Computer Assisted Audit Techniques (CAAT’s) Definition: “Computer assisted audit techniques are the method of using a computer to assist the auditor in the performance of the computer audit. The major categories are audit software and test data.” CAATs are important tools for the IS auditor in gathering information from these environments. When systems have different hardware and software environments, different data structure, record formats, processing functions, etc., it is almost impossible for the auditors to collect evidence without a software tool to collect and analyze the records. Tools and techniques of CAAT’s: (Types of CAAT’s) CAATs include many types of tools and techniques, such as generalized audit software, utility software, test data, application software tracing and mapping, and expert systems. 1. Generalized Audit Software (GAS) Refers to standard software that has the capability to directly read and access data from various database platforms, flat-file systems and ASCII formats. GAS provides IS auditors an independent means to gain access to data for analysis and the ability to use high-level problem-solving software to invoke functions to be performed on data files. Features include mathematical computations, statistical analysis, sequence checking, duplication checking and re-computations. 2. Utility software: Utility software is the subset of software, such as database management system’s report generators, that provides evidence to the auditors about system control effectiveness. 3. Test data : Test data involve the auditors using a sample set of data to assess whether logic errors exist in a program and whether the program meets its objectives. The review of an application system will provide information about internal controls built in the system. 4. The audit-expert system: The audit expert system will give direction and valuable information to all levels of auditors while carrying out the audit because the query-based system is built on the knowledge-base of the senior auditors or managers. These tools and techniques can be used in performing various audit procedures including: i. ii. Tests of details of transactions and balances Analytical review procedures iii. iv. v. Compliance test of IS general controls Compliance of IS application controls Penetration and OS vulnerability assessment testing The IS auditor should have a through understanding of CAATs and know where and when to apply them. Advantages: 1. Computer Assisted Sampling. This permits the use of random statistical sampling, which tends to be more accurate and saves time in those instances in which it is appropriate. 2. File Management. Files are combined, compared, managed, segregated and ordered automatically using generally accepted computerized file management. Adjustments or other changes to data and reports are easily accomplished. The DOR auditor will review your accounts in order to request specific information from your records essential to the audit. 3. Report Generation. Once data integrity is verified, the auditor can produce various reliable reports from the overall data population. 4. Other advantages CAATs offer the following other advantages: i. Reduced level of audit risk. ii. Greater independence from the auditee. iii. Broader and more consistent audit coverage. iv. Faster availability of information. v. Improved exception identification. vi. Greater flexibility of run-times. vii. Greater opportunity to quantify internal control weaknesses. viii. Enhanced sampling. ix. Cost-savings over time.