist the auditor in the performance of the computer audit. The major categories
are audit software and test data.”
CAATs are important tools for the IS auditor in gathering information from these environments.
When systems have different hardware and software environments, different data structure, record
formats, processing functions, etc., it is almost impossible for the auditors to collect evidence
without a software tool to collect and analyze the records.
Tools and techniques of CAAT’s: (Types of CAAT’s)
CAATs include many types of tools and techniques, such as generalized audit software, utility
software, test data, application software tracing and mapping, and expert systems.
1. Generalized Audit Software (GAS)
Refers
to
standard
software
that
has
the
capability
to
directly
read and access data from various database platforms, flat-file systems and ASCII formats. GAS
provides IS auditors an independent means to gain access to data for analysis and the ability to
use high-level problem-solving software to invoke functions to be performed on data files.
Features include mathematical computations, statistical analysis, sequence checking, duplication
checking and re-computations.
2. Utility software:
Utility software is the subset of software, such as database management system’s report
generators, that provides evidence to the auditors about system control effectiveness.
3. Test data :
Test data involve the auditors using a sample set of data to assess whether logic errors exist in a
program and whether the program meets its objectives. The review of an application system will
provide information about internal controls built in the system.
4. The audit-expert system:
The audit expert system will give direction and valuable information to all levels of auditors while
carrying out the audit because the query-based system is built on the knowledge-base of the senior
auditors or managers.
These tools and techniques can be used in performing various audit procedures including:
i.
ii.
Tests of details of transactions and balances
Analytical review procedures
iii.
iv.
v.
Compliance test of IS general controls
Compliance of IS application controls
Penetration and OS vulnerability assessment testing
The IS auditor should have a through understanding of CAATs and know where and when to apply
them.
Advantages:
1. Computer Assisted Sampling.
This permits the use of random statistical sampling, which tends to be more accurate and saves
time in those instances in which it is appropriate.
2. File Management.
Files are combined, compared, managed, segregated and ordered automatically using generally
accepted computerized file management. Adjustments or other changes to data and reports are
easily accomplished. The DOR auditor will review your accounts in order to request specific
information from your records essential to the audit.
3. Report Generation.
Once data integrity is verified, the auditor can produce various reliable reports from the overall
data population.
4. Other advantages
CAATs offer the following other advantages:
i.
Reduced level of audit risk.
ii.
Greater independence from the auditee.
iii.
Broader and more consistent audit coverage.
iv.
Faster availability of information.
v.
Improved exception identification.
vi.
Greater flexibility of run-times.
vii.
Greater opportunity to quantify internal control weaknesses.
viii.
Enhanced sampling.
ix.
Cost-savings over time.