Professional Documents
Culture Documents
techniques (CAATTs) -the practice of using computers to automate the IT audit processes and the
fundamental tool which is used by auditors which facilitates them to make search of the irregularities
from the given data.With the help of this tool, the auditors and accountant of any firm will be able to
provide more analytical results. CAATS is used throughout every business environment and also in the
industry sectors too.
CAATs normally includes using basic office productivity software such as spreadsheet, word
processors and text editing programs and more advanced software packages involving use statistical
analysis and business intelligence tools.
Uses of CAATS
A. Creation of Electronic Work Papers - Auditors have many financial statements and other
documents in which they must keep safe and in an organized manner. Keeping electronic work
papers on a centralized audit file or database will allow the auditor to navigate through current
and recorded working files documents with ease, this will be save a lot of time and in return will
save money.
B. Fraud Detection - majority of the time there are always incidents where there will be unexpected
or unidentified patterns of data which obviously affect the audit. However, with the help of
CAAT’s auditors can now identify these problems quickly which will prevent fraud.
C. Analytical Test - computer technology contains many software which are able to create charts,
graphs, ratios and trends by analyzing and evaluating a set of data
D. Curb Stoning in Surveys - common problem which occurs within companies and its basically
when the person who is carrying out the surveys doesn’t actually interview anyone but instead
make up a set of data. Now for auditors it is vital that this is detected it can invalidate the survey
study results.
E. Continuous Monitoring - is an ongoing process of acquiring, analyzing and reporting of
business data to identify and respond to operational business risks.
SOFTWARE TOOLS:
1. SPREADSHEET- is a file made of rows and columns that help sort data, arrange data easily, and
calculate numerical data. What makes a spreadsheet software program unique is its
ability to calculate values using mathematical formulas and the data in cells.
EXAMPLES:
MS EXCEL- is the most popular and widely used spreadsheet program, but there are also
many alternatives.
GOOGLE SHEETS (online spreadsheet)
LOTUS 123
IWORK NUMBERS (on mac)
2. DATABASE SOFTWARE- is a collection of information that is organized so that it can be easily
accessed, managed and updated. Data is organized into rows, columns and tables, and it is indexed
to make it easier to find relevant information.
EXAMPLES:
MS ACCESS- is used for both small and large database deployments. This is partly due to its
easy-to-use graphical interface, as well as its interoperability with other applications and
platforms such as Microsoft’s own SQL Server database engine and Visual Basic for
Applications (VBA).
MYSQL
SAPSYBASE
ORACLE
3. BUSINESS INTELLIGENCE- Comprises the strategies and technologies used by enterprises for
the data analysis of business information.
EXAMPLES:
QLIKVIEW
IBM COGNOS
BUSINESS ANALYTICS - gather data statistically and quantitatively
BUSINESS INTELLIGENCE- through questions and reports
4. STATISTICAL ANALYSIS- Comprises the strategies and technologies used by enterprises for
the data analysis of business information. SAS also provides the SAS Fraud Framework. The
framework's primary functionality is to monitor transactions across different applications,
networks and partners and use analytics to identify anomalies that are indicative of fraud.
BENEFITS:
Statistical analysis allow company to make crucial decisions about projects.
Identify trends in marketplace that can help determine whether a project is right to invest or
not.
Business statistics also help with projecting future data or events that might occur.
If you are considering risk factors of a specific project that your company wants to roll out
then statistics are necessary
EXAMPLE:
IBM SPSS
QLIKSENSE
STATISTIX
5. GENERALIZED AUDIT SOFTWARE- refers to software designed to read, process and write
data with the help of functions performing specific audit routines and with self-made macros. It is
a tool in applying Computer Assisted Auditing Techniques. Functions of generalized audit
software include importing computerized data; thereafter other functions can be applied: the data
can be browsed, sorted, summarized, stratified, analyzed, taken samples from, and made
calculations, conversions and other operations with.
EXAMPLE:
ACL (Audit Command Language)- a data analysis software program that helps auditors
remain current with changing technology. Its primary usefulness lies in its ability to
perform analysis and audit tests on 100% of the data available rather than merely
sampling the data.
Phishing - the fraudulent act of acquiring private and sensitive information, such as
credit card numbers, personal identification and account usernames and passwords.
Spoofing - A technique used to gain unauthorized access to computers, whereby the
intruder sends messages to a computer with an IP address indicating that the message is
coming from a trusted host.
Skimming - the illegal copying of information from the magnetic strips found on credit
and debit cards. Card skimming is considered a more direct version of a phishing scam
Types of controls
•Control Environment - or those controls designed to shape the corporate culture.
•Change management procedures - controls designed to ensure the changes meet business
requirement and are authorized.
•Source code/Document version control - controls design to protect the integrity of program
code.
•Software development life cycle - controls designed to ensure IT projects are effectively
managed.
•Logical access policies, standards, and processes - controls designed to manage access based
on business need.
•Disaster recovery/Backup and recovery procedures - enable continued processing despite
adverse conditions.
•Physical security - controls to ensure the physical security of IT from individuals and from
environmental risks.
2. IT Application controls - fully automated (performed automatically by systems) designed to
ensure the complete and accurate processing of data, from input through output.
Types of controls
•Completeness of checks - controls that ensure all records were processed from initiation to
completion.
•Validity checks - controls that ensure only valid data is input or processed.
•Identification - controls that ensure all users are uniquely and irrefutably identified.
•Authentication - controls that provide an authentication mechanism in the application system.
•Authorization - controls that ensure only approved business users have access to the application
system.
•Input controls - controls that ensure data integrity fed from upstream sources into the
applicaution system.
•Forensic controls - controls that ensure data is scientifically correct and mathematically correct
based on inputs and outputs.