auditing information technology using computer

advertisement

AUDITING INFORMATION

TECHNOLOGY USING

COMPUTER ASSISTED AUDIT

TOOLS AND TECHNIQUES

AUDIT CYCLE

Auditor Productivity Tools

• Planning and tracking the annual audit schedule

• Documentation and presentations

• Communication and data transfer

• Resource management

• Data management

Using CAATs in Audit Process

• Used to evaluate the integrity of an application, determine compliance with procedures, and continuously monitor processing result.

• Examples

– Audit Command Language (ACL)

– Interactive Data Extraction and Analysis

(IDEA)

TECHNICAL SKILLS AND TOOLS

• Generalized Audit Software

• Application Testing

• Designing Tests of Controls

• Data Analysis

• Compliance Testing

• Continuous Monitoring

• Application Controls

• Audit Functions

• Sampling

Generalized Audit Software

• Analyze and compare files

• Select specific records for examination

• Conduct random samples

• Validate calculations

• Prepare confirmation letters

• Analyze aging of transaction files

Application Testing

• Submitting a set of test data that will produce known results if the application functions properly

• Developing independent programs to reperform the logic of the application

• Evaluating the results of the application

Application Controls

• Spreadsheet Controls

– Analysis

– Source of data

– Design review

– Documentation

– Verification of logic

– Extent of training

– Extent of audit

– Support commitment

Application Controls

• Database Controls

– Referential integrity

– Transaction integrity

– Entity integrity

– Value constraints

– Concurrent update protection

– Backup and recovery protection

– Testing protection

Audit Functions

• Items of Audit Interest

• Audit Mathematics

• Data Analysis

• System Validation

Sampling

• Types of sampling

– Judgmental sampling

– Statistical sampling

• Applied technique if any change to the characteristics or attributes of the population under review:

– Random attribute sampling

– Variable sampling techniques

Computer Forensics

Methods and Techniques

• The IT auditor can work in the field of computer forensics or work side by side with a computer forensics specialist, supplying insight into a particular system or network.

• Computer forensic specialists gather evidence against the individual who has committed a crime in several ways.

Download