AUDITING INFORMATION
TECHNOLOGY USING
COMPUTER ASSISTED AUDIT
TOOLS AND TECHNIQUES
• Planning and tracking the annual audit schedule
• Documentation and presentations
• Communication and data transfer
• Resource management
• Data management
• Used to evaluate the integrity of an application, determine compliance with procedures, and continuously monitor processing result.
• Examples
– Audit Command Language (ACL)
– Interactive Data Extraction and Analysis
(IDEA)
TECHNICAL SKILLS AND TOOLS
• Generalized Audit Software
• Application Testing
• Designing Tests of Controls
• Data Analysis
• Compliance Testing
• Continuous Monitoring
• Application Controls
• Audit Functions
• Sampling
• Analyze and compare files
• Select specific records for examination
• Conduct random samples
• Validate calculations
• Prepare confirmation letters
• Analyze aging of transaction files
• Submitting a set of test data that will produce known results if the application functions properly
• Developing independent programs to reperform the logic of the application
• Evaluating the results of the application
• Spreadsheet Controls
– Analysis
– Source of data
– Design review
– Documentation
– Verification of logic
– Extent of training
– Extent of audit
– Support commitment
• Database Controls
– Referential integrity
– Transaction integrity
– Entity integrity
– Value constraints
– Concurrent update protection
– Backup and recovery protection
– Testing protection
• Items of Audit Interest
• Audit Mathematics
• Data Analysis
• System Validation
• Types of sampling
– Judgmental sampling
– Statistical sampling
• Applied technique if any change to the characteristics or attributes of the population under review:
– Random attribute sampling
– Variable sampling techniques
Computer Forensics
Methods and Techniques
• The IT auditor can work in the field of computer forensics or work side by side with a computer forensics specialist, supplying insight into a particular system or network.
• Computer forensic specialists gather evidence against the individual who has committed a crime in several ways.