CAATTs for Data Extraction and Analysis

advertisement
CAATTs for Data Extraction
and Analysis
Chapter 7
CAATTs
• See CAATT from Wikipedia in relevant links
• Auditors make extensive use of CAATTs in
gathering accounting data for testing application
controls and in performing substantive tests.
• This chapter discusses data extraction tools that
are used to analyze the data processed by an
application rather than the application itself.
• By analyzing data retrieved from computer files,
the auditor can make inferences about the
presence and functionality of controls in the
application that processed the data.
Data Extraction Software
• An important use of such software is in
performing substantive tests.
• Most audit testing occurs in the
substantive-testing phase of the audit.
• These procedures are called substantive
tests because they are used to
substantiate dollar amounts in account
balances.
Substantive tests
• Include, but are not limited to, the following:
– Determining the correct value of inventory
– Determining the accuracy of prepayments and
accruals
– Confirming accounts receivable with
customers
– Searching for unrecorded liabilities
Substantive tests (Cont)
• In an IT environment, the records needed
to perform such tests are stored in
computer files and databases.
• Before substantive tests can be performed,
the data need to be extracted from the
host system and presented to the auditor
in a usable format.
Data Extraction Software
• Two types:
– embedded audit modules (EAM)
– general audit software (GAS)
Embedded Audit Module
• The objective of EAM is to identify
important transactions while they are
being processed and extract copies of
them in real-time.
• An EAM is a specially programmed
module embedded in a host application to
capture predetermined transaction types
for subsequent analysis. See Figure 7-20.
Embedded Audit Module (Cont)
• As the selected transaction is being processed
by the host application, a copy of the transaction
is stored in an audit file for subsequent review.
• The EAM approach allows selected transactions
to be captured throughout the audit period, or at
any time during the period, thus significantly
reducing the amount of work the auditor must do
to identify significant transactions for substantive
testing.
Embedded Audit Module (Cont)
• To begin data capturing, the auditor specifies to
the EAM the parameters and materiality
threshold of the transactions set to be captured.
• For example, let’s assume that the auditor
establishes a $50,000 materiality threshold for
transactions processed by a sales order
processing system.
• Transactions equal to or greater than $50,000
will be copied to the audit file.
• From this set of transactions, the auditor may
select a subset to be used for substantive tests.
Risks in using EAM
• Operational efficiency: EAM may decrease
operational performance because
executing EAM incurs extra system
overhead.
• Verifying EAM integrity: When application
logic is modified, corresponding EAM logic
may also need to be changed.
Generalized Audit Software (GAS)
• Most widely used CAATT for IS auditing.
• GAS allows auditors to access electronic
coded data files and perform various
operations on their contents.
• Some of the more common uses for GAS
are shown in page 274….
GAS is popular
• GAS languages are easy to use and require little
computer background on the part of the auditor.
• Many GAS products can be used on both
mainframe and PC.
• Auditors can perform their tests independent of
the computer service’s staff.
• GAS can be used to audit the data stored in
most file structures and formats.
Using GAS to access complex
structures
• See Figures 7-22, 7-23, 7-24
ACL software
• Designed as a meta-language for auditors
to access most data stored by electronic
means and test them comprehensively
• Many of the problems associated with
accessing complex data structures have
been solved by ACL’s Open Data Base
Connectivity (ODBC) interface.
• Definition of ODBC
ODBC Illustration
ODBC-compliant DBMS
MS SQL
Application Program
Driver
SQL commands
Driver
Oracle
Driver
DB 2
Download