Electronic Data Processing * Audit Sistem Informasi

advertisement
Pics from : http://www.pragroup.ca/Services/InformationTechnology/tabid/70/Default.aspx
Computer Assisted and Audit
Tools and Techniques
Drs. Haryono, Ak. M.Com
& Dimas M. Widiantoro, SE., S.Kom.,
M.Sc.
Agenda
• This chapter discusses data extraction tools
that are used to analyze the data processed by
an application rather than the application
itself.
• By analyzing data retrieved from computer
files, the auditor can make inferences about
the presence and functionality of controls in
the application that processed the data.
List of Agenda
•
•
•
•
•
Definition
Data structures
EAM
GAS
ACL Software
Definition
• What is CAAT?
• Computer Assisted Auditing Techniques
Techniques and computer programs that are
developed to audit electronic data.
• Computer Assisted Audit Techniques, with
respect to the Information technology audit
process.
Example of CAAT
• http://www.youtube.com/watch?v=ysLyBBN9
Rj4
• http://www.youtube.com/watch?v=_8J6LLbivs
The Usage CAATTs
• Auditors make extensive use of CAATTs in gathering
accounting data for testing application controls and
in performing substantive tests.
Data Extraction Software
• An important use of such software is in
performing substantive tests.
• Most audit testing occurs in the substantivetesting phase of the audit.
• These procedures are called substantive tests
because they are used to substantiate dollar
amounts in account balances.
Substantive test?
• Substantive procedures (or substantive tests)
are those activities performed by the auditor
to detect material misstatement or fraud at
the assertion level.
Substantive tests
• Include, but are not limited to, the following:
– Determining the correct value of inventory
– Determining the accuracy of prepayments and
accruals
– Confirming accounts receivable with customers
– Searching for unrecorded liabilities
Substantive tests (Cont)
• In an IT environment, the records needed to
perform such tests are stored in computer
files and databases.
• Before substantive tests can be performed,
the data need to be extracted from the host
system and presented to the auditor in a
usable format.
Data Structures
• Consist of two fundamental component
– Organization
• The way records are physically arranged on the
secondary storage device.
– Sequential
– Random
– Access Method
• Technique used to locate records and to navigate
through the database of file.
File Processing Operations
• Retrieve a record from the file based on its
primary key
• Insert a record into a file
• Update a record in the file
• Read a complete list of records
• Find the next record in the file
• Scan a file for records with common secondary
keys
• Delete a record from a file
Sequential Structure
• Sequential storage and access method
Indexed Structure
• Indexed Structure
Weakness of Index
Hashing Techniques
• Hashing
Techniques
• A hashing structure employs
an algorithm that converts the
primary key of a record directly
into a storage address. Hashing
eliminates the need for a
separate index. By calculating
the address, rather than reading
it from an index, records can be
retrieved more quickly.
Relational Database Structure, Concepts, and
Terminology
• Relational databases are based on the indexed
sequential file structure.
• Accordingly, a system is relational if it:
• 1. Represents data in the form of twodimensional tables.
• 2. Supports the relational algebra functions of
restrict, project, and join.
Data Extraction Software
• Two types:
– embedded audit modules (EAM)
– general audit software (GAS)
Relational Database
Linkages Relational Dtabase
Anomalies Database
• This section deals with why database tables need
to be normalized. In other words, why is it
necessary for the organization’s database to form
an elaborate network of normalized tables linked
together like those illustrated in Figure below
• ? Why, instead, can we not simply consolidate the
views of one user (or several) into a single
common table from which all data needs may be
met?
• 1. All non-key (data) attributes in the table are
dependent on (defined by) the primary key.
• 2. All non-key attributes are independent of
the other non-key attributes.
Embedded Audit Module
• The objective of EAM is to identify important
transactions while they are being processed
and extract copies of them in real-time.
• An EAM is a specially programmed module
embedded in a host application to capture
predetermined transaction types for
subsequent analysis.
Embedded Audit Module (Cont)
• As the selected transaction is being processed by the
host application, a copy of the transaction is stored
in an audit file for subsequent review.
• The EAM approach allows selected transactions to be
captured throughout the audit period, or at any time
during the period, thus significantly reducing the
amount of work the auditor must do to identify
significant transactions for substantive testing.
Embedded Audit Module (Cont)
• To begin data capturing, the auditor specifies to the
EAM the parameters and materiality threshold of the
transactions set to be captured.
• For example, let’s assume that the auditor
establishes a $50,000 materiality threshold for
transactions processed by a sales order processing
system.
• Transactions equal to or greater than $50,000 will be
copied to the audit file.
• From this set of transactions, the auditor may select
a subset to be used for substantive tests.
Risks in using EAM
• Operational efficiency: EAM may decrease
operational performance because executing
EAM incurs extra system overhead.
• Verifying EAM integrity: When application
logic is modified, corresponding EAM logic
may also need to be changed.
Generalized Audit Software (GAS)
• Most widely used CAATT for IS auditing.
• GAS allows auditors to access electronic coded
data files and perform various operations on
their contents.
• Some of the more common uses for GAS are
shown in page 274….
GAS is popular
• GAS languages are easy to use and require little
computer background on the part of the auditor.
• Many GAS products can be used on both mainframe
and PC.
• Auditors can perform their tests independent of the
computer service’s staff.
• GAS can be used to audit the data stored in most file
structures and formats.
ACL software
• Designed as a meta-language for auditors to
access most data stored by electronic means
and test them comprehensively
• Many of the problems associated with
accessing complex data structures have been
solved by ACL’s Open Data Base Connectivity
(ODBC) interface.
• Definition of ODBC
ODBC Illustration
ODBC-compliant DBMS
MS SQL
Application Program
Driver
SQL commands
Driver
Oracle
Driver
DB 2
Download